Beware! Hackers are using Facebook Messenger to Spread Locky Ransomware



Have you came across any Facebook Message with an image file of .SVG file format ? If not then you are lucky and if you received it then avoid clicking it.

If clicked, the file would eventually infect your PC with the nasty Locky Ransomware, a family of malware. In a short period of time, Locky has become one of the favorite ransomware tools of spammers. It usually spreads via spam emails with a disguised downloader.

This attack was first discovered by malware researcher Bart Blaze. Surprisingly, the malware manages to bypass Facebook’s file extension filter.

But Why SVG File Format ?


The answer is simple. SVG files have the ability to contain embedded content such as javascript which can be opened in the browser directly.

So hackers have added a JavaScript code inside the image file which redirects you to a malicious website mimicking YouTube.Then the site push a popup, asking you to download and install a certain codec extension in Google Chrome in order to view the video. The malicious extension used two names, Ubo and One.



Once installed, the extension gives the attackers ability to alter your data regarding websites they visit, as well as takes advantage of browser's access to your Facebook account in order to secretly message all your Facebook friends with the same SVG image file.

The worst thing here is that according to a malware researcher, the SVG file redirects to a malicious website which downloads a copy of Locky ransomeware on the victim's PC.
In case if you dont know what is a ransomeware. A  Ransomware is actually a  type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a good amount of money is paid to the attacker.

Locky ransomware is one of the most popular ransomware that locks all files on a victim's computer with RSA-2048 and AES-1024 encryption algorithms and unlocks them until the ransom is paid to attackers.

Remove the malicious extension immediately


If you are one of those who have already  installed one of the two malicious extensions, you can remove it by doing the following.

To remove the extension, just go to Menu → More Tools → Extensions and check for the extension and remove it.

Here's how to stop Facebook from secretly listening your conversation

Facebook is  using people’s smartphones to listen to what they say. But don't worry, here is an easy solution to stop it


It seems like Facebook have decided to take their advertisement service to the next level. We are already familiar with news that says that Facebook now tracks you even if you don't have an account or even if you have logged out of your account. There's nowhere to hide across the web, especially from the marketing and advertising companies.

Sounds scary right ? Well there is more to it. Facebook now uses people's phone mic to listen to conversation. Yes you heard it right.

Professor Kelli Burns has accused the social networking giant of listening to mobile phone audio of users through one of its features that are only available in the US. Prof. Burns teaches Mass Communications at the University of South Florida and he has managed to open a Pandora’s Box by suggesting that Facebook app might have been prying over unsuspecting users.

Professor Burns has said that the tool appears to be using the audio it gathers not simply to help out users, but might be doing so to listen in to discussions and serve them with relevant advertising. She says that to test the feature, she discussed certain topics around the phone and then found that the site appeared to show relevant ads.

Prof. Burns also proved this by enabling microphone feature on her mobile phone and spoke that she would like to go on a safari: “I’m really interested in going on an African safari. I think it’d be wonderful to ride in one of those jeeps.

Within 60 seconds there appeared a post on her Facebook feed about a safari story, which was posted around three hours before.



But according to the social network’s spokesperson: “Facebook does not use microphone audio to inform advertising or News Feed stories in any way. Businesses are able to serve relevant ads based on people’s interests and other demographic information, but not through the audio collection.”

This feature was introduced in 2014, around two years back and it is being purported by Facebook that it never “always” listens to or stores “raw audio” at all, but it does listens.

Here is how you can stop facebook from listening via your phone's mic


You can easily turn off the microphone on your mobile phone and if you do so, Facebook won’t be able to turn it on even if it wanted to. 


If you use iPhone, turn off microphone by following this pattern:

Settings> Privacy> Microphone.

If you are an Android users , you need to do this:

Settings> Privacy> Facebook> Permissions.

Beware, Fake Facebook Apps could serve up malware or steal your personal information



Most of the time we see our friends use various Facebook apps like 'top 5 friends', 'Your crush', 'people who have visited you profile' etc. Sometime these apps are fun and sometime quiet annoying too.

We use these apps just for fun and once we get the result we often forget about it. But have you ever wondered why someone out there spent lots of time create the app ? That too without any profit ? Well there are many profits.

Why These apps are created?

1. To earn money from ads

Whenever we try these apps, we are redirected to their websites which most of the times are filled with multiple ads. This is one of the main reason why these apps are made. These apps developers want users to go to the site so that they earn from the ads that are present in their site.

2. Earn money from affiliate

Also these sites are filled with affiliates as they know the interest of the visitors so they can easily sell target based products and earn from it.Affiliate marketing is the process of earning a commission by promoting other people's (or company's) products. You find a product you like, promote it to others, and earn a piece of the profit for each sale that you make.

3. Steal your personal information


This apps are mainly used to steal personal information. Whenever you try these apps they will ask for authorization which looks something like this.


Now most of the time they ask for little permission which are not actually required and giving them these permission can be very dangerous. For example if an app asks permission to access your inbox, it can be very dangerous as they can read all your messages and can also send messages on your behalf.

4. Spread malware


Once these apps get permissions like 'they can post on your behalf', 'they can comment on your behalf', these apps starts too spam with the help of your account. You might have seen in the comment section of some popular pages which are filled with recharge site links. These comments are actually done by these apps via user's account.

How to protect yourself from these apps?



There are many apps available which promises to do fancy stuffs. Always be careful while giving permissions to such apps. If an app requires permission to access your inbox, albums, phone number, status update, chances are there that its a fake app and they are just collection information about you and will use your account to spam others. Never use 3rd party apps which are not required.

But if you are already affected by any of such apps then follow these steps to recover your account.

 1. Go to your account and click on settings




2. Now click on the apps option present on the left side of the page.


3. Now you will get the list of all apps that you are using. Remove the apps which you are not familiar with.

 
Once you’ve removed the app or game, it should no longer post to your Timeline. If you still see a past story, you can remove it manually.

As an added security measure, you should also change your password and do a quick scan of your computer with a reputable up-to-date anti-virus solution just to make sure the app didn't leave any other baddies on your machine.

Conclusion


Facebook apps are great, they can make most of the work easy for us but many people are using these feature for a wrong purpose so we need to be very careful while using these apps. Also most of the time we use unnecessary apps. If you want to know who are your best friends you don't need any Facebook app to tell you that, do you ? Just go out and talk to your friends you will know it your self. Do you really need to use an app to know who is your crush ? I don't think so. Always use apps which are made by trusted sources.




 


Here is how and why Angaraag Mahanta's official Facebook Page was Hacked



On 23rd January I woke up in the morning and as usual I was scrolling through my facebook feeds. I saw few spammy links getting shared from the official facebook page of Angaraag Mahanta. For those of you who don't know,  Angarag Mahanta, known by his nickname Papon, is an Indian singer, composer and record producer from Assam. He is the lead singer and founder of the folk-fusion band called Papon and The East India Company. He recently won Best bollywood playback singer for the song "Moh Moh Ke Dhage" – Dum Laga Ke Haisha.

At first I thought why would he shared such links? and when I saw that few more links of the same website is getting shared, I was sure that either his page got hacked or it was infected by some malicious app.


Few hours later and more links of the same domain ( laughwithvoice.com ) were getting shared. The situation was getting worse as mostly NSFW contents were getting shared.

Here are few of the post which were shared on the page.





So I reached out to Angaraag Mahanta to know what exactly is happening. It turns out that I was right. His facebook page got hacked and the hacker removed Papon from being the page admin.

Here is the tweet that he made after his page got hacked.


How The Account Was Hacked ?


The hacker did a phishing attack to get the email ID and Password of the personal facebook account that was used by Angaraag Mahanta. 

Phishing is a form of attack in which the attacker tries to get information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels. Typically a victim receives a message that appears to have been sent by a known contact or organization. An attachment or links in the message may direct them to a malicious website set up to trick them into divulging personal and financial information, such as passwords, account IDs or credit card details. 

Generally in phishing attack, the attacker makes a fake login page which looks exactly same as a legitimate one, only the URL of the page differs. The only way to know if the page is a genuine one or fake is is by looking at the URL.

But here the case was different. Here the attacker did not create a login page in some other URL. To make it look more genuine, the hacker created a facebook app and hosted the phishing page inside it. So the link appeared as http://www.apps.facebook.com/xxxxxxxxxx

After looking at this link, most of the people will be convinced that its genuine and not a fake one.

Here is the phishing page that was used to get the email and Password of Angaraag Mahanta.



As you can see it is a well crafted phishing page and a non technical person can never make out that its a phishing page.

Why The account was Hacked ?


The account was hacked mainly for profit and earning money. After his page was compromised, many news channels thought that may be some rivals of him might have done it. But I have a different theory.

Even After getting full access to the page, the hacker did not write anything against him on the page. All he did was, shared links of a particular site ( laughwithvoice.com ) . According to me, The sole purpose of the hacker was to make money from the traffic that he would get from the page. Angaraag Mahanta's facebook page have a huge number of active followers and anything that he shares gets thousands of likes and shares. The hacker wanted to take the advantage of that.

After looking at the WHOIS record of the site ( laughwithvoice.com ), we get to know that the site was created on 21st January. The hacker added a adsense account to it which means that he would earn from each visit that he gets on the site. Next the hacker wanted lots of traffics on his site so that he can earn. So he targeted Angaraag Mahanta's facebook page and managed to grab a lot. (I think)


As the hacker removed the admin from the page so it took us some time to get it back . We contacted Facebook Head Office regarding this and after working for 2 days  I was able to get back the page  on 25th January night and secure it. 

Once we got admin rights , I was inside the page and I saw that the hacker made almost 15 schedule post on the page. I removed all of those and also made changes on the page and secured it.

On 26th January Angaraag Mahanta made a post and thanked me for helping him recover the page.


Hello people! Happy to announce that after 4 frustrating days of crazy links posted on my page and multiple attempts...
Posted by Angaraag PAPON Mahanta on Monday, 25 January 2016

He met me on 31st january, at Rongali . He is such a humble person. I am happy I was able to help him.

Me and my friend with Papon Da

Final Words


The hacker calculated a lot before he carried out the attack. The website ( laughwithvoice.com ) was created 2 days prior to the attack and the hacker made the WHOIS record as private so that it become hard to trace. also since the website was new, there were no previous records of the site on the net.

Facebook page managers of celebrities should be very careful while clicking on suspicious links as most of the cyber criminals and fraudsters target such popular pages.

This flaw in Facebook allows anyone to manipulate the life event of any user



A minor yet interesting bug has been discovered by a security researcher which can be used to  manipulate the life event of any user who has his work status posted on Facebook. Although the bug, uncovered by the independent hacker Sachin Thakuri, is not a technical flaw but it can use to fool people into believing some fake news.

In the proof of concept he manipulated the life event of Mark Zuckerberg.

Here’s the original URL of Mark Zuckerberg’s original life event which says "Started Working at Facebook". and here is the  Manipulated URL which says "Left Job at Facebook"

 So how was he able to do this?


All Thakuri did is took the original URL of Mark Zuckerberg life event:
 https://www.facebook.com/zuck/timeline/story?ut=32&wstart=-2051193600&wend=2147483647& hash=971179541251&pagefilter=3&ustart=1&__mref=message_bubble
..and remove the ustart=1 parameter, which left him with
https://www.facebook.com/zuck/timeline/story?ut=32&wstart=-2051193600&wend=2147483647&hash= 971179541251&pagefilter=3&&__mref=message_bubble

As the flaw is not yet fixed, I tried to replicate the same in one of my friend's life event.


Here is the original life event post made my friend.

Original life event

And here is the fake life event made by me by manipulating the URL

Manipulated life event



 Thakuri reported this bug to the Facebook security team, but the bug has not been fixed as of yet. Even though this is not a serious or privacy flaw but the gravity of the issue is that on a client side the post appears to come from a valid user and there is no way to figure out that the post has been manipulated and has not been posted by a user.

This can be dangerous as it could be used maliciously by some people in order to fool victims into believing that someone has quit his or her job.

Facebook Will Now Notify You If government is Spying on You



Do you fear that  some suspicious activity is going on in  your Facebook account? Well, many of you would be aware of the fact that Facebook account hacking using phishing scams is on the rise these days. But the good news is that Facebook has just announced a very important thing about its platform. Now the social network will inform users if it believes that the account has been compromised by a government agency for snooping purpose.

Facebook now recommends users to turn ON "Login Approvals," so that their Facebook accounts can only be accessed using stronger two-factor authentication.

“The security of people’s accounts is paramount at Facebook, which is why we constantly monitor for potentially malicious activity and offer many options to proactively secure your account,” Facebook writes in an official blog.

But the important question that arises here is :

How exactly does the social network know that an account is being targeted by a government-sponsored hacker?


As of now Facebook has not disclosed how it would be able to differentiate between accounts compromised by a nation-state's hacker and smaller-scale attacker, saying that it has to "protect the integrity" of its methods and processes.

Facebook confirms that this notification does not indicate the whole social networking platform was compromised. It is only related to specific user’s account receiving notification.

Lets hope you never get this notification but in case you do, then take the matter seriously.