Tag: cyber security

Programming, Security, Tech

Modding Minecraft & You

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Mining myself a whole new world.
Photo by Alexander Kovalev, please support by following @pexel.com

Just when you thought your children were building a harmless digital landscape for themselves comes an upload of new problems. Hackers have been changing the attack vector landscape for themselves which could have your bank account seeing a lot of red.

It has been well known by now, even if you have been living underneath a 1970 Volvo station wagon, that the game “Minecraft” has been the focus for hackers over the past couple of years. The last major event was Log4j, a vulnerability exploit that set the internet ablaze for a few weeks.

A thing we would like to see is how much of a problem this will be and whether it will continue in the foreseeable future. Like normal, we’ll be looking at what the attack is, who used or created it, its functions and effects upon its release, and some ways you could keep safe.

Hebert, there’s a new script and you might want to read this one because we need to talk about Kevin.
Photo by Yan Krukau, please support by following @pexel.com

The Attack

This is no secret by now that hackers have been using Minecraft as a place to commit their nefarious deeds. The latest of their information-stealing malware/spyware is being called “Fractureiser”.

If you’re unfamiliar with mods and modding we’ll quickly explain, there are some cases where a game is good, but it could be better, this is where independent developers or bored developers put together some code and add it to sections of the game. Like in Skyrim, there was a mod to have Tony Starks Iron Man armor.

It’s a grey area when it comes to knowing if modding is legal in the gaming industry because there are some games that can get banned from servers but to keep things simple, remember not to mod games where you must play with a community.

Tim: They mentioned my Iron Man mod.
Sarah: Shut up Tim, that means they’re on to us.
Photo by Tima Miroshnichenko, please support by following @pexel.com

Who Can It Be Now

At the moment no one has been named, neither group or individual responsible for the creation or use of the malware but threat actors have been using platforms like CurseForge and Bukkit as attack vectors for the malware.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

You see that line of code right there. I didn’t write that.
Photo by Christina Morillo, please support by following @pexel.com

Sinking Feeling

Fractureiser’s functionality has been reported by Bleeping Computer, breaking it down into four stages of the attack. In the beginning, stage, when a mod is uploaded, it’s hijacked and injected with malicious code into the main class of the given project.

This attack is taking place in the Java programming language, just know Java is popular and used everywhere. The main class is a section of the code that holds what the program is going to execute. The program is overwritten and connected to a URL (Uniform Resource Locator) that downloads a file unique to the operating system (OS).

Afterward, another connection is made where the malware captures the user’s IP address and reports it back to the command and control (C2C) server. The malware then connects the same IP address to port 8083 for it to download another file and save it to the machine’s OS. The possible effects of having your information collected could be endless as it could be used by the threat actor to purchase loans and other things in your name or can be sold to other interested parties.

This all takes place while you are building your world in Minecraft. Just when you thought you were being the crafty one.

Modding is at your own risk.
Photo by Nadin Sh, please support by following @pexel.com

The Prevention

Outside of you crafting your way to new beginnings, it seems like this will continue to be a problem in the future because hackers are coming up with new ways to onboard malware to your machine.

An inconvenience for having this on your machine is the reinstallation of the OS which could wipe out everything if not frequently saved via an external drive. The best way to keep your machine and your wallet safe is to keep from adding modifications to the game since there could be malicious files or code injected into the uploaded package.  

Well played Scriptingthewhy…we’ll meet again.
Photo by Tima Miroshnichenko, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on Fractureiser? Script a comment below.

Security, Tech

Bank Draining Done with Love

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Sneaking into your computer to see what’s up.
Photo by Moiske2l Officiel, please support by following @pexel.com

Advanced Persistent Threat

You were to print “Hello World”

You know, there’s no better feeling in the world than having someone take money from your bank account. This was said by no one ever. As the world turns, we face more and more threats online. At this point, we just have to admit that hackers, scammers, threat actors, or whatever your company wants to call them, they’re getting better at their job.

To add insult to injury, when they improve, it leads to them getting better pay. When you improve at your job, you may get a new title and make about the same pay with more responsibilities. Are we saying for you to be rich? Maybe. Are we saying for you to get paid what you’re worth? Definitely. Pushing making light of corporate logic aside, an issue has surfaced online that has a few people concerned about the safety of their computers and finances.

What is this issue? Glad you asked, look no further than “GooseEgg”. You don’t know what that is? Don’t worry, we have you covered on that. We’re going to look at what GooseEgg is, a few things you may need to know, and if this is something that you should power off your computer for. Spoiler, for the most part, you should be safe.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Sitting on a park bench or laying down for a picnic, we know you have food. We’re coming.
Photo by Pixabay, please support by following @pexel.com

GooseEgg, is kind of a weird name for something on the internet but hey, the internet is a weird place and it’s only getting weirder. GooseEgg, also known as PrintNightmare, is a tool that can prompt other programs with elevated privileges.

Once a threat actor has this at their disposal, they’re in. How is this a problem? Simple, if someone has the same level of privilege as you, that means they can do anything you do and maybe… better. How does this appeal to you? You have money, we’re telling you how to keep your money safe or at least try to.

Banks will still let someone take money from your account. Think it’s covered in the insurance so, they’ll let the person take your money and refund you somewhere 90+ days later. That’s all right, it’s not like you needed the money right away for anything.

WHAT DO YOU MEAN IT’S GOING TO TAKE ABOUT 90 DAYS!?
Photo by Andrea Piacquadio, please support by following @pexel.com

So, you may be wondering the same way as Al Pacino did in Scarface. “WHO PUT THIS THING TOGETHER!?” Researchers have pointed in the direction of a Russia-linked cyberespionage group APT28. Whether they have been using it or not isn’t the point. We’re sure this can be found on the dark web, that’s where all the “fun items” are sold.

You won’t have to do anything outside of your normal for protection. Having an update-to-system, anti-virus software, and applications will keep you safeguarded. Security may not be 100%, but following best practices can see you being able to pay your rent on time.

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on GooseEgge/PrintNightmare? Script a comment below.

AI, Programming, Security, Tech

Dwelling without Sunshine

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

I’m going to read one more script before this court case. I mean the guys going to jail anyway so reading more it’s going to hurt.
Photo by Ketut Subiyanto, please support by following @pexel.com

So many times, in life when you think you have dealt with one problem, shortly after there comes another one creeping its way around the corner hopping in your pants to make its way up the place where the sun doesn’t shine.

For many of us, this comes in the form of bills, but for most of us, this comes in the form of finding out how easily someone can obtain our sensitive information, which in most cases they don’t have to be involved at all, they can just have collection be automated while sat on the porcelain stool passing the morning coffee and last night’s meal.

Android products and Google Play Store have been a playground for threat actors to release malware in an effort to collect from their victims. As usual, we’re going over what the attack is, who is using it, the functionality and effects upon release, and what are some ways to protect yourself from having a rat run rampant on your personal device.

Dear god, it’s making its way up!
Photo by Andrea Piacquadio, please support by following @pexel.com

The Attack

Speaking of having a rat in your personal device. Here’s a name you’re not ready for, IRATA. Yes, that’s an actual name of malware. IRATA stands for Iranian Remote Access Trojan.

Are you trying to figure out what the last “A” stands for? Simple, since it is Android specific, it stands for “Android”. Android users, feel proud, there’s another malware targeting you…yet again.

This is a program that has spyware and information-stealing capabilities. This was discovered via a smishing attack in Iran. Smishing for those who do not know, is the dark art of contacting a person through text or another SMS (Short Message Service) to lure them into a false sense of security to give information. In this case, IRATA brings users to a fake webpage urging them to download an app and pay a fee for the service.

Unlike how companies operate by offering a service and charging you for the service and then some, you can actually choose not to pay this one, so don’t pay it.

I’ve read Scriptingthewhy, I don’t think Z-daddy was talking about this kind of rat.
Photo by MART PRODUCTION, please support by following @pexel.com

Who Can It Be Now

So who are the culprits employing the use of IRATA? Well, and this seems to become the norm if you’re a subscribed reader, no one has been named for using this malware.

However, its origin stems from Iran since that’s where its activity is taking place. Just be aware, that if you have a trip coming up to Iran, pray for your Android device. Regardless, still safeguard your device, traveling or not.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Tim: You’re not going to believe this, a rat made off with my information.
Sarah: Are you sure it’s a RAT and not a rat?
Tim: What’s the diff?
Photo by Tirachard Kumtanom, please support by following @pexel.com

That Sinking Feeling

Why would this be something you need to worry about? Well, since you asked, you would have to worry about IRATA scurrying away with all the information about your personal device.

This would include information like the serial number, the device ID, battery status, network type, and many other things. This is like your blind date showing up and telling you everything they know about you without you uttering a word. It’s not creepy at all.

To make IRATA even more terrifying, IRATA can hide itself by disguising its icon and tampering with the phone’s sound settings, like putting the phone on vibrate or lowering the volume. Once IRATA is in, it can collect information and replicate software to further malicious attacks like phishing.

I did my research on you, I hope that’s not like creepy to you or anything.
Photo by Andrea Piacquadio, please support by following @pexel.com

The Prevention

Okay, so it’s clear that you don’t want to go on a creepy blind date where they know everything about you before you say anything, and neither do we want you to. So how would you protect yourself from something like this?

To keep this malware from two-stepping on your personal device, check the reviews of others who may have downloaded the software. Always read the permissions the application is requesting to have access to as some may request access to questionable things.

Like a camera app requesting access to cookies in the browser. It’s plausible that the camera application may have a valid reason for requesting access, however, if it raises a red flag to you then you should go with your “gut feeling”.

Do not download software from third parties as they may contain malware on par or worse than IRATA. Keep your system and anti-virus up to date and exercise caution when opening emails with attachments.

You might not be able to keep out every rat but you can at least lower your chances of falling for their traps.

Kim: You have protection, right?
Dave: You bet I do. I have anti-virus software and Scriptingthewhy.com and… that’s not what you meant by protection.
Photo by Josh Willink, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on IRATA? Script a comment below.