Author Archives: Nandita Jha

Malware ‘Operation Sharpshooter’ hits government and defense firms: McAfee

McAfee's research team have found a new malware campaign that has targeted dozens of private and government organizations around the world.

The malware campaign dubbed as  “Operation Sharpshooter” has targeted more than 100 organizations in 24 countries in just a few weeks. The organizations were affected by the campaign includes nuclear sector, defense, energy, and financial companies.

The hackers send a  phishing email giving an impression to the reader as a recruitment message, once he/she opens the message, the Rising Sun implant is installed inside the device and it gives a fully functional, modular backdoor that performs reconnaissance on victims’ network.

After setting up of the Rising Sun implant, attackers gain a full access to machine level info, including documents, usernames, network configuration, and system settings.

"We know that this campaign was intended to conduct espionage, indeed it was only recently launched. The question of the ultimate purpose remains to be seen," Raj Samani, chief scientist at McAfee, told CNBC.

"In many cases, such attacks are a precursor for something else, however, we are hopeful that identifying and sharing the details will prevent the true nature of the campaign from being carried out."

As per the primary investigation, it appears that the attack could be linked to the Lazarus Group, a cybercrime group associated with North Korea because it uses the same source code of a hack that targeted South Korean firms in 2015.

The “numerous technical links to the Lazarus Group seem too obvious to immediately draw the conclusion that they are responsible for the attacks, and instead indicate a potential for false flags,” the research said.

Toyota Develops a Car Hacking Tool ‘PASTA’

A security researcher at an automobile maker Toyota has developed an open source tool dubbed as PASTA (Portable Automotive Security Testbed) for testing the cyber vulnerabilities in modern vehicles.

The researcher Takuya Yoshida, who is a member of Toyota's InfoTechnology Center, demonstrated the  PASTA testing platform at the BLACKHAT EUROPE 2018, along with this other team members.

The company has revealed that they plan to share PASTA’s specifications on Github, and initially, Toyota intends to sell the system in Japan only.

"There was a delay in the development of cybersecurity in the automobile industry; [it's] late," Toyama said in a pdf shared by a Blackhat Europe.

The PASTA is a 8kg portable briefcase size. It exposes flaws in the automated, internet-connected automobiles.

According to the researcher, the tool simulates a remote operation of wheels, brakes, windows, and other car features rather than "the real thing," for safety reasons.

"It's small and portable so users can study, research, and hack with it anywhere," Toyama further added.

Here are the complete White paper and Presentation for Car Hacking Tool project.
Download Presentation Slides
Download White Paper

Phishing Emails Requests Gift Card Purchases

Hackers are doing their best to maximum utilize the holidays for financial gain. The attackers have launched a new spear phishing attack in which they pose as CEOs of the victim's workplace to trick them by sending gift cards, a per report of email security researchers at Barracuda Networks. 

These phishing campaign emails don't include any attachments,  malicious links, or any other files, unlike other phishing campaigns. The other major thing in this campaign is that is sent from a trusted email domain. As a result, most of the email filters do not find them as a threat. 

According to Barracuda Networks, the attackers are targeting users not only by using a phishing campaign but also psychologically. By impersonating as a  CEO, they are urging users for requests for secrecy, it seems that attackers have researched a lot about the relevant details and implied urgency. 

“In all of these attacks, the emails were sent from free personal email services with a relatively high reputation. In addition, they do not contain any type of malicious payloads, such as links or attachments,” wrote Asaf Cidon, Vice President at  Barracuda Networks. 

“Instead the emails rely solely on social engineering and impersonation to trick their targets. These types of attacks are very hard for traditional email filters to pick up because they are targeted, have a high reputation, and do not contain any obvious malicious signals.”

Hacker hijacks 50,000 printers urging them to subscribe to PewDiePie’s Youtube channel

A hacker took the whole sole responsibility of hijacking over 50,000 printers worldwide to print a message to subscribe to  PewDiePie's YouTube channel, which is the most -subscribed channel on YouTube.

Youtuber Felix Kjellberg owns the top channel for years now, but his position has been threatened by a channel T-Series, which is owned by a music production company in India. The growth rate of a subscriber of the music channel has been explosive in 2018,  it has over 72 million subscribers while PewDiePie has 150,000 fans. Many analytics think that T-Series’ subscriber would soon overthrow PewDiePie from its position, but Kjellberg's fans are putting up a fight. 

The Twitter handle, TheHackerGiraffe, tweeted about the attack in a Reddit AMA that reads, ‘I hacked 50,000 printers worldwide out of potential 800,000 for PewDiePie and security awareness.’

The hacker took advantage of an open network port of printers that are connected to the internet. To exploit this flaw they used a tool called PRET, which  allow attackers to “captur[e] or manipulat[e] print jobs, accessing the printer’s file system and memory or even causing physical damage to the device.”

According to the Verge report, the attackers used Shodan, a database of devices connected with the internet where the hacker "found 80,000 connected printers and decided to attack 50,000 of them to raise awareness about printer security." Out of all the hacked printers, about 15000 printers were in India.

“Your printer is exposed,” TheHackerGiraffe replied to a user on Twitter. “I’m trying to warn you to close it, how else am I gonna get your attention?”

“I didn’t think this would work when I did it,” TheHackerGiraffe said on Twitter. 

Google to shut down its chat app Hangouts in 2020

Google is planning to shut down its chat application Hangouts for consumers in 2020, as per a 9to5Google's report, quoting the source familiar with the product’s internal roadmap. 

Google Hangouts was launched in 2013 as an alternative to Google Talk commonly known as  Gchat, but for more than a year there has been no feature update, even the company has removed SMS functionality.

"Last spring Google announced its pivot for the Hangouts brand to enterprise use cases with Hangouts Chat and Hangouts Meet, so the writing has been on the wall for quite some time regarding the Hangouts consumer app's demise," 9to5Google report. 

According to 9to5Google, the company is focussed on Android Messages, a free messaging app by Google. It enables users to send and receive text as well as RCS (Rich Communication Services) messages from their computers. 

 Although there is no confirmation when Google will live its RCS Chat, reports suggest that it will be rolled out before Hangouts shuts down. 

However Google previously launched  Allo, a messaging app to counter Facebook and WhatsApp's popularity, but it flopped miserably. The Google is now eyeing on ‘Chat’ RCS initiative. 

A Vulnerability in CCTV could allow attackers to spy on you and alter recordings

A vulnerability research team at Digital Defense has discovered a zero-day vulnerability in the NUUO-powered internet-connected surveillance cameras, which could be easily tempered with footages and live feeds. 

The bug dubbed  “Peekaboo” affects firmware of Nuuo NVRmini 2 Network Video Recorder, which acts as a storage place for video recordings and gateway for admins and remote viewers. 

According to reports, the flaw was caused by “improper sanitization of user-supplied inputs and lack of length checks on data used in unsafe string operations on local stack variables.” 

The vulnerability allows hackers to gain remote access as an unauthenticated user, and then execute arbitrary code with root privileges. The attacker could harness the bug to access and modify camera feeds & recordings, but also to change the configuration and settings of cameras.

"Overflowing of the stack variable, which is intended to hold the request data, results in the overwriting of stored return addresses, and with a properly crafted payload, can be leveraged to achieve arbitrary code execution," Digital Defense says.

The vulnerability has been fixed, and researchers at Digital Defense appreciated the quick response of NUUO for providing fixes to the security issue.

SKY Brazil’s unprotected servers exposed 32 million customer records

A leaky database belonging to 32 million customers of SKY Brasil is available to anyone without any password protection. 

A Brazilian security researcher Fabio Castro discovered multiple servers in Brazil running Elasticsearch that doesn't need any authentication to retrive information, was available for hackers to steal informations. 

 According to the security researcher, the informations contained on the database included customers’ full names, email addresses, service login passwords, client IP addresses, payment methods, phone numbers, and street addresses. 

The size of one of the databases discovered was over 429GB, and it contained very sensitive informations of SKY customers. 

"The data the server stored was Full name, e-mail, password, pay-TV package data (Sky Brazil), client ip addresses, personal addresses, payment methods," Castro told BleepingComputer. "Among other information the model of the device, serial numbers of the device that is in the customer's home, and also the log files of the whole platform."

Sky Brasil did not reply to a request for a comment. 

Marriott hotel hack exposes 500 million customers data

Marriott International Inc. has admitted that a massive data breach has compromised the  guest reservation database at its Starwood unit which affected approximately 500 million guests. 

The hotel chain said in an internal investigation they found out an unauthorized party had been found accessing, coping, andd encrypting its data from reservation system since 2014. 

Once the internal investigation is completed the company would notify all its customers whose records were breached.

The company released a statement stating: "For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.”

 Some of the customer's payment card number and payment card expiration date were also included in the database. Marriott had reported the breach to law enforcement.

“There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken," the company said in its statement. "For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address or other information.

The company has launched a separate website to  readdress the grievances of the affected customers and give them  more information about the breach. They are offering  customers from US and some other countries a year-long  free subscription to a fraud-detecting service.

“We deeply regret that this incident happened,” said Arne Sorenson, Marriott’s president. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests and using lessons learned to be better moving forward.”

Google accused of violating GDPR privacy by seven European countries

A group of consumer agencies in seven European countries has filed a  privacy complaint against Google for allegedly tracking the location of millions of  web users.

The European Consumer Organisation (BEUC), an European consumer organization  which has seven members- the Netherlands, Poland, Czech Republic, Greece, Slovenia, Sweden, and Norway claims that Google’s “deceptive practices"  of location tracking don't take users permission to enable it or not, and the company fails to inform its users about tracking policies.

A research conducted by a Norway‘s consumer group, Forbrukerrådet revealed that Google is violating European Union's new data protection framework, General Data Protection Regulation (GDPR), if the complaint is upheld, then it could mean a hefty fine for the search giant.

According to BEUC, by hook or crook Google  enable the settings ‘location history’ and ‘web and app activity’ on users devices which are integrated into all Google user accounts.

“These unfair practices leave consumers in the dark about the use of their personal data,” BEUC official, said.

“These practices are not compliant with the General Data Protection Regulation (GDPR), as Google lacks a valid legal ground for processing the data in question. In particular, the report shows that users’ consent provided under these circumstances is not freely given,” it said.

Responding  on the consumer groups’ complaints, a Google spokesman said: “Location History is turned off by default, and you can edit, delete, or pause it at any time. If it’s on, it helps improve services like predicted traffic on your commute.”

“If you pause it, we make clear that — depending on your individual phone and app settings — we might still collect and use location data to improve your Google experience.”

“We’re constantly working to improve our controls, and we’ll be reading this report closely to see if there are things we can take on board,” he said.

Fraudsters using Google Map flaw to dupe people

Scammers have found a new loophole in the Google Maps  interface that allows them to edit the contact details and addresses of major banks, by which they have tricked users into revealing their their bank details like CVV and ATM PINs.

According to Google’s User Generated Content policy, anyone can edit the contact details and address on the platform. Taking advantage of this flaw,  a group of Thane-based con artists have updated the contact details of Bank of India and putted their own contact number, by this way they have been able to fool people.

“We have received at least three complaints from the Bank of India (BoI) over the last one month. In all three instances, we immediately notified the authorities at Google,” the Superintendent of Police, Balsing Rajput of the State cyber police quoted in the Hindu.

Meanwhile, the Bank of India spokesperson said that they have checked and changed the contact details of their branches on the Google Maps.

BOI's spokesperson said, “After these incidents came to our notice, we modified the contact details on these branch listings on Google Maps. We asked users to use only Bank of India’s official website to search for branch contact details.”

However, the Google's spokesperson said, “Overall, allowing users to suggest edits provides comprehensive and up-to-date info, but we recognize there may be occasional inaccuracies or bad edits suggested by them. When this happens, we do our best to address the issue as quickly as possible. The Google Safety Center outlines tips to help consumers stay safe online.”

US Postal Service took a year to fix API flaw that exposed 60 million users’ data

The US Postal Service has finally fixed a security bug that allowed anyone logged onto the service to view the personal details of  other 60 million account holders.

The vulnerability was earthed over a year ago, but was patched yesterday after Krebs on Security flagged the issue as an anonymous security researcher informed them about the flaw.

According to researcher, it was caused by an authentication weakness in the application programming interface (API) that let users to access a USPS database for tracking packages.

The data that bug exposed includes email address, username, user ID, account number, street address, phone number, authorized users, mailing campaign data and more.

USPS has released an official statement, and said that the incident is under investigation.

"We currently have no information that this vulnerability was leveraged to exploit customer records," USPS says. "The information shared with the Postal Service allowed us to quickly mitigate this vulnerability.

"Computer networks are constantly under attack from criminals who try to exploit vulnerabilities to illegally obtain information," it continued. "Similar to other companies, the Postal Service's Information Security program and the Inspection Service uses industry best practices to constantly monitor our network for suspicious activity."

"Any information suggesting criminals have tried to exploit potential vulnerabilities in our network is taken very seriously. Out of an abundance of caution, the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law," USPS said.

Amazon’s technical error leaks customers names and email addresses

World's largest e-commerce website Amazon has sent out emails to some of its customers informing them about a “technical error” that exposed their emails IDs and user names  on its website  publicly.

However, Amazon refused to elaborate the nature of the "technical error," and the number of customers affected by this error.

The company said in In a statement, "We have fixed the issue and informed customers who may have been impacted."

Amazon customers across Europe and the United States tweeted a screenshot of the email.

The company has appealed affected customers need not to panic, changing their password is not necessary.  Although phishing attackers could use affected customers names and emails to attempt to reset their accounts or target their emails.

Amazon has fired the employee who was behind the technical error. Their letter sent to the customers states: "We are writing to let you know that your email address was disclosed by an Amazon employee to a third-party seller on our website in violation of our policies. As a result, the employee has been tarminated and we are supporting law enforcement in their prosecution. The third-party seller has been blocked. This is not a result of anything you have done, and there is no need for you to take any action." 

Facebook Messenger app crashed for users around the world



Facebook Messenger has crashed for several users around the world, it specifically affected users in the United States and Europe.

The outage happened a day just after launching a new feature which allow users to delete messages on the app. However, on late Monday, thousands of users were unable to receive messages, send messages, some of them even faced problem in logging-in, and connecting to the Facebook servers.

According to the Down Detector, a portal which track outages report that within ten minutes of Messenger's blackout they got 2,535 reports, and multiple reports were reported from around the world on Twitter.

The Messenger was down for a few hours before being set to normalcy. Facebook did not reveal the reason behind the outage.

"Messenger is generally reliable, but has had more issues recently, with four outages in September alone," said a Forbes report.

The Facebook has introduced a new "Remove for Everyone" feature on its messaging, it gives users ten minutes to delete a sent message. It was initially only available for CEO Mark Zuckerberg. Now, it is being rolled out for all the users around the world.


Messenger has over 1.3 billion monthly active users, and 1.5 billion monthly average users.


Voxox’s Unprotected Server Exposes Over 26 Million Text Messages

Security researchers have found an unprotected database containing tens of millions of text messages,  security codes, password reset links, two-factor codes, and shipping notifications.

The exposed server belongs to a California-based communications firm, Voxox. It was not difficult to find the server as it was not protected with a password, and was searchable for both names and telephone numbers, TechCrunch reported.

The security flaw was first noticed by a Berlin-based security researcher Sebastian Kaul. He found the database on a search engine, Shodan, that is used to search publicly available devices and databases.

Voxox act as a gateway between app developers and customers' phones.  It converts shortcode into text messages and delivers it to the users’ phones.

The exploited database of Voxox has the text messages sent to users from companies like Google, Amazon, and Microsoft.

The firm pulled the database offline after being inquired by the TechCrunch researcher.

 Other findings from a cursory review of the data by the TechCrunch research team includes:

  • We found a password sent in plaintext to a Los Angeles phone number by dating app Badoo;
  • Several partners were sent their six-digit two-factor codes to log in to the company’s extranet corporate network;
  • Fidelity Investments also sent six-digit security codes to one Chicago Loop area code;
  • Many messages included two-factor verification codes for Google accounts in Latin America;
  • A Mountain View, Calif.-based credit union, the First Tech Federal Credit Union, also sent a temporary banking password in plaintext to a Nebraska number;
  • We found a shipping notification text sent by Amazon with a link, which opened up Amazon’s delivery tracking page, including the UPS tracking number, en route to its destination in Florida;
  • Messenger apps KakaoTalk and Viber, and quiz app HQ Trivia use the service to verify user phone numbers;
  • We also found messages that contained Microsoft’s account password reset codes and Huawei ID verification codes;
  • Yahoo also used the service to send some account keys by text message;
  • And, several small to mid-size hospitals and medical facilities sent reminders to patients about their upcoming appointments, and in some cases, billing inquiries.

Security bug exposes password of Instagram users

A security bug inside Instagram's “Download Your Data” tool that could have been exploited to expose password of thousands of users around the world.

 The feature "Download Your Data" was introduced in April this year after the change in the European Union’s General Data Protection Regulation (GDPR).  It allows users to download a copy of their data.

According to the Independent, the users who used the feature were able to see their password in the URL of their web browsers. Upon further investigation, it was revealed that the passwords were stored on Facebook’s servers as well.

However,  the Facebook-owned company had sent a notification stating that all the data has been deleted and the feature has been updated as soon as they got to know about it.

Meanwhile, Instagram insists that only a “small number of people” have been affected by this security breach, and they have sent notifications to all its users who were affected by this, and those who have not been informed remain unaffected.

Malware-Laced Call Recorder App Available on Google Play

A trojan wrapped into inside a Simple Call Recorder app was discovered by an ESET malware researcher Lukas Stefanko. The malware tricks user in downloading an additional app, which appears as a recent Update from Adobe Flash Player.

The security researcher discovered the malicious app on the  Google Play Store on November 30, 2017, till then the app has been installed more than 5,000 times on different devices.

“Simple Call Recorder lasted on the Google Play almost for a year, which is really a long time before being removed, if we consider that the app contained flashplayer_update.apk string inside,” said Stefanko in a post.

The app Simple Call Recorder was published by FreshApps Group, but now it has been removed from the Google Play.

Once the app is installed in the device, it automatically decrypts the additional binary file carried in “assets” and dynamically loads the files, said Stefanko.

 The app is capable of both recording the calls and downloading an additional malicious app.

Stefanko said that “I could not retrieve the app through the link that is hard-coded into the APK. It is likely that the app has already been removed from the server after being available for download for over 11 months, but the server is still live.”

According to Stefanko, he found two other call recording apps on Google Play,  which has the same functionality as of Simple Call Recorder, but they did not contain any kind of malicious code.

Till today,  Stefanko has found more than 50 malicious apps, which has been installed on more than 350,000 times on different platforms with capabilities varying from scooping on WhatsApp messages to sensitive data like browsing history, photos, passwords etc. 

Hackers Accessed Recently Deleted Photos and Files From iPhone X

A hacker duo has successfully been able to retrieve deleted photos or files from the iPhone X during the Pwn2Own hacking contest in Tokyo. 

The hackers Richard Zhu and Amat Cama teamed up as Fluoroacetate at an event to find a vulnerability in iOS and Android devices. They connected to exploit the weakness in the Safari browser which is running on the latest iOS (12.1) device. 

They show off the vulnerability by connecting the device to a malicious Wi-Fi access point and exploited a vulnerability in a just-in-time (JIT) compiler-- these are programs that translate computer code while a program is running, rather than before. 

The bug in JIT let attackers gain direct access to the ‘Recently Deleted’ folder, it stores deleted files and photos for up to 40 days before permanently deleting it from the device. 

This vulnerability earned them whooping $50,000. 

Apple has been informed about the bug, but they have not patched the vulnerability. 

Indian Railways fixes its security bug after two years

Indian Railways took nearly two years to fix a security vulnerability in their ecommerce website Indian Railway Catering and Tourism e-commerce on (IRCTC). The flaw could have given hackers unrestricted access to millions of personal information of passengers.

According to The Economic Times report, in August,  a security researcher Avinash Jain found the bug in IRCTC's website as well as in the mobile app link that connects to a third-party insurance company for free travel insurance.

The data that could have been accessed by hackers include name, age, gender, and insurance nominees without their knowledge or consent.

 "Within 10 minutes (after finding the bug) we were able to read almost 1,000 passenger and nominee information," Jain told the ET.

It is estimated that the vulnerability would have at least affected 200,000 passengers and their nominee details exposed. The security reserach informed IRCTC about the bug on August 14, and Indian Railways acknowledged and fixed the bug on August 29.

"To get the personal details of a traveller, we needed a valid combination of the transaction ID and passenger name record (PNR) number," said Jain.

"We were able to fetch details of any passenger by decoding the encrypted data (transaction ID/PNR) through brute force."

Meanwhile, from September 1,  the Indian Railways has decided to abort their free mandatory travel insurance, now users can opt-in or opt-out of travel insurance.

However, IRCTC did not reply to the questions regarding security flaw.

Google Chrome to block invasive, misleading ads

Google is planning to introduce a crackdown on intrusive pop-up advertisements on its web browser and let users see all interstitial warnings or notifications that may have been prompted while surfing the internet.

Most of the phishing attacks target people through malicious attractive ads which urges people into giving private information such as bank details to online fraudsters.

Google had partnered with a firm to stop manipulative adverts in the last update, now admit that they  'did not go far enough'.

Chrome admits that sometimes ads create an 'abusive experience for users', including fee messages, unexpected clicks, phishing attempts, and misleading site behavior.

However, they declined to name the firms with whom they have partnered in order to crack down the malicious ads.

Meanwhile, they have currently started an option to enable a pop-up blocker, but this option has also been exploited by the fraudsters.

Chrome product manager Vivek Sekhar said: 'We've learned since then that this approach did not go far enough.'

'In fact, more than half of these abusive experiences are not blocked by our current set of protections, and nearly all involve harmful or misleading ads.'

"Almost all" banks in Pakistan hacked

The data of almost all the banks operating in Pakistan has been hacked in a recent massive cybersecurity breach, Federal Investigation Agency report. 

FIA have disclosed the attack after ten banks have suspended all their international transactions from their cards, Geo News reported. 

"According to a recent report we have received, data from almost all Pakistani banks has been reportedly hacked," FIA Cybercrimes Director retired Capt Mohammad Shoaib told Geo News. 

 Shoaib revealed that FIA has written to all banks, and called out a meeting with the heads and security management team of all the banks that were affected by the security breach. 

"Banks are the custodians of the money people have stored in them," Shoaib said. 

A digital security website has said that the data of over 8,000 customers of about ten Pakistani banks were being sold in a dark market. 

However, Pakistan Banks’ Association (PBA) has dismissed the reports of data hacking of ten Pakistani banks data.  The PBA spokesman said that the IT security of one bank was compromised, and other than that no breach has been reported

“It is important to understand the difference between fraudulent transactions and hacking attempt. Fraudulent transactions can be successful without hacking the bank,” the spokesperson said.

“When a cheque book or a leaf of a cheque book is lost, it can be used by fraudsters to steal money. Likewise, if a credit or debit card is lost or stolen, it can also be used in fraudulent transactions,” he added.

Fake Elon Musk Bitcoin scam earned 180K in a single day

 A series of high-profile Twitter accounts have been hacked by scammers impersonating as Tesla boss Elon Musk to initiate a bitcoin scam. Using the fake sites hackers have earned over 28 bitcoins or approximately $180,000 in a single day.

The celebrities whose verified Twitter accounts were taken over by attackers include British fashion retailer Matalan, US publisher Pantheon Books,  film producer Pathe UK, and independent record label Marathon Artists.

The tweet urged users to take part in a digital currency fair with investing a small amount of Bitcoin in order to earn more.

"I'm giving 10 000 Bitcoin (BTC) to all community!
I left the post of director of Tesla, thank you all for your support!
I decided to make the biggest crypto-giveaway in the world, for all my readers who use Bitcoin," read the tweet by attackers.

Using an account with Twitter's a blue tick, makes the accounts look like a legitimate one and is used to trick the reader into believing it as an official one.

"Being able to hijack verified accounts is a potential goldmine for crypto scammers banking on the visibility of the Tesla CEO," Chris Boyd, lead malware intelligence at Malwarebytes, told ZDNet.

"Verified entities don't need any extra requirements to change basic profile details such as name or avatar, and once the account is compromised you can then start pushing rogue ads under the guise of Elon".

The sites that promoted these fake profiles include musk[.]plus, musk[.]fund, and spacex[.]plus. It urges all users to send .1 or 3 BTC to the address given below in order to get 1-30 times in bitcoins back.

"To verify your address, send from 0.1 to 3 BTC to the address below and get from 1 to 30 BTC back!
BONUS: Addresses with 0.30 BTC or more sent, gets additional +200% back!
Payment Address
You can send BTC to the following address.
Waiting for your payment...
As soon as we receive your transaction, the outgoing transaction will be processed to your address."

Once the victims sent the money, they never received any Bitcoin. 

‘LoJax’ malware can survive operating system reinstallations

Researchers at cybersecurity company ESET have found a malware campaign that compromises device’s firmware component. The campaign is believed to be supported and spread by Kremlin-backed group Fancy Bear.

According to the report, the malware is dubbed LoJax, and is capable enough to “serve as a key to the whole computer” by infecting the Unified Extensible Firmware Interface (UEFI) of a device. It is very hard to detect, and can also survive the operating system (OS) reinstallations.

“The way that LoJax accesses both the UEFI and LoJack is by using binary files that, from the operating system, compile information about its hardware,” Panda Security researchers said in a blog.

“LoJax isn’t dangerous simply because of the infection of the UEFI itself, but also due to the fact that many cybersecurity solutions, including corporate cybersecurity solutions that are present in many companies, completely overlook Computrace LoJack and the UEFI software, as the classify it to be safe.”

LoJack is an anti-theft software, which is most commonly known for its cyber attack on the Democratic National Committee in 2016, as well as several other attacks on European organizations.

“Although we were aware in theory that UEFI rootkits existed, our discovery confirms that they are used by an active advanced persistent threat group,” said ESET researcher Jean-Ian Boutin, in a press release.

 “These attacks targeting the UEFI are a real threat, and anyone in the crosshairs of Sednit [Fancy Bear] should be watching their networks and devices very closely.”

Hackers accessed sensitive data about a nuclear power plant in France

A cyber attack on a nuclear power plant in France has revealed thousands of confidential documents, while some of the data was found on a rented server in Germany.

According to the report, the hacker accessed data illegally from the French company Ingerop in June this year. The stolen data trove amounted to more than 65 gigabytes and includes data about nuclear power plant plants, blueprints for prisons, and tram networks.

“Thousands of sensitive documents pertaining to nuclear power plants, prisons, and tram networks have been stolen from the servers of a French company in a cyber attack, German and French media have reported Friday.” reported the German website

“The data illegally accessed from the French company Ingerop back in June amounted to more than 65 gigabytes, according to reports by German public broadcaster NDR, the daily Süddeutsche Zeitung and French newspaper Le Monde.”

The spokeswoman of the Nuclear Power Plant said that the hackers got a hold on more than 11,000 files from a dozen projects.

The sensitive documents include the locations of CCTV cameras inside a French high-security prison, detailed information about the plant, and a proposed site for a nuclear waste dump in northeastern France.