Android hijacking bug allows attackers to install password stealers

Half of Android devices may be vulnerable to surreptitious install exploits.

Roughly half of all Android handsets are vulnerable to a newly discovered hack that in some cases allows attackers to surreptitiously modify or replace seemingly benign apps with malicious ones that steal passwords and other sensitive data.

The “Android installer hijacking” vulnerability, as it has been dubbed by researchers from Palo Alto Networks, works only when apps are being downloaded from third-party app stores or when a user clicks on an app promotion advertisement hosted by a mobile advertisement library. Technically, it’s based on what’s known as a Time-of-check to time-of-use vulnerability. Affected devices fail to verify that the app being installed at the time of use was the one the end user approved during the time of check, which occurs when a user approves app permissions such as network access or access to the contacts database. The bug involves the way the system application called PackageInstaller installs app files known as APKs.
“A vulnerability exists in this process because while the user is reviewing this information, the attacker can modify or replace the package in the background,” Palo Alto Networks researcher Zhi Xu wrote in a blog post published Tuesday. “Verified with Android OS source code posted in AOSP [Android Open Source Project], it shows that the PackageInstaller on affected versions does not verify the APK file at the ‘time of use.’ Thus, in the “time of use’ (i.e., after clicking the ‘install button), the PackageInstaller can actually install a different app with an entirely different set of permissions.”
One scenario for exploiting the vulnerability involves an attacker using a benign-looking app to install malware in the future. A second scenario uses the same weakness to mask the true permissions an app requires. In both cases, targeted users can end up installing apps that are vastly different from the ones they approved during the permissions process.
The vulnerability has been patched in Android version 4.3_r0.9 and later, but Xu warned that some Android 4.3 devices remain vulnerable. By Google estimates, that accounts for 49.9 percent of the handsets the company monitors. Palo Alto Networks has released a scanner app that will indicate if a given device is vulnerable. People using vulnerable devices should steer clear of third-party app stores and use Google Play as their sole source of apps.

Hacking Someone's Facebook Password Using Some Software Or Website? No You Can't!

Do you know there are over thousands of websites and software that claim to hack Facebook password of any account? They'd ask you the victim's profile ID, maybe your credentials and some money too and will reportedly tell you the password which, to be honest, never works. Ever wonder why? Let me tell you why, they're FAKE! They're a scam which tricks you somehow in losing your money or your own Facebook account. Just give it a thought, why would Zuckerberg and his team spend Billions of Dollars on Facebook if one could hack it in less than a minute? Today, we'll take a look at this topic in detail with some example websites and software and get answers to some common related questions.

Back in 2005, I came across a mechanism that reportedly hacked Yahoo mail password for a user using some simple tricks. It didn't work for me for obvious reasons but I didn't stop believing the possibility until I grew up to realize how helpless I am here. One of the major concerns of large organizations like Facebook and Yahoo is security because of the super sensitive information about people they have. Several hundred million dollars are spend yearly by these organizations to ensure security and then there's these websites that claim to undo all that protection in less than a minute.

The Facebook password cracking Websites and Software

Let's start with some examples here. I googled the subject and picked the top results without order. Didn't care to search harder because there are thousands such and I know that all are FAKE.

So let's look at this GETFBHACK.com.

Their FREE Facebook hacker program is said to be capable of cracking the password of any Facebook user within a day. Sounds cool, I could try it out, but my Norton Antivirus rejected the file straight away.

I also picked up another one. This Hack-Fbook-Password asks me to enter the profile ID of a user and it will crack the password. I said Okay and began the process.

It ran certain algorithms to determine the password and finally landed me on a page that said I could DOWNLOAD the password IF I fill an online survey first. Those of you who've been redirected to surveys would know they don't work and are put just so to get traffic and earn money.

I said maybe I should leave the website now but hey, they gave me a prize!

So I just became the luckiest person in my city just like that!

Now tell me, how can a sane person believe in all this?

The truth!

Let me get this straight to you, these websites do nothing at all just waste your time and are never able to do the job. In fact, downloaded programs just make the situation worse when you run them. I had my Norton Antivirus to guard me otherwise I could be in severe danger currently.

These software are mostly keyloggers and tracking programs that record your keystrokes and action and steal personal information from your computer in the background and send it to their master servers. So ultimately a hacker wannabe gets hacked, how ironic!

From now on in the post, I'll be using the word 'Hacker' for these websites and software since you're no more in the position to be called that.

Why do these 'Hackers' do all that?

Setting up websites, maintaining them and developing software is not an easy task. It requires some money. So why do these 'hackers' do all the hassle? It's because they get equivalent or more money in return. They can extract your credit card details and other banking info from your system and use it for their advantage. They can hack your account and use it for wrong purposes. Give me one reason why one wouldn't steal money and hack accounts for no loss.

Why people fall in their webs?

Why do people try to use such unreal hacking procedures? It's because it's unreal to me, it's unreal to you but not to those who are not much familiar with the working of a software. They get in the web of these hackers and eventually get screwed up pretty bad without consent.

The websites give guarantees and also portray their 'imaginary' happy customers so as to trick a reader. Such tactics are simple but really powerful and serves to their advantage in most cases. This is also why there are thousands of such websites available.

So is Facebook account an 'unbreakable fortress'?

Well, NO. Facebook accounts can be hacked. No online service is foolproof and that is because of the flaws and bugs in their software. There are several ACTUAL hackers in the world who can analyse a website's security and use that against it thus making hacking a reality.

But I'm 100% sure none of them uses these scam and fake websites that claim to do the impossible. You can check out our hacking section to know more.

I'll end the 'lesson' with an idiom, "look before you leap". Focus, think and then follow. In case of any queries or confusions head over to the comments section. Cheers :)

whatsapp crash trick

When your friend will open your message it will Crash his/her WhatsApp :D

NOTE:- After sending code to your friend, you and your friend both cant open each other's message. So to chat and read each other's message just delete the whole conversation.. :v

1). Copy the below code
 

 ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㰟Ѝߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊊ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊠ ߘ㊰ߘ㊰ߘ㊠ ߘ㊠ ߘ㠊ߘ㊠ ߘ

   2). Copy and send this code to your friend on Whats App :D thats it ..