What is IcedID? Hackers using new banking Trojan to spy and steal from targets in US and UK

Security experts suspect that a small but experienced cybercrime gang may be running IcedID malware.

In addition to being equipped with data-stealing abilities, IcedID can also monitor victims’ online activities

A new banking Trojan dubbed IcedID has recently been spotted operating in the wild. Although IcedID is fairly new to the cybercrime arena, security experts suggest that the malware's capabilities are on par with Dridex, Zeus and Gozi – all of which are proliferating banking malware that have previously caused widespread destruction and chaos in cyberspace.

The hackers operating the malware are going after banks, payment card providers, mobile service providers and others in the US. The malware has also been found targeting two UK banks. In addition to being equipped with data-stealing abilities, IcedID can also monitor victims' online activities.

According to security researchers at IBM X-Force, who uncovered the banking malware, either an experienced hacker or a small cybercrime gang may likely be operating IcedID.

"X-Force's analysis of IcedID's delivery method suggests that its operators are not new to the cybercrime arena, opting to infect users via the Emotet Trojan," IBM researchers said in a blog. Although the malware does not borrow code from other malware strains, researchers say that it still comes packed with features that "allow it to perform advanced browser manipulation tactics" employed by other sophisticated banking Trojans.

The X-Force researchers say that the hackers operating IcedID are using Emotet – a well-known malware distribution tool. "It was originally a banking Trojan that preceded Dridex. As such, it is designed to amass and maintain botnets. Emotet persists on the machine and then fetches additional components such as a spamming module, a network worm module, and password and data stealers for Microsoft Outlook email and browser activity," X-Force researchers explained.

The malware can also steal data via both redirection and web injection attacks, similar to TrickBot and Dridex. The malware can spread over networks and infect terminal servers. Researchers believe that the malware may soon begin targeting businesses.

Given that IcedID is still the new kid on the cybercrime block, it is still uncertain as to how successful the malware may be in the future. However, X-Force researchers believe that the malware may soon be updated by hackers to make it even more potent

How to Stop Spam Emails from Reaching Your Inbox

People all over the world have been dealing with issues of spam mails maliciously finding their ways into their electronic mail boxes.

 

If you are very active online and enter your personal details on various websites anytime it is requested, your email may become inundated by unsolicited emails which go into your spam box.

Spam—phishing, marketing, and scam emails—is annoying, that we can all agree on.

Many people have made enquiries on how to stop these emails from getting into the inbox of people who use iMac, MacBook Pro, iPhone and iPad and www.macworld.com has highlighted how it can be achieved.

The basis of Internet email is that every part of the system more or less mostly trusts every other part. That’s one problem, because since server and messages are mostly trusted, scammers, spammers, and aggressive legitimate marketers can’t simply be blocked before the message lands at your email host, the site at which email is accepted for your address.

Another is that return addresses can be forged—at least some of the time—because there’s no verification system that ensures an email you receive was sent from the address shown to have sent it. There are ways for owners of domains and operators of mail servers to specify and validate the only legitimate servers that a return address comes from, but they’re neither universally deployed nor perfect.

And even if there were a way to prevent malicious and criminal parties from being able to send email from accounts under their control, an unknown, very large number of computers and email accounts have been hijacked or can be on a moment’s notice, sending scams through addresses that otherwise have only carried legitimate email until that point.

However, you can take steps that will help mitigate it, if you aren’t already. These are some of the steps:

Stop unwanted emails at your email host

Enable any spam-filtering options available. Apple automatically performs some blocking and filtering for iCloud. Some hosts, like Fastmail, plug in a well-known system called SpamAssassin, which uses a large set of rules to guess whether email is legitimate or not, or unwanted or not. You can train SpamAssassin, as you can train Gmail and other services by marking email as spam and, conversely, checking the junk or spam folder to mark messages as “ham”—desirable email.

Install SpamSieve for macOS to stop spam

SpamSieve  is a very long-running, still regularly updated app that maintains its own database of spam and ham, and which plugs into Mail, Outlook, and other macOS email software. It relies on Bayesian analysis of spam and ham, letting it use word frequency to provide a probability of whether a given message is legit or should quit.

Set up rules to stop spam

Both on a mail host and in email software, like Apple’s Mail for macOS, you can set rules that filter incoming messages and mark them automatically as junk or throw them into the trash. I have a persistent spammer who, for some reason, isn’t automatically marked as spam and hasn’t been shut down despite operating openly from the same address and domain. Tired of marking by hand, I created a filter that marks the messages as junk.

Never click a URL in an email

Phishing relies on fooling you about messages, so even if you take all protections above, you’ll still wind up with messages that look real. I’ve taken to rarely clicking on a link, but instead visiting a site if I need to know something, unless I can absolutely be confident the URL looks exactly like what I expect.

Mail software can do a lot more. For example, you can blacklist and whitelist URLs, so that messages that contained certain paths or pointed to any domain would require extra steps to go through, while links to legitimate domains were highlighted to show they have been both verified as secure and you’d marked them as acceptable.

Decades into the spam battle, the weapons of defence still seem pretty paltry.

Apple support has also identified ways by which you can report junk mail to reduce the amount you receive.

Report junk mail

You can report junk mail to the mail administrators of both iCloud and the Internet domain from which the email was sent. If the administrators can verify that the message is junk mail, they can help make sure that future messages from that sender aren’t delivered to your mailbox. Follow the instructions for your email client:

Mail on your Mac

• Open the message and choose Forward as Attachment from the Message menu.
• Forward the message to iCloud spam@icloud.com.
• Forward the message again to abuse@domain, replacing domain with the part of the sender’s email address after the @ symbol. For example, if the sender’s email address is spammer@spammydomain.com, forward the message to abuse@spammydomain.com

Microsoft Outlook 2010

 
• Choose File > Options.
• In the Options window, click Mail in the left-hand panel.
• In the Replies and Forwards section, note the current setting so that you can change it back later. Then change the When forwarding a message setting to Attach original message.
• Click OK.
• Forward the message to iCloud spam@icloud.com.
• Forward the message again to abuse@domain, replacing domain with the part of the sender’s email address after the @ symbol. For example, if the sender’s email address is spammer@spammydomain.com, forward the message to abuse@spammydomain.com.
• To return Outlook to your previous settings, repeat steps 1 to 4, but in step 3 change the When forwarding a message setting back to the way it was. If you don’t remember the setting, choose Include original message text.

Welcome to the New Data Revolution with Glo & Iflix! Enjoy Unbelievable Internet Subscription Rates

Subscribers on the network of the grandmasters of data, Globacom, are in for excess data season as the company once again blazed the trail by launching a new data revolution, which confers on its subscribers, an unfair advantage with unmatched data packages; the biggest ever in the industry.

The launch of the Glo Data Revolution was done alongside the unveiling of  an exclusive partnership with Iflix, the world’s leading entertainment services for emerging markets, which gives the teeming subscribers of the telecoms firm, 60 days of unlimited access to the world’s best television programmes, series, movies, cartoons and more on their devices.

Speaking at the launch of the super-size offer on Monday at the company’s headquarters, Mike Adenuga Towers in Lagos, Globacom’s Regional Director, Planning and Technical, Sanjib Roy said the new offer gives both new and existing subscribers who renew their subscriptions before expiration up to 4GB of data for just N1,000. This 4GB data, for example, translates to about 4,000 pages of web browsing.

In the same vein, the 12.5GB is given for a N2,500 data bundle. This, for instance, could be used for 250 hours of content broadcast.  Just as subscribers stand to gain 24GB for N4,000 and a massive 30GB for N5,000.  The 30GB for N5,000 can enable the subscriber to enjoy videos for over 600 hours, for instance.  

The Globacom top official added that for small plans, new subscribers and those who renew with N100 subscription will have a 90MB bundle; while for N200, they will get 250MB with which they can send 400 emails for example.   For N500, the customer gets a whopping 2GB of data, which the subscribers can use to do 10 days of unlimited chatting if need be, Roy explained.

According to him, the new bundle offers are unprecedented and the biggest thing in Nigeria’s telecom history, adding that “never has the subscriber to any network in Nigeria had it so big and so good. All you need to do is get on the Glo data network and stay on by continuing to renew your subscription to enjoy the benefits that give you the unfair advantage over other data users”.

Explaining the  Glo-Iflix partnership, which is available on the Glo Café platform, Roy said that beyond giving subscribers of the telecoms firm, 60 days of unlimited access to the world’s best television programmes, series, movies, cartoons and more on their devices, after the 60 days, the Glo subscribers will get access at a specially discounted price of N100 per month only.  Subscribers need to send “Buzz” to 105 to access the Iflix service.

Iflix, he reiterated, offers subscribers the most extensive selection of iconic, critically-acclaimed TV series and fan-favourite films both internationally and locally available in the region, including hit titles such as Big Bang Theory, Suits, Flash, Arrow, Hercules, Mission Impossible,  as well as highly anticipated Bollywood hits ABCD, Chennai Express, Phantom, and PK. On the local front, Iflix offers such Nollywood titles as Head Gone, Jenifa’s Diary, The visit, Bukas and Joints and much more.

In addition to the above, the company also offers to subscribers who recharge up to N500 and above free YouTube streaming from 1.00 am to 5.30am.  YouTube is apopular video-sharingg site that allows users to upload, view, rate, share, add to favorites, report, comment on videos.  All the subscriber needs to do is to dial *777# to buy a data plan to activate the services.  

What is EngineerMode? Hidden OnePlus backdoor could allow hackers to take over your phone

Researchers have discovered an APK on most OnePlus devices that could allow hackers to root the device

Security researchers have discovered a hidden backdoor inadvertently left on many OnePlus smartphones that could be exploited by hackers to gain full access to users' devices. Robert Baptiste, a security researcher going by the name Elliot Alderson - an ode to the character in the popular Mr Robot TV series - discovered a factory-installed app on OnePlus devices that could be used by hackers to obtain root access to the phone, its files and software using just a few lines of code.

The researcher said he discovered the EngineerMode app when examining the latest firmware for the OnePlus 5 handsetand said it could be exploited to allow root level control of devices running the firmware oneplus_5_oxygenos_4.5.14.

The app can diagnose GPS, check the root status and perform numerous automated tests and hardware scans among other functions. However, Baptiste found that by launching the "DiagEnabled" activity in the app with a specific password, the device could be rooted to give an attacker total control over it.

The EngineerMode tool, made by Qualcomm, comes pre-installed on most OnePlus devices including OnePlus 2, 3, 3T and the newly launched OnePlus 5.

Although the tool is password-protected, researchers at security firm NowSecure have already managed to crack the password.

"With the password, the EngineerMode app enables a debugging mode that is generally only needed for development of the device and grants full root privileges on the device via a simple ADB command or potentially by installing an APK from the Play Store," the NowSecure Mobile Threat Research Team wrote in a blog post.

Upon entering the password "angela" - likely another Mr Robot reference to the character Angela Moss - the developer gains permanent root access to the Android Debug Bridge process and, essentially, root privileges on the affected OnePlus device.

However, hackers would need to have physical access to the phone to carry out the exploit.

"At this time, the (app) is most useful to an attacker with physical access to a OnePlus device or an owner looking to root their own device," NowSecure said. "What seems especially careless is OnePlus leaving behind a system-signed .apk and a native library with a SHA256 hash of the password that was easily reversed."

To find out if your OnePlus device has EngineerMode installed, head over to the device's "Settings" > "Apps" > "Menu" > "Show System Apps." You can then search for EngineerMode in the app list to check if it is installed.

OnePlus later said the EngineerMode is a "diagnostic tool used mainly used for factory production line functionality testing and after sales support".

"We've seen several statements by community developers that are worried because this apk grants root privileges," the Chinese smartphone maker said in a statement. "While it can enable adb [Android Debug Bridge] root which provides privileges for adb commands, it will not let 3rd party apps access full root privileges. Additionally, adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device."

"While we don't see this as a major security issue, we understand that users may still have concerns and therefore we will remove the adb root function from EngineerMode in an upcoming OTA."

The news come just a month after OnePlus was discovered collecting its users' sensitive, personally identifiable information. It later scaled back its data collection programme. It also comes as its new OnePlus 5T is launched.

Hackers fool the iPhone X's Face ID using a cheesy-looking mask

There is no such thing as foolproof phone security.

Case in point: Security researchers at Bkavhave reportedly defeated the iPhone X's Face ID feature using a simply-constructed 3D mask.

The average person probably doesn't need to worry about the purported hack, but billionaires, celebrities, and high-profile public figures like presidents may want to rethink their use of Apple's nascent facial recognition technology. 

Apple is trying to convince people Face IDis more secure than its Touch ID fingerprint sensor, which is still used in the iPhone 8 in addition to earlier models. But stories about weak spots (especially if you've got a twinor you're a kid) keep popping up.

While Apple acknowledges that Face ID isn't hack-proof, the company says it's built the face recognition technology to have 1 in a million chance of somebody else unlocking your iPhone X compared to the 1 in 50,000 chance using Touch ID.

Not only that, but Apple says it worked with Hollywood makeup artists and mask makers to ensure that elaborate masks couldn't be used to bypass a person's iPhone X. 

Before Bkav, a security firm, released its results, others have tried to trick Face ID using detailed masks and failed. The Wall Street Journal's Joanna Stern had a mold of her face made by a professional prosthetic company and, sure enough, her iPhone X wouldn't unlock when a colleague donned her fake face. Wired's David Pierce also attempted a much more detailed recreation of his face using a variety of different materials, but also failed to trick Face ID.

Bkav's rudimentary mask, though, tripped up the feature. The mask, which you can see below, included a 3D-printed face with 2D-printed eyes and lips and a 3D nose constructed of silicone. Mashable has reached out to Apple for comment on the hack.

If this hack looks basic, that's because it is — at least on the surface. Bkav says the crude mask only cost about $150 to make.

Rich and famous more at risk

That may sound really scary, but this hack won't affect most people.

For starters, the lengths one must go through — it took about a week for Bkav to create a mask that successfully tricked the iPhone X —  isn't worth it in most cases.

Then there's the matter of getting scans of your eyes and mouth. According to Wired, Bkav's researchers need to manually scan a person's face for five minutes before getting enough detail to reconstruct a false mask.

Billionaires, celebrities and public figures, who will have their faces photographed and widely published could be easier targets.

Additionally, the silicone nose needs to be made by hand. An initial version of the nose reportedly didn't work and needed to be modified to deceive the iPhone X's TrueDepth cameras and built-in AI.

Though similar facial recognition unlocking technology on Samsung's Galaxy S8 andNote 8 phones is much easier to bypass (in some cases, it can be fooled by a picture), the alternative and more secure iris scanner built into these phones is much more difficult to hack, requiring very specific printers and contact lenses.

All things considered, Bkav's researchers say billionaires, celebrities and public figures, who will have their faces photographed and widely published could be easier targets for its hacks. With enough effort, a skilled craftsman could reconstruct a mask similar to the one Bkav made using lots of photographs.

"Potential targets shall not be regular users, but billionaires, leaders of major corporations, nation leaders and agents like FBI need to understand the Face ID's issue," the researchers said in a statement. "Security units' competitors, commercial rivals of corporations, and even nations might benefit from our PoC [proof of concept]."

Set up a strong passcode

Bkav still has some further explaining to do to convince other security experts that the hack is genuine, but given their track record — in 2008, they were the first ones to bypass face biometrics that shipped on top-brand laptops from the likes of Lenovo, Toshiba, Asus, and more — it appears sound.

Still, the researchers say Face ID is weaker than Apple claims:

You can try it out with your own iPhone X, the phone shall recognize you even when you cover a half of your face. It means the recognition mechanism is not as strict as you think, Apple seems to rely too much on Face ID's AI. We just need a half face to create the mask. It was even simpler than we ourselves had thought.

I tried covering half my face (both sides), and then only my eyes, only my mouth, and then placed my hand spread open on my face, and I couldn't get Face ID to unlock on my own iPhone X. That's how it should work.  

Face ID, like the face recognition technology on other phones, requires a person's eyes to be open in order to work. So if someone points your iPhone X at your face while you're sleeping it won't unlock.

However, while requiring your eyes to be open is one way to check against fakes, it's not a way to verify the face it's looking at is really alive. One way Apple could make Face ID just a smidgen more secure is to require a blink during the face detection process. Android introduced this blink check on Android 4.0 in 2011 after hackers cracked its face unlock feature.

Biometric security in our smartphones has improved significantly over the last few years. Though this Face ID hack looks terrifying, it's just as complex and time-consuming as recreating a mold of your fingerprint to fool Touch ID.

Unless you're holding the codes to nuclear codes (in which case you probably wouldn't even be allowed to use this tech) or have something in your device that's totally worth stealing, the amount of work required for this hack isn't going to produce a valuable return for hackers.

In any case, should you elect to not use Face ID as your main method of security for your iPhone X, make sure you have a really strong 6-digit or alphanumeric passcode in place (never just use four digits). Hackers could always try to brute force their way into your phone using software, but barring that, they can't obtain a code that's stored in the only impenetrable place in the world: your mind.

Prynt Pocket Prints Your Android Phone Photos Directly

(Source: Prynt)

Prynt originally released an add-on device that allowed users to convert their phone into a Polaroid camera, back in 2015. The original design was bulky and was quickly followed by another device that was half in size from the original and was known as the Prynt pocket. Initially, it only came out for the iPhone but an Android version has now been released as well.

The device is pretty useful and does exactly what it claims to do. It allows the phone to directly dock into the unit and turns it into a polaroid. This is a cause to celebrate for the Android users who are Polaroid fans but they need to hold their horses. The Prynt pocket comes with a USB-C connection so people with older model Android phones won’t be getting to enjoy its benefits just yet.

(Source: Prynt)

The Prynt pocket uses sticker paper and has the ability to print 20 photos on a single charge. The device uses ZINK ink-free thermal printing technology so you have no choice but to use the proprietary printing paper from the company.

One exciting feature of the new device is that it incorporates augmented reality. Using the app you can make a small video form which a still image is generated and printed. When the photo is later viewed through the app, it comes alive with the moving video.

(Source: Prynt)

The basic function of the Prynt pocket is to make sure it prints out Polaroid sticker photos from your phone and it does a good job with that. The device is being launched through Kickstarter currently with a starting price of $119. Even the company has already manufactured a few models, the delivery does not start until April. They are trying to be completely sure that it runs without a hitch.

You can take a look at the device in the video below:

10-year-old unlocks mom's iPhone X with his face, dabs in celebration

Apple's Face ID just got dabbed on by a pre-teen. 

The iPhone X's new biometric security system has been put to the test in all manner of ways since it debuted to the Apple-loving public earlier this month. In many of these trials, the new facial-recognition tech stands strong — but family members who share the same features have sometimes been able to circumvent the system. 

That's the case in a YouTube clip spotted by Wired that might give paranoid parents some concerns about Apple's new security feature.  

The vid shows ten-year-old Ammar Malik unlocking his mother Sana Sherwani's new iPhone X, easily passing the Face ID barrier that Apple claims offers users a 1 in 1,000,000 chance that someone else in the general population will be able to break through. Ammar is clearly that minute exception to the rule in this case, so he celebrates accordingly with a strong dab as any self-respecting 10-year-old would. 

Ammar was also able to unlock his father Attaulluh Malik's device once, too, but has been stymied in every other attempt. The family told Wired that Sherwani was only able to bar her son from her phone after she re-scanned her face in better light conditions — but after a few more tries, it seemed like the phone's AI system had adapted to the boy's features, consistently giving him access again. 

The boy's father published a LinkedIn postabout the family's ordeal. Malik notes that the iPhone X's biggest security issue comes when a malicious party gains physical access to the device, which makes more sophisticated hacks depending onsketchy masks less likely to be a concern for everyday users. Having a kid with an in-app purchase addiction and a fast track into their parent's phone, however, could actually become a problem. 

Apple didn't respond to specific questions about the potential vulnerability, but a rep pointed us to an article on the company's support page about Face ID. The "security safeguards" section acknowledges the system's issues with family members: 

The statistical probability is different for twins and siblings that look like you and among children under the age of 13, because their distinct facial features may not have fully developed. If you're concerned about this, we recommend using a passcode to authenticate.

That statement isn't exactly reassuring for parents worried about their iPhone's security from their own kids, which is probably the one scenario where it's not unreasonable to expect outside attempts at access won't be the result of rare (and illegal) circumstances like theft. For now, concerned iPhone X-owning parents need to do three things: test your Face ID system with your kids, make some strict rules, and, if you really don't trust your progeny, set up a PIN code.