IT Security Newsletter

Banking malware found hiding in apps on Google Play – 11/01/18



Several malicious apps  pretending to be device boosters, battery managers and device cleaners have been found on Google Play.  These seemingly innocent apps contain malware and work in one of two ways.  They either function as they are expected or they display an error message claiming that that the app is incompatible with your device and it has been removed.  In  both cases, these apps contain very sophisticated banking trojans. They create phishing forms tailored to apps found on your phone. These forms appear to be legitimate login pages but are actually collecting your account information for the hackers. These nasty apps also covertly intercept and redirect text messages, bypass SMS based two factor authentication, intercept calls and download and install other malicious apps.

The good news is, if you think you have one of these apps on your phone you can easily uninstall it using the Application Manager in the Settings app. This is a good time to remind you to only download from reputable sites and to pick apps that have high numbers of downloads as well as many good reviews.


Scammers using voicemail to steal WhatsApp accounts – 10/17/18



Armed with nothing more than your phone number, criminals can steal your WhatsApp account.  How? By registering your phone number on their phone. Here is how it works.

First the attacker makes a request to have your phone number registered to the WhatsApp application on their phone. When WhatsApp receives the request, they text a verification code to your phone.  The scammers make their request in the middle of the night or when you are on a flight so you don’t see the verification code. With the text not answered, WhatsApp offers to read out the code and leave it in a voicemail.

If your cell phone carrier has a default password set up for voicemail and you have not changed it, the criminal simply enters the default password and boom…they can hear the verification code. Once they enter that code, the account gets transferred over to their phone. The attacker then sets up two step verification on the account and you have no way of getting it back.

The moral of the story, set strong and unique password for your voicemail.  While you are at it, do that with all your accounts.


How to protect your Android device – 08/22/18



With reports about compromised or fake apps in the Google Play Store coming out every month or so, owning an Android device can be down right stressful.  While there are things you can look for to reduce the risk of downloading a nasty app, it isn’t always easy to identify them.

To help keep your Android device safe, Google Play Protect is installed on it at the factory.  However researchers have found out what millions of Android users have known for years, Google Play Protect does a terrible job.  Even with the tool pre-installed, users everywhere are still experiencing malware infections on a large scale.

So what is a user to do?  The good news is there are many excellent apps out there designed to protect your Android device from malware. Even better, many of them are free.  The more recognizable names are McAfee, AVG, Avast and Norton. However some lesser known products like Anity, Cheetah and F-secure are also excellent.  All of them out perform Google Play Protect.

If you want to keep your Android device secure, before you download an app:

  • Only download from the Google Play Store (it’s still safer than the wild web)
  • Check its reviews
  • Check the number of times it has been downloaded
  • Check to see what kind of access to your data and your device it wants
  • Download an anti-malware app before you download anything else


Google can track you even if Location History is turned off – 08/15/2018

If you have an Android phone or an IOS phone that has the Google app on it, Google could be following your every move.  Most people are aware that you can turn the Location Services off on your iphone and disable Location reporting on your Android phone.  You may even know how to turn off Location History so Google doesn’t store a record of where you have been.  What you probably don’t know is, Google  has been deceiving you.

AP News has found that when you turn off those services, it only disables the viewable timeline. However every time you open Google Maps, get some weather updates or use Chrome for a search, it tracks you and stores time-stamped location data from your devices.

Fortunately, there is a way to truly turn off the location tracking.  Google buried it deep within their account settings. To keep nosy Google from tracking you in any way:

  1. Open the Google app on your mobile device.
  2. Click the Settings icon in the upper left hand corner.
  3. Select Manage your Google Account.
  4. Select Personal info & privacy.
  5. Select Activity Controls.
  6. Select Web & App Activity.
  7. Click the slider to disable Web & app activity.  It should turn gray.


Scam pretends to lock your phone – 08/10/18



Windows users have heard about the tech support scam that informs them their computer has a virus and they need to call a 1-800 number to unlock it. Creative criminals are now using the same tactic with iphone users. They have seeded several porn sites with malware.  After your visit, a large dialog box appears on your phone informing you that your phone has been locked because you visited an illegal porn site. It all looks very official as it correctly displays the model of your phone and the URL of the porn site. It then gives you a hyperlink to a number to call to get your phone unlocked.

In reality, your phone isn’t locked at all. If you call the number you get connected to a hacker who then attempts to get information and money from you.  Although this scam leverages a visit to a porn site, a similar scam can be set up with any type of website.  It can also target any kind of phone.  It may be iphone users that are currently targeted, but it won’t take long for this scam to show up on Android phones as well.

Never call a number that shows up in an alert or notification on your phone.  Never click on security warning links either. If you do connect to a call center and start to feel uncomfortable, hang up. Apple will never lock your phone and then ask you to call a number to get it unlocked. Come to think of it, neither will Google or Android.


60 000 Android devices infected with malware – 06/28/18



The latest malicious Android app is a clever thing indeed.  So clever that it has managed to infect 60 000 devices at last count. What should you look out for? The whole process starts with a pop up that informs you that you have issues with your device.  The make and model of your device is listed in the pop up making everything look very official. It gives you the option of ignoring the issues or cleaning them up by installing an app. Thing is it doesn’t matter what you click, it takes you to a power saver app in the legitimate Google Play store.

It isn’t until you look at the permissions that the app asks for during install that things seem a bit odd.  Why would a power saver app need:

  • to read sensitive data?
  • to receive text messages?
  • to pair with Bluetooth devices?
  • full network access?
  • to modify system settings?
  • to receive data from the Internet?

If you decide to ignore the red flags and install the app anyway a few things will happen. First,  a hacker completely controls your device. Second,  a little ad-clicker bot runs in the background clicking on ads and generating revenue for the hacker while stealing your data. Third, the app actually does work by stopping processes that are using too much battery power when the battery level is low.  So it isn’t all bad. At least the app does what it says it does. It’s the bonus features that you can do without.

If you are have a pop up on your device that you cannot close or that takes you to a web page or the Google Play Store no matter what you do, restart the device. That should get rid of the pop up.  If it persists you may have to resort to a factory reset.  Either way you do not have to give a hacker control of your phone to get rid of a persistent pop up.


Is that app really as popular as it seems? – 06/15/18



Cyber criminals are getting wise. They have noticed that if an Android app has lots of downloads listed, the odds are pretty good that others will download it as well. They are using this phenomenon to trick people into downloading their malicious apps.

How are they doing it? When you browse the app store,  the only information that you see is the app name, app icon and the developer name. Creative criminals are taking advantage of this by entering their developer names as 100 Million Downloads, Installs 1,000,000,000 + or simply 5,000,000,000.

Criminals aren’t stopping the deception there. They are also using Verified Application or Legit Application as their developer names. Never mind that Google Play doesn’t have a developer account verification service, it looks good anyway.

This is just a reminder that when you are looking for apps to download stick to Google Play and read reviews carefully. Stay away from apps that use deceptive tactics, have few reviews or few downloads.  Happy and safe downloading!



More apps on Google Play containing malware – 05/11/18


Once again a bunch of apps on Google Play have been found to contain malware. The  majority of them are photo editors.  Here is the list of apps and their publishers.

Ladies World by Chenxy
Happy photos by chandrahegang
Beauty camera by bai xiongshu
S-PictureEditor by bai xiongshu
Collage maker 2018 by bai xiongshu
Gallery by bai xiongshu
Collage Maker by bai xiongshu
S Photo Plus by LiaoAny
CollagePlus by LiaoAny
Photo Studio by elaine.wei
Collage Studio by elaine.wei
Photo Studio Plus by elaine.wei
Collage Studio Pro by elaine.wei
Hot Chick by Sunshine Fun
Popular video by Phoenix bird Tech Limited
Music play by Jiangxi Huarui Network technology company
Photo collage edit by Jiangxi Huarui Network technology company
Pic collage by Jiangxi Huarui Network technology company
Super Photo Plus by kowloon
Bees collage by kowloon
Superb Photo by kowloon
Sweet Collection by TopFun Families
Pic collage by Shenzhen coronation plus Technology Co.. Ltd.
K music by Shenzhen coronation plus Technology Co.. Ltd.

If you have downloaded one of these apps, uninstall it from your phone and run a virus scan.  Although malware containing apps are found on Google Play regularly, it is still safer to download apps from there than other locations.  To reduce the risk, make sure you only download apps with a large number of positive reviews and downloads.

Blu Android phones caught sending user data to China – 05/09/18



They’re baaack! Last year, Amazon pulled the ultra cheap Blu brand of smart phones from their site after it was discovered, they were calling home to China without their user’s consent and transferring loads of private data .  Users were completely unaware of the data transfers as the application responsible was installed in the factory and therefore undetectable by anti-virus software.

The company has since come to an agreement with the FTC and promise to never do it again. This has prompted Amazon to once again allow the company to sell their phones on their site.

If Blu violates the agreement with the FTC, it could cost them up to $41, 484 per incident in civil penalties. They will now have their security protocols and record keeping monitored. However considering Blu repeatedly misled consumers and regulators previously by stating they had stopped data collecting when in fact they were still doing it, I am not so sure they can be trusted. Yes their phones are a deliciously cheap, however you might be giving up your personal information in exchange.  Remember, you get what you pay for.

Your ad-blocker Chrome extension may be malware – 04/19/18

Adguard has found 5 very popular ad-blocker Chrome extensions in the Google Webstore which contain malware that allows a criminal to take control of your browser.

  • AdRemover for Google Chrome
  • uBlock Plus
  • Adblock Pro
  • HD for YouTube
  • Webutation

Google has removed the extensions. However if you have installed one of them:

  1. Uninstall it immediately.
  2. Change the passwords on all your accounts.
  3. Keep an eye on your bank accounts and credit card statements.

The malware these extensions contain work in the background making detection very difficult. As far as the user is concerned the extension is what it appears to be. For this reason millions of unsuspecting users downloaded them onto their machines.

How do you protect yourself from malignant browser extensions? Don’t download them.  If you really, really need the extension make sure you know who the developer is. Stick to well known trusted developers that you recognize.