Nowadays Trojanized Android apps are evolving rapidly in the Google Play store and are continuously targeting users. A new malware strain Trojan.AndroidOS.Loapi consists of modular architecture which is capable of performing multiple attacks. Security researchers from Kaspersky labs discovered the trojan dubbed “Loapi” which can physically damage the phone by downloading a Monero mining module which generates a constant load that damages the battery and phone cover.

How the Malicious files Distributed – Loapi

Loapi has not reached the Play Store. It is distributed through advertising campaigns. It hides behind some Antivirus, adult content apps, researchers found more than 20 sources that distribute Loapi. Users are redirected to the attacker’s malicious website and the file is downloaded from there.

Once installed, it checks for the root permission, but doesn’t use root privileges. The application attempts to get device administrator permissions.

Execution and Self-Protection

If Loapi obtains admin permissions, it performs various activities and won’t allow users to revoke the device manager permissions by using standard and forcing users to uninstall legitimate Antivirus by posing endless stream of popups.

Initially, it downloads the malicious app file and the second stage the DEX payload which sends the device information to the C&C servers, with the third stage the modules are downloaded and initialized.

Modules Installed

Advertisement module: Involved in the progress of aggressive ads displaying. SMS module: used in Sending requests to C&C Web crawling module: used in Hidden Javascript execution Proxy module: HTTP proxy server used to organize DDoS attacks Mining Monero: Used to perform to perform Monero (XMR) cryptocurrency mining

Researchers found Loapi connected with Trojan.AndroidOS.Podec they are having similar techniques with obfuscation, functionality and detecting root permissions for the device.

19 M California Voter Records Held for Ransom in MongoDB Attack. The records were first exposed in an unsecured MongoDB database, continuing a cyber-extortion trend.

Voter registration data for over 19.2 million California residents that was residing on an unsecured MongoDB database has been deleted and held for ransom by attackers, according to researchers at Kromtech, who discovered the incident.

This continues a series of cyber-extortion attacks that exploit the MongoDB database management system. Similar to others, in this instance, the attacker scanned the internet for unsecured MongoDB databases, found the one containing the voter data, wiped the data and left a ransom request for 0.2 Bitcoin (around $3,500 US today), Bleeping Computer reports.

The Kromtech researchers state they have not been able to identify the owner of the database. They "believe that this could have been a political action committee or a specific campaign based on the unofficial title of the repository ('cool_db'), but this is only a suspicion."

For specific details on the attack please see here.

Traffic for Google, Apple, Facebook, Microsoft and other tech giants routed through Russia, experts believe it was an intentional BGP Hijacking. Last week a suspicious event routed traffic for major tech companies (i.e. Google, Facebook, Apple, and Microsoft) through a previously unknown Russian Internet provider. The event occurred on Wednesday, researchers who investigated it believe the traffic was intentionally hijacked.

The incident involved the Internet’s Border Gateway Protocol that is used to route traffic among Internet backbones, ISPs, and other large networks.

https://twitter.com/bgpmon/status/940724787311022080

A similar incident occurred eight months when a huge amount of traffic belonging to MasterCard, Visa, and more than two dozen other financial services was briefly routed through a telecom operator controlled by the Russian Government.

“Early this morning (UTC) our systems detected a suspicious event where many prefixes for high profile destinations were being announced by an unused Russian Autonomous System.  Starting at 04:43 (UTC) 80 prefixes normally announced by organizations such Google, Apple, Facebook, Microsoft, Twitch, NTT Communications and Riot Games were now detected in the global BGP routing tables with an Origin AS of 39523 (DV-LINK-AS), out of Russia.” states a  blog post published by Internet monitoring service BGPMon. “Looking at timeline we can see two event windows of about three minutes each. The first one started at 04:43 UTC and ended at around 04:46 UTC. The second event started 07:07 UTC and finished at 07:10 UTC.  Even though these events were relatively short lived, they were significant because it was picked up by a large number of peers and because of several new more specific prefixes that are not normally seen on the Internet. So let’s dig a little deeper. “

BGPMon observed two distinct events for a total of six minutes that affected 80 separate address blocks.

Another monitoring service, Qrator Labs, stated the event lasted for two hours during which the number of hijacked address blocks varied from 40 to 80.

BGPMon experts consider the incident as suspicious for the following reasons:

• The rerouted traffic belonged to big tech companies.
• Hijacked IP addresses belong to small and specific blocks that aren’t’ normally seen on the Internet.

“What makes this incident suspicious is the prefixes that were affected are all high profile destinations, as well as several more specific prefixes that aren’t normally seen on the Internet. This means that this isn’t a simple leak, but someone is intentionally inserting these more specific prefixes, possibly with the intent the attract traffic.” continues the analysis from BGPMon.

The BGP hijacking was caused by an autonomous system located in Russia that added entries to BGP tables claiming it was the legitimate origin of the 80 affected prefixes. This assertion caused large amounts of traffic sent to and received by the affected companies to pass through the Russian AS 39523 before being routed to its final destination.

Below the list of ISPs that picked up the new route:

• xx 6939 31133 39523 (path via Hurricane Electric)
• xx 6461 31133 39523 (path via Zayo)
• xx 2603 31133 39523 (path via Nordunet)
• xx 4637 31133 39523 (path via Telstra)

AS39523 is a previously unused autonomous system that hasn’t been active in years, but he made the headlines in August when it was involved in another BGP incident that involved Google.

“Whatever caused the incident today, it’s another clear example of how easy it is to re-route traffic for 3rd parties, intentionally or by accident. It also is a good reminder for every major ISP to filter customers. ” concluded BGPMon.

“This hijack highlights a common problem that arises due to lack of route filtering. We can blame AS39523 for the accident, but without proper filters at the intermediate transit providers boundaries we are doomed to see similar incidents again and again. We’d like to encourage all networks involved in this incident to review their route filtering strategy, and at the very least implement prefix-based BGP filters on all interconnections towards their customers.” concluded Qrator Labs.

With phones, DSLRs, and GoPros we’re all shooting more video than ever. But it rarely comes straight out of the camera in perfect shape. Often you’ll need to do a little editing of a video before showing or sharing it. You might want to trim a few seconds off the start or end, or cut it so that it’s a more shareable length.

Fortunately, you don’t need any editing skills to do this. You just need the right software — and you’ve probably already got it installed on your computer.

So let’s take a look at the quickest way to trim videos in Windows, Mac, Linux, and in a web browser.

Trim Video in Windows

The quickest way to trim and cut videos in Windows 10 is to the use the built in Photos app.

Open your video to get started. You can do this either by launching Photos from the Start menu and navigating your way to where the clip is stored on your hard drive, or by right-clicking the file and selecting Open with > Photos.

When the video has opened click Edit & Create in the top right corner of the window then select Trim.

The video now reopens in Edit mode. On the timeline at the bottom there’s a blue handle that enables you to scroll through the video, plus two white dots that be used to set the start and end points for your newly trimmed clip.

First, drag the left dot towards the right until you reach the point where you want your video to start (everything to the left of this will be cut). Then drag the right dot leftwards to trim off the end of the video.

Hit the Play button to preview the changes, and tweak the positions of the white dots to fine-tune your edit. When you’re happy, hit Save as to save the edited version as a new file. By default, it’ll be saved with the same filename with the word “Trim” appended to it. This ensures you never overwrite the original file.

And that’s it. You can split a longer video into two or more shorter clips using the same technique. Just repeat the process for each clip, setting different start and end points to isolate the sections you want to save.

Trim Video on a Mac

On macOS you can trim video using QuickTime Player, which is pre-installed on all Macs.

Open the video. By default, supported video files open automatically in QuickTime Player. If yours doesn’t, right-click and select Open With > QuickTime Player, or drag the file onto the app icon in the Dock.

Next, go to Edit > Trim. You’ll now see the trimming bar at the bottom of the window. Everything inside the yellow section is included in your trimmed video, while everything outside will be removed.

Grab the left handle and drag it to the right until you reach the point where you want your video to start. Then grab the right handle and drag it to the left. Hit the Play button to preview your selection, and tweak the handles if necessary.

When done, click Trim. The video will now be trimmed, and will open as a new untitled file. Go to File > Save to save the new, trimmed video.

Trim Video in Linux

If you’re on Linux, you’ll need to find a third party app to trim and split your videos. We recommend VidCutter, which we’ll be using in this guide on Ubuntu.

To begin, you’ll need to install VidCutter. How you do this depends on which Linux distro you’re using. Check out VidCutter on Github for full instructions for all main distros.

On Ubuntu, we install VidCutter through the Terminal app, starting with the following commands:

sudo add-apt-repository ppa:ozmartian/apps
sudo apt update

Finally, install the app:

sudo apt install vidcutter

To open your file either launch VidCutter and select Open Media, or navigate your way to where the video is stored on your computer. Right-click the file and select Open With > VidCutter.

When the video opens, locate the filmstrip at the bottom of the window. Drag the green handle to the point where you want your video to start. Click Start Clip to save that position.

Next, drag the green handle to the point where you want your video to the end. Click End Clip to save this position. Now click Save Media to save a copy of your newly edited file.

What’s good about VidCutter is that you can make multiple cuts to the same video all at once. If you want to remove something from the middle of a clip, set two start points and two end points either side of the unwanted portion. Clicking Save Media will then create a new video where the two sections you’ve selected are joined together.

Trim Videos Online

If you’re using a Chromebook, or just prefer to work in the browser on any machine, there are lots of options to trim videos online. We’re going to use ClipChamp. This service is good for editing up to five videos per month on a free account.

You need to sign up to get started. Fortunately this is painless, since you can log in straight away with your Google or Facebook accounts.

Click Convert my video, or drag and drop your chosen clip into the browser window. ClipChamp also optimizes your videos for your target platform, but we need to focus on the trimming first.

In the right-hand pane, click Edit Video. A filmstrip appears below the video with two blue flags at either end. Grab these flags and drag them inwards to set new start and end points. Your selected area is shaded blue, and everything outside of this will be trimmed off.

There’s no need to confirm your edits at this stage, although you can undo them by clicking the Xbutton alongside the Trim icon.

Now take a look at the optimization options in the left part of the screen. You can choose a platform you want to optimize for, such as web, mobile, or to create a GIF. You can also adjust the resolution, file format, and quality.

When you’re happy with your choices, click Start in the bottom right corner. It will now start processing; the amount of time it takes depends on the size of the video.

When it’s finished you have two options: Upload & Share and Save. The first enables you to post the video to various social media sites. The second lets you download and save a local copy of your edited file.

Trend Micro security researchers recently discovered a highly targeted piece of malware designed to steal information from automated teller machines (ATMs).

Dubbed PRILEX and written in Visual Basic 6.0 (VB6), the threat was designed to hijack a banking application and steal information from ATM users. The malware was spotted in Brazil, but similar threats could prove as harmful anywhere around the world, the security researchers say.

First reported in October 2017, PRILEX was designed to hook certain dynamic-link libraries (DLLs) and replace them with its own application screens. The targeted DLLs (P32disp0.dll, P32mmd.dll, and P32afd.dll) belong to the ATM application of a bank in Brazil.

Because of this atypical behavior, the researchers concluded that the malware was being used in a highly targeted attack. What’s more, the threat only affects a specific brand of ATMs, meaning that its operators might have possibly analyzed the machines to devise their attack method, Trend Micro explains.

After infecting a machine, the malware starts operating jointly with the banking application. Thus, the malware can display its own fake screen requesting the user to provide their account security code. The code is delivered to the user as part of a two-factor authentication method meant to protect ATM and online transactions, and the malware captures and stores the code.

The malware attempts to communicate with the command and control (C&C) server to send stolen credit card data and account security code. The security researchers believe the malware’s operators might be dealing bulk credit card credentials.

“To our knowledge, this is the first ATM malware that assumes it is connected to the internet. It is likely that this bank’s ATMs are connected, since the attackers seem to be very familiar with this particular bank’s methods and processes,” Trend Micro says.

PRILEX also shows that cybercriminals can analyze the methods and processes of any bank to abuse them in highly targeted attacks. Thus, all financial institutions should take this into consideration when defending their ATM infrastructure, especially since a silent attack as this could go unnoticed for months, if not years.

At the DefCamp conference in Bucharest in early November, Kaspersky Lab’s Olga Kochetova and Alexey Osipov explained how easy it is to create ATM botnets. Discoverable online, these devices are susceptible to a broad range of attacks and infecting a single machine could allow attackers to compromise a bank’s entire network.

“A targeted malware likely took significant time and resources to develop. This shows that in today’s world, criminals consider that a worthwhile investment. Gone are the days when banks were seen as unassailable—now they are simply the biggest fish in the sea. It is not easy to kill a whale, but it is possible—and doing so allows an attacker to eat for a long time,” Trend Micro notes.

CUTLET MAKER gets cracked

In addition to PRILEX, Trend Micro analyzed CUTLET MAKER, a relatively new ATM malware that was first detailed in October this year. A run-of-the-mill program, the malware consists of multiple components and can be run from a USB memory stick connected to an ATM. The malware relies on the Diebold Nixdorf DLL (CSCWCNG.dll) to send commands to the ATM’s dispensing unit.

Designed to empty the ATM of all its banknotes, the malware was found being sold on underground markets for as much as $5,000. However, it appears that competitors have already managed to crack its code, allowing anyone to use it for free.

Each time the malware is executed, a code is required to use the program and empty the ATM. Apparently, the threat doesn’t use time-based codes, but just an algorithm, which means that the same input would generate the same output, and some cybercriminals have already built a “key generator” to automatically calculate the return code.

“The code is available on the internet and relatively easy to find. This means that anybody can start victimizing ATMs without having to pay for the program—or at least ATMs with an accessible USB port,” Trend Micro says.

Thus, some have started selling the malware along with the keygen for much lower prices compared to the original. It appears that the malware’s developers haven’t responded yet, and no new version of the tool that uses a different algorithm has been released.