Kategoriearchiv: IT Security News&Updates

A new IoT malware loader: „privatgodgg.sh“

/ März 9, 2017/ IT Security, IT Security News&Updates/ 0Kommentare

As usual, it targets ARM-based devices and it tries to download other files (privntpd1, privsshd1, privopenssh1, privbash1, privtftp1, privwget1 etc) via curl or wget (whichever is available on the infected devices). As usual, we suspect this loader to be injected via unauthenticated telnet/hard-coded credentials – although it could be a RCE, but we haven’t found indications about that. As soon


IoT Malware advances

/ Februar 16, 2017/ IoT News&Updates, IoT Security, IT Security, IT Security News&Updates/ 0Kommentare

A new strain (as long as December 2016 can be called new) has been spotted on GitHub that combines both a standard telnet scanner and also MIRAI. It has been uploaded here:https://github.com/geo93033/u. In the header(s) you can find some credentials: Xmpp: b1nary@nigge.rs Twitter: @P2PBOTNET Instragram: @Rebirth.c Skype: b1narythag0d and Skype: uriede XMPP: Crypt@nigge.rs Changes: Made Date: 7-30-16 And also a


Gr1N – a new malware that also targets IoT devices?

/ Februar 8, 2017/ IoT Devices&Security, IoT Security, IT Security, IT Security News&Updates/ 0Kommentare

While doing some investigations for one of our clients, we came across a (new) malware strain. After some quick investigations, we found out 2 sources (both in C++, a client and a server). They are signed with: // Client.c Made By @Gr1n1337 – // DeepWeb Fourms User Name – Gr1n – // This Client Only Has UDP TCP HTML –


Google Analytics – no data validation?

/ November 29, 2016/ IT Security, IT Security News&Updates/ 0Kommentare

Recently, one of our clients contacted about something rather strange: a „language“ value in his newly Google Analytics setup that stated: „Secret.ɢoogle.com You are invited! Enter only with this ticket URL. Copy it. Vote for Trump!“ Of course, we all know that browser headers/requests can be easily altered, but we still wonder why Google allows such values in it’s [non-bot]


ArduWorm: A Functional Malware Targeting Arduino Devices

/ November 12, 2016/ IT Security News&Updates/ 0Kommentare

Think your Arduino Yun is safe on the Internet? Well, think again! Abstract—The Internet of Things (IoT) is a growing market which provides several benefits for industry, governments and end users. However, the increasing use of embedded and pervasive devices introduces new vulnerabilities in the network. In the last years, the number of malware and exploits targeting the IoT has


Attention! „Live HTTP Headers“ – a Chrome extension that tracks clicks

/ November 10, 2016/ IT Security News&Updates/ 0Kommentare

One of our clients has reported unusual behavior while using this extension to track / develop a website and the associated webapp. Seems like the extension has been modified to inject tracking [that’s the least we found out from our quick investigation]. A part of the code used can be found here: https://gist.github.com/mala/e87973df5029d96c9269d9431fcef5cb We recommend anyone using this extension to