How Website Backdoor Scripts Leverage the Pastebin Service

Compromising a website and then hosting malware on it has become an old tactic for hackers, and now they are trying their hands in compromising vast majority of users in a single stroke. Researchers have discovered that hackers are now using Pastebin to spread malicious backdoor code.
According to a blog post published yesterday by a senior malware researcher at Sucuri, Denis Sinegubko, the hackers are leveraging the weakness in older versions of the RevSlider, a popular and a premium WordPressplugin. The plugin comes packaged and bundled into the websites’ themes in such a way that many website owners don’t even know they have it.

Continue reading


How CryptoPHP Backdoor Hijacks Servers with Malicious

Security researchers have discovered thousands of backdoored plugins and themes for the popular content management systems (CMS) that could be used by attackers to compromise web servers on a large scale. The Netherlands-based security firm Fox-IT has published a whitepaper revealing a new Backdoor “CryptoPHP. Security researchers have uncovered malicious plugins and themes for WordPress, Joomla andDrupal. However, there is a slight relief for Drupal users, as only themes are found to be infected from CryptoPHP backdoor.
In order to victimize site administrators, miscreants makes use of a simple social engineering trick. They often lured site admins to download pirated versions of commercial CMS plugins and themes for free. Once downloaded, the malicious theme or plugin included backdoor installed on the admins’ server.Once installed on a web server, the backdoor can be controlled by cyber criminals using various options such as command and control server (C&C) communication, email communication and manual control as well.

Continue reading

How OnionDuke APT Malware served through Tor Network

The malicious Russian Tor exit node, which was claimed to be patching binary files, is actually distributing a malware program to launch cyber-espionage attacks against European government agencies.The group behind the rogue Tor exit node had likely been infecting files for more than a year, causing victims to download and install a backdoor file that gave hackers full control of their systems.Last month Josh Pitts of Leviathan Security Group uncovered a malicious Tor exit node that wraps Windows executable files inside a second, malicious Windows executable. But when Artturi Lehtiö of F-Secure carried out an in-depth research, he found that the exit node was actually linked to the notorious Russian APT family MiniDuke. Continue reading

How a Cell Phone User Can be Secretly Tracked Across the Globe

Since we are living in an era of Mass surveillance conducted by Government as well as private sector industries, and with the boom in surveillance technology, we should be much worried about our privacy.According to the companies that create surveillance solutions for law enforcement and intelligence agencies, the surveillance tools are only for governments. But, reality is much more disappointing. These surveillance industries are so poorly regulated and exceedingly secretive that their tools can easily make their way into the hands of repressive organizations.
Private surveillance vendors sell surveillance tools to governments around the world, that allows cellular networks to collect records about users in an effort to offer substantial cellular service to the agencies. Wherever the user is, it pinpoint the target’s location to keep every track of users who own a cellphone here or abroad.

Continue reading

How China Develops Facial Recognition Payment System with Near-Perfect Accuracy

In an intent to move one step forward from others, China is planning to launch a facial recognition payment application with near-perfect accuracy that enables users to authorize their online transactions just by showing a picture of themselves.Chinese researchers from the Chongqing-based research institute have developed a facial recognition system that can pick faces from a crowd with 99.8 percent accuracy from 91 angles.
Academic at the Chongqing Institute of Green has set up the world’s biggest Asian face database displaying more than 50 million Chinese faces. The database was compiled with help from the University of Illinois and the National University of Singapore.

Continue reading

AdThief, an iOS Malware which has hijacked Ad Revenue on More Than 75,000 Devices and close to 22 million ads

How about an ad appearing on iPhone or iPad appearing from genuine source but if you click it, the ad revenue generated going into cyber criminals account.  Seem nice and easy way to earn money.  Researchers have discovered a iOS malware which is said to have infected tens of thousands of iPhones and iPads and made a hefty profit for its authors/owners.  The malware which is rightly called iOS/AdThief aka ‘Spad; was first reported by Claud Xiao in March 2014.
Claud Xiao said that a Chinese researcher noticed a strange iOS dynamic library on his iOS device and posted his findings on China’s largest security forum PEDIY.  Another researcher from Fortinet, has published a paper providing a detailed description of the threat’s implementation and some information on its developer/author.

Continue reading

Millions of Accounts Vulnerable to hackers using critical CSRF Vulnerability

A newly detected critical Vulnerability in the has put up to millions of its users at the risk of being hacked and scammed.An independent Security researcher Mohamed Abdelbaset  from Egypt  discovered  a critical CSRF Vulnerability in the which allows a attacker to hack any user account available on the Fiverr


Millions of Accounts Vulnerable to hackers using critical CSRF Vulnerability

Fiverr is a global online marketplace offering  tasks and services,   beginning at a cost  of  $5  per job performed,from which it gets its name. The site is primarily used by freelancers who use Fiverr to offer a variety of different services, and by customers
who are interested in buying those services.

What is CSRF?

Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the websitetrusts.

Abdelbaset Showed the proof of concept in a video which is given below:

  1. Attacker sends a link to the exploit page(webpage specially designed by the attacker).
  2. When the Victim clicks the link his current email associated with the fiverr. com gets replaced with the email Attacker coded in his exploit page.
  3. Attacker gains full access to the victim’s Account.

Fiverr which is very popular with freelancers, had recently raised $30 million in a Series C round of funding to continue supporting the new version of its marketplace. The Company however seems to be less worried about  security  from  cyber  threats and has not taken any steps to fix the vulnerability when reported by the researcher. As of now Fiverr is vulnerable to the CSRF vulnerability, now however with the vulnerability being placed in public domain,  we as well as Fiverr users  can expect a quick patch/fix for the mentioned vulnerability.