“Unfortunately, one of the traits of the hacking community is relentlessness,” explains Emilio Simoni, Research Director at dfndr lab, “there are always multiple scams being run and the sheer volume and variety of them works to the hackers’ advantage.” Simoni continues: “With the worldwide and individual attention given to coronavirus, we’re of course seeing many scams of this type, but this kind of focused attention creates an opening for other types of scams to flourish. Ransomware scams are some of the worst, because of the potential financial damage for frightened users — so of course this threat requires that users be alert and take appropriate steps.”

How Do Ransomwares Operate?

Typical ransomware scams operate on social media or via email.  On social media, users will deploy malware links on a post from a hacked or “spoofed” (fake) account, and unwary users will unthinkingly follow links provided by people they believe they know. Simoni explains, “One of the hallmarks of these scams is the use of a fake-account as a kind of mask — creating trust and trapping those who simply click without thinking.” Some of the malware used in these scams will freeze your hard drive or lock you out of needed files or folders: this is why it’s crucial to have a regular backup routine for your machine.

Another common ransomware scam involves the threat of revealing potentially embarrassing information, often using messages that refer to popular porn sites and claim the possession of compromising material and information.  An example of a ransom note of this type appears below:

What Should You Do If You’re Asked for A Ransom?

First and foremost, don’t pay any ransom. At best you will simply lose the money you pay, at worst (most hackers won’t bother to “unlock” your files — that’s just another risk for them), at worst, you will mark yourself as a candidate for further exploitation. “Scammers don’t want to risk their own exposure — they run these scams as broadly as possible and make money from those most frightened and vulnerable, then move on,” Simoni explains.

If you are locked out of your files, you may want to consult local computer service professionals. Ransom scams are very common, so they may have seen the hack you’re dealing with before, and know ways to help. If you have regularly backed up your machine, you can change hard drives on your computer and reload your files from your backup source. 

But the best way to protect yourself from these scams is to have a good defense.

Protect Yourself From Hacker and Ransomware

One of the best ways to protect your information now is to upgrade your dfndr app (if you haven’t already) to dfndr PRO.  By clicking here, you will learn more, and you can use it to download PRO if you decide it’s right for you. It offers a full suite of security capabilities.

1 – Safe App Installer: Protects you from apps known to have had data breaches — before you install them.

2 – App Privacy Scan: You can locate on a map where your app data is going and how it might be used by third-parties.

3 – Unlimited Identity Theft Reports: These provide your “outer-perimeter” defense, looking out for privacy vulnerabilities beyond your own device. These reports reveal if any of your information has been leaked, with a one-click check of a database with over 4 billion compromised credentials. 

4 – Anti-theft protection: Protects against physical loss that leads to data loss: in case of theft or loss of your device, you can lock  it down remotely, find the phone on a map; or, activate a loud alarm to find it nearby. You can also get a picture of the thief, and wipe the phone of your personal data.

5 – Ad-Free: As an extra bonus, PRO is totally ad-free.

Stay Vigilant!

With dfndr PRO in your toolbox, the rest is a matter of staying as aware as you can and protecting yourself and your family.  Consider adopting these rules for use of digital devices in your home:

1 – Take extra care with any link or article sent to you on social media by a friend — look closely at every link you receive before clicking!

2 – Don’t click on links sent to you via email from unknown people. 

3 – Only download or install software from trusted sources. Make sure you double check URL’s!

4 – Make sure you do regular backups on your machines, and don’t pay on any ransom note sent your way to liberate your own files — or to discard compromising material. 

“Eventbot” leverages Android accessibility to reap private data from financial applications. It also has the ability to hijack SMS-based two-factor authentication codes, and it can even read user SMS messages. A very foreboding mix of capabilities. 

“This one is especially dangerous,” remarks Emilio Simoni, Research Director at dfndr lab, “Eventbot is a trojan that targets over 200 different financial apps.” Simoni explains that these  include banking, money transfer services, and crypto-currency wallets like Coinbase, Paypal Business, TransferWise, HSBC, CapitalOne, Santander, Revolut, and Barclays… and many more.

How EVENTBOT Does Its Damage

 First identified in March 2020, Eventbot makes its way onto phones by posing as a legitimate app: Adobe Flash, Microsoft Word, and similar.  Eventbot primarily resides on unofficial Android App stores and other unauthorized websites, it has also been delivered through bulk SMSs and Emails, typically offering special savings on popular Android apps.

When installed, Eventbot requests a robust list of permissions, including accessibility settings; “read” permission from external storage; the ability to send and receive SMS messages; run in the background; and launch after system boot.

Users who grant these permissions unwittingly enable EventBot to operates as a keylogger, which can extract notifications about other installed applications, and scan and scrape the content of open windows. It also further-leverages Android’s accessibility services to steal the lock-screen PIN — then sends all of its stolen data in an encrypted format to its command-center server. 

Simoni explains: “The ability to track SMS messages also enables this malware to pass-through SMS-based two-factor authentications, which opens the gates wide for financial attacks of the very worst kind.”

Protect Yourself

“It’s important to always rely on a security mechanism. dfndr security, for example, has a Safe App Installer feature that is designed expressly to deal with dangerous apps like this,” Simoni offers, “This feature lets you know if an app is safe before you ever install it, and its updated constantly by the PSafe security team. We scan the web constantly for updates and information to enrich our database.”

With Safe App Installer, any app you intend to install will be rated for trustworthiness. There are two levels of alert if the feature discovers an issue:

• Security Alert: If the app is malware;
• Privacy Alert: If the app already experienced a data breach;
• Trusted: If The app is not malware or has never experienced a data breach. 

 “Eventbot would absolutely trigger a security alert,” Simoni notes.

The free version of dfndr security also has an anti-hacking capability that blocks scams directly on the SMS app, web browsers and messaging apps (WhatsApp and Facebook Messenger). It also offers a URL checker to check the security of any URL you enter.

Further Safety Measures for EventBot (and Similar Trojans)

One of the easiest ways to protect yourself is to make sure that you are only downloading mobile apps from authorized sources,” Simoni emphasizes. “With malwares as dangerous as Eventbot making the rounds, you have to be doubly alert and careful with any unofficial links.” As a rule, you’ll want to avoid any links sent by people unknown to you, and from bulk marketing SMSs and Emails. Finally, be careful with permissions required by various apps — if the list is extremely long or doesn’t make sense, be on guard.

Consider dfndr Pro

One of the best ways to protect your information now is to upgrade your dfndr security app (if you haven’t already) to PRO.  (This link will help you learn more, and you can use it to download PRO if you decide it’s right for you.).

 With dfndr Pro in your toolbox, the rest is a matter of staying as aware as you can to protect yourself and your family. PSafe will continue to provide updates here for new malwares that we discover that is especially noteworthy.

This one is VERY dangerous, so be careful out there!

If anything, they’ve only grown more brazen and active. “Overnight, the pandemic has become the number one subject on everyone’s mind,” explains Emilio Simoni, Research Director at dfndr lab, “and that’s irresistible to hackers and scammers.”

Simoni continues: “The first job of any scammer is to get your attention: to stop you on your path and pull your interest toward their offer or message.  The coronavirus pandemic has created a topic that everyone is intensely interested in, all over the world. This has made the scammer’s job much, much easier. And they’re making use of both the intensity of interest and the global breadth of exposure.” 

An Explosion of Coronavirus Malware

Under Simoni’s direction, the experts at the dfndr lab have found more than 227 different Coronavirus-content scams. Most of them offer a dashboard which falsely promises users access to a real-time map for global or local surveillance of COVID-19 cases. As soon as they’re downloaded, they act as ransomware. Typically, they lock the home screen and blackmail the victim into paying a specified amount of money to “unlock” the phone. The ransomware messages are often intimidating, claiming access to photos and private information, like this one:

SuperVPN: 100 Million Users, Finally Deleted From The Google Store

But coronavirus scams aren’t the only vulnerability out there. As Emilio Simoni explains: “You need security solutions that look out for more than scams and hackers. Even apps that aren’t clearly malware or ransomware can totally compromise your security. SuperVPN is a perfect case in point: it’s security problems have been known for over a year, but the app has been removed from the Google Play store very recently.”

SuperVPN offered users the ability to browse the internet as if they were coming from a different country, providing access to sites and functions that they wouldn’t normally be able to reach. For the app to work, an exchange of information between the device and the app was required. That process of exchange was loaded with serious vulnerabilities, and resulted in the theft of data like passwords and credit card numbers. Beyond its security issues, SuperVPN also appeared to violate Google Play’s algorithm in order to get more installs. They were very successful, racking up more than 100 million users before finally being removed.

“If you know anyone who has downloaded and installed SuperVPN,” Simoni remarks, “make sure they remove the app as soon as possible.”

Above is an illustration of how SuperVPN compromised user’s secure data.  (Image: VPNPro)

Protect Yourself From Hackers AND Vulnerabilities

One of the best ways to protect your information now is to upgrade your dfndr app (if you haven’t already) to dfndr Pro.  (Here’s a link where you can learn more, and download Pro if you decide it’s right for you.)

As apps with hidden “cracks” in security like SuperVPN illustrate, you have to be not only informed enough to resist the hackers and scams, you also have to have proven technical tools to keep your devices safe.

As Emilio Simoni explains it: “As we publicize these cases of hackers and scams, we want to be cautious and let people know that all data breaches or “malware” won’t always follow a specific pattern. Lots of data breaches happen with very reputable software makers or business transactions. There are many ways your data can be compromised. To be safe, you need more than your own human intelligence at work.” 

This is why dfndr Pro offers a full suite of security capabilities:

Unlimited Identity Theft Reports: These provide your “outer-perimeter” defense, looking out for privacy vulnerabilities beyond your own device. These reports reveal if any of your information has been leaked, with a one-click check of a database with over 4 billion compromised credentials. 

Anti-theft protection: Protects against physical loss that leads to data loss: in case of theft or loss of your device, you can lock  it down remotely, find the phone on a map; or, activate a loud alarm to find it nearby. You can also get a picture of the thief, and wipe the phone of your personal data.

Safe App Installer: Protects you from apps known to have had data breaches — before you install them.

App Privacy Scan: You can locate on a map where your app data is going and how it might be used by third-parties.

Ad-Free: As an extra bonus, Pro is totally ad-free.

Stay Vigilant!

With dfndr Pro in your toolbox, the rest is a matter of staying as aware as you can and protecting yourself and your family.  Consider adopting these rules for use of digital devices in your home:

• Take extra care with any link or article about coronavirus. Use reliable sources, such as legitimate government websites, to get real, fact-checked stories and information on COVID-19.
• Don’t click on links sent to you via email from unknown people. 
• Look very closely at email addresses and names: If the source looks or sounds like someone you know but the name or email address seems even slightly off…stay away! If the name is right but the message is brief or confused, or not at all like the person you know…your friend could be the victim of a hack themselves.
• Only download or install software from trusted sources. Make sure you double check url’s! 

Stay safe! We will keep you up to date on all the latest we hear about scams of all kinds: coronavirus-related, and otherwise. Until then, stay safe and keep your loved ones safe and informed too. 

Finally,  if you or someone you know is a healthcare worker, please accept (or pass on) our grateful thanks.  

A Perfect Storm For Scams and Disinformation

The behavioral and psychological changes required to make social distancing work are significant: everything from sharing a home or apartment for an entire day (and with more people, especially if you have kids), to figuring out how to go to the grocery store and shop safely.  The combination of emotional, physical, and psychological stressors, combined with significantly increased internet and email “screen-time” for most people, has created a kind of perfect storm for online scams, con-artists, and disinformation. Another powerful factor driving this storm is curiosity: people are extremely hungry to hear news, and hopeful / practical news in particular.  Scammers have stepped into make the most of these factors, and as Emilio Simoni, Research Director at the dfndr Lab explains: “What we’re seeing is cybercriminals redoubling their efforts to create more, increasingly sophisticated scams, in order to reap profit from baseless, sensational ads or news — or through thefts of personal and financial data. The information they offer is almost invariably false, and sometimes the information itself is immediately dangerous to victims who act on it.”

No Slowing Down: Scammers Are Busier Than Ever!

The pace and inventiveness of coronavirus scams appears to be picking up. Emilio Simoni and the dfndr Lab Security Team have gathered the following examples together. Note that these items by no means constitute a complete list of scams in operation.  We share these with you so you can get a richer sense of the variety of these scams, and the methods they employ.

A multilingual scam using the Nike brand name was discovered by the dfndr Lab Security Team (see image above). The scammers used geolocation to adapt the language used to the victims: it showed messages in Portuguese, English, or Spanish, depending on the visitor’s locale. Some generic questions were used to draw people in, and after they were drawn in they were automatically redirected to another domain, full of ads. It was through impressions of these ads that the cybercriminals reaped their profits.

Emilio also notes that “Cyberattacks are becoming more and more sophisticated. One of the most popular scams leveraging the pandemic is the one that falsely promoted a free 1-year subscription for Netflix. The cybercriminals study how official companies and websites offer promotions and sales, then mimic their approach, which can help to create a extremely convincing page.” You can see the example Emilio cites, immediately above.

The dfndr Lab Security Team has also discovered cyberattacks connected to fake profiles on Facebook, also known as bots. These bots are especially prevalent in Facebook Private Groups. Of 3 bots discovered and analyzed by the dfndr Lab, one had engaged more than 10k interactions. These bots used intelligent techniques to persuade the victims, “talking” through pre-recorded messages that request personal information. The most common themes used by these bots to attract new victims were 1) registration to receive the government social security benefits,  and 2) offering a map to check the coronavirus spread around the world. The dfndr Lab also notes that many scams in the US are being disseminated through Facebook Messenger. So be careful!

Paypal phishing attacks have also grown exponentially since the beginning of the pandemic. Dfndr lab stipulates that during the month of March, scam emails fraudulently claiming to be from PayPal, and seeking private information, reached over 1.4k users in the US alone. 

With people all over the world sheltering in place, virtual meeting providers Zoom, has been in high demand. The dfndr Lab detected 4 fake domains using their name. The URLs were hiding trojans that could act in different ways: seeming to install the Zoom app, but redirecting victims to another website full of ads, and rapidly consuming your phone battery.

What Can You Do?

This is a story that will continue to move fast, so the examples above will be joined by new and different examples by time you read this. As Emilio Simoni pointed out, hackers all over the world are in HIGH PRODUCTION mode during this crisis. They’re going to keep inventing new and more devious ways to get information, and steal from you.  

You need to protect yourself. So make sure you’re using a security solution that’s built to alert you immediately when you access a scam site, or interact with a known digital virus “carrier.” dfndr Security has an excellent Anti-Hacking feature you can activate. 

If you upgrade to the dfndr Pro version, you’ll get the added benefit of a Safe App Installer (which warns you if an app you’re about to install may be a vector for malware). It also offers Identity Theft Protection to keep your email safe as well. 

Consider Going Pro

One of the best ways to protect yourself right now is to upgrade your dfndr app (if you haven’t already) to dfndr Pro.  Pro gives you these added protections:

Unlimited Identity Theft Reports: You can check if any of your account credentials have been leaked on the internet.

Anti-theft protection: In case of theft or loss, you can lock down your device remotely, find the phone on a map; or, activate a loud alarm to find it nearby. You can also get a picture of the thief, and wipe the phone of your personal data.

Safe App Installer: You’ll know if an app has previously had data breaches before installing.

App Privacy Scan: You can locate on a map where your app data is going and how it might be used by third-parties.

Ads free version: Totally ad-free

Use this link to learn more about dfndr Pro, and consider upgrading. 

Everyday Digital Hygiene Matters Now Too 

Just as avoiding coronavirus requires that you keep your hands clean (and keep them away from you face!) — digital hygiene is achieved through simple steps as well. Now’s a time to make doubly sure that you:

• NEVER click on links sent to you from unknown people. 
• Look very closely at emails: If the source looks or sounds like someone you know but the name or email address seems even slightly off…stay away! Leveraging contact and friend information is one of the most common paths for scammers to load malware or get your private information.
• Only download or install software from trusted sources. Make sure you double check url’s! The Anti-Hacking feature on dfndr will protect you from malware and known hacking sites. 
• Use reliable sources, such as legitimate government websites, to get real, fact-checked stories and information on COVID-19. Be aware that scammers will be pulling at you emotionally. This is a hard time for everyone, but do everything you can to stay cool and grounded: your ability to “count to three” before clicking or responding to a link or headline is more important now than ever.

We’re going to keep working to keep you informed and up to date.  Until next time, we hope you and yours can stay safe and stay well! 

Whether it’s apps that are slowing down your phone, files that need cleaning out, or suspicious links that could compromise your personal information, the dfndr Assistant feature has your back on safety and performance. Also, it’s easy to use.

Additional Benefits For You

With this new release, the ads-free version of our core DFNDR security app is also available. Ads-free dfndr is a direct response to your valuable feedback for a premium version without ads. At only $4.99, Ads-free dfndr is a comparable cost for the same standout security and performance features you’ve come to rely on, without ads popping up. To upgrade, simply navigate within the dfndr app to complete your purchase.

In Brazil, we help 3 million users reclaim an average of 6MB of storage per day with WhatsApp Cleaner. In the U.S., we recognize that Facebook Messenger is more widely used so we’ve added a Facebook Messenger Cleaner to help U.S. Android users free up more space for the photos, videos, and apps they really care about.

The Changing Landscape of Security

2016 saw a rise in malware attacks on Android phones after findings from the University of Michigan were published, along with Google releasing patches to fix 108 vulnerabilities alone in July of 2016. This disturbing trend is growing with new malware being discovered at alarming rates.

Criminal networks don’t just focus on compromising laptops or computers any longer, but also your smartphone. Your device contains immense amounts of sensitive information, such as credit card numbers, passwords, photos, and other personal details.

As technology morphs, controlling your car or the temperature of your home will be monitored from all the devices you own, including smartphones. While these developments are exciting, the slew of undetected vulnerabilities for thieves or hackers to infiltrate every aspect of your life is not fictional.

PSafe Technology’s increased efforts in intelligent security with accessibility is a vision we re fulfilling and the dfndr Assistant feature is only the beginning of leading-edge protection.

These robust additions to our popular dfndr security app are now available worldwide. Activate features dfndr Assistant or Facebook Messenger Cleaner and enjoy total protection and optimal performance:

DFNDR provides the leading anti-hacking solution for Android devices that shields the user from both traditional malware attacks, as well as attacks driven by browser-based phishing. The app also has two key features that service privacy. The first feature, the Vault, provides a second layer of protection against unauthorized access to user-selected apps, such as Facebook, Whatsapp, SnapChat, and others. Another key feature is DFNDR’s anti-theft solution, which insures physical device protection from theft, providing device location services as well as a remote wipe feature, should the mobile device fall into the wrong hands.

“We conduct our daily lives on our mobile phones. It’s both a fascinating and dangerous phenomenon,” said Marco DeMello, CEO and founder of PSafe. “More sophisticated means for getting into both the backend of systems and into mobile devices means greater prevalence of threats to security and privacy. DFNDR provides top notch protection against both cyber perpetrators, as well as physical theft.”

In total, DFNDR’s comprehensive cleaning and performance suite includes 10 features that both perform general cleanup, optimization features like boosting memory, closing background apps and processes and deleting junk files. Performance optimization can also be targeted to apps, such as cleaning up Whatsapp audio and video files, and deleting duplicate photos, among others.

With the release of DFNDR in the U.S. market, three key enhancements to the app include:

• Improved Anti-phishing: With a live, in-house classification mechanism for white list, this feature reduces the identification of false positives by more than 90 percent
• Quicker Security Scan Run-time: By using a 5K app whitelist, scan time is cut down from two minutes to less than 30 seconds
• Enhanced Performance Monitoring: Inform users when device speed and storage can be optimized, such as when junk files are taking up excessive space or when too many running background apps are consuming RAM

With over 20 million monthly active users (MAUs), PSafe is currently the largest mobile security solution in Latin America. At the end of last year, PSafe announced its entry into the U.S. market, with its American headquarters in San Francisco, the heart of the tech community. Since then, PSafe has seen roughly 3 percent of the market share of 100 million Android users, and ranked no. 2 most downloaded security app in 2016 by App Annie.

DFNDR is available for download for free today from the Google Play store.  For more information on DFNDR and PSafe, please visit www.psafe.com.

About PSafe

PSafe is a leading security and performance mobile app company with offices in San Francisco, Rio De Janeiro and Mexico City. The company develops and offers free mobile apps focused on protection, performance and privacy to Android users. In 2015, the company became the first startup in Latin America to achieve a market value of more than R$1 billion and started its international expansion and growth, launching operations in Mexico and offering PSafe TOTAL, its principal app, to all Latin American countries. The app is ranked in the top five most-downloaded app in Google Play Brazil with more than 20 million monthly active users. PSafe is funded by Redpoint Ventures, e.ventures, RPeV, Pinnacle Ventures and Index Ventures.