Skip to main content

Omnirat save us

OmniRAT :– $25 tool to hack into Windows, OS X and Android device

$25 OmniRAT is a “Remote Administration Tool” which can hack into Windows, OS X and Android run devices

OmniRAT is a software that lets you hack into computers running on Windows and Mac OS X in addition to hacking Android smartphones and tablets. OmniRAT can can spy on communications, secretly record conversations, snoop on browsing histories and take complete control of a remote device. And its cheap. OmniRAT is available on the dark web underground forums for $25 compared to another notorious malware, DroidJack which is sold for $210.

Security researcher Nikolaos Chrysaidos from anti-virus maker Avast who discovered the OmniRAT and calls it a Remote Administration tool .  In his blog post Chrysaidos describes how he believes hackers have infected Androids with OmniRAT after sending an SMS. Chrysaidos says that OmniRAT can also be used for legitimate purposes, with the permission and consent of the owners of Android, Mac and Windows computers it tries to control. But in the hands of a cyber criminal it becomes a “Remote Access Trojan” – giving the malicious hackers an opportunity to sneakily spy on and steal from unsuspecting users duped into installing the code.

The OmniRAT spreads through phishing which takes the victim to a website laden with the installation file of OmniRAT. A German Android user explained on the Techboard forum on how he was lured into a website with OmniRAT.  He said that had received an SMS telling him that an MMS had not been delivered directly to him due to the StageFright vulnerability. In order to access the MMS, he was told to follow a bit.ly link within three days, and enter a PIN code.

However, as Crysaidos explains, visiting the URL would initiate the attempt to install OmniRAT onto the target’s Android device:

Once you enter your number and code, an APK, mms-einst8923, is downloaded onto the Android device. The mms-einst8923.apk, once installed, loads a message onto the phone saying that the MMS settings have been successfully modified and loads an icon, labeled “MMS Retrieve” onto the phone.

Once the icon is opened by the victim, mms-einst8923.apk extracts OmniRat, which is encoded within the mms-einst8923.apk. In the example described on Techboard-online, a customized version of OmniRat is extracted.

The APK than demands the Android user to accept a long list of permissions which should trigger suspicions among tech savvy users.

Once installed, the App will send its own SMS message to the victims friends and colleagues listed in the contact list and further spread itself. The OmniRAT cannot be uninstalled once it is installed on the Android smartphones.  Chrysaidos says that even if the victim uninstalls the MMS Retrieve icon, the customised version of OmniRAT remains installed on his/her Android smartphone, and will be sending data to a command and control (C&C) server seemingly based in Russia.

Chrysaidos says that Android users should undertake following steps to protect themselves from OmniRAT.

Make sure you have an antivirus solution installed on your smartphone to detect malware, like OmniRat. Avast detects OmniRat as Android:OmniRat-A [Trj].Do not open any links from untrusted sources. If an unknown number or email address sends you a link, do not open the link.Do not download apps from unknown sources to your mobile device. Only download apps from trusted sources such as the Google Play Store or the Apple App Store

Comments

Popular posts from this blog

So what exactly is cryptography

Nowadays Internet is an important part of Life.  We are using the Internet for sending confidential data also like password,for storing army secrets. But the Internet is insecure medium.we all use internet at a daily basis.  Do you know why? Insecure Medium: Imagine you are sending a data.  In internet world, data are separated as packets and send to the destination.  Do you think the data directly reaching the destination?   If  you think so,you are wrong.  The packets are going through different routers.  Finally, the data is sent to the user.  In this gap, Intruders(i mean attackers) takes advantages. so who are they .the are  I.they  can see what you are sending.  Because your data are simple and easy to readable by anyone. How to secure the data? We can not stop the intruders and their activities.  But we can make our data as Unreadable for Intruders.  For this purpose, the Cryptography is introduce...

Lunix malware havoc

The Krebs DDoS attacks have proven that the IoT landscape is a fertile ground that can breed huge botnets capable of launching massive DDoS assaults. As such, it should be no surprise that malware authors are now focusing their efforts on this sector and putting out new threats in the hopes of building the next Mirai botnet. One of the latest additions to the IoT malware market is a trojan codenamed Linux/NyaDrop, recently reverse engineered by MalwareMustDie, the same researcher who discovered the Mirai malware. MalwareMustDie points out in his research that this binary appeared in May, but was somewhat simplistic and not that common. Things changed after the Krebs DDoS attacks, and a new sample has appeared on the market, with the malware’s author most likely drawn back to the IoT landscape by Mirai’s success. Just like most IoT malware nowadays, NyaDrop’s author relies on brute-forcing Internet-exposed IoT devices using their default credentials. In a conversati...

Remove virus from android

Desktops aren’t the only gadgets that can be affected by a virus. Android devices have a malware problem and it’s growing every day. If you do get a virus, you could perform a factory reset to get rid of it, but that means you’d lose all your data — those photos you shot, the saved games, the text messages, and everything else. Obviously, you want a factory reset to be your last option. So what can you do to remove a virus from Android without a factory reset? Is It Really a Virus? If your phone isn’t functioning the way it should be, there’s a chance you have some malware on it. One wrong tap somewhere and a malicious file might have been downloaded on your phone, which is leeching battery life, Internet resources, or your personal data. But it could be something else. Suppose your Android refuses to boot or crashes every time it starts up. Or maybe you can’t seem to download apps from the Play Store. These are not necessarily caused...