Cara Remove Android Malware Jemputan APK

Posted: April 25th, 2025 | Author: | Filed under: Cinta Malaysia, IT Related | No Comments »

Anda ada menerima chat yang menghantar APK kepada anda baru-baru ini? Kemudian anda sedar yang Whatsapp/Telegram anda telah di-hijack? Blog post ini mungkin akan membantu anda untuk mendapatkan semula Whatsapp/Telegram anda

Blog post ini terbahagi kepada 3 bahagian; Bahagian A, B dan C. Sekiranya Bahagian A tidak berjaya, sila terus teruskan dengan Bahagian B dan C. Apa-apa pun, kita mula dari Bahagian A.

Bahagian A

  1. Buka WhatsApp, dan masukkan no telefon anda
  2. Tekan “Need help getting a code?”
  3. Tunggu sehingga count down masa habis
  4. Pilih “Missed call” (andai sekiranya tidak boleh ditekan, pilih “Receive SMS” atau “Phone call”)
  5. Allow
  6. Allow
  7. Ikuti arahan selanjutnya dan anda telah berjaya mendapatkan kembali akses Whatsapp anda. Sekiranya anda mendapat amaran “Too many attempts”, tunggu 24 jam sebelum mengulang semula Bahagian A. Selesai dan tidak perlu teruskan dengan Bahagian B dan C.
  8. Andai Missed call, SMS atau phone call tidak diterima, sila teruskan dengan “Bahagian B”

 

Bahagian B

  1. Buka Goolge Play Store
  2. Klik pada profile
  3. Klik pada “Manage apps and device”
  4. Klik pada menu berikut:
  5. Tekan butang “Scan”
  6. Sekiranya tiada sebarang malware ditemui setelah scan selesai, teruskan dengan “Bahagian B”. Abaikan aturan #7 di bawah
  7. Setelah scan selesai, sekiranya ada malware ditemui, pilih untuk “remove”. Kemudian sila buka Whatsapp/Telegram dan masukkan no telefon untuk login semula. Sekiranya anda mendapat amaran “Too many attempts”, tunggu 24 jam sebelum mengulang semula “Bahagian A”. Selesai dan tidak perlu teruskan dengan “Bahagian C”

 

Bahagian C

  1. Buka Google Play Store dan download dan install app MASSA (Mobile Assessment Security Scanning Application) oleh CyberSecurity Malaysia [Link: MASSA]
  2. Buka app MASSA, scroll sampai ke bawah, dan klik “I ACKNOWLEDGE THAT… yada yada..”
  3. Klik butang “REQUEST”
  4. Klik butang “Scan my Device”
  5. Klik “OK”
  6. Tunggu sehingga scan selesai
  7. Klik “Total Installed Application from Unknown Sources”
  8. Klik sekali lagi “Total Installed Application from Unknown Sources”
  9. Semak 1-1, terutamanya app yang anda langsung tidak pernah pakai. Klik pada logo app yang mencurigakan
  10. Apa yang perlu disemak adalah:
    1. “Install Time” (biasanya sangat baru di install)
    2. “Application Permission”, cari sekiranya ada apa-apa yang berkaitan “SMS”
  11. Setelah anda menemui app yang memenuhi kedua-dua kriteria di atas (baru di install, dan ada permission berkatan SMS), klik butang biru di bawah ini
  12. Pilih “Uninstall this application”
  13. Pilih “OK”
  14. Dan tunggu sehingga uninstall selesai
  15. Setelah uninstall selesai, sila buka Whatsapp/Telegram dan masukkan no telefon untuk login semula. Sekiranya anda mendapat amaran “Too many attempts”, tunggu 24 jam sebelum mengulang semula “Bahagian A”. Selesai

Ongoing SEO Poisoning Attacks on Government Websites

Posted: August 14th, 2024 | Author: | Filed under: Cinta Malaysia, IT Related | Tags: | 1 Comment »

Executive Summary

Recent observations have uncovered a campaign targeting government websites globally, with a focus on those utilizing various content management systems (CMS), including Joomla. The attackers’ primary objective is to perform black hat SEO poisoning, manipulating search engine rankings to lure unsuspecting users to gambling websites. Notably, some defacers have shifted to this TTP, becoming affiliates of gambling, casino, and scam syndicates. This report details the tactics, techniques, and procedures (TTPs) observed in these attacks and provides recommendations for mitigating this threat.

Attack Overview

The attackers exploit vulnerabilities in outdated CMS platforms and plugins to gain unauthorized access to government websites. These sites are targeted due to their inherent high ranking in search engine results, making them ideal for SEO poisoning. It is important to note that this is not a sophisticated attack but rather an opportunistic exploitation of common vulnerabilities.

Tactics, Techniques, and Procedures (TTPs)

  1. Initial Compromise: The attackers leverage known vulnerabilities in various CMS platforms (and the plugins), such as Joomla, to infiltrate the target websites.
  2. Payload Delivery: Upon successful compromise, the attackers inject malicious scripts designed to manipulate search engine results.
  3. User Agent and Referer Checks:
    • If the visitor’s user agent matches that of a Google-bot or originates from a Google IP, the site serves content optimized for SEO manipulation.
    • If the visitor arrives via a Google search referer, additional checks (e.g., mobile vs. non-mobile user agents) are performed before redirecting the user to a Traffic Distribution System (TDS).
    • Visitors from non-Google referers, blacklisted IPs, or geofenced regions are served a 404 “error” page.
  4. Traffic Distribution System (TDS): The TDS performs further checks and redirects the user to gambling or casino (or the current active subscription) portals.

Recommendations

For System Administrators:

    1. Update CMS and Plugins: Ensure all CMS platforms and plugins are regularly updated to mitigate known vulnerabilities.
    2. Implement Web Application Firewalls (WAF): Deploy WAFs to filter and monitor HTTP traffic, providing an additional layer of security.
    3. Monitor File Integrity: Regularly check for unauthorized changes to files and maintain system integrity through continuous monitoring.

For End Users:

    1. Exercise Caution with Search Results: Be vigilant when clicking on links in search engine results, especially those leading to unfamiliar websites.
    2. Utilize Protective DNS Services: Use DNS services that offer protection against known TDS and malicious websites.

For Regulators:

    1. Active Monitoring: Continuously monitor for malicious activities and black hat SEO attempts.
    2. Block Shady Sites: Proactively block access to known gambling and casino websites, which in this case, it could be scam as well, sorry i don’t validate.
    3. Mitigate TDS: Implement measures to block Traffic Distribution System domains used by attackers. Break the kill chain, and you don’t need to play a cat-and-mouse game with the final redirection domains.

Conclusion

The ongoing SEO poisoning attacks on government websites represent a significant threat to both web security and user safety. By understanding the TTPs employed by the attackers and implementing the recommended mitigation strategies, stakeholders can enhance their defenses against this evolving threat landscape.


KOTOR 0.1 Alpha

Posted: July 8th, 2011 | Author: | Filed under: Cinta Malaysia | Tags: , , , , | 1 Comment »

The oldest person in the whole world is in Malaysia! Most of people born in 18xx are still alive 🙂

I’ve posted this entry back in 2008 about Semakan Daftar Pemilih, and SPR has removed the information of the pengundi.. [link]

Lets see how long does it take to remove these information pulak 🙂

  • 790610740022
  • 850710740048
  • 800501030028

Feel free to check it yourself at this page :- http://daftarj.spr.gov.my/NEWDAFTARJ/DaftarjBM.aspx


Happy Labor Day

Posted: May 1st, 2011 | Author: | Filed under: Cinta Malaysia | No Comments »


JPJ, Senarai Hitam, Trafik, Meloya

Posted: March 3rd, 2011 | Author: | Filed under: Cinta Malaysia | 4 Comments »

Jika seseorang rakyat telah dinafikan hak mereka menggunakan harta (kenderaan) mereka tanpa alasan yang berlandaskan peraturan dan undang-undang maka Perkara 13 (b) menyatakan bahawa pampasan hendaklah diberikan. Ini bermaksud jika JPJ menghalang seseorang memperbaharui cukai jalan yang menyebabkan kenderaan tidak boleh digunakan, maka JPJ hendaklah membayar pampasan kepada pemilik kenderaan tersebut.

Read the rest of this entry »