“Fysbis” Malware Allow Hacker To Spy On Linux PC

A new malware family known as Fysbis (or Linux.BackDoor.Fysbis) is aiming Linux machines by setting up a backdoor that allows the malware’s author to snoop on victims and perform further attacks.

Fybis showed its first signs in November 2014. However, the security researchers from Palo Alto Networks only recently have been able to understand who is behind the danger and how this threat works.

Researchers after carrying out a detailed inquiry guess that this is not your run-of-the-mill malware that affects computers for the criminals’ monetary gain (adware, Bitcoin mining, banking operations), but a much more sophisticated threat, that’s only used in cyber-espionage campaigns.

However, you are probably safe, if you are a regular Linux user that enjoys playing games on Steam. While on the other hand, if you work in big multi-national corporations or are a government employee and take care of the highly-sensitive Linux servers, data centers, then you should expect at one point or another to come across Fysbis on your machines.

According to Palo Alto researchers, this malware family was developed by none other than the infamous APT 28 cyber-espionage group, also known under the names of Sofacy or Sednit. This group is a fairly well known cyber espionage group believed to have ties to Russia. Their targets have spanned all across the world, with a focus on government, non-profits, defense organizations and various Eastern European governments. There have been numerous reports on their activities, to the extent that a Wikipedia entry has even been created for them.

Most high-profile targets of its short list includes NATO, the Dutch Air Safety Board, the Electronic Frontier Foundation, the Polish government, and many financial institutions and banks.

Many security researchers believe the group may be linked to the Russian government, or at least cooperating with it, as not only many of the group’s targets are associated with Kremlin’s interests, but also because there are several Russian words in the source code of APT 28’s hacking tools.

The fact that the malware can work with or without root privileges is one of the interesting things to note about Fysbis’ make-up. The malware will install itself using whatever user it can, once it comes on the infected system, either by attacker brute-forcing services with exposed ports or by spear-phishing.

Fysbis is a modular Linux trojan / backdoor that implements plug-in and controller modules as distinct classes. This malware includes both 32-bit and 64-bit versions of Executable and Linking Format (ELF) binaries. After the installation, it will performs a few tests to see what kind of capabilities its current user has, and reports the results to a C&C server.

Technically, Fysbis can open a remote shell on the infected machine, can run commands on the attacker’s behalf, find, read, save, execute or delete files, and log keyboard input.

While the malware is quite simple, it still has all the required functions to penetrate systems and exfiltrate data, the security analysts have observed.

If a modular infrastructure believes that the machine is worthy of more probing around, it also allows APT 28 to push other features to targets that are infected.

The malware can receive new modules, and has a small size, because it works irrespective of it having root privileges. One can see why APT 28 values its versatility and selected to add it to its attack resource.

“Despite the lingering belief (and false sense of security) that Linux inherently yields higher degrees of protection from malicious actors, Linux malware and vulnerabilities do exist and are in use by advanced adversaries,” Palo Alto researchers note. “Linux security in general is still a maturing area, especially in regards to malware.”

"Interapp-The Intelligence System",That Can Hack Any Smartphone With Open WiFi

Tel Aviv-based Rayzone Group is marketing a nifty little gadget known as InterApp that may leverage outdated cellular gadgets and intercept and extract data from close by cellphones or tablets.

Today, one of the most troubling issues for smartphone users is its privacy and that points to the apps and websites they visit from the smartphone.

Almost all websites and apps gather user’s data to get make money by using the data themselves or by selling it on to advertisers.

Though, the market for the data buyer is not only limited to internet market. It also involves law enforcement and even government officials. However, there is a company which claims to have developed an intelligence system with the ability to steal data from the smartphone of any user.

"Interapp-The Intelligence System", THAT CAN STEAL ANYTHING

Now with so much to offer for this data, an Israeli group “Rayzone” has developed a system known as “InterApp” which can steal intimate information of any phone user, which is in the system’s proximity. The collected data includes user email address and password, contact list, Dropbox, operating system of the phone, photos, Internet history browsing, locations and a lot more.

According to the system’s website it can collect “intimate information of any phone user… in the system’s proximity.”

What’s most troubling is that the system does not require much to attack a phone, just a phone user with wifi enabled on the device is enough:

“INTERAPP IS FULLY TRANSPARENT TO THE TARGET AND DOES NOT REQUIRE ANY COOPERATION FROM THE PHONE OWNER,” “THE ONLY REQUIRED CONDITION IS THAT THE WIFI TRANSMITTER OF THE MOBILE DEVICE WILL BE OPEN (NO NEED TO SURF THE WEB).”

CAN BE USED BY ANYONE

For anyone who wants to use the system,  they just need little technical training and then can run the system on its own. But, that doesn’t mean it’s been developed for spammers or hackers rather it serves as  part of a wider strategic system, installed in a variety of points of interest with large geographical coverage with one analysis and control center. (Safe city / airports / etc.).”This system was also put into practice in the recent Paris attacks from tracking down the ISIS members.

NOT GIVEN GREEN FLAGS YET

But it’s unclear if this system will live up to expectation because many security experts haven’t given it the green light yet. Claudio Guarnieri, a security researcher told Motherboard that,

“EITHER THEY COLLECT DATA FROM APPS THAT LEAK IT IN CLEAR[TEXT], OR THEY COMPROMISE THE DEVICE, BUT IT DOESN’T SOUND LIKE [THE LATTER]. “IN MANY CASES WHEN WE GET TO LEARN MORE, IT TURNS OUT THEY’RE NOT AS GOOD AS ADVERTISED. THE POWER OF THIS SYSTEM RELIES ON HOW CREDIBLE THE VULNERABILITIES THEY CLAIM THEY HAVE BEEN.”

SOMETHING FISHY…

One of the trickiest parts of this system is that the group has kept the functions of the system hidden.  When Motherboard emailed Ron Zika from Rayzone he said the system is only for government use and can’t be disclosed to any journalist.

Similarly, when International Business Times UK tried to contact the group via the main number only to find it was  disconnected and their Facebook was either disabled or made private. Their website and twitter page are however still up but the group is in no mood to disclose the features of the server.

Hopefully, the system’s features are all hype but just in case the system really does work as claimed by the group there will be major privacy breaches in future.

You Paid For Your Smartphone But Whoever Controls The Software "Owns The Phone"

British spies can hack into your smartphones remotely with just a simple text message and can make audio recordings , take pictures or record video without owners knowing, former US intelligence contractor Edward Snowden said on Monday.

No matter who's the owner the power to control over your smartphones is in their hand."They want to own your phone instead of you," Snowden said in an interview with the BBC's Panorama programme, referring to Britain's Government Communications Headquarters (GCHQ) agency.

Snowden also said that GCHQ used many different interception tools such as "Smurf Suite", after the blue cartoon characters, The Smurfs.
"Nosey Smurf" enabled spies to switch on a smartphone's microphone even if the phone was off, he claimed.

Some other programmes used by GCHQ were named as "Tracker Smurf" and "Dreamy Smurf", which allows them to switch on and off your smartphones remotely, Snowden said.
He said the text message sent by GCHQ to gain access to the phone would not be noticed by its owner. It all works in background of your smartphones as a backdoor service. 

"It's called an 'exploit'," he said.
"When it arrives at your phone it's hidden from you. It's invisible it doesn't display. You paid for your phone but whoever controls the software owns the phone," he added.

The government had declined to comment in line with usual policy on intelligence matters, the BBC said.
After leaking docments to the media about government spy programme, Edward Snowden, has been charged by the US with espionage and theft of government property, has been living in exile in Russia since June 2013.

The British Government & its security agency are planning on implying a new law that would give more powers to intelligence agencies to track online activity to investigate crime.