kat.cr alternative

It looks like the world’s most popular torrent website KickassTorrents is back with a new domain dxtorrent.com. The website features the same layout and seems like a mirror of notorious torrent sharing website KAT. The original KickassTorrents domain was recently seized by the U.S. Government.

Just a couple of hours ago, I wrote a story telling you that U.S.Government has seized the different domains of KickassTorrents. The federal investigators also arrested Artem Vaulin, the alleged founder of the website.

We shared the story on our Facebook page and the fans of the website expressed their grief in large numbers. To my surprise, few of them commented the link of another website, claiming it to be a clone of KickassTorrents.

A click on the commented links took me to dxtorrent.com. I don’t know if it’s an old website that’s a KickassTorrents alternative, or some KAT mirror that has resurrected the KickassTorrents website.

The website looks just like the world’s largest torrent website KAT, featuring the same layout and popup ads. 

This revival has been welcomed by the KAT fans on Reddit, who are busy discussing their favorite KickassTorrents alternative.

Before facing this setback, KickassTorrents has been enjoying the status of theworld’s most popular torrent website, breaking into the top 70 websites in the world.

Source:

pokemon go security issue

Pokémon GO, the mobile augmented reality game that has become hugely popular in record time, brings with it a lot of unexpected dangers.

Its popularity has been exploited by malware peddlers and scammers, but the game’s creators (Niantic Labs) have also inadvertently put users’ security and privacy at risk by failing to limit the permissions the app receives when users sign into it with their Google account.

The problem was first spotted by Adam Reeve.

After downloading and running the game, he was asked to log in. As he couldn’t create a separate account for it at the time, the only other option was to log in with his Google account, so he did.

The app did not note which permissions it asks, but Reeve proceeded anyway. After he logged in, he went to check which permissions the app was granted, and was shocked to see that it received full access to his Google account.

This means that the app, and the company behind it could read his emails and send emails in his name, access his search history, all the documents in his Google drive, photos in Google Photos, etc.

“What’s more, given the use of email as an authentication mechanism (think ‘Forgot password’ links) they now have a pretty good chance of gaining access to your accounts on other sites too,” he noted.

He posited that this situation was the result of “epic carelessness,” and not an attempt by the company to actually access players’ Google accounts.

Niantic effectively confirmed his theory with a public statement, saying that the problem was only found in the iOS version of the game, but made sure to note that the game only accesses players’ Google user ID and e-mail address.

“Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google account information, in line with the data we actually access,” they explained. “Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.”

With that problem out of the way, users still might want to know what information the app collects about them.

If they went through the game’s Privacy Policy carefully, they might already known, but too few users actually do that.

BuzzFeed reporter Joseph Bernstein has helpfully read through it and summarized the information.

“According to the Pokémon Go privacy policy, Niantic may collect – among other things – your email address, IP address, the web page you were using before logging into Pokémon Go, your username, and your location,” he noted.

“It also may share this information with other parties, including the Pokémon Company that co-developed the game, ‘third-party service providers,’ and ‘third parties’ to conduct ‘research and analysis, demographic profiling, and other similar purposes.’ It also, per the policy, may share any information it collects with law enforcement in response to a legal claim, to protect its own interests, or stop ‘illegal, unethical, or legally actionable activity.'”

This should not come as a surprise, as most mobile/location apps collect similar info, and through the Privacy Policy legally regulate the sharing of this data with other parties and law enforcement.

source:

Jigsaw ransomware decrypter

If you are one of the victims of the Jigsaw ransomware there is a good news for you, experts from CheckPoint Security have defeated it once again.

Let’s start the day with a  good news, the Jigsaw ransomware has been decrypted again. The JIGSAW ransomware was first spotted in April when experts noticed that the threat slowly deletes victim’s files as he shilly-shally to pay the ransom. Jigsaw threatens to delete thousands of files an hour if the victim doesn’t pay 0.4 Bitcoins or $150, and if the victim restart the PC, 1,000 files will be deleted.

The BitcoinBlackmailer.exe reported that the JIGSAW ransomware will encrypt your files adding ‘.FUN’ extension. The author, in the Saw-movie style, displays the face of the character Billy the Puppet from the horror movie and then threatens to delete files if the ransom is not paid within a time limit.

Malware experts at Check Point published a fix for machines infected by the ransomware.

The researchers were investigating the latest Jigsaw Ransomware variant (SHA256: 61AA800584B170FFE9959ACD057CCAF784BF3088E1D3AAB39D07C0793F6C03DF) and its false claims to steal users’ credentials and Skype history, we discovered the mechanism implemented by the threat to check whether payments have been made by the victim.

Once the victim decides to make the payment he will press the “I made a payment, now give me back my files!” button that triggers an HTTP GET request to:

btc.blockr[.]io/api/v1/address/balance/

the response consists in the json structure:

{“status”:”success”,”data”:{“address”:”<bitcoin-account>”,”balance”:0,”balance_multisig”:0},”code”:200,”message”:””}.

The researchers decided to make some tests by changing fields of the json, for example submitting the address of a Bitcoin account that holds the necessary amount of Bitcoins to decrypt the files. The experts changed the variable “balance” in the response from 0 to 10, in this way the JIGSAW ransomware believes the payment was successfully completed and starts the process of decrypting the files and removing itself from the infected PC.

“This got us thinking – what if we change the request, so it queries a different account? Perhaps one that holds the necessary amount of Bitcoins to decrypt our files? Or even better- what if we change the response to say we have the necessary amount? So we did. And it worked.” reads a blog post published by CheckPoint.

Victims of the JIGSAW ransomware can download the decryption tool here and follow the instructions step by step:

1. Unpack the JPS.zip file.
2. In the Jigsaw Puzzle Solver folder, right click ‘JPS.exe’ and click ‘run as administrator’.
3. Follow the instructions displayed on the screen.

source:

Eleanor malware

A malicious application named EasyDoc Converter.app delivers a sophisticated malware dubbed Eleanor malware that opens a Tor backdoor on the victim’s machine.

Experts from security firm Bitdefender have spotted a new malware, dubbed Eleanor malware (Backdoor.MAC.Eleanor), that once compromised Macs set up a backdoor through Tor network.

The malicious application, dubbed EasyDoc Converter.app, pretend to be a file converter, unfortunately, it delivers a sophisticated malware on the victim’s machine. Once infected the target, the malicious code recruits it as part of a botnet or spies on the victim’s machine.

“The backdoor is embedded into a fake file converter application that is accessible online on reputable sites offering Mac applications and software. The EasyDoc Converter.app poses as a drag-and-drop file converter, but has no real functionality – it simply downloads a malicious script.”  said Tiberius Axinte, Technical Leader, Bitdefender Antimalware Lab.

Once infected a Mac, the malware grants full access to the file system as reported by Bitdefender.

“This type of malware is particularly dangerous as it’s hard to detect and offers the attacker full control of the compromised system,” 

The Backdoor.MAC.Eleanor malware sets up a hidden Tor service and a PHP web server, it exposes a .onion domain that could be accessed by the attacker to control the bot.

The Eleanor malware is able to use the camera on the infected machine by using the open-source toolwacaw. The attacker is able to take pictures of the victims and blackmail them.

Every infected Mac is associated with a Tor address, all the addresses are stored on pastebin.com using a PasteBin agent. The addresses are encrypted with a public key using RSA and base64 algorithms.

The malicious app used to deliver the Eleanor malware is not digitally signed by Apple, this means that by downloading applications exclusively from official store and reputable websites.

source