[Guida] 5 comuni problemi su Android e come risolvere! (Ita & Eng)

Quante volte ci troviamo un messaggio d'errore o semplicemente quel brutto avviso che ci mette paura perché non sappiamo come risolvere...
1) Google Play Store Crash
Quante volte il Play Store continua a chiudersi e doppiamo riaprirlo, ecco una delle soluzioni per risolvere questo problema / As times the Play Store Crash and we must re-open?
- Impostazioni  / Settings
- Applicazioni / Apps
- Tutte le Applicazioni (Swipe a destra solitamente) / Swipe right to All Apps
- Trovate Google Play Store / Locate Google Play Store
- Eliminare Cache e Data / Wipe Cache and Data
- Riavviare il dispositivo / Restart the device
Se non funziona, si consiglia di pulire la cache/data anche di Google Play Service e Google Service Framework. / If this not work, wipe cache/data of Google Play Service and Google Service Framework.

2) Google Play Store non scarica le app / Google Play Store not downloading apps
Spesso il Play Store non ci installa le App, il fix per questo problema possono essere due / Sometimes Play Store won't install apps, there are two fix for this problem.
1] Pulire la cache di Google Play / Wipe Google Play cache
- Impostazioni  / Settings
- Applicazioni / Apps
- Tutte le Applicazioni (Swipe a destra solitamente) / Swipe right to All Apps
- Trovate Google Play Store / Locate Google Play Store
- Eliminare la Cache / Wipe Cache
- Riavviare il dispositivo / Restart the device
2] Eliminare la storia di ricerca di Google Play / Wipe Google Play history 
- Aprire Google Play Store / Open Google Play Store
- Impostazioni / Settings
- Cancella cronologia delle ricerche / Clear history

3) Ho installato un Malware! / I installed malware!
Spesso scarichiamo app di origini sconosciute senza usare il Play Store o semplicemente perché vogliamo quella app a pagamento tanto desiderata ma la scarichiamo illegalmente dal posto sbagliato e andiamo a installare un malware. Cosa fare? 
 In rete si consiglia di installare un antivirus, Lookout, questo perché è gratuito e in grado di trovare molti malware. Ma il nostro consiglio è ovviamente quello di disinstallare l'app interessata (quella scaricata dal posto sbagliato) e pulire la cache del nostro telefono. /
Often we download apps from unknown sources without using the Play Store or simply because we want the paid app so desired, but we download illegally from the wrong place and we are going to install a malware. What to do?
In the network is recommend install an antivirus, Lookout, because it is free and able to find many malware. But our advice is obviously to uninstall the app in question (the one downloaded from the wrong place) and clean the cache of our phone.

4) Il nostro Android non legge la scheda microSD / Android not reading microSD card
Spesso capita che la nostra SD è danneggiata o qualche File System è corrotto e quindi non viene letta nel modo corretto / It often happens that our SD is damaged or some file system are corrupt and is not read correctly
Il consiglio è di formattarla / The advice is format that
- Impostazioni / Settings
- Memoria / Storage
- Scroll fino quando troviamo "Cancella scheda SD" / Scroll and find "Format SD card"
- Formattare / Format

5) Devo resettare il dispositivo ma non so come fare / I need reset the device, how to do?
Quante volte capita di dover resettare il nostro Smartphone perché non funziona qualcosa o semplicemente dobbiamo venderlo? / How many times you need to reset our Smartphone why something does not work or simply have to sell it?
- Impostazioni / Settings
- Backup e ripristino / Backup and reset
- Ripristino dati di fabbrica / Factory data reset

Malware: una nuova versione di HummingBad in circolazione. Smartphone in pericolo

Tempo fa abbiamo parlato di un malware che stava infettando migliaia di telefoni Android, grazie alla sua capacità di fondersi e interagire perfettamente con il nostro telefono. Bene, inizialmente gli effetti di questo malware negli ultimi mesi sono stati controllati, ora abbiamo saputo che una nuova versione sta per diffondersi attraverso la rete. E sembra che i creatori di questo malware hanno cambiati i parametri e quindi il nuovo malware è in grado di tornare a mimetizzarsi nei nostri telefoni come un software apparentemente innocuo.

Questo è quello che abbiamo conosciuto oggi, è che secondo a queste fonti sono 20 applicazioni che sono state infettate con la nuova versione di HummingBad, ed ora è chiamato HummingWhale. Anche se la forma e la sostanza di questo nuovo malware non differiscono molto da quello originale, sì, sono stati in grado di vedere le differenze evidenti rispetto alla versione precedente. In particolare è stato sostituito da DroidPlugin un modulo sviluppato da Qihoo 360 a lanciare macchine virtuali su dispositivi Android.

La differenza principale ora è che questo nuovo malware invece di installare applicazioni, prima mostra pubblicità indesiderata, poi installa direttamente una di queste applicazioni utilizzando la macchina virtuale.

Il vantaggio per i creatori di questo malware è che questo permette ai creatori del malware di beneficiare dall'installazione di queste applicazioni massicciamente grazie ai programmi a pagamento. Il problema questa volta è che neanche i controlli di sicurezza di Google sono in grado di rilevare queste applicazioni infette e dannose prima che raggiungano il Play Store.

Questo è il problema più grande di un tipo di malware di questo tipo, non si può evitare di lasciare da parte le applicazioni che provengono da  terze parti o sono su una pagina di download diretto in rete, ma è attraverso le stesse fonti ufficiali che si infiltrano nel nostro telefono.

Servono davvero Antivirus e vari Cleaner? Ecco la risposta!

Spesso nel web, nei blog e forum c'è la solita discussione riguardo l'installazione di Cleaner che servono a "liberare" memoria e "Antivirus" che devono a proteggerci da vari malware. Bene gli utenti più conspevoli ed esperti dicono .....
Gli utenti più consapevoli ed esperti vietano l'installazione di questo tipo di programmi e per vari motivi, ma la prima domanda che ci facciamo è: Possiamo prendere Virus su Android?
La risposta è si, ma nonostante tutto avere un antivirus non serve a nulla, perché Android è un sistema basato su Linux, un sistema operativo dove l'infezione da virus è di base complicata e quasi impossibile, poi su Android siamo noi stessi a prendere malware con le scelte che facciamo e andando a installare app o aprendo contenuti sospetti.

Ma oltre a questo, i virus possiamo prenderli solamente se abbiamo uno smartphone con root e installiamo app fuori dal Play Store. Spesso ho visto che utenti che usano antivirus, nonostante tutto, si sono ritrovati malware all'interno, malware presi attraverso app installate tramite APK e trovate all'esterno del Play Store.

Mentre la seconda domanda che ci poniamo è: Task Killer e Cleaner vari, servono realmente a liberare memoria?
Siamo nel 2017, la maggior parte dei terminali ha 2GB di Ram come minimo ed è fornito di MicroSD, se non di una memoria di massa veramente grande, quindi l'utilità di questi cleaner è da tenere dubbia, anche quella dei vari task killer. Il modo migliore per liberare memoria è quello di pulire regolarmente la Cache del proprio dispositivo ed eliminare la cronologia e file scaricati che non ci servono più. Questi programmi spesso sono operativi 24h su 24 e quindi sono i primi a occupare memoria e processi durante tutto il tempo!

Una delle classiche schermate che ci ritroviamo nella navigazione web è appunto quella che ho usato nella copertina, "Il sistema è fortemente danneggiato da quattro virus" chiaramente fasulla, si tratta di un inganno per farvi installare app non controllate (Google controlla ogni app presente nel Play Store) e quindi danneggiare il vostro dispositivo e rubare i vostri dati. Per eliminarla dovete chiudere ogni finestra del browser, cancellare la cronologia e la cache.

Il nostro consiglio è quello di evitare l'installazione di app per la Pulizia, Task Killer e Antivirus, perché spesso e volentieri occupano più processi di quelli che devono eliminare e vanno così a consumare batteria e memoria.

Russian Hacker Used Corcow Trojan To Manipulate Currency Value For 14 Minutes.

 Russian hackers have managed to allegedly jacked up the Ruble-Dollar exchange rates for a whole 14 minutes to make handful of profit from  it.The hackers use malware to manipulate Russian currency value.

The hackers used malware to infiltrate a regional Russian bank and manipulate the ruble-dollar exchange rate by more than 15 percent in minutes, according to a cybersecurity firm investigating the attack. 

The swing in the exchange rates was immediately noticed by Russian central bank and it has started an investigation into possible market manipulation.

The Moscow Exchange has said that its systems were not hacked in the incident. A separate investigation by the central bank found no evidence of currency manipulation, blaming the swing — which lasted 14 minutes and caused the exchange rate to fluctuate from 55 and 66 rubles per dollar — on traders’ mistakes.

According to the researchers hackers used a virus called Corcow Trojan to accomplish their infernal task. 

Anti-virus softwares are not effective against the Corcow Trojan, which can hide undetected in a bank’s systems for more than six months.The hackers used Corcow Trojan to open a backdoor into Kazan-based Energobank’s systems in February 2015, and then place over $500 million in orders at non-market rates, Group-IB told Bloomberg.

Corcow trojan has reportedly infiltrated 250,000 computers worldwide and infected over 100 financial institutions.

“This is the first documented attack using this virus and it has potential to do much more damage, Once the malware has penetrated a local network, it is sophisticated enough to infect computers that are even not connected to the Internet.” said Dmitry Volkov, the head of Group-IB’s cyber intelligence department.

Forbes Website Dropping Malware on Visitor’s PCs

Web publications usually ask readers to disable ad blockers if visiting their websites with AdBlock on. It is understandable since publishers rely upon advertisements for income and therefore, want users to not turn on adblockers. But for a reader, it becomes quite irritating to let adverts ruin the reading experience.

Reportedly, Brian Baskin digital forensics expert was served with a malware when he obliged Forbes by turning off ad-blocker.

However, when we checked the site, nothing of this sort happened to us so probably Baskin experienced a javascript snippet or an undetected malware banner. But, for the end user, it doesn’t matter if Forbes is actually spreading the malware or is unaware of it because the damage is already done.

Back in 2007, if the malware mess wasn’t cleaned up by ad banner networks, web users had the liberty to block all ads.

Ad banner networks were given ten long years to fix the issue because they make more money than the publishers who display these ads on their websites, reports AdLand.

Yet, neither the publishers have invested in malware detection nor have ad banner networks come up with a suitable solution.

Ad blocker although has launched the “acceptable ads” program and Apple as well as other device manufacturers are already blocking ads on their devices but the publishers are still inactive in this regard.

This is not the first time when Forbes website was caught spreading malware. In February last year, cyber criminals exploited Flash and IE Zero-day vulnerabilities to install malware on anyone visiting the site.

Raspberry Pi was offered money for pre-installing malware on their computers

On Wednesday, the Raspberry Pi tweeted a photo of an email which offered the cash and ask the foundation to install a malware onto their computer before shipping them out. Which was kind a insane thing to ask to such a great foundation.“Amazing. This person seems to be very sincerely offering us money to install malware on your machines,” said Liz.


Certainly that it is not the real name as in the picture and overseen the success of Raspberry Pi have brought them into the limelight. By now they have sold over 5 Million units and the number are still rising


The best part of Raspberry Foundation is the vision they have and all the money raised from selling these units go to a good cause. The money is invested in its largest educational missions and research centers. The foundation also train teachers for free and provide free educational resources.

This email has proved how the hackers are eager to bring down this mini computer with immense capability. The best thing about the foundation is the cheapest price for the source of education.

‘Raspberry Pi Foundations ‘ Liz Upton has deemed them, But after reading, reading about the estimated $70 million torrent piracy sites are ranking for serving malware to free media seekers. He also added “It makes him wonder how many other legitimate tech companies are receiving similar offers.

The fact that this group of “evildoers,” as Raspberry Pi Foundations’ Liz Upton has deemed them, would be so bold as to offer charitable groups like Raspberry Pi money to plant malicious software gives a small window of insight into just how hard some bad folks are will to work at spreading their evil schemes. But after reading about the estimated $70 million torrent piracy sites are raking in from serving malware to free media seekers, the offer is not surprising. It makes you wonder how many other “legitimate” tech companies are receiving similar offers and are perhaps even taking bad guys up on those offers.

A Man Arrested For Hacking Into Email Accounts Of Celebrities.

 In 2012, a man was sentenced to 10 years for breaking into the email accounts of Scarlett Johansson, Christina Aguilera and other celebrities. Last year, authorities arrested a Romanian man, known online as “Guccifer,” for hacking into the accounts of Romanian and U.S. public figures. Even more recently, hackers leaked the private photos and videos of tens of celebrities.

Recently A man from the Bahamas has been charged after allegedly hacking into the email accounts of celebrities in an effort to steal private files, including scripts for movies and TV shows.

The man is accused of stealing personal information, scripts for upcoming movies and TV shows, unreleased music tracks, and sexually explicit videos from victims’ accounts. The personal information stolen by the attacker includes social security numbers and passport copies.

The suspect, 23-year-old Alonzo Knowles, aka “Jeff Moxey,” is said to have used malware and phishing to gain access to the email accounts of individuals working in the entertainment, media and professional sports industries.

“This case has all of the elements of the kind of blockbuster script the defendant, Alonzo Knowles, is alleged to have stolen: hacks into celebrities’ private emails, identity theft, and attempts to sell victims’ information to the highest bidder. Unfortunately, these circumstances are all too real,” said Preet Bharara, the US Attorney for the Southern District of New York.

Law enforcement learned of the hacker attacks after a man identified as Knowles approached a popular radio host offering to sell scripts for an upcoming season of a drama series. The radio host alerted the show’s executive producer and introduced the hacker to an undercover law enforcement agent.

The suspect allegedly told the agent that he possessed a list of phone numbers and email addresses belonging to 130 individuals.

Knowles was arrested in New York on December 21 while trying to sell 15 scripts and the SSNs of three professional athletes and an actress for $80,000 to the undercover agent. The suspect has been charged with one count of felony criminal copyright infringement and one count of identity theft. Each of these offenses carries a maximum sentence of five years in prison.

Snowden Unveils NSA "God Mode" Malware That Lives On Your Motherboard And Can Not Be Traced

New Snowden revelation “GODSURGE” gives NSA ability to see everything your computer does – even the screen

The NSA backdoor GODSURGE hooks in and propagates with DIETYBOUNCE

Original documents released by Snowden reveal surveillance powers that go beyond root access, and into the hardware of all computer systems everywhere.

The exploit hooks itself into a computer’s boot loader, initiating an “infected” BIOS that is in no way distinguishable from normal computer activity, and can only be discovered through forensic investigation of the physical data chip using electron microscopes.

With GODSURGE, a complex malware loaded by the similarly named malware DEITYBOUNCE, secret agents are able to monitor users’ computer activity – even when the computer is offline – because the malware phones home when users plug back in, reporting activity and filling in historical gaps.

It is safe from an operating system reinstall because it lives on the motherboard, and does not affect the installation at all, remaining undetected by antivirus scanners and even computer scientists.

When Ross Ulbricht was found hiding among the stacks in the Glen Park public library in San Francisco, the 29-year-old Silk Road operator was believed to have covered his tracks perfectly. Speculation is rampant as to how he was really caught.

Neckbeards with no working knowledge of Internet technology hypothesized that an “anonymous” forum post asking for help on specialized messageboard code led unseen internet police to backtrace his IP. It is an unlikely connection, but compelling conspiracy theory, because it is a common supposition that the Internet is a self-referencing, self-cleaning hivemind; but it is far more likely that ubiquitous, self-replicating code that bounces to destinations through “jump hosts” – a self-replicating “Onion Router” of malware – led to his discovery because it tells the NSA exactly what any given computer is doing – or trying to do – without being caught.

Or to put it another way, they see what you see.

Also See:

Here's How Google Can "Remotely Bypass" Pattern Lock Of Android Device

Critical 'Port Fail' Vulnerability Reveals Real IP Addresses of VPN Users

NSA to shut down bulk phone surveillance program by Sunday

Nmap7:The New Version Of Nmap Released After 3.5 Years

Mark Zuckerberg Quits His Job At Facebook, All Due To A Facebook Bug

Mabouia: The first MAC OS X ransomware

Mabouia: The first MAC OS X ransomware

It is a myth that the Apple's MACs are safer and affected less by malwares. On contrary,MAC OS is equally affected by viruses and malware attacks and there are several critical vulnerabilities discovered recently. However ransomware targetting MAC OS was not previously known. Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.

Mabouia: The first MAC OS X ransomware

Ransomware encrypts files stored on the machine, then displays a message informing the user that a decryption key must be purchased in order to recover access to the files held at ransom. A Brazilian Cybersecurity Researcher known as Rafael Salema Marques (@pegabizu),published yesterday a proof of concept about the existence of MAC OS ransomware. It is called Mabouia,the first ransomware that targets MAC OS X. This is a real and serious one, unlike the MAC OS FBI Ransomware  which was just a few lines of javascript code and essentialy a prank.

Mabounia Ransomware-How It Works

Mabounia Ransomware is coded in C++ and uses the Cryptographic Algorithm XTEA  with 32 roundsto encrypt the user files. Mabounia ransomware will only modify the user’s personal files hence it does not need superuser privileges for the execution of malicious code.Thus infection occurs with just one click.

MAC Users Beware.

According to the creator of Mabouia,Mac users are a good target for ransomware, because generally they have a higher purchasing power and use the computer in a superficial way. The researcher’s goal is to alert the 66 million users of Mac OS X about the dangers of such a ransomware.

How Mabounia Ransomware affects MAC OS X Can be watched live from the below link. (PoC)

Popular Android Application Including Whatsapp,Twitter,Facebook And GoogleNow Infected By "Trojanized Adware"

Lookout Security researchers discovered new malicious adware in android application.This malware is spreading through the popular android application and worst part is "it already infected more than 20,000 android application".

Security experts at Lookout dubbed this adware as Shuanet. After research and analysis experts said Trojanized Adware is spreading through the trojanized versions of popular Android apps .Even android application protected with two-factor authentication are also infected with Shuanet.Some of the android application infected with shuanet are given below:

• Twitter
• WhatsApp
• Candy Crush
• Facebook
• GoogleNow
• Snapchat and many more

Shuanet is able to gain root access to the infected device phone without the user’s knowledge, the threats install themselves as system service applications and are very hard to remove from the devices.

The Lookout Researchers said that this ,Trojanized adware Shuanet are distributed through third-party repositories. 

The trojanized versions of the mobile apps are fully functional, for this reason, they don’t raise suspicion. It is important to note that threat actors behind the campaign avoided compromising antivirus apps, a circumstance that suggests a high level of planning when creating these malware campaigns.

“Lookout has detected over 20,000 samples of this type of trojanized adware masquerading as legitimate top applications, including Candy Crush, NYTimes, Okta,  WhatsApp, and many others.” 

Lookout’s Michael Bentley wrote in a blog post. “Malicious actors behind these families repackage and inject malicious code into thousands of popular applications found in Google Play, and then later publish them to third-party app stores.”

“While historically adware hoped to convince the user to install new applications by showing banners and annoying pop ups, now it can install these third party apps without user consent. In this way it can heavily capitalize on the Cost Per Install paid out by web marketing companies,” Lookout’s Michael Bentley said in a blog post. 

“Unfortunately, should the revenue model change on clicks-per-install and ads, this may lead to malware authors using this privilege escalation for new monetization strategies.”

According to the experts, it is easy to predict that this type of trojanized adware will become even more sophisticated over the time.“We expect this class of trojanized adware to continue gaining sophistication over time, leveraging its root privilege to further exploit user devices, allow additional malware to gain read or write privileges in the system directory, and better hide evidence of its presence and activities.”

Kemoge and Shuanet adware share at least three exploits to root devices.

The expert observed the majority of the Shuanet adware infections in the United States, Germany, Iran, Russia, India, and Indonesia.

Lookout researchers believe that threat actors behind the adware campaigns Kemoge, Shedun and Shuanet are different groups, anyway the adware families appear to be linked. 

In some cases, the variants of malware analyzed share between 71 and 82 percent of their code, a circumstance that suggest the authors used the same pieces of code to build their versions of the auto-rooting adware.

Flaws In Western Digital self-encrypting external hard disk drives could expose user data

Security Researcher Gunnar Alendal,Christian Kison and modg checked the working of WD self-encrypting external hard disk and discovered the design flaws which allow them to decrypt the data without user password.Even researcher discovered that ,flaw allow them to crack the user password using brute force attack.

Researchers easily found the design flaw based on the microchip used for encrypting the data of user.

In some cases,researchers found that,the encryption is performed by the chip that bridges the USB and SATA interfaces. In other cases the encryption is done by the HDD's own SATA controller, with the USB bridge handling only the password validation.

The researchers examined WD external drive models with six different USB bridges from JMicron Technology, Symwave, Initio and PLX Technology. Due to setup change between the different chips, Researchers Discovered serious security issues varied from device to device based on the implementation technique, the researchers said in a recently released paper.

How WD Encryption Works?

The way encryption works in these drives is that a user-selected password is used to create a key encryption key (KEK). This is a cryptographic hash of the password generated with the SHA256 function.

The KEK is then used to encrypt a separately generated data encryption key (DEK). This encrypted version of the DEK, known as the eDEK, is stored in the USB bridge's EEPROM, in a hidden sector on the hard disk itself or in a special disk region called the service area.

The eDEK is decrypted when the user inputs the correct password in the drive's software that runs on the host computer and the resulting DEK is then used by the chip to perform the encryption and decryption operations on the fly.

Here's the Flaw

For four of the tested USB bridges the researchers found methods of extracting the eDEK, allowing for offline brute-force attacks to guess the KEK and subsequently recover the DEK.

As Per Researchers, all WD drives use a hardcoded salt -- a unique string that gets combined with the user-supplied passwords before hashing for added complexity -- and a fixed iteration count for the hashing itself.

Attackers could use large collections of common passwords to pre-compute their corresponding KEKs. These could then be used to try to decrypt the extracted eDEKs and ultimately the data stored on the drives.But in some cases ,attacker need not have to use brute-force tool  and password guessing to decrypt the data because researchers also found authentication flaw in WD external hard drive which provide researcher backdoor access to the encrypted data.

Out of 6 chip,in one chip, KEK is stored in plain text in its EEPROM, making its recovery easy. In another chip, the KEK was stored in encrypted form, but it was encrypted with a hardcoded key that can also be extracted. For a third chip the KEK can be extracted from RAM using a vendor-specific command.

For one JMicron chip, the researchers managed to use a commercial data recovery tool to delete some bits from a drive's service area, completely unlocking the drive's data. This compromises the encryption without the need to recover any password or KEK.

The firmware update process on the tested hard drives does not use cryptographic signature verification and can therefore be hijacked. This could allow attackers to implant malware inside the firmware to infect host computers or to add cryptographic backdoors. There is no easy way to recover from such firmware modifications, the researchers said.