About Aaron

Security by Passion !
Website: https://www.mobilesecuritythreat.com//
Aaron has written 137 articles so far, you can find them below.

classicetherwallet.com has been hijacked using social engineering from 1&1 host, Many users lost their Ethereum Classic(ETC) cryptocurrency

Multiple users have reported to have lost their classic ether approx. $300,000 on reddit on June 29th and June 30th.

An unknown hacker convinced 1&1 staff using social engineering techniques and got hold of https://www.myetherwallet.com/ and tricked the users sending money to the hacker wallet.

The hacker tricked the users and redirected the main domain after hijacking to his own server thereby  altering the transactions. He obtained the secret key for anyone who tried to perform transactions and transferred the money to his wallet. The details of the hack is not known however the domain compromise  was discovered when the developers of ether classic crypto currency requested users not perform any transactions on twitter.

After the initial hack, there was no way for the authors gain hold of their domain. Hence they reached out to cloud flare to mark this domain as suspicious as reported on bleepingcomputer. ( screenshot below)

After the domain was obtained the domain was taken offline for almost 3 days and informed the users not to panic as long their have the secret keys. They also informed users not to perform any kind of transactions nor post the secret key anywhere online.

The ultimate losses will be faced by its users who lost their Ether however the liability still falls on 1&1 domain company who allowed this to happen without proper verification.

Share Button

Cryptocurrency exchange service Changelly was compromised

Bitcoin cryptocurrency value is at its peak and the world is looking closely anything and everything around Bitcoin. Hackers are also trying to get a closer look at entry an exit points to find a way to break it and steal some bitcoins. Changelly is a cryptocurrency exchange service between digital currencies and hackers have targeted their […]
Share Button
Continue reading →

Ransomeware (Doxware) disguises itself as Battery Monitoring App on Google Play infects millions

One of Checkpoint’s customer’s employee downloaded a malicious app called “EnergyRescue” which consisted of zero day mobile ransomeware (Doxware)from Google Play store. The ransomeware dubbed “Charger” and has appeared to be downloaded by millions of Android users. The ransomeware infected app gets access to contacts and SMS messages from the user’s device requesting admin permissions appears to be […]
Share Button
Continue reading →

WhatsApp vulnerability is real and Facebook claim of end-to-end encryption doesn’t work

After Guardian’s post early on Whats App vulnerability was published last week, security experts from all over the word have been discussing the validity of this vulnerability and intensions behind it. Facebook denied this as a vulnerability going against Guardian and the intension behind it as design decision. However some of the most respected security […]
Share Button
Continue reading →

Todesco, a security researcher breaks Apple iphone 7 in less than 24 hours

Its hardly been two weeks since release of iphone 7 and a security researcher claims that he has already jailbroken in less than 24 hours. Motherboard,a online news portal mentioned that “one teenage hacker has already had success in jailbreaking the iPhone 7 running iOS 10. In fact, the 19-year-old developer, Luca Todesco, claims to […]
Share Button
Continue reading →

Blackhat Vs Defcon in a Nutshell – 2016

The two names “Blackhat” & “Defcon” rings the bell as the scariest hacker conference for people around the world. People from various disciplines in security with their best researches are invited to speak at the event with room full of security savy folks.  Its often said that these two conferences receive 1000’s of applicants and […]
Share Button
Continue reading →

U.S. Government OPS Breach: 5.6 million fingerprints of Federal workers were stolen

The Office of Personnel Management and the Department of Defense are analyzing a data breach which has resulted in stealing of around 5.6 million fingerprint records of federal workers. Initial reports put the number at 4.5 million, however the latest report released on Wednesday 23rd September suggests that the number is as high as 5.6 […]
Share Button
Continue reading →

Western Digital My Cloud NAS can be hijacked using Command Injection and CSRF – VerSprite

WD My Cloud or Western Digital My Cloud is an efficient Network Attached Storage system. The objective of the WD My Cloud NAS is to provide a cloud storage system for private applications such as home based cloud storage or a small business storage. The data on this private cloud can be accessed by the […]
Share Button
Continue reading →

Google Chrome can be crashed with 16 characters

If you use Google Chrome 45 or any of the older versions, it can crash by simply typing a 16 character URL. The bug was first detected by Andris Atteka who reported it to Google, but he was not rewarded since it is not a security issue but a DOS vulnerability. The issue reported by […]
Share Button
Continue reading →

XcodeGhost malware infects Apple’s App Store infecting 100’s of apps,scares security experts

A malware has always been a major threat to devices, data and user accounts; but the threat increase manifold when a malware is more subtle and deep rooted like the one in an app creation tool! Such threats are real and already exist. XcodeGhost is an example of such malware. The counterfeit Xcode, termed as […]
Share Button
Continue reading →