Hacking and SecurityMalware

Khabar Foori (Breaking News) Channel and malware distribution

⭕️ This is Dr. Mostafa Entezari, the manager of Breaking News (Khabar Foori) media (Telegram channel and news website and its advertising subset called Faratabliq). Let’s discover what’s going on in these greedy people’s filthy system in which they force people to join their desired channels via malware they distribute.

Help the lion cub!

He must learn how to become a real lion

That won’t be easy.. he must pass through many snaky animals

Help him

This malware that’s been in breaking news channel for over a year, has been transferred here directly from their channel as an example, the rest similar content and evidences of their fraudulence will be covered in this channel (in Persian).

We’ll see why are they distributing smartphone malware and ask who’s in charge of its supervision? Them having so much freedom to play with people wouldn’t be an insult to the law enforcement in that country?

⭕️ All these apps are designed for the sole purpose of infecting users’ smartphones and get installed without any notification or permission from the user so that they can abuse victims in any way hey desire, including forcefully subscribe users to Telegram channels and value added services which Bitban Lab has discovered 400 instances of it.

About 400 android games with malicious performance in inbound android markets have been identified by the Bitban team.

These programs attempt to install another software called “emulator” after installation which will be hidden and capable of performing following harmful tasks remotely:

Secret download of any other android app and display its install screen

Opening “Send SMS” page with predefined text and receiver number

Opening “Call” page with a number or USSD code

Display all kinds of advertisement dialog (even audio or video advertisements)

The 2nd and 3rd tools are designed to subscribe users to value added services.

Also most of these programs violate users’ privacy by collecting their locations and Google account IDs!

We recommend avoiding to install any game titled SEGA, Nintendo, Atari,… games which may need another program to run after installation. The 2nd program will be hidden and remains on the device after uninstalling the 1st program.

Unfortunately, these criminals are looking for a new way to deceive more victims every day in total security and peace, as you see some of those malware apps existed in their news channel for over a year and it’s not clear which institute or organization is in charge of handling these criminals.

The breaking news channel alone provides them with more that 10 million tomans of advertising income every day!

You need to install the emulator to run this game

⭕️ After installing fake games published by this group, victims receive a message for installing the emulator and after confirming it the malware will be installed on the phone behind the scenes!

From now on the victim is subscribed to these criminals’ advertisement network and he’ll be forcefully subscribed to value added services and telegram channels.

All these apps are connected with a domain called norooz99.com , let’s find out who are these people…

Esmaeel Sanaee

PHD, IT Systems from Paris University of France

Professor of Electrical College, Sanati Shareef University

Part of his experiences and executive history:

Director and board member of Aria-Hamrah-Resaneh company

Director and board member of PETSA group company

Director and board member of Soroush-Hamrah company

Ali Hakim Javadi

PHD. Industry Engineer. Teacher Training University

Part of his experiences and executive history:

Chairman of Iranian-net company (4th Iranian MNO)

Director and veep of Ease-Iran company

Chairman of Aria-Hamrah-Resaneh company

Board member of Baran-Telecom company

Ex-vice minister and head of IT organization of Iran

Payam Gouran Orimi

Managing Director

Newspaper number: 21590 Tehran

Newspaper page number: 36

Newspaper date: 30 – 4 – 2019

Official registration number: 139730400901134470

Official registration paper date: 4 – 5 – 2018

Announcement for changes made in Soroush Hamrah Resaneh private equity company registration ID 322062 national ID 10103585081 based on the special proceedings of the regular general assembly dated 31-12-2018 and permission number 408733/97 dated 22-1-2019 of the information technology and digital media center following decisions were made: Ali Hakim Javadi with national security number 5599789446 as the chairman of the board and Esmaeel Sanaee with national security number 0032276087 representing Aria Hamrah Samaneh registered with national ID 10103156079 as vice chairman of the board and Payam Gouran Orimi with national security number 0055314147 as managing director and member of the board were chosen for 2 years. All worthy papers and documents including cheques and promissory notes and bills and obligatory contracts are valid with the signatures of the managin director and one of the board members together with the company’s stamp and other regular or official papers and correspondence are valid by managing director’s signature alone with the company’s stamp. High-circulation newspaper Abrar was chosen for company’s announcements

⭕️ The breaking news channel has a value added service app called “Fori Plus” which is advertised in its channel by different names (of course they forcefully subscribed people to this service by their malware)

This app officially belongs to “Soroush Hamrah Resaneh” company which is a subsidiary of “Aria Hamrah Resaneh” holding.

All company owners are former or current governmental and official telecommunication managers.

⭕️ Value added is a price they divided among themselves.

⭕️ Main executors of malware distribution on the platform of Khabar Foori channel

⭕️ Meysam Rouhmand the manager of that group who’s the most accused one.

⭕️ Ehsan Mohseni Sani who’s being tried now for assistance with raising Padideh Shandiz shares using the same channel.

⭕️ Ebrahim Kafshdar Toosi

⭕️ All domains are registered by Monireh Khakzad’s identity who appears to be the technology manager of this group.

⭕️ Dear Dr. Mostafa Entezari and Meysam Rouhmand, excuse us for people having been installing 400 of your malware that were on Kafe-Bazar for over a year, sorry for having no responsible authority to check your channel’s most obviously accessible apps and put your filthy asses in jail! Just please, for the sake of ethics and humanity don’t call it startup and don’t hold being successful conferences.

Plan 1

More than 14 million audiences

Price: 6100000 tomans

With discount: 4110000

⭕️ This is the list of channels that belong to these thieves dear prosecutor, dear cyber law enforcement, any dear out there who’s in charge of defending people against criminals! Do some simple math to find out how much they’ve been and still are earning with those malware!

⭕️ Phone interview with Meysam Rouhmand the main criminal in charge of distributing malware on Telegram and Khabar Foori platform. (in Persian)

Mohammad Jorjandi

Cybercrime Expert

Leave a Reply

Your email address will not be published.

Back to top button