Cybersecurity Blog

60 000 Android devices infected with malware – 06/28/18


The latest malicious Android app is a clever thing indeed.  So clever that it has managed to infect 60 000 devices at last count. What should you look out for? The whole process starts with a pop up that informs you that you have issues with your device.  The make and model of your device is listed in the pop up making everything look very official. It gives you the option of ignoring the issues or cleaning them up by installing an app. Thing is it doesn’t matter what you click, it takes you to a power saver app in the legitimate Google Play store.

It isn’t until you look at the permissions that the app asks for during install that things seem a bit odd.  Why would a power saver app need:

  • to read sensitive data?
  • to receive text messages?
  • to pair with Bluetooth devices?
  • full network access?
  • to modify system settings?
  • to receive data from the Internet?

If you decide to ignore the red flags and install the app anyway a few things will happen. First,  a hacker completely controls your device. Second,  a little ad-clicker bot runs in the background clicking on ads and generating revenue for the hacker while stealing your data. Third, the app actually does work by stopping processes that are using too much battery power when the battery level is low.  So it isn’t all bad. At least the app does what it says it does. It’s the bonus features that you can do without.

If you are have a pop up on your device that you cannot close or that takes you to a web page or the Google Play Store no matter what you do, restart the device. That should get rid of the pop up.  If it persists you may have to resort to a factory reset.  Either way you do not have to give a hacker control of your phone to get rid of a persistent pop up.


Is that app really as popular as it seems? – 06/15/18



Cyber criminals are getting wise. They have noticed that if an Android app has lots of downloads listed, the odds are pretty good that others will download it as well. They are using this phenomenon to trick people into downloading their malicious apps.

How are they doing it? When you browse the app store,  the only information that you see is the app name, app icon and the developer name. Creative criminals are taking advantage of this by entering their developer names as 100 Million Downloads, Installs 1,000,000,000 + or simply 5,000,000,000.

Criminals aren’t stopping the deception there. They are also using Verified Application or Legit Application as their developer names. Never mind that Google Play doesn’t have a developer account verification service, it looks good anyway.

This is just a reminder that when you are looking for apps to download stick to Google Play and read reviews carefully. Stay away from apps that use deceptive tactics, have few reviews or few downloads.  Happy and safe downloading!



More apps on Google Play containing malware – 05/11/18


Once again a bunch of apps on Google Play have been found to contain malware. The  majority of them are photo editors.  Here is the list of apps and their publishers.

Ladies World by Chenxy
Happy photos by chandrahegang
Beauty camera by bai xiongshu
S-PictureEditor by bai xiongshu
Collage maker 2018 by bai xiongshu
Gallery by bai xiongshu
Collage Maker by bai xiongshu
S Photo Plus by LiaoAny
CollagePlus by LiaoAny
Photo Studio by elaine.wei
Collage Studio by elaine.wei
Photo Studio Plus by elaine.wei
Collage Studio Pro by elaine.wei
Hot Chick by Sunshine Fun
Popular video by Phoenix bird Tech Limited
Music play by Jiangxi Huarui Network technology company
Photo collage edit by Jiangxi Huarui Network technology company
Pic collage by Jiangxi Huarui Network technology company
Super Photo Plus by kowloon
Bees collage by kowloon
Superb Photo by kowloon
Sweet Collection by TopFun Families
Pic collage by Shenzhen coronation plus Technology Co.. Ltd.
K music by Shenzhen coronation plus Technology Co.. Ltd.

If you have downloaded one of these apps, uninstall it from your phone and run a virus scan.  Although malware containing apps are found on Google Play regularly, it is still safer to download apps from there than other locations.  To reduce the risk, make sure you only download apps with a large number of positive reviews and downloads.

Blu Android phones caught sending user data to China – 05/09/18


They’re baaack! Last year, Amazon pulled the ultra cheap Blu brand of smart phones from their site after it was discovered, they were calling home to China without their user’s consent and transferring loads of private data .  Users were completely unaware of the data transfers as the application responsible was installed in the factory and therefore undetectable by anti-virus software.

The company has since come to an agreement with the FTC and promise to never do it again. This has prompted Amazon to once again allow the company to sell their phones on their site.

If Blu violates the agreement with the FTC, it could cost them up to $41, 484 per incident in civil penalties. They will now have their security protocols and record keeping monitored. However considering Blu repeatedly misled consumers and regulators previously by stating they had stopped data collecting when in fact they were still doing it, I am not so sure they can be trusted. Yes their phones are a deliciously cheap, however you might be giving up your personal information in exchange.  Remember, you get what you pay for.

New security vulnerabilities found on everything with a computer processor – 01/08/18

What are they?

New vulnerabilities called  Meltdown and Spectre have been found in computer processors  built after 2009 that allow a program to steal data from your computer system’s memory without your permission or knowledge.  It affects everything that has a computer processor including your computer, tablet, phone and IoT (Internet of things such as a smart thermostat).

Why should I be concerned?

These vulnerabilities have the potential to allow hackers to covertly fetch sensitive information  such as passwords from system memory allowing access to your online banking, social networking accounts and the like. To make matters worse, the attack can be made via your browser.

How is the problem fixed?

As these vulnerabilities are in the main processing chip on the computer, the ultimate fix will be to change the processor codes, the firmware or the chip itself.  However, the problem can be mitigated by modifying how the software interacts with the processor. As a result, software and hardware vendors are currently developing patches for these vulnerabilities.

What is IT Services doing about it?

We are following our standard processes to manage the patches for these vulnerabilities.

What do I have to do?

You do not need to update your workstation, it will be done by the MRU patch management process.  Your regular updates include all required patches. If you have a Mount Royal laptop or device and you aren’t sure that it is getting updated, please visit the IT Service Desk.

Install updates for all your personal portable devices and home machines as soon as they become available.  Make sure that your browser is updated as well. Please note that not all anti-virus programs are compatible with Microsoft’s latest updates. If your machine has incompatible anti-virus software, the Microsoft updates will not be uploaded and your machine will be left vulnerable. Check your anti-virus program’s website to see if it is compatible.

Make sure you visit official/trusted websites to get your updates or use the update feature from within your software.  We do not recommend clicking on links and opening attachments in emails claiming to have a link to the latest updates or patches.  Criminals may take this opportunity to send out fake security patch or update emails with malicious links to try and trick you into downloading their malware.

For more details on the vulnerabilities, check out the sources for this article:


Attention Students – Devices disappearing across campus – 12/07/17


It is a scene that is played out across campus every semester, a student on a laptop studies diligently for exams. She runs out of battery power and looks for a plug in. She finds one just around the corner, plugs in and goes back for her books. When she returns 30 seconds later, the laptop is gone. In 30 sec she has lost all her study notes and all her papers for the term. The theft is reported to security but the laptop is long gone. If only she had thought to back up her papers and notes on iCloud, Onedrive, Dropbox or Google Drive.  Then she would at least be able to study for her final.  Now she has little to work with and exams are looming. Now she has to contact her professors, ask for extensions and hope that they will be granted.  She was hoping to ace this term, now she just hopes to pass. This isn’t hypothetical. This is a real story that has been repeated over and over again.

This semester, don’t repeat the story.  Treat your devices like cash. If you wouldn’t leave a 20$ bill somewhere, don’t leave your device there. It takes less than 30 seconds for a criminal to pocket your smartphone or walk off with your laptop.  It takes less than 30 seconds to jeopardize a grade you have worked all term to achieve.







Have a music player app on your Android phone? It may be secretly running malware. – 11/16/17


Yes, it has happened again, apps have been found in Google Play loaded with malware. Google has removed 144 different music playing apps from Google Play that contain a new form of malware called Grabos.  What makes this malware so devious is it monitors your phone activity and switches its function based on whether you are using the infected app or not.  So, when you are paying attention the infected app acts as advertised, letting you download music for free. When you aren’t using the infected app, it sends information about your device, its specs, its location and the apps that are installed on it to the hacker’s server.  This information is then used to create targeted notifications that prompt you to download and install additional malware loaded apps which are then opened without your consent.

To make sure as many people as possible are infected, the infected app constantly prompts you to rate it and offers you faster download speeds if you share it with friends.

Because of the prompts to rate these infected apps and their covert nature, many of them have a very high rating on Google Play. The most popular one, with over one million downloads, is called Aristotle Music Audio Player 2017. For a complete list of infected apps, check out McAfee’s blog post.

If one of these is on your phone, uninstall it and then check to make sure all the apps installed on your phone are apps that you installed and were not installed by the malware. It would also be a good idea to change the passwords on all your accounts that you can access from your phone.

Although these apps have been removed from Google Play, they can still be found and downloaded from other locations on the Internet. Reduce your risk, only download apps from reputable sources with good reviews.

Criminals could hack your device through Bluetooth – 9/14/2017


Researchers have discovered a vulnerability in Bluetooth enabled devices that would allow an attacker to take control of them with no action on the part of the user. The majority of manufacturers have issued updates to patch this vulnerability.  As Bluetooth is a fairly complicated protocol, experts warn that there may be more vulnerabilities not yet discovered. To protect yourself, make sure you:

  • Keep your device updated.
  • Turn off Bluetooth when not using it

AirDrop allows strangers to send you files and photos


There is a lovely iOS feature called AirDrop which allows you to sent files to anyone within Bluetooth range anonymously. It has facilitated the rather disturbing practice of bluejacking, sending pics of your privates to random strangers in order enjoy the look of shock on their faces. By default this feature is enabled so you can receive files from anyone on your contact list. However some people have inadvertently changed the settings so they can receive files from anyone.

To prevent such unpleasantness,  it is recommended that you disable your AirDrop unless you are using it.  To turn AirDrop off:

  1. Swipe up to view the Control Center.
  2. Select AirDrop Receiving.
  3. Select Receiving Off.


Android banking malware targets hundreds of apps on Google Play – 04/18/17


It has happened again.  Funny Videos 2017 is just one of hundreds of legitimate apps on Google play have been infected with malware. This latest version of malware interacts with the user’s bank and credit card apps, placing a fake login page over the official one.  The fake login page collects the user’s login credentials and gives the cyber criminals full access to the user’s bank account or credit card.

Google has removed the infected apps from Google Play. Unfortunately that doesn’t help the users who fell victim. How do you reduce the possibility of being a victim of an infected app?  Before you download an app:

  • Read user reviews
  • Install anti-virus software on your phone

In addition, don’t download apps that ask for unusual permissions (ie. asking for the ability to change settings). Once an app is downloaded, if your phone start behaving unexpectedly uninstall it immediately. If the behavior continues, perform a factory reset on your phone.