News Technology

Terminator RAT became more sophisticated in recent APT attacks

Terminator RAT Advanced Persistent Threat
Advanced Persistent Threat (APT) is a term referring to targeted attacks on enterprises and other organizations and recently referred to what appeared to be nation-state intelligence agencies using cyber assaults for both conventional espionage and industrial espionage.
Advanced threats have targeted control systems in the past and these attacks use commercially available and custom-made advanced malware to steal information or perpetrate fraud.
Terminator RAT has been used against Tibetan and Uyghur activists before and while tracking attack against entities in Taiwan, the Cyber Security company FireEye Labs recently analyzed some new samples of ‘Terminator RAT‘ (Remote Access Tool) that was sent via spear-phishing emails to targets in Taiwan.

A word document as an attachment was sent to victims, exploited a vulnerability in Microsoft Office (CVE-2012-0158), which subsequently drops a malware installer named “DW20.exe”.

Sometimes the simplest techniques can foil the complex systems created by security firms and large enterprises to detect malicious programs and files. Lets see – What Evasion techniques this Advance version of Terminator RAT is using:

This executable will first create its working folders located at “%UserProfile%\Microsoft” and “%AppData%\2019”, where it will store configurations and executable files (svchost_.exe and sss.exe).

edit startup forder path in regisrty

Malware terminates and remove itself after installation. The malware will only run after reboot. This is one effective way to evade sandbox automatic analysis, as malicious activity will only reveal after a reboot.

The RAT (svchost_.exe) will collaborate with its relay (sss.exe) to communicate with the command and control server at / and /

This component plays the role as a network relay between the malware and the proxy server, by listening over port 8000.

This folder “2019” was then configured to be the new start up folder location by changing the registry “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Startupdeter forensics investigation.” to deter forensics investigation by changing the startup location.

Also to deter file-based scanning that implements a maximum file size filter, by expanding the size of svchost_.exe to 40MB.

It is clear cybercrime is getting more organized and cybercriminals are becoming so much more sophisticated. Hackers are using stealth or advanced malware, usually to infiltrate hosts in networks and steal valuable data and APT attacks are increasingly becoming more sophisticated and harder to detect.

Cr0w Tom
News Technology

Apple’s own Encryption Mechanism allows hacker to create an Undetectable Mac OS X Malware

In the past, there was a general belief that Macs is much more secure than Windows PCs, but now Mac malware is a serious threat to the security of users’ computers and information.
One of the reasons behind the increase in Mac related Malware attacks is the fact that Apple products are popular with many prominent businessmen and influential politicians.
Daniel Pistelli, Reverse Engineer and lead developer of Cerbero Profiler, former developer of IDA Pro comes up with another interesting research, and explained The Hacker News, the basic details behind the technique he used to create an undetectable malware for Mac OS X.Apple implements internally an encryption mechanism to protect some of their own executable like “” or ““. This encryption can be applied to malware as well. If one does, anti-malware solutions can no longer detect the malware because of the encryption, but OS X has no problem loading such malware.
This same protection mechanism can be used on existing malwares that are already detected by Anti-malware products, to make them completely undetectable. Those same anti-malware products can no longer detect the malware because they don’t understand it’s encrypted.
macho decrypt
Currently, it’s true that there are fewer malware programs that are targeting Mac OS X  versus Windows. However, that doesn’t mean that Macs are totally secure.

vs after

To mitigate this problem Daniel suggests Anti-Malware product makers to either support the actual decryption , alternatively, to trust encrypted executables only when signed by Apple. Read complete technical details about the method on Daniel’s Blog.

The events of recent years have led many users to question just how secure Mac really is.

Cr0w Tom

Xiaomi New Product Convention 2013: Xiaomi MI3 and MiTV Released!

In the 5th of September, Chinese company Xiaomi has chosen to unveil not only one, but two, interesting smart devices. The first is the rumored and much-awaited third iteration of Xiaomi’s popular smartphone, the Xiaomi 3. But a surprise guest star has also arrived in the form of a 3D-capable smart TV, currently dubbed as the MiTV, for lack of a better name.


Xiaomi may not ring any bells in majority of the international markets, but it has gathered quite a following back at home in China, with the success of its MiPhone line of smartphones and the recently announced “Red Rice” Hongmi smartphone. But with the announcement of Google’s Hugo Barra leaving the Android maker to work for Xiaomi, the tech world is sure to cast more attention on what the company is offering, such as today’s new devices.

Xiaomi Mi3 Specifications:

  • 13 megapixel, Sony stacked camera. F2.2 diaphragm; 28mm wide angle; 5 specially made lenses, blue glass infrared filter
  • Philips double LED flash, increased the brightness by 30% consuming the same power
  • 5 inches 1080P super sensitive touch screen; 441PPI/IPS Full View/OGS single glass full fitting technology, allowing you to control the touchscreen when your finger is wet or you’re wearing gloves
  • Using two top platforms. NVIDIA Tegra4/Qualcomm Snapdragon 800 8974AB
  • NVIDIA Tegra4, quad-core 1.8G A15/72-core GeForce GPU (TD-SCDMA Model)
  • Qualcomm Snapdragon 800 8974AB, quad-core 2.3FG/ Krait400/Adreno 330 (WCDMA Model)
  • 2GB RAM LPDDR3, 16GB flash storage eMMC4.5
  • 3050mAh Lithium-ion battery
  • Six-colored protection cover
  • Dimension: 144mm×72mm×8.1mm. Weight: 145g;
  • Camera comes with Intelligent beauty corrector. It can also identify age and gender.
  • The GPS can preserve the satellite trajectory for 7 days.
  • Immersion vibration

Xiaomi also unveiled today a 47-inch 3D Smart TV, powered by a 1.7 GHz quad-core Qualcomm Snapdragon 600 processor and an Adreno 320 graphics chip. It uses 2 GB of RAM and has 8 GB of internal storage. Just like the MiPhone 3, the MiTV makes use of the MIUI custom Android interface. The TV has support for numerous streaming technologies such as Miracast, WiDi, AirPlay, DLNA, SMB, and more. The unit also has Bluetooth 4.0 support for wireless controllers and Bluetooth headsets.The MiTV also comes with a set-top box for cable TV support. And of course, it has support for 3D display and comes with two 3D glasses.

xiaomi-mitv-tv,O-N-400055-22Xiaomi MiTV Specifications:

  • The super narrow frame is only 8.4mm
  • Thickness ranges from 2cm to 4.8cm
  • Aluminum alloy front panel
  • LED light + Touch-control switch
  • Used LG & Samsung as screen supplier
  • SVA screen & IPS hard screen. Higg transmittance, saving power by 10%. Full view 3D
  • Fantastic speaker, independent separated resonate chamber, supporting DOLBY and DTS
  • Qualcomm Snapdragon 600 MPQ8064 processer. CPU Quad Krait quad-core 1.7G. GPU Adreno 320
  • 2GB double channel DDR3 RAM. 8GB eMMC 4.41 ROM
  • WIFI double frequency 2.4GHz/5GHz. 2×2 double antenna.
  • Cast pictures, videos, and music from Xiaomi phones/iPhone/iPad/computers to TV via WIFI
  • Support bluetooth 4.0
  • Ordaniry smart TVs = A TV + A smart box. v.s. Xiaomi MiTV = the basic TV function is part of the entire system
  • The remote control only has 11 buttons.
  • Using the up/down button to change channels. Using the select button to see programmes of a channel. Using the right button for channels preview, the left button for
  • History/Favorites/Most watched.
  • Xiaomi MiTV comes with a set top box. You don’t need another remote control for it.

The Xiaomi 3 carries a price tag of 1999 yuan, or $327, for the 16 GB unit while the 64 GB model sells for $408. The Xiaomi 3D Smart TV, on the other hand, costs around 2999 yuan, roughly $490. The devices will be available in Chinese Market in Mid-October and for the rest of the world Xiaomi 3 is available for preorder on . Unfortunately MiTV will not be available for the rest of the world.

If you like my videos please Subscribe to my channel.

Sources: ,

Cr0w Tom

News Technology

Τα Windows XP είναι ακόμη το δημοφιλέστερο λειτουργικό του πλανήτη

Μπορεί να έχουν περάσει δέκα και πλέον χρόνια από την κυκλοφορία των Windows XP, μπορεί από τότε να έχουμε δει δύο νέες εκδόσεις του λειτουργικού, ωστόσο τα νούμερα δεν επιδέχονται αμφισβήτηση: τα Windows XP είναι ακόμη το δημοφιλέστερο λειτουργικό του κόσμου.

Η εταιρεία Net Applications ανέλυσε τα δεδομένα και υπολόγισε ότι το μερίδιο των XP για το Φεβρουάριο ήταν 45,39%. Τα Windows 7 ψαλίδισαν λίγο ακόμα τη διαφορά και βρέθηκαν στο 38,12%. Αν συνεχιστεί αυτή η τάση,τότε τα Windows 7 αναμένεται να βρεθούν στην κορυφή της παγκόσμιας κατάταξης μέσα στους επόμενους μήνες.

Η τρίτη θέση ανήκει σταθερά στα Windows Vista με 8,10% και ακολουθούν τα Mac OS X 10.6 και 10.7 με 3% και 2,69%, αντίστοιχα.

Θα έχουν ιδιαίτερο ενδιαφέρον τα νούμερα του επόμενου μήνα, καθώς θα καταγραφεί και το μερίδιο της έκδοσης Consumer Preview των Windows 8 που μόλις κυκλοφόρησε.

Πηγή: SecNews.Gr

News Technology

Κενό ασφαλείας στο iOS 5.0.1 επιτρέπει την παράκαμψη του passcode

Κενό ασφαλείας στο iOS 5.0.1 που ανακαλύφθηκε από τον Safwan Saba επιτρέπει σε οποιονδήποτε την παράκαμψη του passcode για την πρόσβαση στις επαφές, την πραγματοποίηση κλήσεων και την αποστολή e-mail.

iPhone 4S Greece

Ο τρόπος με τον οποίο γίνεται η παράκαμψη είναι απλός αν και πρέπει να τηρούνται ορισμένες προϋποθέσεις. Συγκεκριμένα, εάν το iPhone εμφανίσει την ένδειξη ‘Αναζήτηση…’ είτε λόγω χαμηλού σήματος δικτύου στην περιοχή είτε λόγο επανατοποθέτησης της κάρτας SIM και ανοίξετε μια αναπάντητη κλήση από την ειδοποίηση που εμφανίζεται στην οθόνη κλειδώματος, τότε η συσκευή δεν θα σας ζητήσει τον κωδικό.

Το κενό ασφαλείας αυτό εντοπίζεται σε όλα τα iPhone που τρέχουν την έκδοση iOS 5.0.1 και ελπίζουμε να διορθωθεί σύντομα με την επικείμενη αναβάθμιση στο iOS 5.1