INFRA
INFRA
INFRA
New hacking tool that targets websites uses an easy smartphone interface
A new hacking tool operated via a smartphone to hijack websites is being praised on forums on a shady part of the Internet for its ease of use and ongoing support.
It’s called the “Katyusha Scanner,” after the Russian rocket launcher of the same name used during World War II. The SQL injection tool combines the Anarchi Scanner open-source penetration testing tool with the Telegram messaging service to allow a user to insert a list of websites they want tested for error-based, time-based and blind SQL injection flaws.
Capable of running attacks against several targets simultaneously, Katyusha doesn’t rely on a computer to run attacks but is operated via a smartphone, in this case the command structure being facilitated via Telegram. According to Recorded Future, which describes the tool as a “cyber weapon of war that fits in your pocket,” Katyusha was first released in April. Coupled with “outstanding support” and frequent updates, it has gained “accolades from grateful clients” because of “an intuitive and straightforward interface, as well as incredible performance.”
In addition to identifying vulnerabilities, Katyusha also can search for and export email password credentials, brute-force login credentials, automatically dump databases and upload web shells.
The main version of Katyusha Scanner is being offered on forums on the darknet for $500, with a light version with some limitations available for the cheaper price of $250 per license. For those not wanting to host the scanner themselves, a software as a service cloud-based version is available for $200 a month.
Although it sounds somewhat costly, the purchase price includes updates and support. The scanner already has undergone seven major updates since it was launched, presumably with the newer versions providing better SQL injection capabilities.
“The availability of a highly robust and inexpensive tool such as Katyusha Scanner to online criminals with limited technical skills will only intensify the compromised data problem experienced by various businesses, highlighting the importance of regular infrastructure security audits,” Recorded Future researchers concluded.
Photo: public domain/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
