What is Binary Planting?

What is Binary Planting?


Binary Planting is a general term for an attack in which an attacker places a binary file containing malicious code (for example, /home) on a local or remote file system for a vulnerable application to install and execute. The purpose of this attack is logically similar to a Rat/Trojan.

For example, an exact copy of an application is infected and released so that people think it's real and download it. While installing any application, it usually asks us for permission to files, camera, location information. If allowed, all information will be forwarded to the person who manages/makes the application. This type of virus requires all permissions to completely take over the phone.

This is where the real problem actually starts. These need attention. Or, it may not ask for permission at all, and only by downloading it can completely take over the phone or the device from which it was downloaded. For this reason, downloads should not be made from any place other than official sources, the application should be scanned from virus scanners such as virus total.

There are several ways to carry out this attack:​

1. Insecure access permissions on the local directory allow a local attacker to place the malicious binary in a trusted location. (A typical example is an application installer that cannot properly configure permissions on directories used to store application files.)​
2. An application can be used to insert a malicious binary into another application's trusted location.​
3. The application looks for a binary file in untrusted locations, most likely on remote file systems. (A typical example is a Windows application that loads a dynamic link library from the current working directory after it is set to the network shared folder.)​
4. The virus might present itself as an official, innocent application, and thus can bypass some virus scanners.​

If we give an example of an attack based on untrusted access permissions;

The Windows application installer creates a root directory() and installs the application, but cannot limit write access to the directory for non-privileged users.

C:\Application

Let's assume that app() installs an app named EXAMPLE. By calling the DLL library, this library is expected to be found in the Windows System32 folder.

C:\Application\App.exeLoadLibrary("EXAMPLE.DLL")

Local User A, EXAMPLE.DLLC:\Application

Local user B starts the application that installs and executes the malicious Example. Because it chooses legitimate instead of DLL, the infected application is installed on the device.

After that the virus gives control to the device and the command requested by the attacker is executed.

Or, sending harmful codes, sending harmful files on applications such as Whatsapp and Telegram, and the user not being able to notice it and downloading it can be given as an example.

If we give an example of the codes, it can be given that the application used by the person who opened the malicious code sent completely crashes and cannot be opened. This can also slow down some phones. If the application is deleted and reinstalled, this problem goes away, but the same code is sent again and the same problem may continue if the user opens it again.

For this reason, it is recommended not to look at messages from strangers.

Messages sent from the mail, on the other hand, fall into the folder called "spam" with the protection of the mail and you will receive a warning. The user realizes that it is a virus and deletes the message.

Phishing Attempts via Mail and SMS

The number of people who are exposed to phishing attacks, usually via sms and mail, is quite high and this number is increasing day by day.

Attackers usually try to deceive people with the following example message;

XXX BANK

Hello, we have detected an unusual money transfer in your account. If you did not do this, in response to this e-mail you can give;

Your card number, password, address, ID number by replying this e-mail.

We will verify your information within 24 hours and secure your account.

If you did it, you can ignore this message. Thanks.

XXX BANK | SECURITY

The account owner, who sees this message, sends his information via e-mail with a momentary panic and suspicious situation. Attackers log in to the bank account with the incoming information, take the money in the account and disappear. Although the account holder understands the situation, it is too late. Likewise, attackers can also send sms from foreign numbers.

In this and similar cases, such messages should not be believed.

So what should we do for security?

We should not download and install every application we come across with the thought of that nothing will happen.

We should not grant all permissions, even if it is an official, approved app.

We should not download fake infected applications called cracked, pro version.


We should scan the target application with programs such as virustotal, antimalware.

We have to download apps that are verified, known and used by everyone.

For the unofficial applications, we should research about reliability from many sources.


And finally, for account security, we should use two factors auth, keep our password complex and long using upper and lower case letters, numbers and symbols, and make it difficult to guess.

Translator: @Dolyetyus
Original article: Binary Planting Nedir?


Thanks for the reading

​

Dolyetyus' Alıntı:

What is Binary Planting?


Binary Planting is a general term for an attack in which an attacker places a binary file containing malicious code (for example, /home) on a local or remote file system for a vulnerable application to install and execute. The purpose of this attack is logically similar to a Rat/Trojan.

For example, an exact copy of an application is infected and released so that people think it's real and download it. While installing any application, it usually asks us for permission to files, camera, location information. If allowed, all information will be forwarded to the person who manages/makes the application. This type of virus requires all permissions to completely take over the phone.

This is where the real problem actually starts. These need attention. Or, it may not ask for permission at all, and only by downloading it can completely take over the phone or the device from which it was downloaded. For this reason, downloads should not be made from any place other than official sources, the application should be scanned from virus scanners such as virus total.

There are several ways to carry out this attack:​

1. Insecure access permissions on the local directory allow a local attacker to place the malicious binary in a trusted location. (A typical example is an application installer that cannot properly configure permissions on directories used to store application files.)​
2. An application can be used to insert a malicious binary into another application's trusted location.​
3. The application looks for a binary file in untrusted locations, most likely on remote file systems. (A typical example is a Windows application that loads a dynamic link library from the current working directory after it is set to the network shared folder.)​
4. The virus might present itself as an official, innocent application, and thus can bypass some virus scanners.​

If we give an example of an attack based on untrusted access permissions;

The Windows application installer creates a root directory() and installs the application, but cannot limit write access to the directory for non-privileged users.

C:\Application

Let's assume that app() installs an app named EXAMPLE. By calling the DLL library, this library is expected to be found in the Windows System32 folder.

C:\Application\App.exeLoadLibrary("EXAMPLE.DLL")

Local User A, EXAMPLE.DLLC:\Application

Local user B starts the application that installs and executes the malicious Example. Because it chooses legitimate instead of DLL, the infected application is installed on the device.

After that the virus gives control to the device and the command requested by the attacker is executed.

Or, sending harmful codes, sending harmful files on applications such as Whatsapp and Telegram, and the user not being able to notice it and downloading it can be given as an example.

If we give an example of the codes, it can be given that the application used by the person who opened the malicious code sent completely crashes and cannot be opened. This can also slow down some phones. If the application is deleted and reinstalled, this problem goes away, but the same code is sent again and the same problem may continue if the user opens it again.

For this reason, it is recommended not to look at messages from strangers.

Messages sent from the mail, on the other hand, fall into the folder called "spam" with the protection of the mail and you will receive a warning. The user realizes that it is a virus and deletes the message.

Phishing Attempts via Mail and SMS

The number of people who are exposed to phishing attacks, usually via sms and mail, is quite high and this number is increasing day by day.

Attackers usually try to deceive people with the following example message;

XXX BANK

Hello, we have detected an unusual money transfer in your account. If you did not do this, in response to this e-mail you can give;

Your card number, password, address, ID number by replying this e-mail.

We will verify your information within 24 hours and secure your account.

If you did it, you can ignore this message. Thanks.

XXX BANK | SECURITY

The account owner, who sees this message, sends his information via e-mail with a momentary panic and suspicious situation. Attackers log in to the bank account with the incoming information, take the money in the account and disappear. Although the account holder understands the situation, it is too late. Likewise, attackers can also send sms from foreign numbers.

In this and similar cases, such messages should not be believed.

So what should we do for security?

We should not download and install every application we come across with the thought of that nothing will happen.

We should not grant all permissions, even if it is an official, approved app.

We should not download fake infected applications called cracked, pro version.


We should scan the target application with programs such as virustotal, antimalware.

We have to download apps that are verified, known and used by everyone.

For the unofficial applications, we should research about reliability from many sources.


And finally, for account security, we should use two factors auth, keep our password complex and long using upper and lower case letters, numbers and symbols, and make it difficult to guess.

Translator: @Dolyetyus
Original article: Binary Planting Nedir?


Thanks for the reading

​

Genişletmek için tıkla ...

Dolyetyus' Alıntı:

What is Binary Planting?


Binary Planting is a general term for an attack in which an attacker places a binary file containing malicious code (for example, /home) on a local or remote file system for a vulnerable application to install and execute. The purpose of this attack is logically similar to a Rat/Trojan.

For example, an exact copy of an application is infected and released so that people think it's real and download it. While installing any application, it usually asks us for permission to files, camera, location information. If allowed, all information will be forwarded to the person who manages/makes the application. This type of virus requires all permissions to completely take over the phone.

This is where the real problem actually starts. These need attention. Or, it may not ask for permission at all, and only by downloading it can completely take over the phone or the device from which it was downloaded. For this reason, downloads should not be made from any place other than official sources, the application should be scanned from virus scanners such as virus total.

There are several ways to carry out this attack:​

1. Insecure access permissions on the local directory allow a local attacker to place the malicious binary in a trusted location. (A typical example is an application installer that cannot properly configure permissions on directories used to store application files.)​
2. An application can be used to insert a malicious binary into another application's trusted location.​
3. The application looks for a binary file in untrusted locations, most likely on remote file systems. (A typical example is a Windows application that loads a dynamic link library from the current working directory after it is set to the network shared folder.)​
4. The virus might present itself as an official, innocent application, and thus can bypass some virus scanners.​

If we give an example of an attack based on untrusted access permissions;

The Windows application installer creates a root directory() and installs the application, but cannot limit write access to the directory for non-privileged users.

C:\Application

Let's assume that app() installs an app named EXAMPLE. By calling the DLL library, this library is expected to be found in the Windows System32 folder.

C:\Application\App.exeLoadLibrary("EXAMPLE.DLL")

Local User A, EXAMPLE.DLLC:\Application

Local user B starts the application that installs and executes the malicious Example. Because it chooses legitimate instead of DLL, the infected application is installed on the device.

After that the virus gives control to the device and the command requested by the attacker is executed.

Or, sending harmful codes, sending harmful files on applications such as Whatsapp and Telegram, and the user not being able to notice it and downloading it can be given as an example.

If we give an example of the codes, it can be given that the application used by the person who opened the malicious code sent completely crashes and cannot be opened. This can also slow down some phones. If the application is deleted and reinstalled, this problem goes away, but the same code is sent again and the same problem may continue if the user opens it again.

For this reason, it is recommended not to look at messages from strangers.

Messages sent from the mail, on the other hand, fall into the folder called "spam" with the protection of the mail and you will receive a warning. The user realizes that it is a virus and deletes the message.

Phishing Attempts via Mail and SMS

The number of people who are exposed to phishing attacks, usually via sms and mail, is quite high and this number is increasing day by day.

Attackers usually try to deceive people with the following example message;

XXX BANK

Hello, we have detected an unusual money transfer in your account. If you did not do this, in response to this e-mail you can give;

Your card number, password, address, ID number by replying this e-mail.

We will verify your information within 24 hours and secure your account.

If you did it, you can ignore this message. Thanks.

XXX BANK | SECURITY

The account owner, who sees this message, sends his information via e-mail with a momentary panic and suspicious situation. Attackers log in to the bank account with the incoming information, take the money in the account and disappear. Although the account holder understands the situation, it is too late. Likewise, attackers can also send sms from foreign numbers.

In this and similar cases, such messages should not be believed.

So what should we do for security?

We should not download and install every application we come across with the thought of that nothing will happen.

We should not grant all permissions, even if it is an official, approved app.

We should not download fake infected applications called cracked, pro version.


We should scan the target application with programs such as virustotal, antimalware.

We have to download apps that are verified, known and used by everyone.

For the unofficial applications, we should research about reliability from many sources.


And finally, for account security, we should use two factors auth, keep our password complex and long using upper and lower case letters, numbers and symbols, and make it difficult to guess.

Translator: @Dolyetyus
Original article: Binary Planting Nedir?


Thanks for the reading

​

Genişletmek için tıkla ...