Tag : malware

HummingBad Malware targets 85 million Android devices…

HummingBad  

As reported on the blog last week, malware has had a taste for Android devices.

The HummingBad software is another type of Android malware that has infected 85 million users globally. HummingBad infects Android devices in two ways, via drive-by downloads and malicious payloads delivered by websites distributing adult content. By using a rootkit, the malware attempts to gain root access to the device. If successful, the device is full accessible. In the event this method of access is not successful, a fake system update notification is used to trick users into handing over full access to the device.

With access granted, HummingBad will begin the usual malware process, installing fraudulent apps on the infected mobile device. Hackers are making a boatload of cash off this software alone, nearly $300,000 a month.  It’s an easy equation, the fraudulent applications deliver advertisements daily, generating a ridiculous amount of clicks. Engagement with these adds delivers nearly $10,000 to hackers daily, just from HummingBad alone. Researchers estimate that 10 million victims are using malicious applications without even knowing it.

Chinese cyber criminal group, Yingmob, consists of 25 employees spread out across four groups, and is responsible for managing HummingBad. It is suspected that Yingmob is behind the iOS malware called Yispecter, from 2015. China and India are the most affected by the HummingBad software, with 1.6 million devices in China affected, and 1.35 million affected in India. The United States is relatively small in the big picture, with 286,800 devices infected.

At the moment, HummingBad has not encrypted devices in order to steal data, but that doesn’t mean it won’t in the future.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post, please visit : www.zdnet.com

Windows 10 – Taking Tricks from Malware

Windows 10

 

Microsoft has been long pushing its users to jump aboard the Windows 10 train. But have they crossed the line?

Tech writer for Computer World, Preston Gralla, explains how Windows 10 took over his wife’s computer, installing the Windows 10 update without her permission. Gralla was understandably skeptical when his wife came into his office frustrated with Microsoft and complaining about the new update. How could the largest software platform, installed on PCs and Laptops alike, just blatantly ignore a users preferences and install new software without permission?

Microsoft has been aggressive in it’s attempts to get users to upgrade to Windows 10 before July 29th. Pop-ups began to appear on user computers urging them to update, but the action could be easily blocked with a quick click of the X in the pop-up window. Sounds just like any other pop-up, easy enough to understand. It started when Microsoft began quietly downloading the bits needed for the Windows 10 upgrade without telling users. Then this spring, Microsoft took it one step further. Changing everything we users know to be true about the X button in the upper right corner of any pop-up, Microsoft flipped the script. When the upgrade app appeared on user screens, and a user decided to click the X in the top right corner to avoid the installation, Microsoft did the exact opposite of what the user intended, taking a NO for a YES and installing Windows 10 on the user’s PC. Extremely frustrating to anyone thinking they had just avoided that action.

As Computer World’s Gregg Keizer points out, Microsoft violated it’s own recommended policy by changing this action on their upgrade app. Microsoft advises developers to maintain the action of clicking the X to close a dialog box to halt any action the box might take. Microsoft writes on it’s website for design guidelines, “The Close button on the title bar should have the same effect as the Cancel or Close button within the dialog box. Never give it the same effect as OK.”. Well, What the bleep Microsoft. You did exactly what you advise others not to do, giving the action of clicking X the same effect as OK.

Preston Gralla points out the painful resemblance of Microsoft’s shady acts to that of malware. Microsoft’s document  “How to prevent and remove viruses and other malware.” warns, to never click agree or OK to close a window suspected to be spyware. Instead Microsoft advises to click the red X in the corner of the window or press Alt+F4 to close the window. Hm. Even more ironic, Microsoft defines Spyware, “Spyware can install on your computer without your knowledge. These programs can change your computer’s configuration or collect advertising data and personal information.”

Well Microsoft, let’s make a list.

  • The Windows 10 upgrade downloads bits onto a user’s PC without permission or knowledge.
  • Changes a user’s computer configuration to meet the agenda of Microsoft.
  • By default, Windows 10 collects advertising data and personal information.
  • If a user tries to stop the Windows 10 upgrade, by doing exactly what Microsoft advises users to do with any other application, click the X in the right corner of the dialog box if you do not wish to receive the upgrade, the upgrade installs anyway!

If these tricks were tried by any other company, especially with malicious intent, I would be writing a blog post about a new form of Malware. It appears Microsoft has taken notice to the aggressive push of malware and tailored a few of these features to benefit the push of the latest Windows 10. Not even Microsoft can advise users and developers to do one thing and then employ the complete opposite when it is to their benefit, eventually one of us is going to realize something fishy is going on. Windows 10 is not malware, and upgrading isn’t going to crash your computer or hold your data hostage. However, being upgraded to a new operating system is a lengthy installation that can have significant consequences for the user. Some applications may no longer work with the new OS, the length installation means time taken away from the work day, and learning a new OS is not particularly thrilling to most of the population. Not to mention the violated feeling most will endure when they find out Microsoft ignored their preferences and installed the upgrade anyway.

Take your own advice Microsoft.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit:How Windows 10 Became Malware

Threats That Are Spoofing Mobile Enterprise Apps

Nicht jede App ist vertrauenswürdig. Manche installieren Schadsoftware, andere klauen Dokumente oder Passwörter. Von diesen sollte man besser die Finger lassen.

Malware has taken to mobile applications, namely those in the enterprise. Enterprise employees use mobile applications to share data, send packages, manage email, and otherwise juggle the needs of a functioning business. Spoofing applications such as Cisco’s Business Class Email app, ADP, Dropbox, FedEx Mobile, Zendesk, VMware’s Horizon Client, and Blackboard’s Mobile Learn app, makes for very dangerous territory. These spoofed applications are nearly identically to the real counterpart, without serious knowledge of information technology you would never know that the FedEx app you are using is really malicious malware. By impersonating these types of enterprise applications, using the brand and packaging name, unsuspecting users become the host of dangerous malware.

Shuanet is a family of malware that automatically roots a device and installs itself on the system. After Shuanet installs itself on the system it proceeds to install more applications without the permission of the user. These applications are pushed to the phone with the intention to continue installing even more applications and more opportunities to fill the unsuspecting device with malware. With each installation of more applications comes aggressive marketing tactics to try to get a user to bite. Rooted devices are essentially in an altered state, when a device is rooted it is usually for the gain of customization, however in order to remain secure one must know how to configure the security, if they do not configure the device properly the device will no longer receive important software updates. Factory resetting a device infected with malware that installs itself on the system partition, such as Shuanet, will not wipe the malware completely from the device. Apps like these continue to download applications that also house malware, which only adds fuel to the fire.

Examples of apps it spoofs: ADP Mobile Solutions, CamCard Free, Cisco Business Class Email (BCE), Duo Mobile, Google Authenticator, VMWare Horizon Client, Zendesk, Okta Verify.

AndroRAT is another family of malware spoofing enterprise applications. Originally AndroRAT was developed by university students for a class project. It was used as a remote administration tool, as it allows a third party to control the device. Well controlling the device also means allowing the software to collect information from the device such as contacts, call logs, text messages, audio from the microphone, and even device location. Not exactly a comforting piece of information. Hidden remote access software allows attackers the ability to control the device and extract data with nearly nothing standing in their way. Most compromising to the enterprise is the continued remote access to a mobile device. This mobile device is carried throughout the day and it is only a matter of time before the device connects to a business network, allowing an attacker to infiltrate Wi-Fi networks and VPNs.

Examples of apps it spoofs: Dropbox, Skype, Business Calendar

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit:5 active mobile threats spoofing enterprise apps

Bank Accounts Targeted by Silent Malware

hybrid-banking-trojan-goznym-steals-4m-showcase_image-2-a-9049

 

Another level of sophisticated malware has hit the online banking platform in the form of a virus called “GozNym”. GozNym has already helped hackers steal over $4 million from banks in the United States, Canada, and Europe, according to IBM Security’s executive adviser Etay Maor, who also led forces in discovering the malicious software.

GozNym is a high alert and extremely dangerous malware due to a few contributing factors. One of which being the combination malware. Initial malware infects the machine, installing itself and a second form of malware onto the device. This second form waits in the background until the user decides to visit the web interface of a financial institution, storing the user’s username and password. The encryption level of the malware in this case has been doubled, making it even more difficult to analyze and research. The process is time consuming and often presents little answers as to how to alleviate the machine from the infection.

In addition, GozNym has been shown to be especially more difficult for anti-virus software to detect. Most well informed people aware of the sensitivity of their data, or simply value the life and protection of their computer, already have a noteworthy anti-virus software installed on their machine. Heeding to the advice of information technology professionals. However, if the anti-virus cannot detect the malware then your machine is basically waving it’s hands in the air, asking for trouble. An infection could arise without the user ever being aware of the installation, and all it takes is one visit to their bank’s web portal and the rest is history.

“There might be a million malware strains, but there are only a few families that are active and dangerous and those principal malware families are owned by organized crime, so this could cause very heavy losses in online banking fraud.”

 Don’t use the same password for everything. If hackers can silently get the password to one of your bank accounts without you knowing it, don’t give them more to work with by making that same password the golden key to all of your logins. Password managers are becoming increasingly popular due to the need for multiple passwords for everything. Although this method cannot be called bulletproof, it is a significantly better way to stay safe. The GozNym malware is sophisticated enough to show full bank account balances even after criminals have drained accounts. Try to stay conscious of how you are accessing your banking information. Paper statements for the time being, might be the best practice until a solution is found.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: Dangerous New Malware Targets Online Bank Accounts

Kansas Heart Hospital- Paying the ransom still wasn’t enough

bitcoin, ransomware

The Kansas Heart Hospital in Wichita, recently found themselves at the mercy of a ransomware nightmare. Seeing as the demands were not unattainable or extremely high, the hospital decided to simply pay the Bitcoin, thinking that would be the end. Not quite. After the hospital paid the Bitcoin, the hackers decided that the hospital was a willing target for even more money! The hackers received payment and decided to hold back some of the data they had encrypted and proceeded to demand more money from the Kansas Hospital.

To my surprise, the Kansas Heart Hospital didn’t end up giving any more funds to the hackers. We aren’t sure if they decided the data was not of importance, or if the hospital employed some tech support from a trusted source. Whichever the case, I appreciate the hospital standing firm in their decision to not pay anymore Bitcoin. As many have been urged to not pay absurd ransomware demands, it can be terrifying when the circumstance comes about. Helpless, I’m sure is how many ransomware victims feel.

Nevertheless, it is important to be aware of malware and ransomware threats. Nearly half the hospitals in the United States have been attacked by some variable of malware/ransomware. An official at the Kansas Heart Hospital even told reporters that they “were aware of the ransomware threat and had a plan in place to deal with it”. Better make sure you have a plan B too.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: Hospital pays ransom, ransomware demands more money

Antivirus – Top 4 on the Market in 2016

 

Keep your computer healthy and your stress low, with an easy to manage antivirus software. A wealth of options exist, so with the help of researcher Neil Rubenking at PCMag, we have comprised a list of the top antivirus programs. Each product has been reviewed and lab tested in order to provide real results and data. In times of trouble no one wants a program that can’t handle the pressure.

Top 4 Commercial Antivirus Software on the Market

Kaspersky Anti-Virus (2016)1444039371_kaspersky-antivirus-2016-16.0.0.424

  • On Demand Malware Scan
  • On Access Malware Scan
  • Malicious URL Blocking
  • Phishing Protection
  • Bonus – Vulnerability Scan

 

 

Bitdefender Antivirus Plus 2016

Both Bitdefender and Kaspersky performed at the top of the scale in independent Lab tests.

  • On Demand Malware Scan
  • On Access Malware Scan
  • Malicious URL Blocking
  • Phishing Protection
  • Bonus – Vulnerability Scan
  • Website Ratingbd2016-boxshots-av-online-en_1_2

McAfee AntiVirus Plus (2016)

A single subscription of McAfee AntiVirus Plus allows you to install protection on all of your Windows, Android, Mac OS, and iOS devices.

  • On Demand Malware Scan Product_Page_Product-Overview_Pack-image_AntiVirus-Plus_320x430
  • On Access Malware Scan
  • Malicious URL Blocking
  • Phishing Protection
  • Bonus – Vulnerability Scan
  • Website Rating

 

 

 

Webroot SecureAnywhere Antivirus (2016)

Webroot SecureAnywhere Antivirus uses an  unusual behavior based detection technology. This makes Webroot the tiniest antivirus on the market today. This is both good and bad. In theory this Antivirus can protection you from malware, but it can also flag legitimate behaviors made by legitimate users.

  • On Demand Malware Scan
  • On Access Malware Scan
  • Malicious URL Blocking
  • Phishing Protection
  • Website Rating

Antivirus program

 

 

If you would like to educate yourself in more detail about the information presented in this blog post please visit:The Best Antivirus Utilities for 2016

Businesses Beware- FBI warns Ransomware is on the rise

ransomeThe FBI released statements of warning this week about the rapid growth of ransomware attacks. As attacks become more frequent and sophisticated, it is crucial that businesses are proactive about ransomware prevention. The influx of attacks against hospitals has made ransomware a major threat to the U.S. healthcare industry this year and will only continue without proper protection.

Years prior, ransomware was delivered through email. Now that email systems have evolved, and spam settings have become more sensitive, cyber criminals have stepped away from email delivery. Seeding legitimate websites with malicious code and taking advantage of unpatched software on end-user computers, there is no need for an individual to click on a link in order to be infected. In a usual email attack, a user may see an email addressed to them and open it. Unsuspectingly clicking on the attachment that appears no different than any other attachment, the malware code is then able to access the victims machine and the rest is history.

Once the machine has been infected, the malware begins encrypting the files and folders on local drives, including attached drives, backups and even other computers on a shared network. As seen many times this year, organizations are often unaware of the attack until they are unable to open their files and retrieve data. Sometimes organizations are not made aware of the encryption until messages start to display ransom payment in exchange for a decryption key.

Whether or not to pay the ransom is still under debate. The FBI does not encourage payment, only because paying the bitcoin does not guarantee the safe return of sensitive data. Morally, payment would be frowned upon, as it is most certainly funding illicit criminal activity and encouraging more attacks. However, it is understandable why many have been forced to pay, simply put businesses need their data in order to survive. Unfortunately ransomware criminals know that all too well.

Prevention Measures 

  • Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
  • Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
  • Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
  • Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
  • Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they don’t need write-access to those files or directories.
  • Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
  • Back up data regularly.
  • Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.

If you would like to educate yourself in more detail about the information presented in this blog post please visit: FBI: Ransomware threat at all-time high; how to protect company jewels

What to do if you suspect Malware? We have the answers

Most often one does not know that they are infected with Malware until it is indefinitely too late. A few signs can lead you too believe you might be infected, such as incredibly slow PC performance, browser pop-ups when no browser is open, and security warnings from security programs that have never been installed on your computer, can make you feel uneasy about your machine. Try these tools to kick Malware in the butt. malware-microsoft

Update Antivirus

The software IDs within antivirus software identify existing malware based on what has come before and the latest updates available. Make sure your antivirus software is current, with all of the latest installs. Having software that is even one day out of date leaves your machine at risk for encryption. Antivirus vendors offer updates based on viruses they encounter both in the lab and in the field.

Find Safe Mode

Most malware, when designed correctly, is ready to evade System Restore points set in Windows. Perhaps this might be enough to fix the problem, but say that its not, as it most likely won’t be, try running a program designed to kill any known malware process in progress, such as RKill. The other option in this case is to boot Windows in a way that will not allow malware to get started, aka Safe Mode. By first restarting your PC (Windows 8 or 10), hold down the shift key during the boot sequence, and choose Safe Mode within the troubleshooting options.

Delete Hiding Places

You should then delete all temp files that could hide malware. To delete temp files, open the Start menu, type Disk Cleanup into the search bar and it will check the C:drive for all temp files that can be safely deleted. The software IDs within antivirus software identify existing malware based on what has come before and the latest updates available. Make sure your antivirus software is current, with all of the latest installs. Having software that is even one day out of date leaves your machine at risk for encryption. Antivirus vendors offer updates based on viruses they encounter both in the lab and in the field. After this process it is advised that you run an antivirus on-demand scanner, such as Malwarebytes Anti-Malware. This program is a great line of second defense against malware because it often comes to the rescue if your initial antivirus fails.

No Connection

A RAT, means that someone is remotely accessing your PC. Your first step in this case is to get off the internet. Turn off the Wi-Fi, remove the Ethernet cable, turn off the router, whatever needs to be done in order to detach from the internet. Now, being disconnected from the internet ensures that you are no longer able to be controlled, but it makes it a great deal harder to receive the latest antivirus without access to the internet. The latest software will need to be retrieved from a third party PC, at a different location preferably, then transferred to the RAT PC via USB flash drive. Another option would be to reboot the computer with a CD. Running a full anti-malware utility, these CDs are sometimes called “rescue CD” and can be used without internet connection. Of course, in order to use this option, a CD player will be necessary.

Portable Help

If all other options have failed, it may be the Operating System that has already been infected, making it impossible to even download the newest antivirus software. In order avoid the OS and let the antivirus do its job, you will need to utilize portable apps through a USB flash drive. These portable apps do not require a direct installation. Apps like this consist of Microsoft Safety Scanner, CLamWin, McAfee Stinger, or Kaspersky Security Scan. You can also try a mix of many portable apps since they will not conflict as you have to run each scan individually. There are also other software options such as Spybot and Symantec’s Norton Power Eraser that specifically target a type of malware called crimeware, that run scams. Although this is measure is aggressive, and often times deletes files that might not be malware, all in the effort of safety of course.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: How to Remove Malware From Your PC

ATM’s – The Next Target For Hackers

Use of outdated operating systems like Windows XP and lack of security means it’s still possible to crack ATM security, warn researchers.

As one of the millions of people who frequent their banks ATM at least once a week, the last thing on my mind is usually the security of the operating system. But when you think about the foundation of the machine taking your card and spitting back cash, you’ll realize this machine is just a PC running on old software. Easily susceptible to malware. Not comforting.

There was a 15 percent jump in ATM fraud activity between 2014 and 2015 and researchers believe statistics will only increase. Within this time cyber criminals were able to get their hands on more than $150 million. Researchers credit security vulnerabilities to the use of outdated platforms that no longer receive patches and fixes such as Windows XP.

“If we think of a modern ATM as a MS Windows PC with a money box attached to it that’s controlled through software, it is easy to see how it becomes an attractive target for any malware writer,” Sancho and Huq said.

Trend Micro and Europol’s European Cybercrime Center (EC3) discovered two main malware threats that either provide hackers with the card details of the user, or give the hacker privileges to dispensed cash. Most worrisome is the lack of extreme measures hackers have to employ in order to infect ATMS. Simply put all hackers have to do is install malware onto the machines via a USB or the CD- drive.

At the moment, malware ATM fraud has only been reported in international cases, Eastern Europe and South America. Despite little activity in the United States, authorities are aware of increasing malware ATM concerns and are monitoring cyber criminal forums for activity.1447059385670243


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: A Windows PC with a money box attached: Why hacking ATMs is big business for criminals

Ransomware Attacked My Mom’s Computer

04CYBERWALL-facebookJumbo
How My Mom Got Hacked, a real life story about Brooklyn artist who receives a panicked phone call from her mom one day complaining her personal computer has been taken over by some sort of strange encryption. The story unravels the journey Alina Simone and her mom Inna endure in order to restore the files back from the hackers. After the initial shock of the situation sets in the two research their options and realize, as many do, that there is little to no answer as to how to get the files back without paying the hefty $500 ransom fee.

“I thought it was a typical mom rant about hr hardware crashing and having to pay the repair people $500 because her computer crashed.” Like many of us do when our parents call us after a long days work, Alina didnt take her mom seriously. Seeing as it was Thanksgiving weekend, a major snowstorm had just hit, and the ransom deadline was already decreasing to less than a 24 hour bracket, Alina and her mother were frantic. Her mother didn’t make the deadline, and according the the hackers the ransom would double due to this. Inna pleaded with the hackers and they let her off with $500 ransom and all her files. Luckily.

Others, such as the case of the Hollywood Presbyterian Medical Center that was hacked in early February and had to pay a whooping 40 bitcoin, $17,000 ransom, in order to get their system back on track.

“The value of my personal files and pictures caps off somewhere. But [if] I encrypt the back-end of your corporate system and prevent you from processing payments, that has a tremendous value. And if the hacker can recognize the value of what he has, the ransom can be more dynamically set based on the content of the data.”explains Grayson Milbourne, Security Intelligence Director for Internet security firm Webroot.

From personal to corporate, ransomware is most certainly an eye opening experience to security vulnerabilities.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: The Growing Threat of Ransomware