The phishing campaign was discovered by cybersecurity researchers who found that the malware was being distributed via malicious emails. The emails were designed to look like legitimate messages from popular companies such as Microsoft and Adobe, and they contained a link to a fake login page. Once the victim entered their login details on the fake page, the Evil Extractor malware would be downloaded onto their device.

The malware is designed to remain hidden on the victim’s computer and silently steal sensitive information. It is capable of stealing data from popular browsers such as Chrome, Firefox, and Edge, as well as other applications such as Microsoft Outlook.

The Evil Extractor malware is also capable of taking screenshots of the victim’s desktop and recording keystrokes, which allows it to capture even more sensitive information such as online banking credentials.

To protect yourself from this type of phishing attack, it is important to be cautious when clicking on links in emails. Always check the sender’s email address and make sure it is legitimate. It is also important to ensure that any login pages you enter your credentials on are legitimate and secure.

In addition, it is recommended to have a robust cybersecurity solution installed on your computer. This can help to detect and remove any malware that may be present on your device, as well as provide additional protection against phishing attacks.

In conclusion, the Evil Extractor infostealer malware is a serious threat to Windows users, and it is important to take steps to protect yourself against it. By being cautious when clicking on links in emails, ensuring the legitimacy of login pages, and having a robust cybersecurity solution in place, you can help to minimize the risk of falling victim to this type of attack.

The post Infostealer Targets Windows in Recent Phishing Campaign appeared first on Vednam.

The IMEI is especially known for the International Mobile Equipment Identity which has a total 15-digit number to identify the device. Once the IMEI assigned to a phone that means you can use that phone worldwide.

The same IMEI number of 13,000 Mobile phones

The case is filed against the company and their service center which highlights the issue when it comes to the police’s personal then they registered FIR against the mobile company and cybercrime investagting cells are actively monitoring the activities and footprints behind this blunder issue.

The police team is actively submitting the new phone for the checking issues and taking help with a cybercrime cell which highlights after the submission because this happens after being repaired.

When the cyber team investigates the phone it shows a different IMEI number on the phone box and phone which hits the Meerut police that something is going wrong inside.

When the Cyber cell team asked about the change in IMEI number to service center manager they replied” IMEI can’t be changed”

When the team does not get a satisfactory answer from the service center manager then they contact the Jio company and Jio sends 13,500 data of the same IMEI Mobile Phones and that all phone locations are having different states of the country.

The Police said” It doesn’t happen that the mobile phone company and criminals are using this advantage to commit some crime. We are under investigation so final decision are still pending. The team are working hard to find any clues of having 13,000 mobile phone IMEI number are the same”

The police personnel said” The teams are made for the investigation we are finding the issues and registered the cases under the relevant section. Experts are finding the footprints.”

If 13,500 Mobile phones are having the same IMEI number then it was a big issue in the securities. Criminals’ activities can be done and you can face trouble in tracking the crime well.

The post 13,000 Mobile phones IMEI Number are same in India appeared first on Vednam.

What is Chafer APT?

A few days back cyber experts found the traces in new cybercrime campaigns known as chafer advanced persistent threats (APT) group. This group has been active since 2014 and has done many middle east cyber attacks. This group has a recent record of 2018 and last was 2019 targeted many Saudi and Kuwait organizations.

Whole Uncovered Story of attack :

According to cyber experts, this group has been active since 2014 but recently he has targeted middle east countries like Saudi and Kuwait. The last attack was in 2018 and 2019 targeted several unnamed organizations based in Kuwait and Saudi Arabia. The campaigns used custom-built tools known as bevy as well as “living off the land “ tactics used. 

The “Living off the land tools” has the feature of a target environment that is abused by the cyber attacker to achieve persistence. 

According to Bitdefender’s analysis “Researcher have found threat conducted by this actor in the middle east region back in 2018”.The campaigns based on several tools, including “living off the land” tools, which makes the attribution difficult, there are different hacking tools and a custom-built backdoor. The attackers find the victims affected by the air transport and government sector in the middle east the whole attack is based on proper analysis.

The researcher at work and find out how many companies are going to affect each country. They also say the data is more than we expect and what we get after the analysis report.

Let’s find the campaign Strategies :

A particular way of doing something behind the cyberattacks against the companies of Kuwait and Saudi Arabia finds some same track as the researcher says. According to the source the cyberattacks on the victims from Kuwait were more sophisticated as the cybercriminals were able to move on the network. As the researcher believes that the attackers infarct the victims by sending infected documents with shellcode and that was potentially sent via spear-phishing emails.

The attacker managed to create a user account on the victim’s machine and perform several malicious actions inside the network using the account that they created on victims machine that was an unusual behavior performed on some account that basically the attackers plan to make us believe that they are doing this. Basically their plan was to engage us at that certain point.

Once the attacker has access inside the company server then they install the backdoor (imjpuexa.exe) that was act like service of that machine but it was basically backdoor for the attacker. Even the attackers have done several exercises like network-scanning and credential gathering which helps the attacker to move inside the network. The attacker used the tool name as CrackMapExec.exe , these tools work multifunctioning like network scanning, credential sumping, account discovery, and code injection.

They also use the custom tool like the PLINK tool (known as wehsvc.exe).PLINK is the command-line connection tool mostly used for automated operations. This tool is mostly used to preserve campaign original functionality with some advanced key features such as the possibility to uninstall any service and run as a window service.

The researcher said that the attack on victims in Saudi Arabia was not as elaborate because the attackers did not manage to exploit the victim or they didn’t’ get information of interest.

According to the Research team” we believe initial compromise was achieved through social engineering and a RAT was loaded and executed twice in different name forms (Drivers.exe and driver_x64.exe). The researcher said the user is being tricked into running these applications.

How RAT is involved in attacks?

RAT program is written in Python language and converted into a standalone executable. It is similar to the other RATs tools which security researchers documented previously but this time it is customized for the particular attack. This is not common for the cyber attacker to create and modify according to victims or user needs. It needs a whole analysis of that particular victim. They may change the way the RAT communicates with the server C2C and they can add the other feature that was not necessary.

Different RAT components that were used at the different process. The First component (snmp.exe) works as a backdoor and second (imjpuexa.exe) as you see the target attacks in Kuwait.

As the source says the cyber attacker used “living off the land “ tools in both campaigns.

The post Middle East Government hits by Chapher APT with latest Cyber-Espionage Attack appeared first on Vednam.

What are the Functions of this tool?

These tools have multiple methodologies for hacking WiFi, Let’s see:

• WEP all-in-one attack (Combining different methods: Caffe Latte, Chop-Chop, ARP Reply, Hirte, Fake association, Fragmentation, etc)
• Multiple WPS cracking modes-Pixie Dust, Bully and Reaver
• Evil Twin attacks(Rogue AP) with Hostapd+DoS+DHCP+Ettercap+Sslstrip and also BEEF support.
• Offline password decrypting for WPA/WPA2 captured handshakes (Dictionary, brute force, and rule-based) based on aircraft, crunch, and hashcat tools.

Other features :

The other best feature 

• Support for 2.45GHZ band to 5GHZ
• Handshake file capturing feature.
• Easy drag and drop options for windows operating system for entering file paths.
• Cleaning task and temp files. restore the iptables after attack.option to keep monitor mode if the desired exit.

Platforms need to run :

The tools are much more compatible with any Linux OS that may need tools installed needed to run. If you use Kali Linux that would be the best candidate for running it. If you want some challenges just use Arch Operating System.

How Does it Look Like : 

As your expectation with any bash script related tool, if the tool provides the best menu and options that could allow even the best part and it will be easy to perform a wide range of Wifi attacks.

Conclusions :

This tool provides a wide range of options for perfosWiFi hacking. The best part is it is so simple and easy to manage. You can get by here.

The post Airgeddon-Swiss Army WiFi Hacking Tool appeared first on Vednam.