Malware in fake Fortnite Android apps is already spreading

Malicious websites offering Android versions of Fortnite downloads have been discovered already, just days after the game was officially launched as a beta outside of the Google Play Store.

Developer Epic Games had already announced the game would not be available through Google Play, in a move that avoids it having to pay Google’s 30% cut on all purchases made, and instead provides the game as a download through its own website.

In a Wired report, the publication found seven websites advertising Fortnite for Android, all of which were then identified to carry malware by security experts Lockout. Upon investigation, the most common malware fools downloaders into visiting websites loaded with ads, on the promise of a code or opportunity to download the Fortnite game.

It’s also pointed out that before Google and Bing responded to complaints, the top search result for an Android version of Fortnite led not to the official version, but one loaded with malware.

Lookout’s Christoph Hebeisen told Wired why Fortnite not being available in the Google Play Store makes it interesting:

“When we are looking at fake apps that pretend to be a particular game, and that game is available on the Play Store, there’s a fairly high barrier for people to download that game from somewhere else, because they know that’s not a legitimate source.”

Fortnite does not have this safety barrier, and the consequences are already evident.

via BOA

Read more »

How google fights android malware 👀 ⚠️

Did Google score a complete victory against Android malware last year? No. Did it win? Yes.

If you just read the headlines, it sounds like Android is a security mess. There's a report about one Android malware program after another. What's not said is that often these Android viruses require a user to be a sucker to get them. But since a sucker is born every minute, Google does its best to stop malware in its tracks.

How does Google do this? Google's VP and head of security, Dave Kleidermacher, and Google Play's product manager, Andrew Ahn, explained in a blog post: "While the majority of developers have their audience's best interest at heart, some bad apps and malicious developers do attempt to evade detection and enter the Play Store to put people and their devices in harm's way."

A major reason for this is the "massive scale and the global reach of Google Play make the platform a target for bad actors," according to Google. To combat them, Google said it deploys "teams of engineers, policy experts, product managers, and operations professionals who constantly monitor the store and incorporate feedback from the user community to protect people from misleading, inappropriate, or harmful apps."

So, what does that mean? In 2017, Google reported it "took down more than 700,000 apps that violated the Google Play policies, 70 percent more than the apps taken down in 2016. Not only did we remove more bad apps, we were able to identify and action against them earlier. In fact, 99 percent of apps with abusive contents were identified and rejected before anyone could install them."

Google claimed it was able to do this "through significant improvements in our ability to detect abusive app content and behaviors -- such as impersonation, inappropriate content, or malware -- through new machine learning models and techniques." In addition, "We've also developed new detection models and techniques that can identify repeat offenders and abusive developer networks at scale. This resulted in taking down of 100,000 bad developers in 2017, and made it more difficult for bad actors to create new accounts and attempt to publish yet another set of bad apps."

In other words, Google made it much harder for repeat offenders to push malware into the Play Store. Specifically, Google strengthened Android Play Store in the following areas:

Read also: This crypto-mining Android malware is so demanding it burst a smartphone

COPYCATS

Attempting to deceive users by impersonating famous apps is one of the most common violations. Famous titles get a lot of search traffic for particular keywords, so the bad actors try to amass installs leveraging such traffic. They do this by trying to sneak in impersonating apps to the Play Store through deceptive methods such as using confusable unicode characters or hiding impersonating app icons in a different locale. In 2017, Google took down more than a quarter of a million of impersonating apps.

Read also: Android security: Sneaky three-stage malware found in Google Play store

INAPPROPRIATE CONTENT

Google doesn't allow apps that contain or promote inappropriate content, such as pornography, extreme violence, hate, and illegal activities. The improved machine-learning models sift through massive amounts of incoming app submissions and flag them for potential violations. This helps the human reviewers in effectively detecting and enforcing on the problematic apps. Tens of thousands of apps with inappropriate content were taken down last year as a result of such improved detection methods.

Read also: BankBot Android malware sneaks into the Google Play Store - for the third time

POTENTIALLY HARMFUL APPLICATIONS (PHAS)

PHAs are a type of malware that can harm people or their devices -- e.g., apps that conduct SMS fraud, act as trojans, or phishing user's information. While small in volume, PHAs pose a threat to Android users and Google invested heavily in keeping them out of the Play Store. Finding these bad apps is non-trivial as the malicious developers go the extra mile to make their app look as legitimate as possible. With the launch of Google Play Protect in 2017, Google reduced the rate of PHA installs by an order of magnitude compared to 2016.

Google Play Protect took several security measures that were already present in Android and improved them. These are malware scanning, application monitoring for rogue behavior, the ability to remotely locate, lock, and optionally wipe your device, and warnings about dodgy sites, which try to feed you malware or trick you out of personal information.

When it fails, and it will fail sometimes, Google's director of Android security, Adrian Ludwig, explained to ComputerWorld's J.R. Raphael: "The challenge that all detection technology runs into, inclusive of Google Play Protect, is when we see a completely new family coming from a different environment -- especially if [the apps] are on the borderline of behavior that might be considered to be potentially harmful and not quite potentially harmful." For example, no one's been able to use the Meltdown and Spectre security holes in malware... yet. When it does happen, these attacks will be hard to detect.

Still, Google's Play Store protection isn't perfect. "Despite the new and enhanced detection capabilities that led to a record-high takedowns of bad apps and malicious developers, we know a few still manage to evade and trick our layers of defense. We take these extremely seriously, and will continue to innovate our capabilities to better detect and protect against abusive apps and the malicious actors behind them. We are committed to make Google Play the most trusted and safe app store in the world," Kleidermacher and Ahn wrote.

So, is Android perfectly secure from malicious programs? Heck no! The battle against malware is never-ending and bad programs will make it through sometimes. But, Google is trying its best to make Android and its applications as safe as possible.

RELATED STORIES

• The 10 best ways to secure your Android phone
• Android security alert: Google's latest bulletin warns of 47 bugs, 10 critical
• Android security: Sneaky three-stage malware found in Google Play store

Read more »

Xafecopy Trojan Will Steal Money From Your Mobile, protect your phone now!

Xafecopy Torjan is a new malware reported by cyber security firm, Kaspersky. As per the report, a new Malware is hitting the technology world which is stealing money from your smartphone. Xafecopy Trojan malware is spreading slowly over the world starting from India. As per the report, over 40% of malware target was found in India. Since, India is becoming more advance with technology, people are more into digital payment services. For that reason, hackers are moving on to this country.

As per the official report by Kaspersky, “Kaspersky Lab experts have uncovered a mobile malware targeting the WAP billing payment method, stealing money through victims’ mobile accounts without their knowledge.”

This new malware runs secretly on your device and steal data from your device. The trojan puts and runs its secret codes to your phone without your knowledge and this way it fetches the information from your device. This trojan runs normally on the device and hence no one will understand what’s actually going on inside your mobile phone. You will not be able to see any such codes with bare eyes.

This code runs and activate through various applications which most of the Android and iOS users are using. Applications like BatteryMaster, ES File Explorer and all the other apps which contains advertises runs these malicious codes. Once the app is activated, the codes will itself starts working on your mobile phone.

This malware clicks different webpages on your mobile phone through Wireless Application Protocol billing. After filling up the form, the code silently subscribes you to various services. This process works super smoothly without any registration or sign up process. You don’t have to put the credit card or debit card details into the forms still it will subscribe for various services without your permission and knowledge.

As we all know, most of the services have captcha codes for the final confirmation of your action. But this malware replaces the captcha code with normal texts and this way it can easily get confirmation and bypass the entire procedure itself. Captcha codes are there to fill the forms and confirmation manually so no robots or autobots can harm your information. But this malware is something to hit the right bone of all the users.

Furthermore, the report says, “Xafecopy hit more than 4,800 users in 47 countries within the space of a month, with 37.5 per cent of the attacks detected and blocked by Kaspersky Lab products targeting India, followed by Russia, Turkey and Mexico.”

Kaspersky Lab Senior Malware Analyst Roman Unuchek said, “Our research suggests WAP billing attacks are on the rise. Xafecopy’s attacks targeted countries where this payment method is popular. The malware has also been detected with different modifications, such as the ability to text messages from a mobile device to premium-rate phone numbers, and to delete incoming text messages to hide alerts from mobile network operators about stolen money.”

In order to prevent yourself from such unwanted and harmful malware attacks to stop them stealing your money, make sure you have a proper security set in your Android device. Stop downloading and installing unwanted third party applications as hackers and attackers are trying to spread this virus or we can say malware with the help of such third party applications which are not permitted by Google. If you are using an Android smartphone, it is better for you to protect your smartphone with Google Play Protect which is a free security service available on all the Android smartphone. The security app has over 1 Billion active users as per the reports.

As a security advice, “It is best not to trust third-party apps, and whatever apps users do download should be scanned locally with the Verify Apps utility. But beyond that, Android users should be running a mobile security suite on their devices.”

via techbulletin

Read more »

Protect your PC: Ransomware attack increases by two fold in 2017

For various PC problems, we recommend to use this tool.

This tool will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Quickly fix PC issues and prevent others from happening with this software:

1. Download now(100% safe download).
2. Click “Start Scan” to find Windows issues that could be causing PC problems.
3. Click “Repair All” to fix all issues (requires upgrade).

Ransomware is undoubtedly getting a lot of attention these days especially after wide spread WannaCry episode. For the uninitiated, the ransomware is a piece of code that encrypts the files on your computer and demands a ransom to give away the decryption code. Yes, we have seen a variety of Ransomware plaguing the machines and invariably organisations and enterprises figure out on the top of the list.

As per a mid-year cyber attack, trends report from security analyst company CheckPoint the percentage of ransomware has doubled in the first half of this year as opposed to 2016. Furthermore, the report finds that 23.5 percent of the organisations were affected by the RoughTed malvertising campaign while 19.7 percent of the organisations were affected by the Fireball malware during the same time frame.

The report further sheds light on how the attackers are devising new methods to exploit Microsoft Office, in fact, we recently reported on how attackers were using PowerPoint files to gain access to the machine. The attackers are also introducing new methods to offload the malware and this will not require the user to open a backdoor for the attackers. The ransomware is also being disguised such that the anti virus/malware protection suite find it difficult to detect.

RECOMMENDED: Click here to fix common PC issues and speed up your system

The report also mentions the cascading effects of “nation-state level malware” which is usually aimed for the masses and it can virtually hunt anyone instead of specified targets. Such attacks can be prevented by using the available solutions like network micro-segmentation, threat emulation and endpoint security. In fact, it is for this very reason that security solutions from company’s like BitDefender include ransomware protection.

The worst part, however, is that the Mobile malware developers are also actively developing malware. They usually use these malicious codes to control any activity on the device and also create a one-stop attack in order to fraud, steal information and also disrupt apps. The graph above represents the percentage of enterprises/organisations that were affected by the malware.

RELATED STORIES YOU NEED TO CHECK OUT:

• Windows 10 virus removal tools to vanquish malware for good
• Protect your PC from ransomware and malware with Windows Defender’s new Controlled Folder Access
• 5 best malware tracker maps to see security attacks happen in real-time

Read more »

500 Android apps blocked from Play Store due to malware

Through the use of an advertising software development kit contained in 500 apps on the Google Play Store, cybercriminals were able to spy on users and even infect their mobile devices with malware. 

That's according to security firm Lookout , which discovered that the Android apps in question all had the lgexin ad SDK built into them which gave unauthorised third parties access to user devices.  The apps themselves also managed to be downloaded over 100 million times from the Google Play Store as many of them fell into popular categories such as weather, health and fitness, travel and games. 

However, the app developers were likely not responsible for the malware added by the cybercriminals and this is not the first time that hackers have used an SDK to deliver a malicious payload.    

Lookout researchers offered further details on why the developers were likely unaware that their apps contained malware at all, saying: 

“It is likely many app developers were not aware of the personal information that could be exfiltrated from their customers' devices as a result of embedding Igexin's ad SDK. It required  deep analysis of the apps' and ad SDK's behavior by our researchers to make this discovery. Not only is the functionality not immediately obvious, it could be altered at any time on the remote server.” 

In an attempt to prevent apps from being able to deliver malware to mobile devices, Google recently introduced Google Play Protect which will be built into the latest version of its mobile OS, Android O. 

Lookout has informed Google of its discover and all of the affected apps have now been removed from the Play Store. 

Image Credit: Andriano.cz / Shutterstock via itproportal

Read more »