FRESH

Hacker News

Using Hinge as a Command and Control Server

109 points by mattwiese

by hobofan

5 subcomments

I'm not really into malware, so I was just wondering:
- Isn't this really non-viable in practice? The "few headers" that were shown include an Authorization header, that would presumable rotate every ~24 hours and would have to rotate for all the malware clients as well.
- Are centralized Command and Control Severs still a thing in the malware space? I would have assumed that this function mainly migrated onto one of the popular blockchains with clients using one of thousands of available gateways for reading.

by stackghost

3 subcomments

I think the Hinge being referred to is a dating app? I have no idea.
https://hinge.co/

by kachapopopow

3 subcomments

speaking of command and control servers, the best one you can get at the moment is to just to use crypto currencies, plenty of available nodes to auto discover or just rely on explorers to query your own wallet, deposit address can encode quite a bit of information since it's a pretty long address and definitely has enough bytes to encode commands

by octoberfranklin

2 subcomments

Um, use an app that requires you submit to video facial recognition to make an account?
So that you can then use that account, which is tied to your biometrics, for lawbreaking?
Wut?

by levzettelin

3 subcomments

by bschmidt25002

0 subcomment

0 subcomment