Just Five Dollars and a Minute to Hack Your PC

It’s called PoisonTrap and it’s a system that in seconds will infect your device and allow cyber criminals to manage your computer remotely.

Do you remember the movie a few years ago with Nicolas Cage, out in 60 seconds? Now let’s lose the theme fast cars and think about your computer. There is a new virus that can completely infect your device in less than a minute. And it only costs five bucks.

PoisonTrap infects your computer in a minute. This new device was designed by one of the most famous hardware hack designers in the world, Samy Kamkar. It manages to evade most of the device’s security systems as a password or two-step authentication. The cyber criminal is about 30 to 60 seconds alone with the computer to infect your device. Be very careful when leaving your PC unattended at work or in the library. To infect your computer The hacker will use a tool defined PoisonTrap inserted inside a small Raspberry Pi Zero, which costs about 5 dollars, and that will connect via USB to your device.

How the PoisonTrap works

Once connected to the computer the PoisonTrap does not advertise itself as a USB device but as an Ethernet interface. At this point, even if the PC is connected to Wi-Fi the PoisonTrap will convince the system to support you as a priority line for the connection. This will work in a similar way to a hacker man in the middle attack. From here on the cyber criminal, without us noticing anything, will be able to steal all our data, our credentials on bank accounts and know all the information about our presence on the net.

Our device will be remotely managed

If we fall victim to an attack like this, the bad guy will be able to manage a large part of the local network and the browser remotely, thanks to a backdoor that a person without experience in the field could not recognize. Obviously you do not need the Raspberry Pi Zero with PoisonTrap remains connected to do all this. Kamkar has also made it known that this type of virus is incredibly resilient and manages to evade most of the security systems. On all also two-pass authentication of bank accounts.

How to defend yourself from PoisonTrap

At this point the question that will be arisen to many is: how can I defend myself from this new hacker attack? Kamkar says that there is no simple solution, especially for users who do not have great knowledge about it. But there are some tricks that will make it harder for the hacker to infect our device. First we choose, when we leave the PC even for minutes, the hibernation function rather than suspend. Because so we’ll suspend every process. We never leave a page of an open browser when we are not close to the computer. With patience and frequency we empty the browser caches. Or simply disable the USB ports. Although it is a little practical solution.

Who is Samy Kamkar?

Samy Kamkar is an engineer and as we said one of the most famous hack designers in the world, especially with regard to the creation of low cost viruses. He’s a researcher and he doesn’t do it as a criminal activity. Among his inventions there is, for example, MagSpoof a system that is able to guess all the details of a credit card starting from only some account data. Then he created RollJam which is able to unlock virtually any car or garage. And finally among the most famous there is also KeySweeper, a program that steals password disguised as a USB loader.

Facebook Under Attack, A Virus Steals Passwords

A software promises to steal the Facebook Passsword of your contacts, but actually installs a trojan that takes possession of your credentials.

August 14, 2017-talk of Dante’s retaliation, in cases like these, is almost an obligation. As noted by some security researchers from the Australian company LMNTRIX Labs, a Facebook malware allows hackers who have created it to steal the credentials of access to the social network of unwitting victims.

Up here there would be nothing new or exceptional: of viruses on Facebook are counted to dozens every day and are able, who more who less, to endanger the data of users enrolled in the social network of Mark Zuckerberg. The peculiarity of the discovery of Australian researchers is another and lies in the “form” with which the virus is rapidly spreading. To deceive users, the malware promises (in disguise, of course) to help steal the Facebook password of their contacts. Instead, the exact opposite happens: once installed, it steals the credentials of the infected computer. Retaliation Dante, in fact.

The virus that promises to steal Facebook password

Behind what might look like a “simple” hacker attack lurks, instead, a complex social engineering operation. The cyber criminals who created it, explain the Australian computer security researchers, have well understood that some “poorly licit” operations could attract the attention of many Internet users around the world. They have decided to “disguise” the Facebook virus from software that allows you to steal Facebook passwords and access, so, to the profile of your friends or acquaintances.

As said, instead, Facebook Password stealer – This is the name chosen for malware – installs a Trojan inside the computer that allows hackers to get hold of the credentials of the unsuspecting victim. In addition, they also put on an online marketing campaign, with advertisements on sites and forums of various kinds.

How does the virus Facebook Password stealer

Although the stratagem devised to promote the spread of the Facebook virus is rather complex, its operation is elementary (or almost). In the software screen there are three fields to fill: two dedicated to their credentials to access the social network, while the third one is used to know the URL of the profile “objective”. The truth, however, is that as soon as you click on the button “hack”, the data entered in the first two fields will be “taken over” by the Trojan Horse installed on the PC and sent to the server managed by hackers.
How to defend yourself from the Facebook virus that steals passwords

Real defense tools against this particular Facebook virus don’t seem to be there. At least for the moment. The only thing to do is to avoid downloading “abnormal” software that promise to obtain impossible results: to be able to steal Facebook password knowing only the user name of the profile “objective” is actually not possible. If you run into one of these programs – which promise to recover or steal Facebook passwords – keep yourself well away: behind it hides something unclear.