Archives for 


First Mac malware of 2017 Quimitchin /Fruitfly was discovered targeting biomedical research centers

Security researchers from Malwarebytes have identified strange traffic originating from a Mac. The unusual traffic was identified by IT admins when investigated led to espionage malware describes as Quimitchin. (Apple calls this as ‘Fruitfly’) The malware appears to have been existed for a while and undetected for quite a long time. One of the timestamp was dated back to Jan 2015, however there are lot of unknowns about its origin at this time.

The purpose of this malware appears to be performing screen captures & webcam access which is a characteristic of most espionage tools. As per investigation, this tool has been targeting primarily scientific research hence it’s unsure who is behind this espionage malware.

The Mac malware primarily has  two files, .client & .plist files.

  1. .plist files keeps .client running all times
  2. .client has the actual payload which is minified& obfuscated perl scipt. The perl script communicates with CnC servers.

The script primarily takes screenshots via shell commands. It has code to the same operation using Mac screen capture command & Linux ‘xwd’ command. It can even get system uptime information using the Mac ‘uptime’ command and Linux “cat/proc/uptime” command.

“The most interesting part of the script can the found in the __DATA__ section at the end. Found there are a Mach-O binary, a second perl script and a Java class, which the script extracts, writes to the /tmp/ folder and executes. In the case of the Java class file, it is run with apple.awt.UIElement set to true, which means that it does not show up in the Dock.” – Malware bytes explained.

These are some truly ancient functions, as far as the tech world is concerned, dating back to pre-OS X days,” he wrote in the blog post. “In addition, the binary also includes the open source libjpeg code, which was last updated in 1998.” List below

  •  SGGetChannelDeviceList
  • SGSetChannelDevice
  • SGSetChannelDeviceInput
  • SGInitialize
  • SGSetDataRef
  • SGNewChannel
  • QTNewGWorld
  • SGSetGWorld
  • SGSetChannelBounds
  • SGSetChannelUsage
  • SGSetDataProc
  • SGStartRecord
  • SGGetChannelSampleDescription

(Quimitchin – were Aztec spies who would infiltrate other tribes. Given the “ancient” code, we thought the name fitting.)

Detailed technical details is available at Malwarebytes

Apple has released an update for Quimitchin malware that will be downloaded automatically and installed to protect against such infections.

Share Button

WhatsApp vulnerability is real and Facebook claim of end-to-end encryption doesn’t work

After Guardian’s post early on Whats App vulnerability was published last week, security experts from all over the word have been discussing the validity of this vulnerability and intensions behind it. Facebook denied this as a vulnerability going against Guardian and the intension behind it as design decision. However some of the most respected security […]
Share Button
Continue reading →

Approx. 68 million Dropbox accounts available to download by anyone wordwide

During the month of August, motherboard one of prominent online magazine released a report that more than 60 million account details were stolen from the cloud storage provider Dropbox. However now approx. 68 million Dropbox accounts are available to download by anyone.( Exact number as publish on ibtimes :68,680,741 accounts) During the month of September, […]
Share Button
Continue reading →

Windows 10 – Evil to the Core for Privacy and pain for the users

Last evening I left my desktop running the whole night on a photoshop job. Today morning my desktop was showing “blue screen of death ” with a message and a hung desktop. “Your PC ran into a problem and needs to restart, we’re just collecting some error info, and then we’ll restart for you” Microsoft […]
Share Button
Continue reading →

The mobile game ‘Clash of Kings’ was hacked and 1.6 million user info exposed

The Clash of the Kings is one of the most liked game on the mobile environment with more than 100 million downloads but recent hack exposes its 1.6 million gamer information exposed. The hacker exploited outdated vBulletin software(forum’s) and the vulnerability  dates back to late 2013 which includes easily exploited security flaws. The exposed data includes usernames, […]
Share Button
Continue reading →

50 million users users impacted by WINRAR bug

On 28th September 2015, a vulnerability was detected in WinRAR SFX v5.21. It is the latest version of WinRAR, a commonly used file compression tool. Attackers can exploit the vulnerability and compromise a computer with WinRAR installed on it. The bug is in the “text and icon function” under the module “Text to display in […]
Share Button
Continue reading →

Western Digital My Cloud NAS can be hijacked using Command Injection and CSRF – VerSprite

WD My Cloud or Western Digital My Cloud is an efficient Network Attached Storage system. The objective of the WD My Cloud NAS is to provide a cloud storage system for private applications such as home based cloud storage or a small business storage. The data on this private cloud can be accessed by the […]
Share Button
Continue reading →

Stagefright Security patch leaves more than 950 million Android devices vulnerable hacked by a text- CVE-2015-3824

Warning: Illegal string offset 'file' in /home/crypton1/public_html/ on line 92
Stagefright Security patch leaves more than 950 million devices vulnerable hacked by a text The Stagefright vulnerability allows attacker to hack a phone with a text. Wiki (CVE-2015-3824) The patch issued by Google for Stagefright doesn’t fix the vulnerability leaving more than 95% of the Android devices vulnerable. The Android devices running version 2.2 to […]
Share Button
Continue reading →

3 Key Take Away’s from RSA Conference 2014 – San Francisco for CISOs and Security Enthusiasts

Author : Arun Hegde , Security Architect @arun25 Here is a quick summary about my experience at RSA Conference 2014 – San Francisco last month  Highlights of RSA 2014 : Some of the highlights at this year at RSA was cloud security, mobile security ( specially for enterprise), more companies providing SIEM solutions  and lot of new […]
Share Button
Continue reading →

Hacking Facebook user “Access Token” using Man in the Middle Attack

Facebook had a long list of vulnerabilities and their Security team is incapable in dealing with the real world security. Unfortunately their mission of making the world open also aligns with Security principles as well. This is just the opinion and may not be the reality. This vulnerability still exists and the author says in […]
Share Button
Continue reading →