Get Your Free Subscription By Email:

Cyber Forensics

Chinese Android Phone Comes Pre-loaded With Spyware As Fake Google AppStore

More and more cases on spying using electronic devices are coming into light, few days ago it was reported that NSA of USA is doing targeted spying by intercepting and bugging electronic devices with backdoors to users in their surveillance list. Many countries including USA and India have already banned Chinese technology in sensitive departments after fearing hidden backdoors which can be used for spying, we have also shared the news of Spyware Electric Kettles and Hidden Backdoor in Routers earlier on this blog.

This time the experts at the German security vendor GDATA have discovered dangerous computer malware in firmware of an Android device, the "N9500" model of Android smartphone which is produced by the Chinese manufacturer Star comes per-loaded with Spyware straight from the factory disguised as Google Play Store app giving it full access on the device.

China Android Spyware

It is also not possible to remove the manipulated app and the spyware as they are integrated deep into the firmware preventing removal. Large online retailers are still selling the Android device at prices ranging from 130 to 165 euros and distributing it across Europe.

Russia Finds Hidden Chips Inside Chinese Electric Iron And Kettles That Scans Wi-Fi To Serve Malware

News reports from Russia's state-owned channel Rossiya 24 showed footage of a technician opening up an iron included in a batch of Chinese imports to find a "spy chip" with "a little microphone" embedded into it. These hidden, embedded electronic chips are scanning and connecting to any computer within a 200m radius with unprotected Wi-Fi networks, once connected these "Trojan devices" were being used to spread viruses.

While the report says that the malware is being used to send SPAM, piggy-banking on infected computer's internet connection and resources without the owner's knowledge about it, our recent story "Hidden Backdoor In Your Internet Router - With Love, From China !!" and the fact that the rogue devices had "an microphone" further establishes the fact that these are or can be used for spying. The researchers also found other products having these rogue components including mobile phones, car dashboard cameras and electric kettles.

Kettle Malware

Hidden Backdoor In Your Internet Router - With Love, From China !!

Chinese telecom companies have been accused of embedding spying technologies into enterprise level telecom hardware for Chinese government, now a new research done by embedded device hacker "Craig Heffner" unearthed that consumer level internet router's made by Chinese companies come bundled with a secret backdoor which allows full root level access to the consumer router.

He unveiled secret backdoors embedded inside a number of D-Link and Tenda brand routers which are manufactured in China and are sold all around the globe. The beauty of this type of backdoor is that these are undetectable by antivirus software's and bypass almost all sorts of security measures as the loophole is sitting at the very start of network access chain supplying and controlling access to everything else after it - this is sort of your gatekeeper being the enemy Trojan. Unlike NSA PRISM spying this would also be a more easy, distributed, cost-efficient and targeted form of government spying.

Tenda

"Flame" - The newly found cyber super-weapon, spying and damaging Iranian computers

There is no doubt that cyber spying is the most preferred new age intelligence gathering tactic used by almost all countries, but countries like USA and China have already been exposed for using technology as a weapon.

The conclusive proof's fingering all leads to an Isarel, American joint-venture targeting Iranian nuclear facilities using the world's most advanced computer malware Stuxnet are now well known publicly. To make things even more interesting researchers at Kaspersky Labs have now unveiled another extraordinary peace of cyber-weapon, named "Flame" the data-mining malware has already caused substantial damage and massive amounts of data loss as admitted by Iranian officials. Iranian authorities are also claiming that the virus damaged centrifuges operating at its uranium enrichment facility at Nantaz and gathered data of its oil fields by breaching into computers of high-ranking officials.

Flame Infection

Due to the complex and very sophisticated technology (20 MB in total) used by this malware it has been labelled "the most sophisticated cyber weapon yet unleashed". The ‘Flame’ cyber espionage worm is highly modular in nature and is specifically targeted at middle-east countries, the sophisticated attack toolkit with similarities to Stuxnet and Duqu malware's is basically a combination of computer backdoor, Trojan, and a worm. The success of this weapon can be gauged from the fact that it is believed to be spying since past 5 years undetected. The sophistication can be measured by the fact that "Flame" has 80 known Command-N-Control servers dedicated to itself and the modular nature of the malware allows its controllers to load/unload code of there choice anytime.

Microsoft's COFEE Spills All Over Internet, First Exclusive Images On Internet

COFEEAs quite expected Microsoft's automated computer forensic utility COFEE (Computer Online Forensic Evidence Extractor) meant for law-enforcement agencies got leaked on internet and is now readily available on torrent portals and file-sharing websites.

These Are The First EXCLUSIVE Images Of COFEE Utility

Computer Online Forensic Evidence Extractor
How Cofee Works

The utility is designed EXCLUSIVELY for crime-investigators allowing quick and fully-automated extraction of forensic data from computers suspected of containing criminal activity evidence letting investigators search through data on-site, the utility is provided for free by Microsoft to law-enforcement agencies world-over in a USB device which executes more then 150 commands to collect forensic data offering features such as the ability to decrypt passwords, search the computer's Internet activity, and analyze the data stored on it even including the data stored in volatile memory.

Subscribe to RSS - Cyber Forensics
This is just one of the many helpful tips we have posted, You can find more stories here,
Do subscribe to updates using your favorite RSS feed reader or using the secure FeedBurner email update form on top of this post.