How Scammers Steal Your Computing Power to Mine Cryptocurrencies

Cryptojacking, an internet scam found on thousands of websites in which nefarious actors mine cryptocurrencies on computers without users’ permission, has been on the rise since the prices of bitcoin and many other cryptocurrencies began spiking last year. The con involves websites stealing computational power from a visitor’s computer to execute the algorithms that are involved in cryptocurrency mining, which requires significant amounts of energy.

While it’s most common in the sketchier corners of the internet, hackers have also been able to inject the cryptojacking software onto websites for Showtime and PolitiFact and on e-commerce platforms. Patrons of a Buenos Aires, Argentina, Starbucks branch discovered in December that its Wi-Fi service was covertly using their computers for mining, and last week disgruntled netizens complained on social media that YouTube ads were also stealing mining power. AdGuard estimates websites can earn up to $326,000 per month from cryptojacking based on traffic to popular websites found to have the mining software.

Cryptocurrencies are digital currencies that exist on a blockchain, an encrypted digital ledger that securely keeps track of the order of transactions between computers. Mining in general requires a computer to solve extremely complex mathematical puzzles in order to produce a piece of data, which serves as a unit of a given cryptocurrency. The mining process needs to be difficult and energy-intensive to make sure that these data sets are scarce enough to serve as a currency. If it were too easy to mine a bitcoin, then the coin would have no value. Cryptojackers are essentially stealing the energy that mining requires.

One of the most popular tools among cryptojackers is a JavaScript plugin called Coinhive, which mines Monero, a privacy-focused cryptocurrency launched in 2014. Although not as valuable as bitcoin, a single Monero is worth roughly $300. And it’s easy to mine on a personal computer, unlike bitcoin, whose mining process usually requires large server farms. A portion of the processing power that a computer allots to a website with the Coinhive plugin goes toward the mining process. The creators of the tool then get a 22 percent cut of the mined Monero.

Coinhive and other in-browser miners are often employed in a deceptive manner. AdGuard released data in December showing that four of the most popular streaming and video-conversion sites (Streamango, RapidVideo, Openload, and OnlineVideoConverter), which collectively receive about 992 million monthly visits, take users’ processing power for mining without informing them.

Cryptojackers are essentially stealing the energy that cryptomining requires.

To observe the effects of cryptojacking for myself, I went on publicwww.com, a search engine for source code, and found a list of websites that use Coinhive. Most of them appeared, based on their URLs, to feature either porn or pirated movies. I then visited five of the sites on separate Chrome windows at the same time, veering away from the NSFW content and toward websites for universities in Indonesia and Mexico. Only one site, the notorious Kiwi Farms forum, gave me the option to turn the miner on or off. Within 15 minutes, my laptop was hot to the touch, and the internal fan began whirring like a commercial airliner at takeoff. My cursor could no longer keep up with my finger’s trackpad movements, and the text that appeared on the screen was a good five words behind what I was typing on my keyboard. I opened the activity monitor, which showed a huge increase in processing:

Yet, returning my computer to its regular functions didn’t require any help from my anti-virus software or trips to the Genius Bar. Simply exiting out of the offending websites did the trick.

My experience with cryptojacking was more annoying than destructive. But this is not to condone the practice—it does rely on deceit and can cause crashes and make your computer vulnerable to other malicious codes. There are also more invasive forms of the scam, like miners disguised as legitimate Android apps that users unknowingly download. “This is a theft of power and time from people,” said Tarah Wheeler, a cybersecurity policy fellow at the New America Foundation. (New America is a partner with Slate and Arizona State University in Future Tense.)

However, the creators of Coinhive say they didn’t intend for it to be malicious. Their websiteadvises, “While it’s possible to run the miner without informing your users, we strongly advise against it. You know this. Long term goodwill of your users is much more important than any short term profits.”

I emailed the Coinhive team to ask if they knew whether anyone was using their miner legitimately, as all the coverage of their software I had seen had been in the context of the cryptojacking. They pointed me to a German image board called pr0gramm, which has been allowing users to access premium accounts with extra features in exchange for running the miner on a separate page. The team further claimed that some porn sites have been giving viewers the option to disable invasive pop-up ads by mining Monero. “Cryptomining in the browser is a very new concept and we (the web) still have to figure out how to use it properly. We have high hopes that a more ‘legitimate’ use of the miner will eventually prevail,” they wrote in the email.

At best, the outsourcing concept behind Coinhive could hold potential as a new way for websites to earn revenue. Users caught Pirate Bay, one of the most established internet hubs for sharing movies and other files, using Coinhive on some of its websites without prior notice in 2017. The site’s administrators explained in a blog post, “We really want to get rid of all the ads. But we also need enough money to keep the site running.”

While many weren’t pleased, some users actually seemed open to the idea of contributing spare processing power if it meant the end of pesky, and often crude, ads. Perhaps if Pirate Bay had presented cryptomining as a bargain beforehand, its users wouldn’t have been so irritated. As Wheeler, the cybersecurity policy fellow, said, “Cryptocurrency mining when you have the consent of the people that are visiting a site is like borrowing a cup of sugar from the neighbors. Cryptocurrency mining when you don’t have consent is like sneaking in and stealing the sugar.”

Almost everyone I conferred with about this monetization scheme mentioned SETI@home, a project at the University of California, Berkeley, that uses a radio telescope to listen for unnatural signals that could be evidence of extraterrestrial life. Whereas previous iterations of the project required a supercomputer to analyze all the data, researchers in 1999 released a software program to the general public that allowed people to donate their computers’ processing power while not in use. More than 4 million people have participated, and the collective effort of their idle computers has turbocharged the search. SETI represents what current efforts to outsource cryptomining could aspire to be. “[SETI] actually asked people if they could use the computers. … The research community has already found a way to do this with permission,” said Yvo Desmedt, professor of computer science at the University of Texas, Dallas.

However, there are many hurdles to jump before this vision can come to fruition. For the majority of people who are not familiar with the mechanics of plugins like Coinhive, the prospect of a website co-opting their computers to mine cryptocurrency may seem invasive. Bill Maurer, director of the Institute for Money, Technology and Financial Inclusion at the University of California, Irvine, said, “It depends on a pretty sophisticated consumer … you need to have a certain level of geekiness.”

And this revenue model also, of course, relies on the viability of cryptocurrencies, which have seen an overall slump in prices in 2018. Extreme volatility and high transaction costs have often precluded bitcoin owners from using it for purchasing—the online payment platform Stripe recently announced that it would no longer accept bitcoin as payment. The possibility of a large-scale hack or bubble burst bringing the whole currency system down may also prevent companies from implementing a cryptomining model. Nicole Becher, a fellow at New America’s Cybersecurity Initiative, surmised, “In the advertising world, you have to be able to sell this to a C-level [senior management] and say, ‘This is actually a new, viable to make money, so you can actually make payroll and actually become profitable.’ It’s all cool and nerdy, but at the end of the day, doesn’t it really come down to that?” 

One more thing

You depend on Slate for sharp, distinctive coverage of the latest developments in politics and culture. Now we need to ask for your support.

Our work is more urgent than ever and is reaching more readers—but online advertising revenues don’t fully cover our costs, and we don’t have print subscribers to help keep us afloat. So we need your help. If you think Slate’s work matters, become a Slate Plus member. You’ll get exclusive members-only content and a suite of great benefits—and you’ll help secure Slate’s future.

Read more »

How google fights android malware 👀 ⚠️

Did Google score a complete victory against Android malware last year? No. Did it win? Yes.

If you just read the headlines, it sounds like Android is a security mess. There's a report about one Android malware program after another. What's not said is that often these Android viruses require a user to be a sucker to get them. But since a sucker is born every minute, Google does its best to stop malware in its tracks.

How does Google do this? Google's VP and head of security, Dave Kleidermacher, and Google Play's product manager, Andrew Ahn, explained in a blog post: "While the majority of developers have their audience's best interest at heart, some bad apps and malicious developers do attempt to evade detection and enter the Play Store to put people and their devices in harm's way."

A major reason for this is the "massive scale and the global reach of Google Play make the platform a target for bad actors," according to Google. To combat them, Google said it deploys "teams of engineers, policy experts, product managers, and operations professionals who constantly monitor the store and incorporate feedback from the user community to protect people from misleading, inappropriate, or harmful apps."

So, what does that mean? In 2017, Google reported it "took down more than 700,000 apps that violated the Google Play policies, 70 percent more than the apps taken down in 2016. Not only did we remove more bad apps, we were able to identify and action against them earlier. In fact, 99 percent of apps with abusive contents were identified and rejected before anyone could install them."

Google claimed it was able to do this "through significant improvements in our ability to detect abusive app content and behaviors -- such as impersonation, inappropriate content, or malware -- through new machine learning models and techniques." In addition, "We've also developed new detection models and techniques that can identify repeat offenders and abusive developer networks at scale. This resulted in taking down of 100,000 bad developers in 2017, and made it more difficult for bad actors to create new accounts and attempt to publish yet another set of bad apps."

In other words, Google made it much harder for repeat offenders to push malware into the Play Store. Specifically, Google strengthened Android Play Store in the following areas:

Read also: This crypto-mining Android malware is so demanding it burst a smartphone

COPYCATS

Attempting to deceive users by impersonating famous apps is one of the most common violations. Famous titles get a lot of search traffic for particular keywords, so the bad actors try to amass installs leveraging such traffic. They do this by trying to sneak in impersonating apps to the Play Store through deceptive methods such as using confusable unicode characters or hiding impersonating app icons in a different locale. In 2017, Google took down more than a quarter of a million of impersonating apps.

Read also: Android security: Sneaky three-stage malware found in Google Play store

INAPPROPRIATE CONTENT

Google doesn't allow apps that contain or promote inappropriate content, such as pornography, extreme violence, hate, and illegal activities. The improved machine-learning models sift through massive amounts of incoming app submissions and flag them for potential violations. This helps the human reviewers in effectively detecting and enforcing on the problematic apps. Tens of thousands of apps with inappropriate content were taken down last year as a result of such improved detection methods.

Read also: BankBot Android malware sneaks into the Google Play Store - for the third time

POTENTIALLY HARMFUL APPLICATIONS (PHAS)

PHAs are a type of malware that can harm people or their devices -- e.g., apps that conduct SMS fraud, act as trojans, or phishing user's information. While small in volume, PHAs pose a threat to Android users and Google invested heavily in keeping them out of the Play Store. Finding these bad apps is non-trivial as the malicious developers go the extra mile to make their app look as legitimate as possible. With the launch of Google Play Protect in 2017, Google reduced the rate of PHA installs by an order of magnitude compared to 2016.

Google Play Protect took several security measures that were already present in Android and improved them. These are malware scanning, application monitoring for rogue behavior, the ability to remotely locate, lock, and optionally wipe your device, and warnings about dodgy sites, which try to feed you malware or trick you out of personal information.

When it fails, and it will fail sometimes, Google's director of Android security, Adrian Ludwig, explained to ComputerWorld's J.R. Raphael: "The challenge that all detection technology runs into, inclusive of Google Play Protect, is when we see a completely new family coming from a different environment -- especially if [the apps] are on the borderline of behavior that might be considered to be potentially harmful and not quite potentially harmful." For example, no one's been able to use the Meltdown and Spectre security holes in malware... yet. When it does happen, these attacks will be hard to detect.

Still, Google's Play Store protection isn't perfect. "Despite the new and enhanced detection capabilities that led to a record-high takedowns of bad apps and malicious developers, we know a few still manage to evade and trick our layers of defense. We take these extremely seriously, and will continue to innovate our capabilities to better detect and protect against abusive apps and the malicious actors behind them. We are committed to make Google Play the most trusted and safe app store in the world," Kleidermacher and Ahn wrote.

So, is Android perfectly secure from malicious programs? Heck no! The battle against malware is never-ending and bad programs will make it through sometimes. But, Google is trying its best to make Android and its applications as safe as possible.

RELATED STORIES

• The 10 best ways to secure your Android phone
• Android security alert: Google's latest bulletin warns of 47 bugs, 10 critical
• Android security: Sneaky three-stage malware found in Google Play store

Read more »

WPA2 security flaw puts almost every Wi-Fi device at risk of hijack, eavesdropping

A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack.

The bug, known as "KRACK" for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic, who found the flaw, said the weakness lies in the protocol's four-way handshake, which securely allows new devices with a pre-shared password to join the network.

That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream.

In other words: this flaw, if exploited, gives an attacker a skeleton key to access any WPA2 network without a password. Once they're in, they can eavesdrop on your network traffic.

The bug represents a complete breakdown of the WPA2 protocol, for both personal and enterprise devices -- putting every supported device at risk.

"If your device supports Wi-Fi, it is most likely affected," said Vanhoef, on his website.

But because Vanhoef hasn't released any proof-of-concept exploit code, there's little risk of immediate or widespread attacks.

News of the vulnerability was later confirmed on Monday by US Homeland Security's cyber-emergency unit US-CERT, which about two months ago had confidentially warned vendors and experts of the bug, ZDNet has learned.

The warning came at around the time of the Black Hat security conference, when Vanhoef presented a talk on networking protocols, with a focus on the Wi-Fi handshake that authenticates a user joining a network.

The cyber-emergency unit has since reserved ten common vulnerabilities and exposures (CVE) records for the various vulnerabilities.

Cisco, Intel, Juniper, Samsung, and Toshiba are among the companies affected.

At its heart, the flaw is found in the cryptographic nonce, a randomly generated number that's used only once to prevent replay attacks, in which a hacker impersonates a user who was legitimately authenticated.

In this case, an attacker can trick a victim into reinstalling a key that's already in use. Reusing the nonce can allow an adversary to attack the encryption by replaying, decrypting, or forging packets.

Windows and latest versions of Apple's iOS are largely immune from the flaws, according to security researcher Kevin Beaumont, in a blog post.

However, Vanhoef said the security issue is "exceptionally devastating" for Android 6.0 Marshmallow and above.

via zdnet

Read more »

Here is every patch for KRACK Wi-Fi attack available right now

Monday morning was not a great time to be an IT admin, with the public release of a bug which allowed WPA2 security to be broken.

As reported previously by ZDNet, the bug, dubbed "KRACK" -- which stands for Key Reinstallation Attack -- is at heart a fundamental flaw in the way Wi-Fi Protected Access II (WPA2) operates.

The security protocol, an upgrade from WPA, is used to protect and secure communications between everything from our routers, mobile devices, and Internet of Things (IoT) devices, but there is an issue in the system's four-way handshake which permits devices with a pre-shared password to join a network.

According to security researcher Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks (MiTM) and eavesdrop on communication sent from a WPA2-enabled device.

US-CERT has known of the bug for some months and informed vendors ahead of the public disclosure to give them time to prepare patches and prevent the exploit from being utilized in the wild -- of which there are no current reports of this bug being harnessed by cyberattackers.

The bug is present in WPA2's cryptographic nonce and can be utilized to dupe a connected party into reinstalling a key which is already in use. While the nonce is meant to prevent replay attacks, in this case, attackers are then given the opportunity to replay, decrypt, or forge packets.

In general, Windows and newer versions of iOS are unaffected, but the bug can have a serious impact on Android version 6.0 Marshmallow and above.

The attack could also be devastating for IoT devices, as vendors often fail to implement acceptable security standards or update systems in the supply chain, which has already led to millions of vulnerable and unpatched IoT devices being exposed for use by botnets.

The vulnerability does not mean the world of WPA2 has come crumbling down, but it is up to vendors to mitigate the issues this may cause.

In total, 10 CVE numbers have been preserved to describe the vulnerability and its impact, and according to the US Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks.

So who is on top of the game?

Aruba: Aruba has been quick off the mark with a security advisory and patches available for download for ArubaOS, Aruba Instant, Clarity Engine and other software impacted by the bug.

Cisco: The company is currently investigating exactly which products are impacted by KRACK, but says that "multiple Cisco wireless products are affected by these vulnerabilities."

"Cisco is aware of the industry-wide vulnerabilities affecting Wi-Fi Protected Access protocol standards," a Cisco spokesperson told ZDNet. "When issues such as this arise, we put the security of our customers first and ensure they have the information they need to best protect their networks. Cisco PSIRT has issued a security advisory to provide relevant detail about the issue, noting which Cisco products may be affected and subsequently may require customer attention.

"Fixes are already available for select Cisco products, and we will continue publishing additional software fixes for affected products as they become available."

In other words, some patches are available, but others are pending the investigation.

Espressif Systems: The Chinese vendor has begun patching its chipsets, namely ESP-IDF and ESP8266 versions, with Arduino ESP32 next on the cards for a fix.

Fortinet: At the time of writing there was no official advisory, but based on Fortinet's support forum, it appears that FortiAP 5.6.1 is no longer vulnerable to most of the CVEs linked to the attack, but the latest branch, 5.4.3, may still be impacted. Firmware updates are expected.

FreeBSD Project: There is no official response at the time of writing.

Intel: Intel has released a security advisory listing updated Wi-Fi drives and patches for affected chipsets, as well as Intel Active Management Technology, which is used by system manufacturers.

Linux: As noted on Charged, a patch is a patch is already available and Debian builds can patch now, while OpenBSD was fixed back in July.

The WiFi Standard: A fix is available for vendors but not directly for end users.

Mikrotik: The vendor has already released patches which fix the vulnerablities.

Google: Google told The Verge that the company is "aware of the issue, and we will be patching any affected devices in the coming weeks."

AVM: This company may not be taking the issue seriously enough, as due to its "limited attack vector," despite being aware of the issue, will not be issuing security fixes "unless necessary."

OpenBSD: Patches are now available.

Microsoft: While Windows machines are generally considered safe, the Redmond giant isn't taking any chances and has released a security fix available through automatic updates.

Netgear: Netgear has released fixes for some router hardware. The full list can be found here.

Ubiquiti Networks: A new firmware release, version 3.9.3.7537, protects users against the attack.

Check back as we update this story.

via zdnet

Read more »

Apple Macs At Risk From ‘Rising’ Malware Attacks

Apple not so safe after all. Rapid rise in malware targeting Mac devices, as Android security problem worsens

Malwarebytes has warned Apple Mac users that the days of their devices being relatively safe from malware are long over.

The security specialist analysed data from millions of its users worldwide and it discovered that Mac and Android ransomware and malware attacks have risen significantly in the past year.

Indeed, Malwarebytes found that more Mac malware had been detected in Q2 2017 than in all of 2016.

Mac Malware

According to the security vendor, the “rapidly rising rates of malware” targetting Mac devices should disperse the popular belief that Macs are impenetrable.

It cited the recent outbreak of the FruitFly surveillance malware as an example.

Fruitfly creates a backdoor that allows attackers to take screen captures and remotely control the Mac system.

“More malware families have emerged in 2017 than in any other previous year – and we’re only in August,” warned Malwarebytes. In fact, more new malware families have appeared this year than in any other previous year in Mac history.

To this end,  Malwarebytes has introduced ‘Malwarebytes for Mac‘, which offers real-time protection for Mac users to automatically block and remove cyber threats, including malware, adware and potentially unwanted programs.

“We carefully designed Malwarebytes for Mac to protect all Mac users from cyber threats and potentially unwanted programs so that they can feel safe and have a Mac that performs like it should,” explained Marcin Kleczynski, CEO, Malwarebytes.

“Antivirus and security awareness is no longer enough defence for Mac users, the growth of Mac malware has made that very clear. We hope that more and more Mac users will come to this realisation  and begin to seek out additional defences.”

Malwarebytes for Mac includes a real-time anti-malware protection scanner that allows for “ultra-fast proactive scanning for malware and spyware in real-time, in addition to flagging potentially unwanted programs and adware.”

And Malwarebytes for Mac can either completely replace an existing antivirus solutions or can run alongside any antivirus program. It also boasts a small system footprint that utilises minimal system resources to ensure that Macs run smoothly.

“Mac threats are not taken seriously enough in the security community today,” added Thomas Reed, Director of Mac and Mobile, Malwarebytes. “Adware and potentially unwanted programs are becoming a major problem for Mac users. Some very popular apps have been known to carry these threats and despite protections in place, the App Store is not immune to these threats.

“For example, the recent Proton Remote Access Trojan that plagued Mac users fooled many experienced, security-minded people who became infected. This perpetuates a crucial lesson that, despite what many Mac users think, they are not safe even if they are careful about what they download.

“Being security-savvy is no longer enough, all Mac users need dedicated protection against malware, adware and potentially unwanted programs.”

Android Security

There was equally grim news for those in the Android community, as ransomware here increased more than 100 percent between Q1 and Q2 2017. Indeed, Malwarebytes data showed that incidences of Android malware increased more than five percent since the start of the year.

And to make matters worse, incidents of Android ransomware increased 138 percent in Q2 2017 (April to May) over Q1 (January to March) 2017. Malwarebytes found that Jisut, SLocker and Koler ransomware collectively accounted for nearly 95 percent of these detections.

And although Android ransomware is growing at this rapid pace, Trojans and potentially unwanted programs still remain the biggest headaches for Android users.

Android Trojans accounted for more than 48 percent of all Android malware detections in the first half of 2017 and potentially unwanted programs accounted for 47 percent of all detections.

via silicon

Read more »

Malwarebytes Introduces Malwarebytes for Android, Featuring Proprietary Anti-Ransomware Technology

SANTA CLARA, Calif., Aug. 24, 2017 /PRNewswire/ -- Malwarebytes™, the leader in advanced malware prevention and remediation solutions, today announced the release of Malwarebytes for Android, featuring targeted defense against mobile malware, ransomware, adware, infected applications and unauthorized surveillance. Combining multiple distinct protection layers, Malwarebytes for Android is a more effective and efficient replacement for antivirus on mobile devices.

According to data collected by Malwarebytes in the first half of 2017, incidences of Android malware increased more than five percent since the start of the year. Most notably, incidents of Android ransomware increased 138 percent in Q2 2017 (April to June) over Q1 2017 (January to March) , with Jisut, SLocker and Koler ransomware collectively accounting for nearly 95 percent of these detections. While Android ransomware is growing at this rapid pace, Trojans and potentially unwanted programs remain the biggest issues for Android users. Android Trojans accounted for more than 48 percent of all Android malware detections in the first half of 2017 and PUPs accounted for 47 percent of all detections.

Malwarebytes for Android features several distinct benefits and features for users to protect against this increasingly dangerous mobile threat landscape, including:

• Anti-Malware proactively and automatically scans mobile applications, files, native memory and SD cards for malware and spyware, in addition to potentially unwanted programs and adware for removal.
• Anti-Ransomware proactively stops ransomware in its tracks with proprietary next-generation technology and remediates ransomware incidents.
• Process Automation schedules automatic device scans and color codes device health issues by severity.
• Security Audit identifies security vulnerabilities on the device and suggests remediation.
• Privacy Manager identifies every application's access privileges in detail and breaks down access privileges by category.
• Scanner showcases scan progress and identifies types of infections found, removal results and scan history.

To optimize the mobility of these features, Malwarebytes for Android can be easily managed from a desktop widget. The app can also be controlled using SMS to remotely lock a device, remediate a device if it is being held ransom, and reset device pin codes.

"Windows devices are no longer the sole victims of damaging malware attacks, as strategic attacks on Android devices are rapidly on the rise," said Armando Orozco, Senior Mobile Malware Intelligence Analyst, Malwarebytes. "All Android users need to remain alert and proactively guard their identity and data on the go, just as they do on their computers at home."  

For further details on Malwarebytes for Android, click here.

About Malwarebytes

Malwarebytes is the next-gen cybersecurity company that millions worldwide trust. Malwarebytes proactively protects people and businesses against dangerous threats such as malware, ransomware and exploits that escape detection by traditional antivirus solutions. The company's flagship product combines advanced heuristic threat detection with signature-less technologies to detect and stop a cyberattack before damage occurs. More than 10,000 businesses worldwide use, trust and recommend Malwarebytes. Founded in 2008, the company is headquartered in California, with offices in Europe and Asia and a global team of threat researchers and security experts. For more information, please visit us at http://www.malwarebytes.com/.

Malwarebytes founder and CEO Marcin Kleczynski started the company to create the best disinfection and protection solutions to combat the world's most harmful Internet threats. Marcin was recently named "CEO of the Year" in the Global Excellence awards and has been named to the Forbes 30 Under 30 Rising Stars of Enterprise Technology list and the Silicon Valley Business Journal's 40 Under 40 award, adding those to an Ernst & Young Entrepreneur of the Year Award.

Follow us on Facebook: https://www.facebook.com/Malwarebytes 
Follow us on Twitter: @malwarebytes https://twitter.com/malwarebytes  
Follow us on LinkedIn: https://www.linkedin.com/company/malwarebytes
See us on YouTube: http://www.youtube.com/malwarebytes 
Read our latest Malwarebytes Labs blog: https://blog.malwarebytes.com/

View original content with multimedia:http://www.prnewswire.com/news-releases/malwarebytes-introduces-malwarebytes-for-android-featuring-proprietary-anti-ransomware-technology-300508887.html

SOURCE Malwarebytes

Read more »

SURVEILLANCE MALWARE APPS MANAGE TO INFILTRATE GOOGLE PLAY STORE

Google’s Play Store has become home to some of the over a thousand malicious apps, known as ‘SonicSpy’, which have been deployed since February.

Of the large number of spyware apps, believed to have come out of Iraq, at least three versions of the malware have appeared in the Play Store in the last six months, according to mobile security company Lookout.

The malicious app most recently found on the Play Store was called Soniac – which was marketed as a customised version of cloud-based instant messaging service Telegram. However, it contained capabilities to silently record audio, takes photos, make outbound calls, send text messages to specific numbers, and retrieve information such as call logs, contacts and information about wi-fi access points. The app has since been removed by Google.

Two other samples of SonicSpy on the Play Store were called Hulk Messenger and Troy Chat – though both are no longer live. It is not clear, however, if Google stepped in and removed the apps, or if they were removed by the people behind the spyware to avoid detection.

Despite the Play Store being seemingly clear of SonicSpy, Lookout warns that we are unlikely to have seen the back of the family of malicious apps.

“The actors behind this family have shown that they're capable of getting their spyware into the official app store and as it's actively being developed, and its build process is automated, it's likely that SonicSpy will surface again in the future,” said Michael Flossman, security research services tech lead at Lookout.

via MobileMarketing

Read more »

Millions of Android phones could be tracked with ultrasonic spying tool

Researchers discovered 234 Android apps that could be spying on users CREDIT: GOOGLE

Hundreds of Android apps could be covertly tracking users via inaudible sounds emitted by nearby devices, researchers have found. 

Researchers discovered technology that lets devices talk to one another for tracking purposes using ultrasonic tones on 234 Android apps. 

Televisions, billboards, websites and shops can emit the high frequency sounds, which can't be heard by humans but are picked up by the apps. This signals whether a person has engaged with an advert by watching it, or visited a shop, and how long for. 

Apps featuring the technology include those from McDonald's and Krispy Kreme. Major companies could be using it to track customers' location and habits, both on and off their mobile devices, without them knowing, the researchers warned.

"An adversary can monitor a user's local TV viewing habits, track their visited locations and deduce their other devices," said the researchers. "They can gain a detailed, comprehensive user profile with a regular mobile application and the device's microphone." 

The tracking method has spiked in popularity recently, according to the researchers. Two years ago just five apps in the Google Play store used the technology. Now, it is allegedly present in 234. 

As well as tracking customers' habits, the beacon technology can also be used to send them targeted adverts. Given that the tool can connect location and habits with the device, it could also be used to identify anonymous users, such as those of Bitcoin and Tor. 

The researchers from the Braunschweig University of Technology warned that millions of users could be under surveillance without knowing after they found that a sample of five of the 234 apps had been downloaded up to 11 million times. 

The majority of the apps don't alert users that they are tracking them. All they require to be able to follow users is permission to access the device's microphone. 

"The user just needs to install a regular mobile application that is listening to ultrasonic signals through the microphone in the background," said the researchers. "Once the user has installed these applications on their phone, they neither know when the microphone is activated nor are they able to see what information is sent to company servers."

Silverpush, the company that created the listening tool, denied that its technology was still being used. It stopped supporting the software in 2015 following a privacy outcry. 

"We respect customer privacy and would not want to build our business foundation where privacy was questionable," Hitesh Chawla, founder of Silverpush, told Ars Technica. "Even when we were live, our software was not present in more than 10 to 12 apps. So there is no chance that our presence in 234 apps is possible.

"Every time a new handset gets activated with our software, we get a ping on our server. We have not received any activation for six months now." 

Google said its privacy policy requires apps to disclose how they collect, use and share customer data. 

McDonald's said it did not use the technology in the UK for marketing purposes. Krispy Kreme has been contacted for comment. 

via telegraph.co.uk

Read more »

An internet security expert tells us the scariest thing about webcam hacking 😎 💻 🇷🇺 🇺🇸 #cybersecurity #privacy

Mikko Hypponen, a cyber security expert told Business Insider: "Once you gain access to somebody’s system it’s trivial to turn on the webcam and record whatever they’re doing, or to just turn on the microphone and record whatever is being spoken around the infected laptop.

"On some laptops, you can even do this so that the light next to your camera will not go on. The light which is supposed to tell you that I am recording might not tell you that it is recording."

Mikko also said that even though he is "quite certain" that his work laptop had not been breached, he covered his webcam with a "band aid" for "a little bit of extra certainty."

via BI

Read more »