Cybersecurity Blog

60 000 Android devices infected with malware – 06/28/18

 

The latest malicious Android app is a clever thing indeed.  So clever that it has managed to infect 60 000 devices at last count. What should you look out for? The whole process starts with a pop up that informs you that you have issues with your device.  The make and model of your device is listed in the pop up making everything look very official. It gives you the option of ignoring the issues or cleaning them up by installing an app. Thing is it doesn’t matter what you click, it takes you to a power saver app in the legitimate Google Play store.

It isn’t until you look at the permissions that the app asks for during install that things seem a bit odd.  Why would a power saver app need:

  • to read sensitive data?
  • to receive text messages?
  • to pair with Bluetooth devices?
  • full network access?
  • to modify system settings?
  • to receive data from the Internet?

If you decide to ignore the red flags and install the app anyway a few things will happen. First,  a hacker completely controls your device. Second,  a little ad-clicker bot runs in the background clicking on ads and generating revenue for the hacker while stealing your data. Third, the app actually does work by stopping processes that are using too much battery power when the battery level is low.  So it isn’t all bad. At least the app does what it says it does. It’s the bonus features that you can do without.

If you are have a pop up on your device that you cannot close or that takes you to a web page or the Google Play Store no matter what you do, restart the device. That should get rid of the pop up.  If it persists you may have to resort to a factory reset.  Either way you do not have to give a hacker control of your phone to get rid of a persistent pop up.

 

Is that app really as popular as it seems? – 06/15/18

 

 

Cyber criminals are getting wise. They have noticed that if an Android app has lots of downloads listed, the odds are pretty good that others will download it as well. They are using this phenomenon to trick people into downloading their malicious apps.

How are they doing it? When you browse the app store,  the only information that you see is the app name, app icon and the developer name. Creative criminals are taking advantage of this by entering their developer names as 100 Million Downloads, Installs 1,000,000,000 + or simply 5,000,000,000.

Criminals aren’t stopping the deception there. They are also using Verified Application or Legit Application as their developer names. Never mind that Google Play doesn’t have a developer account verification service, it looks good anyway.

This is just a reminder that when you are looking for apps to download stick to Google Play and read reviews carefully. Stay away from apps that use deceptive tactics, have few reviews or few downloads.  Happy and safe downloading!

 

 

More apps on Google Play containing malware – 05/11/18

 

Once again a bunch of apps on Google Play have been found to contain malware. The  majority of them are photo editors.  Here is the list of apps and their publishers.

Ladies World by Chenxy
Happy photos by chandrahegang
Beauty camera by bai xiongshu
S-PictureEditor by bai xiongshu
Collage maker 2018 by bai xiongshu
Gallery by bai xiongshu
Collage Maker by bai xiongshu
S Photo Plus by LiaoAny
CollagePlus by LiaoAny
Photo Studio by elaine.wei
Collage Studio by elaine.wei
Photo Studio Plus by elaine.wei
Collage Studio Pro by elaine.wei
Hot Chick by Sunshine Fun
Popular video by Phoenix bird Tech Limited
Music play by Jiangxi Huarui Network technology company
Photo collage edit by Jiangxi Huarui Network technology company
Pic collage by Jiangxi Huarui Network technology company
Super Photo Plus by kowloon
Bees collage by kowloon
Superb Photo by kowloon
Sweet Collection by TopFun Families
Pic collage by Shenzhen coronation plus Technology Co.. Ltd.
K music by Shenzhen coronation plus Technology Co.. Ltd.

If you have downloaded one of these apps, uninstall it from your phone and run a virus scan.  Although malware containing apps are found on Google Play regularly, it is still safer to download apps from there than other locations.  To reduce the risk, make sure you only download apps with a large number of positive reviews and downloads.

Blu Android phones caught sending user data to China – 05/09/18

 

They’re baaack! Last year, Amazon pulled the ultra cheap Blu brand of smart phones from their site after it was discovered, they were calling home to China without their user’s consent and transferring loads of private data .  Users were completely unaware of the data transfers as the application responsible was installed in the factory and therefore undetectable by anti-virus software.

The company has since come to an agreement with the FTC and promise to never do it again. This has prompted Amazon to once again allow the company to sell their phones on their site.

If Blu violates the agreement with the FTC, it could cost them up to $41, 484 per incident in civil penalties. They will now have their security protocols and record keeping monitored. However considering Blu repeatedly misled consumers and regulators previously by stating they had stopped data collecting when in fact they were still doing it, I am not so sure they can be trusted. Yes their phones are a deliciously cheap, however you might be giving up your personal information in exchange.  Remember, you get what you pay for.

Your ad-blocker Chrome extension may be malware – 04/19/18

 

Adguard has found 5 very popular ad-blocker Chrome extensions in the Google Webstore which contain malware that allows a criminal to take control of your browser.

  • AdRemover for Google Chrome
  • uBlock Plus
  • Adblock Pro
  • HD for YouTube
  • Webutation

Google has removed the extensions. However if you have installed one of them:

  1. Uninstall it immediately.
  2. Change the passwords on all your accounts.
  3. Keep an eye on your bank accounts and credit card statements.

The malware these extensions contain work in the background making detection very difficult. As far as the user is concerned the extension is what it appears to be. For this reason millions of unsuspecting users downloaded them onto their machines.

How do you protect yourself from malignant browser extensions? Don’t download them.  If you really, really need the extension make sure you know who the developer is. Stick to well known trusted developers that you recognize.

Criminals find a way around two step verification in Google – 04/11/18

 

Two step verification keeps criminals from accessing your account if your password is compromised. It is a great way to add an added level of security to your accounts. However, enterprising criminals have found a way around it.

How did they do it?  Is there some back door that they found? Have they created a new brute force hack technique? Nope. They just ask for the verification code. Low tech social engineering strikes again.

Here is how it works. They send you a text that looks like it comes from Google notifying you of a password reset. If you don’t want your password reset, you are instructed to text the word STOP. Once you do, you are asked to text 822 back to be sent a verification code to stop the password reset.  Once you receive the verification code, they ask you to text them the code back to confirm that you don’t want the password reset.  Pretty clever huh?

Of course what is happening is they are trying to get into your account but can’t because they don’t have the verification code. By playing the stop the password reset game they are hoping to catch you off guard so you just sent them the  code.

For the record, no one will ask you if you don’t want to do something with your account.  As soon as someone asks you for confirmation to NOT do something, you know the jig is up.  This is just another reminder that we have to read our texts and emails carefully and question anything that seems odd. The criminals count on you to react without thinking. Stop them in their tracks, think before you react.

 

Facebook Android app logging calls and texts – 04/11/18

 

On the heels of an announcement that Facebook allowed Cambridge Analytica to harvest data from users to influence the US elections, users of the Android Facebook app have found that their calls and texts are being logged.  It’s been a tough few weeks for Facebook users concerned about their privacy.

Why on earth would Facebook need to log calls? Apparently to improve our experience of using their products. As alarming as all this seems, Facebook is only doing what their users have allowed them to do. In our desire to connect we have thrown caution to the wind and have accepted any conditions of use that app developers have thrown at us. If this has taught us anything, it has taught us to be more cautious with clicking Allow when an app is asking for permission to access our contacts, our microphones, our photos and anything else they might want to mess with.

The only way things are going to improve is if we users start choosing privacy over convenience and stop downloading intrusive apps. This is a lesson that Facebook is learning the hard way, with users dumping the platform at record speeds. The question is, is anyone else paying attention?

 

MyFitnessPal Under Armour App has been Breached – 04/03/18

If you have been using MyFitnessPal from Under Armour, change your password immediately.  On March 25 Under Armour learned that usernames, email addresses and hashed passwords were taken from about 150 million user accounts.

The good news is the passwords were hashed or scrambled and will need to be decoded before they can be used.  The bad new is, the thieves may use phishing emails to acquire your password directly instead of doing the hard work of decoding it.  Change your password directly in the app or through their website instead of using a link in an email.

If you use your MyFitnessPal password for other apps or websites, make sure you change those passwords as well.

New security vulnerabilities found on everything with a computer processor – 01/08/18

What are they?

New vulnerabilities called  Meltdown and Spectre have been found in computer processors  built after 2009 that allow a program to steal data from your computer system’s memory without your permission or knowledge.  It affects everything that has a computer processor including your computer, tablet, phone and IoT (Internet of things such as a smart thermostat).

Why should I be concerned?

These vulnerabilities have the potential to allow hackers to covertly fetch sensitive information  such as passwords from system memory allowing access to your online banking, social networking accounts and the like. To make matters worse, the attack can be made via your browser.

How is the problem fixed?

As these vulnerabilities are in the main processing chip on the computer, the ultimate fix will be to change the processor codes, the firmware or the chip itself.  However, the problem can be mitigated by modifying how the software interacts with the processor. As a result, software and hardware vendors are currently developing patches for these vulnerabilities.

What is IT Services doing about it?

We are following our standard processes to manage the patches for these vulnerabilities.

What do I have to do?

You do not need to update your workstation, it will be done by the MRU patch management process.  Your regular updates include all required patches. If you have a Mount Royal laptop or device and you aren’t sure that it is getting updated, please visit the IT Service Desk.

Install updates for all your personal portable devices and home machines as soon as they become available.  Make sure that your browser is updated as well. Please note that not all anti-virus programs are compatible with Microsoft’s latest updates. If your machine has incompatible anti-virus software, the Microsoft updates will not be uploaded and your machine will be left vulnerable. Check your anti-virus program’s website to see if it is compatible.

Make sure you visit official/trusted websites to get your updates or use the update feature from within your software.  We do not recommend clicking on links and opening attachments in emails claiming to have a link to the latest updates or patches.  Criminals may take this opportunity to send out fake security patch or update emails with malicious links to try and trick you into downloading their malware.

For more details on the vulnerabilities, check out the sources for this article:

 

Have a music player app on your Android phone? It may be secretly running malware. – 11/16/17

 

Yes, it has happened again, apps have been found in Google Play loaded with malware. Google has removed 144 different music playing apps from Google Play that contain a new form of malware called Grabos.  What makes this malware so devious is it monitors your phone activity and switches its function based on whether you are using the infected app or not.  So, when you are paying attention the infected app acts as advertised, letting you download music for free. When you aren’t using the infected app, it sends information about your device, its specs, its location and the apps that are installed on it to the hacker’s server.  This information is then used to create targeted notifications that prompt you to download and install additional malware loaded apps which are then opened without your consent.

To make sure as many people as possible are infected, the infected app constantly prompts you to rate it and offers you faster download speeds if you share it with friends.

Because of the prompts to rate these infected apps and their covert nature, many of them have a very high rating on Google Play. The most popular one, with over one million downloads, is called Aristotle Music Audio Player 2017. For a complete list of infected apps, check out McAfee’s blog post.

If one of these is on your phone, uninstall it and then check to make sure all the apps installed on your phone are apps that you installed and were not installed by the malware. It would also be a good idea to change the passwords on all your accounts that you can access from your phone.

Although these apps have been removed from Google Play, they can still be found and downloaded from other locations on the Internet. Reduce your risk, only download apps from reputable sources with good reviews.