In this article, we will talk about a campaign which is being run by Chinese Cyber criminals and this time they don’t want to watch what we are doing, rather they want some resources from our system to mine cryptocurrency. Some researchers from Barracuda have researched about a new variant of Golang(a high level language) malware that is making victim’s machine a cryptominer.This malware does not affect our local machines, rather it targets the back end servers which are either running on Linux or windows. They directly attack on the backbone of a web application framework and exploit some vulnerabilities in the server. After getting settled inside the machine, they start…
-
-
CHINESE GOLDEN SPY MALWARE IN THE NAME OF GOLDEN TAX DEPARTMENT
In this new era of increasing attacks, new malwares are taking new form to exploit the big firms. This Coronavirus has caused damage to many organisations. The controversy about China and its Cyber attacks when they targeted an Australian firm, even now afraid everyone. Being attacked physically and socially, Chinese Cyber criminals have not stopped to make a reign of their cyber terror. Researching about their Cyber attacks, some researchers from Trustwave SpiderLabs has discovered a new malware family, operating in China, named as GoldenSpy which is attacking corporation in the name of tax payment software, making them install a software that contains a backdoor which allow attackers to get…
-
QIWI FIXED A FLAW IN ITS API THAT ALLOWED BLIND SQLI
Nearly 4 months ago, a white hat hacker announced a blind SQL injection vulnerability in the QIWI( a popular publicly traded Russian payment service provider) API interface that allows an attacker to do arbitrary code execution on the servers. A blind SQL injection vulnerability is a vulnerability that allows an attacker to make request to the end database server that a person is not allowed to do . The company took around 4 months to patch this vulnerability and awarded an amount of $5,500 to the bug bounty hunter on hackerone. Qiwi is most widely used in Russia, Ukraine, Kazakhstan, Moldova, Belarus, Romania, the United States, and the United Arab…
-
ON AUCTION AND SOME GOING TO BE PUBLISHED, REVIL RANSOMWARE OPERATORS
The Ransomware operators deal with their victims harshly . History is the proof that these operators have caused a great damage to their victims. The word “Privacy”is just a play for these evils now. They had run many campaigns in the past to make their victims pay the ransom, but in the end most of the companies suffer a data leak. Following their activities, Ethical Debuggers have come across a similar campaign being run by these operators. This time they have adopted a new technique of auctioning their victim’s data on the internet. The group behind this is the Revil ransomware operators. This group is also well known by the…
-
EVIL CORPS GIVE BIRTH TO A NEW RANSOMWARE: WASTEDLOCKER
Whenever we came across such news, Russians always caem up in our mind. The Russians hackers are believed to be the most dreadful hackers in all around the world. The number of ransomware they launches and the techniques they uses, is absolutely different from any other group around the world. Following this pattern, researchers from NCC group have come across a new malware variant designed by a well known group of bad actors “Evil Corp”, who were associated with the Dridex malware and BitPaymer ransomware. The malware analyzed is named as “WastedLocker” Ransomware ,which they started investigating in early May 2020. The name WastedLocker has come from two joined words First…
