Mobile ransomware can now be created automatically without the need to write code.
Having little to no coding experience is no longer a problem for wannabe mobile malware authors, thanks to Trojan Development Kits (TDKs). Criminals can now install an app that will allow them to quickly and easily create Android ransomware with their own devices. It should be noted that the use of TDKs is different from malware being created using the Android integrated development environment (AIDE),
I first noted the emergence of these TDKs earlier this year, with the most recent one spotted just several days ago.
The whole process of creating new variants has been automated by adopting a CASE (Computer-Aided Software Engineering) tool model or, to be more precise, a DAME (Device-Aided Malware Engineering) tool model.
On-device malware generation kit
Wannabe malware authors can start using TDKs by firstly downloading the free app. The apps are available from hacking forums and through advertisements on a social networking messaging service popular in China.
The app, which has an easy-to-use interface, is no different from any other Android app apart from the fact that it creates malware.
To generate the malware, all the user needs to do is choose what customization they want by filling out the on-screen form.
Options available for customizing include:
The message that is to be displayed on the locked screen of the infected deviceThe key to be used to unlock the infected deviceThe icon to be used by the malwareCustom mathematical operations to randomize the codeType of animation to be displayed on the infected device
Once all of the information has been filled in, the user hits the “create” button and, if they haven’t already done so, is asked to subscribe to the service. The app allows the user to start an online chat with the app’s developer where they can arrange a one-time payment. Once the user has subscribed, they can continue with the process, making as many ransomware variants as they desire.
After the payment has been made, the malware is created and stored in the external storage in ready-to-ship
It is then up to the user how they want to spread their newly created ransomware. Anyone unlucky enough to be tricked into installing the malware will end up with a locked device held to ransom. The malware created using this automation process follows the typical Lockdroid behavior of locking the device’s screen with a SYSTEM_ALERT_WINDOW and displaying a text field for the victim to enter the unlock code.
The entire process of creating a ready-to-use piece of malware is done on a smartphone without any requirement to write a single line of code.
The TDK samples I’ve analyzed so far are all aimed at Chinese-speaking users but modifying the interface language would be simple. If it is not already the case, it is likely different language versions will soon be made available.
The emergence of easy to use malware development kits such as these lowers the bar for aspiring cyber criminals wanting to enter the ransomware game. Individuals with little technical knowledge can now create their very own customized Android ransomware. However, these apps are not just useful for aspiring and inexperienced cyber criminals as even hardened malware authors could find these easy-to-use kits an efficient alternative to putting the work in themselves. We expect to see an increase in mobile ransomware variants as these development kits become more widespread.
Mitigation
To protect against this kind of threat on mobile devices, Symantec recommends users observe the following security best practices:
Keep your software up to dateRefrain from downloading apps from unfamiliar sitesOnly install apps from trusted sourcesPay close attention to the permissions requested by an appInstall a suitable mobile security app, such as Norton, in order to protect your device and dataMake frequent backups of important data
Protection
Symantec and Norton products detect Trojans created using these kits as the following:
As we all know they are many Android app on Google playstore use for screen recordings,but most of those app need root access to work and apart form that some of these apps don't gives clear HD display. Some of them can even crash,freez,or cause your phone to lag. But on this post am going to introduce you to a very clean and smooth screen recording app which you can use to record your screen without lagging, freezing or crashing of phone. This app is called DU SCREEN RECORDER,you can download it on Google playstore for free. DU SCREEN RECORDER: is a free non-root screen recording Android app use in capturing high quality videos.with a variety of features such as screen capture,video recorder,video editor and no rooting needed. DU Screen recorder provides an easy way to record screen videos,like game videos,video calls,live shows and more more.
Advantages:
Totally FREE, WITHOUT any in-app purchase SMALL screen recorder: less than 5MB NO ads, NO root needed, NO recording time limit HIGH-QUALITY video: 1080p, 12Mbps, 60FPS Provides interfaces in MORE THAN 20 LANGUAGES, check more of the features on Google playstore,the app is very easy to use.
STEPS AND GUIDES ON HOW YOU CAN USE DU SCREEN RECORDER ON YOUR PHONE.
1) Download Du screen recorder from playstore,click here to download it https://play.google.com/store/apps/details?id=com.duapps.recorder
2) launch the app a pop up will appear like this{hold and drag it to exit},just click on got it, another one will appear again like this{device has 1gb or less ram we recommend enabling notification access first to greatly improve recording stability}just click on OK and it will take you to the notification access of your phone now enable du screen recorder and you are done the next thing is just to click on a little icon that looks like a video camera on your home screen and start recording, simple and easy.
Airtel users now is time to smile again Cause Airtel is at it again first they introduced 6x bonus now they have come out with another hot one which is called 20x bonus,wow this is really cool right,the amazing thing about this bonus offer is that it's gives you 2000 naira for just 100 naira credit which is valid for 30days and can be used for calls,sms,and data,Note:this bonus offer is for seleted numbers only. Well let me not waste too mush of your time and teach how you can get this offer on your line
STEPS ON HOW YOU CAN ENJOY THIS BONUS OFFER ON YOUR LINE.
1)A working Airtel Sim card.
2)load 100 naira on your Airtel line.
3) dial *241# and you will given 2,000 naira bonus valid for 30days.
When it comes to android low storage issue, it is necessary you know that it is a general problem all android users faces from time to time. Some phones came with low storage memory as low as 8GB and out of that 8GB, the developer will still use of about 4GB space to pre-install system apps there, leaving 4GB as internal memory. Even after setting the preferred location to your memory card, with about 16GB free space. Apps installed will still forcefully go and invade your 4GB internal memory space.
This evening I will be showing you a quick way to set your sdcard as internal storage without rooting your phone. Although, they are some third-party apps that helps in moving files from internal memory to sdcard but they requires root access. ➤Make sure you backup your files to PC because you will still format the memory card later ➤Go to settings on your phone, Go to storage and USB you will see your SD card then click on it to choose options.
➤Click use as internal storage Android will then prompt you to format your sdcard just be patient and don't remove your memory card during the process. ➤One done, then you have successfully set your sdcard to internal storage no more low internal storage issues again. Note: This Sdcard feature does not support all android Os it was tested working on marshmallow 6.0.
You can check it out if it will work with other Os let's know your feedback through the comment box.
Take few minutes to share this post on social media
There is no need to start introducing whatsapp if at all you don't know what WhatsApp is, then i must assume you are still in the primitive of ideology. WhatsApp, is used by billion of people in the world every. It is the Most loved messaging app but, still most people have not come across some useful tips and trick about it.
This morning, I will be sharing 4 of the best WhatsApp tips and tricks you can use on your android device.
4 Of The Best WhatsApp Tricks And Tweaks You Can Use On Android
Marking a Favorite WhatsApp Message
Maybe you need to save an important message or chat on your WhatsApp chats.
Just go to the conversations, long press the message then you will will the star icon
Listening Discreetly to WhatsApp Messages?
When I receive voice message on WhatsApp and i start playing it, I notice covering the android sensor will stop the voice message. But do you know what? hold the phone to your ear as if you want to receive a call then you hear your voice message from the small speaker.
Finding Individual Contacts and Messages
If you need the details of a particular contact on your WhatsApp or even messages you don't need to starting scrolling from top to the end just click the magnifier icon at the top menu to do that.
Sending Location or a Contact Number
You might want to send your location or even a friends contact to another person just go to chats click on the paper-clip icon you will see contact and location there.
This are just 4 tips and trick for WhatsApp more still loading don't leave without showing us little appreciation. Kindly share this post with your friends on social medias.
Take few minutes to share this post on social media
The new feature whatsapp introduced is very exciting and makes whatsapp less boring. Viewing your contact's status updates might be frustrating sometimes as you might not be able not read the full caption of the picture before it moves to the next one.
How To Pause WhatsApp Status For A Very Long Time Without 5 seconds Limit
this evening, I will quickly show you how to pause your contact's whatsapp status for a long time.
It is very easy just hold down the picture you want to pause. It will become drag-able around your screen just move it to your convenient position. Once you are done reading it, you can then leave it and do same for other pictures.
Hope this helps? don't go without using the share button.
Your friends, also needs this helpful information don't be selfish share it with them.
Take few minutes to share this post on social media
Airtel just partnered with nuvu TV to bring to its customer a wild ranging experience to enjoy about 3000 latest Hollywood, nollywood, TV series, music, kids, gospel, e.t.c at zero cost.
However, it has monthly and weekly subscription but for new members, the grace of 14days trial is opened for you to give it a try. After then, monthly subscription will be charged for N1,750 and weekly for N875 only.
The negative side of the whole development is that; you cannot save the videos downloaded to your file manger. Instead, it is saved inside nuvu app and after 30days, it will no longer be available.
Airtel users can only only download during the peak hours at no additional data cost between 12:00am in the midnight till 6:00am in the morning.
How Does Nuvu App Works?
==>With a weekly or a monthly package, you can watch the content as often as you like, whenever and wherever you like, within the subscription period. ==>With very affordable weekly and monthly package prices, what you see is what you pay. No data costs, no hidden charges! ==>Your selected shows are added to a personal download-list and automatically transferred to your smartphone within a day. ==>Once downloaded, the content is stored on your smartphone’s memory during your subscription. The content can be watched whenever you want and as many times as you want. ==>Search a continually growing library of the best titles from across the globe, with new releases on a weekly basis.Your subscription will be renewed automatically and you can cancel at any time.
==>Receive recommendations based on your previous viewing habits, as well as suggested hit shows and new releases.
Where Can I Download? You can download it for your device Here
This tip is very useful, and very easy to use. It is mostly useful while driving as you can't be typing while driving. So, the best option is to convert your speech to text. This feature, came with Android Os and does not require you download any third party app to make it work.
Open any of your app that support keyboard
At the corner, tap the microphone button
Once you get "speak now" start dictating the words you want to convert to text
If you want to input punctuation mark such as comma, full stop, you also need to dictate it.
For line spacing and paragraphs, dictate enter "new line" "new paragraph"
Your Wi-Fi network is your conveniently wireless gateway to the Internet, and since you're not keen on sharing your connection with any old hooligan who happens to be walking past your home, you secure your network with a password, right? Knowing, as you might, how easy it is to crack a WEP password, you probably secure your network using the more bulletproof WPA security
In the first section of this post, I'll walk through the steps required to crack a WPA password using Reaver. You can follow along with either the video or the text below. After that, I'll explain how Reaver works, and what you can do to protect your network against Reaver attacks.
First, a quick note: As we remind often remind readers when we discuss topics that appear potentially malicious: Knowledge is power, but power doesn't mean you should be a jerk, or do anything illegal. Knowing how to pick a lock doesn't make you a thief. Consider this post educational, or a proof-of-concept intellectual exercise. The more you know, the better you can protect yourself.
What You'll Need
You don't have to be a networking wizard to use Reaver, the command-line tool that does the heavy lifting, and if you've got a blank DVD, a computer with compatible Wi-Fi, and a few hours on your hands, you've got basically all you'll need. There are a number of ways you could set up Reaver, but here are the specific requirements for this guide:
The BackTrack 5 Live DVD. BackTrack is a bootable Linux distribution that's filled to the brim with network testing tools, and while it's not strictly required to use Reaver, it's the easiest approach for most users. Download the Live DVD from BackTrack's download page and burn it to a DVD. You can alternately download a virtual machine image if you're using VMware, but if you don't know what VMware is, just stick with the Live DVD. As of this writing, that means you should select BackTrack 5 R3 from the Release drop-down, select Gnome, 32- or 64-bit depending on your CPU (if you don't know which you have, 32 is a safe bet), ISO for image, and then download the ISO.
A computer with Wi-Fi and a DVD drive. BackTrack will work with the wireless card on most laptops, so chances are your laptop will work fine. However, BackTrack doesn't have a full compatibility list, so no guarantees. You'll also need a DVD drive, since that's how you'll boot into BackTrack. I used a six-year-old MacBook Pro.
A nearby WPA-secured Wi-Fi network. Technically, it will need to be a network using WPA security with the WPS feature enabled. I'll explain in more detail in the "How Reaver Works" section how WPS creates the security hole that makes WPA cracking possible.
A little patience. This is a 4-step process, and while it's not terribly difficult to crack a WPA password with Reaver, it's a brute-force attack, which means your computer will be testing a number of different combinations of cracks on your router before it finds the right one. When I tested it, Reaver took roughly 2.5 hours to successfully crack my password. The Reaver home page suggests it can take anywhere from 4-10 hours. Your mileage may vary.
Let's Get Crackin'
At this point you should have BackTrack burned to a DVD, and you should have your laptop handy.
Step 1: Boot into BackTrack
To boot into BackTrack, just put the DVD in your drive and boot your machine from the disc. (Google around if you don't know anything about live CDs/DVDs and need help with this part.) During the boot process, BackTrack will prompt you to to choose the boot mode. Select "BackTrack Text - Default Boot Text Mode" and press Enter.
Eventually BackTrack will boot to a command line prompt. When you've reached the prompt, type startx and press Enter. BackTrack will boot into its graphical interface.
Step 2: Install Reaver
Update: This step is no longer necessary, as Reaver comes pre-installed on Backtrack 5 R3. Skip down to Step 3.
Reaver has been added to the bleeding edge version of BackTrack, but it's not yet incorporated with the live DVD, so as of this writing, you need to install Reaver before proceeding. (Eventually, Reaver will simply be incorporated with BackTrack by default.) To install Reaver, you'll first need to connect to a Wi-Fi network that you have the password to.
Click Applications > Internet > Wicd Network Manager
Select your network and click Connect, enter your password if necessary, click OK, and then click Connect a second time.
Now that you're online, let's install Reaver. Click the Terminal button in the menu bar (or click Applications > Accessories > Terminal). At the prompt, type:
apt-get update
And then, after the update completes:
apt-get install reaver
If all went well, Reaver should now be installed. It may seem a little lame that you need to connect to a network to do this, but it will remain installed until you reboot your computer. At this point, go ahead and disconnect from the network by opening Wicd Network Manager again and clicking Disconnect. (You may not strictly need to do this. I did just because it felt like I was somehow cheating if I were already connected to a network.)
Step 3: Gather Your Device Information, Prep Your Crackin'
In order to use Reaver, you need to get your wireless card's interface name, the BSSID of the router you're attempting to crack (the BSSID is a unique series of letters and numbers that identifies a router), and you need to make sure your wireless card is in monitor mode. So let's do all that.
Find your wireless card: Inside Terminal, type:
iwconfig
Press Enter. You should see a wireless device in the subsequent list. Most likely, it'll be named wlan0, but if you have more than one wireless card, or a more unusual networking setup, it may be named something different.
Put your wireless card into monitor mode: Assuming your wireless card's interface name iswlan0, execute the following command to put your wireless card into monitor mode:
airmon-ng start wlan0
This command will output the name of monitor mode interface, which you'll also want to make note of. Most likely, it'll be mon0, like in the screenshot below. Make note of that.
Find the BSSID of the router you want to crack: Lastly, you need to get the unique identifier of the router you're attempting to crack so that you can point Reaver in the right direction. To do this, execute the following command:
airodump-ng wlan0
(Note: If airodump-ng wlan0 doesn't work for you, you may want to try the monitor interface instead—e.g., airodump-ng mon0.)
You'll see a list of the wireless networks in range—it'll look something like the screenshot below:
When you see the network you want, press Ctrl+C to stop the list from refreshing, then copy that network's BSSID (it's the series of letters, numbers, and colons on the far left). The network should have WPA or WPA2 listed under the ENC column. (If it's WEP, use our previous guide to cracking WEP passwords.)
Now, with the BSSID and monitor interface name in hand, you've got everything you need to start up Reaver.
Step 4: Crack a Network's WPA Password with Reaver
Now execute the following command in the Terminal, replacing bssid and moninterface with the BSSID and monitor interface and you copied down above:
reaver -i moninterface -b bssid -vv
For example, if your monitor interface was mon0 like mine, and your BSSID was 8D:AE:9D:65:1F:B2 (a BSSID I just made up), your command would look like:
reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv
Press Enter, sit back, and let Reaver work its disturbing magic. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take a while. In my successful test, Reaver took 2 hours and 30 minutes to crack the network and deliver me with the correct password. As mentioned above, the Reaver documentation says it can take between 4 and 10 hours, so it could take more or less time than I experienced, depending. When Reaver's cracking has completed, it'll look like this:
A few important factors to consider: Reaver worked exactly as advertised in my test, but it won't necessarily work on all routers (see more below). Also, the router you're cracking needs to have a relatively strong signal, so if you're hardly in range of a router, you'll likely experience problems, and Reaver may not work. Throughout the process, Reaver would sometimes experience a timeout, sometimes get locked in a loop trying the same PIN repeatedly, and so on. I just let it keep on running, and kept it close to the router, and eventually it worked its way through.
Also of note, you can also pause your progress at any time by pressing Ctrl+C while Reaver is running. This will quit the process, but Reaver will save any progress so that next time you run the command, you can pick up where you left off-as long as you don't shut down your computer (which, if you're running off a live DVD, will reset everything).
How Reaver Works
Now that you've seen how to use Reaver, let's take a quick overview of how Reaver works. The tool takes advantage of a vulnerability in something called Wi-Fi Protected Setup, or WPS. It's a feature that exists on many routers, intended to provide an easy setup process, and it's tied to a PIN that's hard-coded into the device. Reaver exploits a flaw in these PINs; the result is that, with enough time, it can reveal your WPA or WPA2 passwor
How to Protect Yourself Against Reaver Attacks
Since the vulnerability lies in the implementation of WPS, your network should be safe if you can simply turn off WPS (or, even better, if your router doesn't support it in the first place). Unfortunately, as Gallagher points out as Ars, even with WPS manually turned off through his router's settings, Reaver was still able to crack his password.
In a phone conversation, Craig Heffner said that the inability to shut this vulnerability down is widespread. He and others have found it to occur with every Linksys and Cisco Valet wireless access point they've tested. "On all of the Linksys routers, you cannot manually disable WPS," he said. While the Web interface has a radio button that allegedly turns off WPS configuration, "it's still on and still vulnerable.
