malware

Bad Android Apps Removed From Play Store, Uninstall Now

November 7, 2019 by admin

Updated: Google has confirmed that another set of Play Store apps have now been removed after they were found to be infecting devices with malware. Any users with those apps installed should ensure they are uninstalled from their devices. The seven apps are designed to open backdoors onto an infected device, pulling separate malware apps from elsewhere, circumventing Play Store security. When those apps are downloaded and installed, they hide away from users who don’t even realize they’ve been brought onto their phones. The malicious intent of the latest malware-laced apps is ad fraud , but there is a more dangerous threat lurking behind.

This latest warning comes just as as Google announced an “App Defense Alliance” to “ensure the safety of the Play Store.” The seven apps, discovered by the threat research team at Wandera, do not contain ad fraud malware themselves. Instead they are dropper apps—they download malware “payload” apps and install them onto target devices. This leaves the user with both the dropper app and the payload app installed. Both need to be identified and deleted. The dropper apps bypass store security to bring in threats from outside the ecosystem.

These dropper apps pull the malware payloads from Github, and Wandera VP Michael Covington told me the team was escalating details about the apps “because the backdoor introduced via the dropper code is a significant risk for anyone using these apps—given the obfuscation techniques in use, we have not yet ruled out other apps that may be using similar techniques to introduce unsanctioned code.”

Continue Reading

Don’t fall for fake virus infection alerts

September 19, 2019 by admin

Two Americans used bogus virus-infection alerts to bilk $10m out of PC owners, it is alleged.

Romana Leyva, 35, of Las Vegas, Nevada, and Ariful Haque, 33, of Bellerose, New York, were each charged this week with one count of wire fraud and conspiracy to commit wire fraud. Each count carries a maximum of 20 years in the clink.

Don't fall for fake virus infection alerts

According to prosecutors in southern New York, Leyva and Haque masterminded a classic tech-support scam that warned netizens their computers were infected with malware that didn’t actually exist and would need a costly, and yet entirely unnecessary, repair.

We all know this type of scam: phony “system alert” pop-up ads in web browsers that try to scare punters into believing their machine is riddled with spyware, along with a phone number to call for “tech support” or a repair service that costs an arm and a leg – and doesn’t actually do anything useful.

“In at least some instances, the pop-up threatened victims that, if they restarted or shut down their computer, it could cause serious damage to the system’ including ‘complete data loss’,” the prosecution wrote in its court [PDF] paperwork.

Continue Reading at The Register

414,949 D-Link cameras, IoT devices can be hijacked

July 8, 2016 by admin

Shodan has turned up half a million D-Link devices exposed to the internet, and subject to easy hijacking using zero-day vulnerabilities.

414,949 D-Link cameras, IoT devices can be hijacked over the net

The stack overflow vulnerabilities affect more than 120 D-Link products, from Wi-Fi cameras to routers and modems, and allow remote attackers to completely hijack the administer account of the devices to install backdoors and intercept traffic.

D-Link has been contacted for comment.

It takes only one command to exploit the flaw, according to Senrio researchers who published a proof-of-concept that changed administrator passwords.

“… the Senrio research team discovered and exploited a remote code execution vulnerability in the latest firmware of the D-Link DCS-930L Network Cloud Camera,” the researchers say.

“While the thought of strangers watching your sleeping baby is disturbing, the implications for enterprise and infrastructure environments are downright scary.”

Almost 140,000 of the devices are located in the US, with 23,442 in Canada, and 20,982 in Sweden.

Founder Stephen Ridley told Security Week attacking the 120-odd D-Link device models requires to exploit tweaking to suit different firmware.

“An attacker would practically account for this difference in versions [and] devices by fingerprinting a device, and then changing the exploit payload based on the target,” Ridley says.

http://www.theregister.co.uk/2016/07/08/414949_dlink_cameras_iot_devices_can_be_hijacked_over_the_net/

Uninstall QuickTime for Windows Today

May 7, 2016 by admin

TrendMicro is putting the word out that everyone should follow Apple’s guidance and uninstall QuickTime for Windows as soon as possible.

This is for two reasons.

First, Apple is deprecating QuickTime for Microsoft Windows. They will no longer be issuing security updates for the product on the Windows Platform and recommend users uninstall it. Note that this does not apply to QuickTime on Mac OSX.

Second, our Zero Day Initiative has just released two advisories ZDI-16-241 and ZDI-16-242 detailing two new, critical vulnerabilities affecting QuickTime for Windows. These advisories are being released in accordance with the Zero Day Initiative’s Disclosure Policy for when a vendor does not issue a security patch for a disclosed vulnerability. And because Apple is no longer providing security updates for QuickTime on Windows, these vulnerabilities are never going to be patched.

We’re not aware of any active attacks against these vulnerabilities currently. But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it. In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities and is subject to ever-increasing risk as more and more unpatched vulnerabilities are found affecting it.

You can find information on how to uninstall Apple QuickTime for Windows from the Apple website here:https://support.apple.com/HT205771

Continue for F ull Article

Be careful, it is The Season for Cyber Criminals

December 20, 2015 by admin

With the end of the year, the volume of internet sales increases drastically due to Black Friday, Cyber Monday, Christmas, and New Year’s Eve. Cybercriminals also increase their activity on these dates, as they want to go unnoticed in the high number of transactions.

For that reason, you must be aware of the threats you are exposed to in order to avoid an unwanted gift—more than your grandma’s socks.

According to Allianz Risk Barometer for 2015, cybercrime rose three positions from 2014 to become the fifth top global business risk in 2015. It is a big threat that continues to expand; you have to be informed about it and take action to avoid it.

Let’s take a look at the biggest threats that you should be aware of.

Malvertising: A growing threat

Malicious ads are online advertisements on legitimate websites created to deliver and spread spyware, ransomware, and other malware to end-user systems. They are usually shown as targeted pop-up advertisements or as banner ads on online shopping sites, news portals, social media sites, and gaming and adult platforms.

Unlike other malware delivery mechanisms which require user action (clicking a link or opening an email attachment), malvertisements often require no user interaction to work, which makes them quite dangerous.

Sometimes, just visiting a webpage with malicious ads on it is enough to infect a system. In other cases, users have to click fake Flash or Java updates, or fake anti-virus alerts, to get infected.

Typically, larger websites receive ads through multiple ad brokers and networks automatically, with little action margin to filter them. As advertisements are tailored to the user’s demographics, location, and browsing history, attackers can deliver the malware to their desired victims.

Security vendor RiskIQ reported a shocking 260 percent increase in the number of detected malvertisements in the first half of 2015, compared to the same period last year.

Unfortunately, there isn’t much you can do to avoid malvertising, but make sure you have good commercial antivirus software installed so that if you do stumble upon a bad ad, you will have an extra layer of protection.

Phishing

One of the most dangerous threats this season is Phishing. Phishing occurs when cybercriminals attempt to get your usernames, passwords, and credit card details by creating a fake version of a real and well-known site. Users get tricked into entering their sensitive information, thinking that the site is the real one. You may arrive at one of these sites by misspelling the address or by following links on forged emails, ads, or posts.

This time of year we always see several fake stores emerge. They are there for a couple of weeks, then disappear with your sensitive data and your money.

The Anti-Phishing Working Group reports that in the last quarter of 2014, there was an increase of 18 percent in the number of unique phishing reports compared to the previous quarter and that retail /service was the most targeted industry sector, with payment services close behind.

To confirm that you are on a real, legitimate site, look for the https protocol at the beginning of the URL and check that there is a padlock icon, indicating that the identity of the site is confirmed by a third-party security firm.

Click Here to Continue Reading This Article

When you are browsing a site look for https and the padlock icon to ensure its authenticity and that your information will be transmitted securely.

Panda antivirus problems

March 18, 2015 by admin

Panda antivirus software labels itself as malware

Affected users were warned not to reboot their machines

An antivirus program labeled itself as malware, causing some computers it was running on to stop working.

Panda antivirus software labels itself as malware

After an update, essential components in two Panda Security antivirus programs became corrupted, leading them to be mistakenly identified as malign and quarantined.

Panda said a fix had been released and warned that rebooting affected systems could exacerbate the issue.

Steps to Fix You Computer: http://www.pandasecurity.com/uk/homeusers/support/card?id=100045

It asked those affected to get in touch so it could help fix their machines.

One security expert noted the irony. “People’s first response is to turn [their computer] off and back on again, but in this case, it seems like the wrong thing to do,” said Prof Alan Woodward, of Surrey University.

The “last thing” people would expect to cause their computers to break down was its security software, he said.

Corrupted files

Panda Security said that the signature file in both its PCOP and its Retail 2015 packages became corrupted.

Read the Full Story at: http://www.bbc.com/news/technology-31851125