malware – PSafe Blog https://www.psafe.com/en/blog Articles and news about Mobile Security, Android, Apps, Social Media and Technology in general. Thu, 19 Jan 2023 14:49:21 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.3 https://www.psafe.com/en/blog/wp-content/uploads/2018/05/cropped-psafe_blog_purple-shield-32x32.png malware – PSafe Blog https://www.psafe.com/en/blog 32 32 <![CDATA[Joker Malware is Back (And It’s No Joke)]]> https://www.psafe.com/en/blog/joker-malware-is-back-and-its-no-joke/ Mon, 20 Sep 2021 22:17:38 +0000 https://www.psafe.com/en/blog/?p=20978 Old malware never dies — it just morphs into something more devious and dangerous — and this pattern is playing out with “Joker” malware, which was first identified in 2016. In 2021, it’s back and more diverse and devious than ever.

During the past few months, Joker has become one of the most active Android malware infections. Joker rides on the coat-tails of seemingly legitimate apps, then covertly signs up users for pricey subscription services. It can also steal SMS messages, contact lists, and device information. 

Joker variations seem to arrive in batches, with a fresh batch leeching onto dozens of apps as recently as September. 

Joker Infiltrates The App Store

“One of the best ways to avoid malware and trojan apps is to use Google’s sanctioned app store,” says Emilio Simoni, PSafe’s dfndr lab Research Director, “but unfortunately, Joker has managed to disguise itself and mutate so profusely, that it has found its way on to several apps within the official Google Play marketplace. Of course third party app stores are also offering Joker-tainted apps — so the best protection is going to be a strong security app that sniffs out malware-tainted apps immediately, like our dfndr security Pro.”

Google removes the offending apps as soon as they’re reported — but the high rate of variation and concealment with this particular trojan keeps bringing new specimens on board.

Delay Tactics

“Part of what makes Joker so effective is that it waits to take effect,” Simoni remarks. “After the trojan-app is downloaded (many of these are knockoffs of better-known apps) it waits to drop a very small packet of code, it then reaches out to the server that loads the malware that does all the dirty work.” 

What Can You Do To Stay Safe?

Good hygiene with your digital devices includes:

  • Installing only the apps that you need and use. Loading up your device with as many apps as you can imagine using is a hazardous path. 
  • Being wary. Look for apps from developers you know and trust.  Do a little background checking and make sure that cool new app is coming from a known and trusted provider.
  • Cleaning house periodically. To keep the number of apps you use to a minimum, do a periodic review of the apps on your phone and delete the ones you’re not using. 

“Good security habits are always the first step,” Simoni observes, “but we can see that with truly devious malware like Joker, personal vigilance may not be enough.  When a piece of malware is mutating on a monthly basis, you need a dedicated security solution to help keep you safe.” 

The Best Defense Begins BEFORE Dangerous Apps Are Downloaded

An excellent way to protect yourself is to use a security application like dfndr security Pro, which has a dedicated Safe App Installer that can tell you if the app you’re about to install has been identified as malware.  This is exactly what the Safe App Installer does: it AUTOMATICALLY protects you from malware and apps known to compromise your data — before you even install them.

More Protection for Your Digital Life

Safe App Installer is only one of the key features dfndr security Pro offers.  It also comes with a full suite of security capabilities that can protect you not only from digital threats, but from thieves “IRL” as well.

Beyond Safe App, there are four additional features dfndr security Pro offers to protect you and make your digital life easier:

Anti-theft protection: Protects against physical loss that leads to data loss: in case of theft or loss of your device, you can lock  it down remotely, find the phone on a map; or, activate a loud alarm to find it nearby. You can also get a picture of the thief, and wipe the phone of your personal data.

Privacy Protection: You can locate on a map where your app data is going and how it might be used by third-parties.

Unlimited Identity Theft Reports: These reports provide “perimeter defense,”looking out for privacy vulnerabilities beyond your own device. These reports reveal if any of your information has been leaked, with a one-click check of a database with over 10 billion compromised credentials. 

Ad-Free: As an extra bonus, Pro is totally ad-free.

Get The Protection You Need Today

Click here to download dfndr security and free trial dfndr security Pro to put all of these features to work securing your phone, your data, and your digital life. dfndr security Pro offers a full suite of protection, constantly updated, to make sure “you’re safe out there.”

]]>
<![CDATA[“Smishing” Malware Uses Missed-Delivery Notification To Lure Victims]]> https://www.psafe.com/en/blog/fakespy/ Tue, 07 Jul 2020 18:27:18 +0000 https://www.psafe.com/en/blog/?p=20766 PSafe’s dfndr lab has uncovered details about “Fakespy”, malware that has a history of enticesing  victims by promising information about a missed delivery via an SMS message. Phishing via SMS is also known as “Smishing.” And a third type of trap, “Vishing,” uses voice data. …Now you know.  We hope these terms serve as a reminder that hackers are always inventing new approaches for getting your personal information, and they’ll use any avenue open to them. Fakespy also shows that old malware code and scams are constantly being refurbished or re-used in new venues. 

How Fakespy Entices Users

“Hackers are always looking for our soft spots,” remarks Emilio Simoni, PSafe’s dfndr lab Research Director “and FakeSpy uses the natural excitement people have for receiving a package of some kind. Most people immediately want to know who sent you something, and what you might have received.”

Typically, this malware loads via a fake app posing as the website for your country’s mail service — in America, the USPS; in England, the Royal Mail, and so on.  The fake app is designed to look like the real thing, and once it downloads and the fake transaction is completed, it actually passes the user on through to the real USPS site, to avoid detection. Meanwhile, the malware has loaded, and a broad host of information stealing is underway: financial information, account information, app information, contact lists — Fakespy can even read other SMS messages.  And, like most malware, Fakespy immediately begins its work to replicate itself by sending offers to its victims’ contact lists.

Permissions Required Provide a Warning…

“It’s a very sophisticated and still evolving malware,” Simoni warns, “the people behind it have been refining its design for some time now.” One strong warning-sign is that the app asks for extensive permissions — but many users have grown accustomed to approving these for sites they trust. “If the enticement of a missed package works and the fake mail-delivery site is compelling, it’s easy to see how victims can get manipulated,” Simoni says.

What Can You Do To Stay Safe?

“The first thing to remember is that hackers are using every venue available to them to get their software on your devices,” Simoni explains. “Add smishing and vishing to your malware vocabulary and keep in mind that callers and texters may not always be who they appear to be— or say they are.”  

However hard you work to stay informed, a good protection solution — with a team behind you, is almost essential to stay one step ahead of all the various threats evolving in the digital landscape.  

The Best Protection, For The Worst Threats

An excellent way to protect yourself is to always keep a security installed on your phone. dfndr security offers a full suite of security capabilities that can protect you not only from digital threat, but from everyday thieves as well. Click here to install for free.

(Remember, they steal devices and data too!) 

These are the features dfndr security Pro offers to protect you:

Safe App Installer: AUTOMATICALLY protects you from malware and apps known to have had data breaches — before you install them.

App Privacy Scan: You can locate on a map where your app data is going and how it might be used by third-parties.

Unlimited Identity Theft Reports: These reports provide an “outer-perimeter” defense, looking out for privacy vulnerabilities beyond your own device. These reports reveal if any of your information has been leaked, with a one-click check of a database with over 4 billion compromised credentials

Anti-theft Protection: Protects against physical loss that leads to data loss: in case of theft or loss of your device, you can lock it down remotely, find the phone on a map; or, activate a loud alarm to find it nearby. You can also get a picture of the thief, and wipe the phone of your personal data.

Ad-Free: As an extra bonus, Pro is totally ad-free.

Stay Safer!

With dfndr security in your toolbox, the rest is a matter of staying as aware as you can.  Follow a few simple rules to avoid and minimize digital damage:

  • Take extra care with any link from an unknown source — and be extra wary if it promises a surprise of some kind. Check your curiosity!
  • Don’t click on any links sent to you via email or SMS from unknown people.  And if you get a link from somebody you know, ask: WHY would he / she send me this?
  • Only download or install software from trusted sources!
  • Make sure you do regular backups on your machines!

Be careful, and we’ll keep you informed as always, whenever we hear more about Fakespy, or any other major threats!

]]>
<![CDATA[StrandHogg 2.0 Steals Data From Real Apps]]> https://www.psafe.com/en/blog/strandhogg/ Thu, 04 Jun 2020 21:45:02 +0000 https://www.psafe.com/en/blog/?p=20709 Named after the Norse term for an ancient Viking technique for coastal raids, StrandHogg 2.0 is a nefarious new update to an earlier trojan-like malware. Its particular way of working undercover and seizing user data is notable. The relentless inventiveness of hackers is very much on display with this latest threat.

Strandhogg 2.0: Worse Than The Original

“StrandHogg 1.0” used Android’s task affinity to hijack applications—by matching the packageName of any other app, then allowing “TaskReparenting,” the StrandHogg app would be launched, undercover, in place of the target app — then share the information with the attacker and the targeted app (to go unnoticed).

 

Image Source: Promon

Emilio Simoni, research director at dfndr lab explains:  “Using this method, you would see (for one typical example) what looks like a fully legitimate Gmail icon on your phone, with the usual login dialogue — just exactly as it would appear when you’re logging back  into your account. But once you enter your credentials, you’ve unknowingly shared them with the attacker too. To shield its intervention, your info is also sent to Gmail (or whatever other legitimate application has been hijacked), continuing your transaction and leaving no signs you’ve been compromised. The malware comes on board in the form of innocent looking game apps — one named SuperHappyFunGame — but it does its worst work undercover.”

StrandHogg’s 1.0 weakness was the presence of sketchy task affinity codes in the Android Manifest. Scouring for the 1.0 version required simply scanning the Google Play store for these problematic taskAffinity declarations. But StrandHogg 2.0 doesn’t require any special settings, because the attacking code isn’t necessarily present on the Play Store. Instead, the attacker just downloads the attack code later, once the trojan app or game has taken up residence.

StrandHogg 2.0 also hijacks additional data via app permissions: so contacts, photos, and it can even victim’s movements and location are compromised. Simoni advises: “With the right permissions, StrandHogg 2.0 can even siphon off entire text message conversations, which can enable hackers to defeat two-factor authentication protections.”

The Norwegian security firm Promon, the firm that gave the malware its name,  suggests that updating Android devices with the latest security updates — out now — will fix the vulnerability. Users are advised to update their Android devices as soon as possible. 

“However,” Simoni warns, “the key is protecting yourself from the next StrandHogg.  For that, you need a front line of defense.” 

Protecting Your Devices and Data From Unsafe Apps

You should always count on a extra layer of security for your phone. dfndr security, for example, has a Safe App Installer feature that can operate as your advance-line of defense against apps like SuperHappyFunGame, and the next generation of trojans  StrandHogg uses. Safe App Installer will also keep you protected from all other malicious apps. “The feature lets you know if an app is unsafe before you even install it,” Simoni advises, “and our team does the work to constantly update our database of malicious apps.” With Safe App Installer, every app you consult before installation will be rated for trust. 

There are two levels of alert if Safe App Installer discovers an issue:

  • Security Alert: If the app is malware.
  • Privacy Alert: If the app already experienced a data breach

An app is rated as Trusted only if the app is not malware or has never experienced a data breach.  

dfndr security also offers Anti-Theft Protection for your device, and Identity theft protection for you.  “Our PRO package has been very thoroughly thought out to provide users with the full suite of protections they need,” Simoni concludes.

We’ll continue to provide updates here on the PSafe blog for new malware that could compromise your security and safety — stay tuned!

]]>
<![CDATA[New Android Malware, “Eventbot” Targets Financial Data]]> https://www.psafe.com/en/blog/android-malware/ Mon, 11 May 2020 20:09:20 +0000 https://www.psafe.com/en/blog/?p=20650 A pernicious new malware that steals Android mobile banking data has been discovered, and it’s targeting Android users throughout Europe and the United States. 

“Eventbot” leverages Android accessibility to reap private data from financial applications. It also has the ability to hijack SMS-based two-factor authentication codes, and it can even read user SMS messages. A very foreboding mix of capabilities. 

“This one is especially dangerous,” remarks Emilio Simoni, Research Director at dfndr lab, “Eventbot is a trojan that targets over 200 different financial apps.” Simoni explains that these  include banking, money transfer services, and crypto-currency wallets like Coinbase, Paypal Business, TransferWise, HSBC, CapitalOne, Santander, Revolut, and Barclays… and many more.

How EVENTBOT Does Its Damage

 First identified in March 2020, Eventbot makes its way onto phones by posing as a legitimate app: Adobe Flash, Microsoft Word, and similar.  Eventbot primarily resides on unofficial Android App stores and other unauthorized websites, it has also been delivered through bulk SMSs and Emails, typically offering special savings on popular Android apps.

When installed, Eventbot requests a robust list of permissions, including accessibility settings; “read” permission from external storage; the ability to send and receive SMS messages; run in the background; and launch after system boot.

Users who grant these permissions unwittingly enable EventBot to operates as a keylogger, which can extract notifications about other installed applications, and scan and scrape the content of open windows. It also further-leverages Android’s accessibility services to steal the lock-screen PIN — then sends all of its stolen data in an encrypted format to its command-center server. 

Simoni explains: “The ability to track SMS messages also enables this malware to pass-through SMS-based two-factor authentications, which opens the gates wide for financial attacks of the very worst kind.”

Protect Yourself

“It’s important to always rely on a security mechanism. dfndr security, for example, has a Safe App Installer feature that is designed expressly to deal with dangerous apps like this,” Simoni offers, “This feature lets you know if an app is safe before you ever install it, and its updated constantly by the PSafe security team. We scan the web constantly for updates and information to enrich our database.”

With Safe App Installer, any app you intend to install will be rated for trustworthiness. There are two levels of alert if the feature discovers an issue:

  • Security Alert: If the app is malware;
  • Privacy Alert: If the app already experienced a data breach;
  • Trusted: If The app is not malware or has never experienced a data breach. 

 “Eventbot would absolutely trigger a security alert,” Simoni notes.

The free version of dfndr security also has an anti-hacking capability that blocks scams directly on the SMS app, web browsers and messaging apps (WhatsApp and Facebook Messenger). It also offers a URL checker to check the security of any URL you enter.

Further Safety Measures for EventBot (and Similar Trojans)

One of the easiest ways to protect yourself is to make sure that you are only downloading mobile apps from authorized sources,” Simoni emphasizes. “With malwares as dangerous as Eventbot making the rounds, you have to be doubly alert and careful with any unofficial links.” As a rule, you’ll want to avoid any links sent by people unknown to you, and from bulk marketing SMSs and Emails. Finally, be careful with permissions required by various apps — if the list is extremely long or doesn’t make sense, be on guard.

Consider dfndr Pro

One of the best ways to protect your information now is to upgrade your dfndr security app (if you haven’t already) to PRO.  (This link will help you learn more, and you can use it to download PRO if you decide it’s right for you.).

 With dfndr Pro in your toolbox, the rest is a matter of staying as aware as you can to protect yourself and your family. PSafe will continue to provide updates here for new malwares that we discover that is especially noteworthy.

This one is VERY dangerous, so be careful out there!

]]>
<![CDATA[Be Careful: There’s A Malware Pandemic Underway Too…]]> https://www.psafe.com/en/blog/be-careful-theres-a-malware-pandemic-underway-too/ Wed, 15 Apr 2020 17:31:06 +0000 https://www.psafe.com/en/blog/?p=20588 The Coronavirus pandemic has turned the world upside down in a matter of weeks. But one group of people is carrying on as they always have: hackers. 

If anything, they’ve only grown more brazen and active. “Overnight, the pandemic has become the number one subject on everyone’s mind,” explains Emilio Simoni, Research Director at dfndr lab, “and that’s irresistible to hackers and scammers.”

Simoni continues: “The first job of any scammer is to get your attention: to stop you on your path and pull your interest toward their offer or message.  The coronavirus pandemic has created a topic that everyone is intensely interested in, all over the world. This has made the scammer’s job much, much easier. And they’re making use of both the intensity of interest and the global breadth of exposure.” 

An Explosion of Coronavirus Malware

Under Simoni’s direction, the experts at the dfndr lab have found more than 227 different Coronavirus-content scams. Most of them offer a dashboard which falsely promises users access to a real-time map for global or local surveillance of COVID-19 cases. As soon as they’re downloaded, they act as ransomware. Typically, they lock the home screen and blackmail the victim into paying a specified amount of money to “unlock” the phone. The ransomware messages are often intimidating, claiming access to photos and private information, like this one:

SuperVPN: 100 Million Users, Finally Deleted From The Google Store

But coronavirus scams aren’t the only vulnerability out there. As Emilio Simoni explains: “You need security solutions that look out for more than scams and hackers. Even apps that aren’t clearly malware or ransomware can totally compromise your security. SuperVPN is a perfect case in point: it’s security problems have been known for over a year, but the app has been removed from the Google Play store very recently.”

SuperVPN offered users the ability to browse the internet as if they were coming from a different country, providing access to sites and functions that they wouldn’t normally be able to reach. For the app to work, an exchange of information between the device and the app was required. That process of exchange was loaded with serious vulnerabilities, and resulted in the theft of data like passwords and credit card numbers. Beyond its security issues, SuperVPN also appeared to violate Google Play’s algorithm in order to get more installs. They were very successful, racking up more than 100 million users before finally being removed.

“If you know anyone who has downloaded and installed SuperVPN,” Simoni remarks, “make sure they remove the app as soon as possible.”

Above is an illustration of how SuperVPN compromised user’s secure data.  (Image: VPNPro)

Protect Yourself From Hackers AND Vulnerabilities

One of the best ways to protect your information now is to upgrade your dfndr app (if you haven’t already) to dfndr Pro.  (Here’s a link where you can learn more, and download Pro if you decide it’s right for you.)

As apps with hidden “cracks” in security like SuperVPN illustrate, you have to be not only informed enough to resist the hackers and scams, you also have to have proven technical tools to keep your devices safe.

As Emilio Simoni explains it: “As we publicize these cases of hackers and scams, we want to be cautious and let people know that all data breaches or “malware” won’t always follow a specific pattern. Lots of data breaches happen with very reputable software makers or business transactions. There are many ways your data can be compromised. To be safe, you need more than your own human intelligence at work.” 

This is why dfndr Pro offers a full suite of security capabilities:

Unlimited Identity Theft Reports: These provide your “outer-perimeter” defense, looking out for privacy vulnerabilities beyond your own device. These reports reveal if any of your information has been leaked, with a one-click check of a database with over 4 billion compromised credentials. 

Anti-theft protection: Protects against physical loss that leads to data loss: in case of theft or loss of your device, you can lock  it down remotely, find the phone on a map; or, activate a loud alarm to find it nearby. You can also get a picture of the thief, and wipe the phone of your personal data.

Safe App Installer: Protects you from apps known to have had data breaches — before you install them.

App Privacy Scan: You can locate on a map where your app data is going and how it might be used by third-parties.

Ad-Free: As an extra bonus, Pro is totally ad-free.

Stay Vigilant!

With dfndr Pro in your toolbox, the rest is a matter of staying as aware as you can and protecting yourself and your family.  Consider adopting these rules for use of digital devices in your home:

  • Take extra care with any link or article about coronavirus. Use reliable sources, such as legitimate government websites, to get real, fact-checked stories and information on COVID-19.
  • Don’t click on links sent to you via email from unknown people. 
  • Look very closely at email addresses and names: If the source looks or sounds like someone you know but the name or email address seems even slightly off…stay away! If the name is right but the message is brief or confused, or not at all like the person you know…your friend could be the victim of a hack themselves.
  • Only download or install software from trusted sources. Make sure you double check url’s! 

Stay safe! We will keep you up to date on all the latest we hear about scams of all kinds: coronavirus-related, and otherwise. Until then, stay safe and keep your loved ones safe and informed too. 

Finally,  if you or someone you know is a healthcare worker, please accept (or pass on) our grateful thanks.  

]]>
<![CDATA[The World’s Most Malicious Ransomware Attacks]]> https://www.psafe.com/en/blog/the-worlds-most-malicious-ransomware-attacks/ Wed, 20 Jun 2018 12:00:25 +0000 https://www.psafe.com/en/blog/?p=18774 As we continue to push forward through the year, ransomware attacks are the most widespread and determinantal form of malware on the internet. Recent events have been so shocking that the entire City of Atlanta remained crippled almost a week after an attack, with residents unable to pay their bills. However, much larger attacks have taken place, affecting even more innocent individuals. Here are some of the world’s most significant ransomware attacks to have hit the web:

GandCrab
Recently, GrandCrab has grabbed everyone’s attention. The ransomware was discovered just this year and continues to hold everyday individuals hostage by encrypting all of the data on a user’s machine. What makes this piece of malware so ingenious is the way it’s been designed to hide the identity of the hackers who created it. To remove the ransomware from your machine, you must pay between $300-500 through a secure TOR network connection using an anonymous cryptocurrency known as Dash.

Read More: How to Protect Your Data from Ransomware Attacks

WannaCry
Accurately described by its name, the WannaCry strain of malware will indeed make you weep if you fall victim to it. The malicious piece of ransomware infected individuals in over 150 countries last year, in addition to targeting Britain’s National Health Service. Initially, the software used a piece of the Microsoft Windows file sharing system to infect other machines, but it eventually evolved. As with other ransomware scams, anyone infected found themselves forced to pay, this time via Bitcoin if they ever wanted to see if their data again.

GoldenEye
Not to be confused with the action-packed James Bond film of the 1990s, GoldenEye is a nasty piece of malware that’s also known as ‘NotPetya.’ Infecting reputable companies such as AP Moller-Maersk, Cadbury, FedEx, and Merck, the ransomware requested $300 for every computer infected. Easy to be tricked by, the malware sneaks onto your machine through an email or infected Word document. To add insult to injury, the malware has been smart enough to clear any actions it takes on a device, making it difficult to track down the criminal creators.

How Do You Stay Safe?
What’s disturbing is each piece of malware noted above have all been released within the last few years. Your data is at significant risk because ransomware attacks grow more aggressive each year.

Your computer isn’t the only device at risk either, collections of malware also target Android users. You can keep yourself protected by downloading dfndr security which has a full virus scan feature to locate any threats on your device, as well an anti-hacking feature that’s powered by AI, which will block malicious links before you click on them.

]]>
<![CDATA[Manufacturers Caught Lying About Device Security]]> https://www.psafe.com/en/blog/manufacturers-caught-lying-about-device-security/ Sat, 09 Jun 2018 12:00:53 +0000 https://www.psafe.com/en/blog/?p=18307 When you purchase a new Android smartphone, you want to feel assured that the company you chose is doing their best to protect your security. Unfortunately, a recent study by a German security firm showed that a majority of manufacturers we’ve instilled with our trust might not deserve it. Over 1,200 different smartphone from over a dozen vendors have security holes that leave your device and your personal information vulnerable to hackers who can exploit these vulnerabilities.

Begin Protecting Your Device
One way to start protecting your Android if manufacturers aren’t doing it is to use a reliable third-party app like dfndr security. Take advantage of a full virus scan feature and anti-hacking technology that fights any malware threats or phishing attempts. With 21 other great features included, you may not be able to control your manufacturer, but you can stay one step ahead of hackers.


Who is Guilty and Why
The study found that manufacturers who are leaving security gaps in their systems and may be attempting to deceive customers include Google, Sony, Samsung, Wiko Mobile, Xiaomi, OnePlus, Nokia, HTC, Huawei, LG, TCL, Motorola, and ZTE. As you can imagine, these companies are not small players in the Android market. At the top of the charts, Samsung holds almost 48% market share around the globe, putting nearly half of all Android users at risk. But, how exactly are these manufacturers deceiving their customers?

Read More: What You Need to Know About Google’s Security Patch Record

According to the study, the manufacturers have been claiming within their devices’ settings that all security and system patches are up to date when they are actually behind. This practice of deceit not only leaves Android phones vulnerable but also calls into question the validity of a manufacturer’s security practices. In order to find the cleverly hidden lie, the firmware of many devices had to be carefully examined.

For Some, The Problem is Worse Than Others|
Companies with a mix of patched and unpatched devices or only behind by a single patch includes Google, Sony, Samsung, and Wiko Mobile. However, of those noted previously, companies HTC, Huawei, LG, Motorola, TCL, and ZTE are at least 3 or more patches behind. While Google is the company that issues patches for the Android operating system, it’s the responsibility of each manufacturer to deliver patches to their line of handsets accurately.

Some Light at the End of the Tunnel
Luckily, there could be a possible solution. Google has begun implementing a new project they have dubbed Treble. The project attempts to fix manufacturer patching issues by putting more control of Android’s core back into the hands of Google. What this means is your device could be updated as soon as a patch is released without having to wait for a manufacturer. While Treble has been included in Android 8.0 Oreo, not all devices currently support it. However, the good news is the project will be implemented on all Android devices moving forward.

]]>
<![CDATA[Meltdown and Spectre Are Aimed At Your Sensitive Data]]> https://www.psafe.com/en/blog/meltdown-and-spectre-are-aimed-at-your-sensitive-data/ Sun, 20 May 2018 12:00:33 +0000 https://www.psafe.com/en/blog/?p=18079 Two of the computing world’s most significant threats were unveiled a few months ago by a research team at Google, showcasing an exploit present in nearly all computer processors that could give hackers access to sensitive information passing through your machine. Known as Meltdown and Spectre, the alarming timeline of the malware was bad enough, but now research shows that the risk is spreading to smartphones.

An excellent way to take this new threat seriously is to download dfndr security. This 4.5 rated app has a full virus scan feature that scans your files, images, and even the SD card of your Android to check for any viruses or malware. You can’t stay alert all day and night, so utilizing an app that has your back is the best way to start.

Read More: AV-TEST Rates dfndr as Top Among Antivirus Apps

What’s Vulnerable and Why
A feature known as CPU data cache timing, which allows computers to work fast, is at the heart of this major security breach. Explained in easy terms, a machine’s data cache allows it to access bits of information faster than it would without this feature. Unfortunately, a vulnerability in the data cache timing process allows malware to intercept sensitive data such as password information.

Exploits Are Rapidly Increasing
While the most substantial issue has been laptop and desktop computers running Intel or AMD processors, the ARM processors found on smartphones are also at risk. With almost 140 pieces of malware utilizing the new vulnerabilities, consumers and businesses need to remain cautious and on the lookout.

Most Android devices utilize a processor architecture known as ARM – one of the more vulnerable platforms. This means the most popular devices in the world such as Samsung Galaxy, Google Pixel, and Motorola’s Moto, are at risk for the vulnerability.

Possible Solutions to Stay Safe
One possible solution implemented by Intel was halted as the company found the security patch caused system instability. When new vulnerabilities are discovered, companies are typically able to patch them and prevent further damage. However, as we stand months later, Intel and other CPU manufacturers have yet to provide a solution for such a collection of risky vulnerabilities.

For now, the best option for protecting yourself is to ensure that all of your devices such as laptops, computers, smartphones are fully updated to the latest software versions. Running a reliable antivirus solution is also strongly recommended and is your best chance of remaining unaffected by the exploits.

]]>
<![CDATA[Malware Hidden in QR-Reader Apps Infects Android Devices]]> https://www.psafe.com/en/blog/malware-hidden-in-qr-reader-apps-infects-android-devices/ Wed, 16 May 2018 12:00:47 +0000 https://www.psafe.com/en/blog/?p=17937 Malware hiding within apps is nothing new to the industry, but the latest occurrence has a focus on QR-Code readers – and worst of all, the malware itself is smart. This begs the question, how do you prevent your phone from being a casualty?

One way to ward off malicious apps is to download a third-party security app such as dfndr security, which includes a full-virus scan feature. A scan of your Android device will do a deep dive into your files and even your SD card. Worried that you might forget to scan your phone regularly? Not a problem, just use scheduled scans which can run while you’re asleep.

Read More: Is it Safe to Download Apps Outside of Google Play?

In this latest case of infected apps, a piece of malware known as ‘Andr/HiddnAd-AJ’ (try to say that ten times fast) was able to load itself onto a number of apps designed to read QR-Codes. Apps infested with the malware included: QR Code / Barcode Reader, QR Code Free Scanner, and QR & Barcode Scanner. There were a total of seven apps infected, and the malicious apps were downloaded over 500,000 times before being pulled by the Google Play Store.

We know how hard it can be to avoid malware in a world filled with it, but here are a few tips to get you started on a safer journey through the endless world of Android apps.

Download Only Official Sources
We’re aware that this point may appear moot as we noted that the infected apps came from the official Google Play Store, but even though an official source may not be 100% clean, it’s still much safer than downloading an app elsewhere. Despite missing the occasional piece of malware, Google has quite a positive record of keeping their ecosystem clean from the mess.

Avoid Apps From the Web
As you can infer from our last comment, you’re best to avoid downloading apps directly from the Internet or something you found on social media. These apps are more likely to be infected with dangerous malware and are typically prefaced with a request to turn off a security feature to allow app installations from ‘unofficial sources.’ Take this as an immediate red flag and don’t download.

Watch Those Permissions
Once you’ve downloaded an app from an official source such as Google Play or Amazon App Store, try to remain aware. Legitimate apps ask for permissions to access certain parts of your system. In some circumstances, this is normal but use your best judgment. A new email app would request access to your contacts, but why would a QR-Code reader need the same?

]]>
<![CDATA[Know Your Enemy: How Ransomware Payments Happen]]> https://www.psafe.com/en/blog/know-your-enemy-how-ransomware-payments-happen/ Wed, 09 May 2018 12:00:29 +0000 https://www.psafe.com/en/blog/?p=17742 One of the most common ways to get duped is through ransomware, a method hackers use to take over your device and hold it for ransom until you pay them a predetermined amount. These types of attacks target both individuals and organizations, usually prompting larger ransom payouts from companies rather than individuals, but they can be quite pricey either way.

Read More: Malicious Ransomware Could Be Around the Corner

Protecting yourself from ransomware can be tricky, but dfndr security offers solid protection for your Android device with advanced, anti-hacking capabilities that safeguard you from malicious websites before you even tap on a link.

If you’ve never heard of ransomware, it’s vital to know in case an attack ever happens to you.

Malware That Spreads Easily
Ransomware is a form of malware that takes a device hostage until a “ransom” is paid, usually in the form of Bitcoin or another cryptocurrency which is virtually untraceable and protects the hacker’s identity. These types of viruses usually begin as a phony email posing as a friend or co-worker, containing a link you’re encouraged to click on. Once malware infects a system, it can spread from machine to machine, or if a single device is affected, a hacker can gain full control over the phone.

Easy targets of ransomware attacks are device owners with older operating systems that do not have adequate security software. Once hackers take over your device, you will be given a certain amount of time to pay, usually around 72 to 96 hours. If you fail to pay, your device will likely be permanently locked.

South Korea is Largest Target
A recent study discovered that people in South Korea get targeted more frequently than anywhere else. About 20,000 people were targeted all over the world for $16 million worth of ransomware and around $2.5 million of these attacks were collected from device owners in South Korea.

Yikes, What Should I Do?
One way to protect yourself from ransomware attacks is by backing up your data somewhere else, like an external hard drive. If you get targeted, you can reset your device to the original factory settings, eliminating the ransomware. You can then transfer old files to the device and avoid paying the ransom. However, hackers may still be able to target your device sometime in the future as ransomware worms are easy to modify.

Security Apps Protect You the Best
In order to avoid these attacks altogether, the best thing you can do is download a security app that protects you from a variety of attacks. With dfndr security’s anti-hacking feature, your device will block phishing attempts while you navigate the web, as well as other malware designed to take your money.

Though ransomware is disturbing, with awareness you can still preempt a strike from hackers and continue enjoying your online world without worrying.

]]>