Tectuner is a Technology Releated website. Tectuner is a about the science,technology.Blogger template, Android, computer, Online Earning, tips tricks
All-In-One Malware ‘Plurox’ Can Hack Your PC In Three Different Ways

Kaspersky security team has discovered a new strain of malware called Plurox, which packs a cryptominer, backdoor, and worm-like plugins, all into one.

Plurox is a cut above the regular malware. It comes with advanced capabilities that can spread the malware laterally to more systems and mine cryptocurrency using one of its eight different plugins.

This self-spreading virus has a modular structure which facilitates its multi-faceted features such as backdoor trojan and cryptominer.

Modular structure of Plurox

At its core, Plurox contains a primary component that allows Plurox bots (the infected hosts) to communicate with a command and control (C&C) server.

The Kaspersky team says that this component is crucial and the authors of Plurox use it to download and run files on the infected hosts. The downloaded files are called “plugins,” which contain most of the malware’s features.

Motive behind Plurox: Cryptomining

Eight different plugins have been found in Plurox and their sole purpose is cryptocurrency mining. These plugins are based on various hardware configurations for CPU/GPU mining. In addition to this, there’s a UPnP plugin and an SMB plugin.

By monitoring the malware’s activity, the team found two ‘subnets.’ One subnet is dedicated to receiving only mining modules and the other subnet is focused on downloading all modules that are available.

Although the purpose of having two separate communication channels is unclear, it does establish that the primary feature of both subnets is cryptocurrency mining.

Plurox inspired by NSA exploits

The SMB plugin mentioned previously is essentially a repackaged NSA exploit called EternalBlue that was publicly leaked in 2017.

The plugin allows bad actors to scan local networks and spread the malware to vulnerable workstations via the SMB protocol (running the EternalBlue exploit).

But that’s not all. UPnP is actually the sneakiest and most nasty plugin among all. It creates port forwarding rules on the local network of a compromised system and uses it to build backdoors into enterprise networks bypassing firewalls and other security measures in place.

Once again, the inspiration behind the use of the UPNP plugin came from another leaked NSA exploit called EternalSilence. However, instead of using the actual EternalSilence code, they developed their own version.

Security researchers are still trying to figure out how the Plurox crew is spreading the malware to hijack larger networks. For more information on the same, you can refer to Kaspersky’s SecureList blog.

Tectuner is a Technology Releated website. Tectuner is a about the science,technology.Blogger template, Android, computer, Online Earning, tips tricks

Bird Miner This Cryptominer Malware Emulates Linux To Attack Macs

One of the biggest disadvantages of using pirated software is the increased risk of letting your computer gets infected with malware. Cybercriminals often bundle the cracked versions of paid software on piracy websites with adware and crypto miner to earn free cash. So, if you’re installing such programs from unknown sources, the chances of you getting hacked are pretty good.

The same attack vector is being used by hackers to distribute a new Mac cryptocurrency miner named Bird Miner. As Malwarebytes’ official blog explains, Bird Miner has been found to be bundled with a cracked installer of software named Ableton Live, which is a tool for high-end music production.

Malwarebytes found that Ableton Live 10’s cracked 2.6 GB installer is available on piracy website VST Crack. Security researchers from the firm became suspicious when they found that Bird Miner’s post installation script was busy copying installed files to new locations with random names.

The new files with random names seem to have various functions, including the role of launch daemons. One such daemon launches a shell script called Crax, which makes sure that the malware is hidden from the security researchers. The malware further checks to see if your Mac’s CPU is operating at more than 85 percent load to avoid running the crypto mining script in this case.

Bird Miner uses Tiny Core Linux emulation

The last piece of the puzzle is the launch of an executable named Nigel, which is an old version of an open source emulator named Qemu. For those who don’t know, Qemu is terminal-only virtualization software that lets one run Linux packages on non-Linux machines.

Bird Miner This Cryptominer Malware

The Qemu emulator further uses a file named Poaceae, which is a bootable Tiny Core Linux image. Finally, as soon as the Tiny Core system boots up, the xmrig miner starts running to mine the Monero cryptocurrency.

The Malwarebytes researchers mention that familiarity with Linux could be the reason why creators of the malware chose the Linux route. This malware further shows why using pirated software increases the chances of getting infected very easily.

Tectuner is a Technology Releated website. Tectuner is a about the science,technology.Blogger template, Android, computer, Online Earning, tips tricks
100 Million Dell PCs At Risk Due To Criticial Bug In ‘SupportAssist’ Software

The SupportAssist software comes pre-loaded on most Dell laptops and desktops. It’s used to check for different hardware and software issues that could arise over the course of time on Dell machines. For example, it can be used to test whether the battery is in a healthy condition or not.

Unfortunately, the innocent-looking SupportAssist could open doors for attackers who can use it to achieve privilege escalation on Dell machines running Windows 10. The vulnerability was discovered by security firm SafeBreach Labs, the firm told Fossbytes in an email.

It’s estimated that around 100 million PCs could be at risk on which the SupportAssist might be installed.

Moreover, according to the security firm, the vulnerability (CVE-2019-12280) isn’t just limited to Dell. Like Dell, many other OEMs use a re-branded version of the diagnostic tool created by the PC Doctor.

The list of other affected software includes PC-Doctor Tool For Windows, which is also re-branded as CORSAIR Diagnostics Staples EasyTech Diagnostics, etc.

What’s the problem?

PC Doctor has developed the components that allow access to hardware such as PCI, physical memory, etc. The researchers were assuming that the program must have low-level access to system components to perform its desired operations.

Thanks to the vulnerability, when they ran the program on their virtual machine, the researchers found that they could easily load a custom-made DLL file for privilege escalation. This is because the program doesn’t validate whether a DLL being loaded is digitally signed or not.

An attacker can take advantage of the vulnerability and bypass techniques such as Application Whitelisting which is used to prevent unsafe apps from being installed on the machine.

 SafeBreach researchers were able to create a proof-of-concept and were able to read/write data to the physical memory — and so can the attacker.

To prevent unsigned kernel-mode drivers from installing on the machine, Windows uses a mechanism called Driver Signature Enforcement. It crashes the system when it detects an unsigned driver being loaded.

But because of the vulnerability, the DSE has become useless. The program comes fitted with a driver that is already digitally signed and also authorized by Microsoft. So, the attacker might not need to load an unsigned driver to achieve read/write permissions.

The revelation comes after a non-disclosure policy that ends on June 19th. Dell has confirmed the existence of the bug after it was first reported back in April 2019. Further, the researchers have notified PC Doctor as well, and a security patch is expected to be released sometime in mid-June.

Dell has released security patches for the said vulnerability. It’s advised to update your machines well in time.

Tectuner is a Technology Releated website. Tectuner is a about the science,technology.Blogger template, Android, computer, Online Earning, tips tricks

How To Disable Bixby Button On Samsung Smartphones

When Samsung added a dedicated Bixby button to the S8, its aim was to persuade users to use Bixby instead of Google Assistant. Bixby has improved over the years but still lacks the features that Google Assistant provides. Samsung soon faced backlash from users who complained of accidentally pressing the Bixby button while using the phone. One of the major issues with the Bixby key is that it has been placed right under the volume buttons which makes it rather confusing.

Accidental touch on the Bixby button launches Bixby which can be annoying. Until Samsung S10, users did not have the option to map the key to open Google Assistant or other apps. Samsung has launched a Bixby Button Assistant Remapper app recently that allows users to remap the Bixby button and use it to open other apps.

If you’re searching how to disable Bixby button, I have bad news for you.

In its latest S series, Samsung has not provided the option to disable Bixby button but you can remap the button to launch other apps or perform other actions.

Here’s how you can disable Bixby and reassign Bixby button to other apps. The first step to prevent Bixby from launching by pressing the dedicated button is disabling Bixby Home.

Note: Before proceeding, log into your Samsung account by visiting the “Accounts and backup” section in the Settings app.

How To Disable Bixby Home?

To remove Bixby Home from your home screen, follow the below mentioned steps:

◾ Tap and hold onto any empty space on your home screen.
◾ Swipe right and you will see a Bixby Home panel.

Disable Bixby Button On Samsung

◾ Turn off the toggle present next to Bixby Home.

That’s it. You’ve disabled Bixby Home on your smartphone. This method works on all S Series and Note series devices starting from S8 and Note 8.

How To Disable Bixby Button?

Since Samsung has not provided the option to completely disable Bixby Button in OneUI, the max you can do is tweak the settings and remap the button in a manner where nothing happens when you press the button once. You can change the settings so that Bixby launches when you press the dedicated button twice.

This will prevent the launch of Bixby by accidentally pressing the Bixby button after you have confused it with the volume down button.

◾ Open the Settings app, scroll down and tap on “Advanced features.”

Disable Bixby Button On Samsung

◾ Tap on the “Bixby key” option.

Disable Bixby Button On Samsung

◾ Select “Double press to open Bixby” and do not enable the 
Use a single press.

Disable Bixby Button On Samsung Smartphones

◾ You can also remap the button from this setting to use a single press to open apps of your choice or enable Run quick command to perform additional actions. You can download the Bixby Button Assistant Remapper app to remap Bixby button for other tasks.

You have successfully disabled the Bixby button. Now, if you single press the button, nothing will happen.

If you want to completely disable the Bixby button and render it useless, you can use third-party apps like bxActions. Alternatively, you can also use different launcher apps to disable Bixby. However, the method mentioned above is enough to prevent Bixby from popping on the screen due to the accidental pressing of the Bixby button.

How to disable Bixby button on Samsung Phone

Tectuner is a Technology Releated website. Tectuner is a about the science,technology.Blogger template, Android, computer, Online Earning, tips tricks

How To Turn On Gesture Navigation In Android Q?Turn On Gesture Navigation In Android Q

Google has launched the third beta for Android Q in its annual I/O 2019 event. The third developer preview has brought several new features in Android Q, such as Gesture Navigation among other important features such as system-wide Dark Theme, Live Caption, Focus Mode, etc.

Gesture navigation isn’t something entirely new for Android. It first arrived with Android Pie where it gave users the option to use gestures for common tasks such as opening the app drawer, switching between apps, and closing apps.

Gesture Navigation In Android Q

How does it work?

Android Q’s gesture navigation seems to borrow its core set of gestures from the iPhone. The biggest difference is that unlike the iPhone, there’s a bottom bar which consumes its own screen space — which is plainly annoying.

Anyway, on activating gestures in Android Q, the pill button disappears. Instead, the long, slim white colored bar appears at the bottom of the screen where you can swipe up to land on the home screen.

To navigate back to the previous screen while using apps or browsing on the internet, swipe opposite from the left or right edge of the screen.

For the multitasking view, you need to swipe up and drag across. Swiping across quickly lets you switch between apps and a swipe up from the home screen opens the app drawer.

Open Google Assistant with new gesture in Android Q

After turning on the gesture navigation in Android Q, phones that don’t have Pixel’s squeeze option seem to be in a fix on how to launch Google Assistant.

Turns out there is this hidden and really weird gesture to invoke Google Assistant in the latest Android. Swipe diagonally from the right or left bottom corner of the screen and hold until Assistant fires up.

If you don’t get it right the first time, try swiping exactly from the corner. It is this placement which is hard to perform every time accurately. I just hope that Google comes up with a more obvious and easy way to open Assistant on Android Q.

How to enable Gesture Navigation in Android Q?

Follow these steps to turn on gestures in Android Q:

◾ Open Settings app

◾ Navigate to System and tap on Gestures

enable Gesture Navigation in Android Q

◾ Then tap on System navigation
enable Gesture Navigation in Android Q-enable Gesture Navigation

◾ Toggle Fully Gestural Navigation option
Toggle Fully Gestural Navigation option

This will replace the navigation buttons with a long, thin line at the bottom of the screen.

Improvement in gestures from Android Pie

The quality of the animation has definitely improved over Android 9 Pie where moving around the system seemed a little bumpy. Now everything is smoother in Android Q — or at least that’s what it seems in a Pixel phone.

As discussed above, Google went ahead and lifted iPhones’ gestures. But it finally removed the back button, much to my relief. I know there are people who still love the back button, but for me, it simply defeats the purpose of gesture navigation in the phone.

Popular Posts