APPSSOURCE : KASPERSKYLAB

Package name	MD5
com.parmrp.rump	F5F8DF1F35A942F9092BDE9F277B7120
com.weeclient.clientold	6B55AF8C4FB6968082CA2C88745043A1
com.anocat.stelth	C70DCF9F0441E3230F2F338467CD9CB7
com.xclient.old	6D6B0B97FACAA2E6D4E985FA5E3332A1
com.junglebeat.musicplayer.offmus	238B6B7069815D0187C7F39E1114C38
com.yourmusicoff.yourmusickoff	1A623B3784256105333962DDCA50785F
com.sharp.playerru	1A7B22616C3B8223116B542D5AFD5C05
com.musicould.close	053E2CF49A5D818663D9010344AA3329
com.prostie.dvijenija	2B39B22EF2384F0AA529705AF68B1192
com.appoffline.musicplayer	6974770565C5F0FFDD52FC74F1BCA732
com.planeplane.paperplane	6CBC63CBE753B2E4CB6B9A8505775389

Ip i scanned Click here [opens new window]

Download browser Extension of VirusTotal. Avilable on Firefox, Chrome & Internet explorer  : Click here to download

Mobile app is also avilable for android Download From Google Play

Hence , Bloggers like me I always scan external url from virus total before uploading to this website.

What is mailsploit ?
Mailsploit is a collection of bugs in email clients that allow effective sender spoofing and code injection attacks. The spoofing is not detected by Mail Transfer Agents (MTA) aka email servers, therefore circumventing spoofing protection mechanisms such as DMARC (DKIM/SPF) or spam filters.
According to mailspolit.com Bugs were found more than 30 applications, including  prominent one like apple mail ( all os's) , mozilla, thunderbird, microsoft email clients, yahoo mail, protonmail and others

How it is done?
Mailsploit is a new way to easily spoof email addresses. It allows the attacker to display an arbitrary sender email address to the email recipient. In the following demo I use potus@whitehouse.gov but any other email address could be used.

And this is how it works: In an email, all headers must only contain ASCII characters, including the “From” header.

The trick resides in using RFC-1342 (from 1992!), a recommendation that provides a way to encode non-ASCII chars inside email headers in a such way that it won't confuse the MTAs processing the email.

Unfortunately, most email clients and web interfaces don’t properly sanitize the string after decoding which leads to this email spoofing attack.

Here is what it looks like:

=?utf-8?b?[BASE-64]?=

=?utf-8?Q?[QUOTED-PRINTABLE]?=

Either base64 or the quoted printable representation can be used.

Using a combination of control characters such as new lines or null-byte, it can result in hiding or removing the domain part of the original email, allowing us to replace it. Here is why:

    iOS is vulnerable to null-byte injection

    macOS is vulnerable to “email(name)” injection

Mixing both of them turns out to work perfectly on both OSs:

From: =?utf-8?b?${base64_encode('info@nepal.gov.np')}?==?utf-8?Q?=00?==?utf-8?b?${base64_encode('(info@nepal.gov.np)')}?=@mailsploit.com

Which becomes:

From: =?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?==?utf-8?Q?=00?==?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=@mailsploit.com

Which, once decoded by Mail.app, becomes:

From: info@nepal.gov.np\0(info@nepal.gov.np)@mailsploit.com

Using this payload, both macOS and iOS will show that the email comes from potus@whitehouse.gov and not …@mailsploit.com:

    iOS will discard everything after the null-byte

    macOS ignores the null-byte but will stop after the first valid email it sees (due to a bug in the parser)

In order to avoid that the victim sees a glitch when trying to reply to the email, it is enough to add a “Reply-to” field:

Reply-To: info@nepal.gov.np


Solutions?
-Always update your e-mail clients
-Update your browsers
-If you must stick with emails then use PGP/GPG to verify the identities and encrypt email contents.
-Think before clicking ,Governemt , industry wouldn't send you unless if you haven't done or contacted to them

or use Encrypted messenger for personal conversation .
Compare messengers from here https://www.securemessagingapps.com/

Try  demo How it actually works :
Click here


Credit : Sabri  
More details :  https://www.mailsploit.com/index

 
After many efforts by google removing malwares from Playstore. Recently google has detected a new malware
What is Tizi?
Tizi is a fully featured backdoor that installs spyware to steal sensitive data from popular social media apps. Google has discovered this family in September 2017 when device scan found an app with rooting capabilities that exploited vulnerabilities .
Tizi infected apps has been widely advertised in web

Scope of Tizi?

 Diagram Of tizi Infected . Mostly this malware is Found on African countries. (c) Google[/caption]
How tizi works ?
After gaining to root , it steals sensitive data from popular social media apps like Facebook, twitter, whatsapp, viber, skype and more.

• Turn on Verify apps from Seeting
• Don't install software from unknown Sites
• Turn off Unknown Sources if it is not in use.
• Protect your device with pin and passwords
• Encrypt your device
• Always install new-updates

Sources : Google Security Blog

Bored of Chrome Crashing , Slowing  Down your system.   Don't worry Google has solution .
From 2018, chrome will no longer allow outside application to run Code in Browser.
Many third party software injects codes in your browser . For example Antivirus software inject codes fro control on your online activities and Offering additional feature.

The blocking process Takes 3 steps :
1. April 2018- With the release of Chrome66, Google will begin informing users if code injection causes their browser to crash, alerting them with the name of the Responsible application and a guide to update or remove it.
2.July 2018- Chrome 68 will start blocking third party software from injecting code.
3.January 2019- Chrome will completely block code injcetion by any third party software's.

These measures cause Less crashes and More user happy.
So ,Coders you have time 13 months times to re code . Google is encouraging developers to use Chrome beta Channel and test their code.
Sources : Chromium Blog