Search the Community
Showing results for tags 'targeting'.
-
Google’s Threat Analysis Group (TAG) has confirmed that Android users around the world are being targeted by the Alien spyware family, which is commercial spyware. Tracking shows that the malware family is an advanced malware family developed by Cytrox Technologies of the Republic of North Macedonia in the Balkans of Southeastern Europe. The company primarily sells it to certain national government agencies or groups backed by those government agencies for the purpose of hacking and spying on targeted Android users. In essence, this is no different from the Pegasus spyware launched by the Israeli commercial spyware company NSO, except that the Alien spyware is for Android. Analysis shows that the Alien spyware family mainly exploits zero-day vulnerabilities and certain known outdated flaws, and is mainly spread by email. For example, after the email of the target user is known, a phishing email is sent to induce the user to click on the link, and the Predator virus can be automatically loaded after clicking. The organization that launched the attack uses a short-link system. When a user clicks, the virus will be loaded for the first time, and then they will jump to the website mentioned in the phishing email to confuse the user. The three campaigns identified by Google’s threat analysis team belong to the Alien malware family, and there are currently dozens of Android users under attack. Obviously, this is also a targeted attack, and the attacker will only carry out targeted attacks after selecting the target. Google writes: Analysis revealed that the Alien malware family has features such as audio recording, hiding apps, stealing user data, and turning on microphones for monitoring. Zero-day vulnerabilities that have been discovered by Google will be fixed soon, but for most Android users, there is no way to update the system in time to fix it. In particular, many of the vulnerabilities exploited by the malware are outdated, meaning they have long been fixed by Google but the OEM has not sent an update to the user. This makes the security of the Android system very weak, because many outdated vulnerabilities have been published long ago, and virtually any attacker can exploit the vulnerabilities. Google reminded that users should not click on links in unknown emails, and users should double-check the sender to ensure that the email is safe before clicking on the link.
-
Black Vision Command line Remote Access tool targeting Windows Systems. Download Maxmind GeoIP2 Database from here ; LINK Extract the file under blackvision/ How to use Install required modules pip3 install -r requirements.txt Run server git clone [Hidden Content] cd blackvision python3 main.py Generate Agent cd blackvision python3 generate.py Change Host/Port Open settings.ini. And change host, port. Commands Command Purpose transfer Transfer a NON Binary file. bsendfile Transfer a Binary File. kill Kill the connection info View Information of client. msgbox Send Messageboxes. exec Execute a Command on the remote Machine(s). exec-file Execute a file on the remote Machine(s). wanip View WAN IP of Remote Machine(s). hostname View Hostname of Remote Machine(s). username View Username of Remote Machine(s). monitoroff Turn of monitor of Remote Machine(s). monitoron Turn monitor back on. cdopen Eject CDROM of Remote Machine(s). cdclose Close CDROM of Remote Machine(s). playaudio Play Audio stream on Remote Machine(s). send Send commands to 1 client. (NO broadcast) keydump DUMP Keystroke buffer (Not added yet) Termux Compatibilty This app is compatible with Termux. Run it the same way you run it in Terminal. TODO Rewrite Agent in C. Fix sending file to single client. (Fixed) Fix multiple clients information saving. (Fixed) Add keylogging. Fix that args[3] does not get sent. (Fixed) Fix Broken connection problems. Video Example: [Hidden Content] Download: [Hidden Content]