If you’re looking to download ProtonVPN software, be careful — there’s a fake version of the popular VPN client that infects your computer with malware designed to steal your passwords and any Bitcoin you might have lying around.
Kaspersky researchers reported yesterday (Feb. 18) that Russian miscreants had copied the real ProtonVPN site at protonvpn.com wholesale and posted an exact duplicate at protonvpn-dot-store. The crooks lured victims to the phony ProtonVPN site with malicious banner ads on other websites.
But if you clicked the big green “Get ProtonVPN Now” button in the middle of page, you’d download something that looked like a ProtonVPN installer yet was in fact the AZORult Trojan, a notorious information-stealer.
“The threat actors have designed the malware to steal cryptocurrency from locally available wallets (Electrum, Bitcoin, Etherium, etc.), FTP logins and passwords from FileZilla, email credentials, information from locally installed browsers (including cookies), credentials for WinSCP, Pidgin messenger and others,” wrote Kaspersky’s Dmitry Bestuzhev.
In that case, the tainted NordVPN software actually worked. In yesterday’s report, Kaspersky didn’t indicate whether the fake ProtonVPN installer did as well.
The fake ProtonVPN site is still up, but the big green button now leads you to a random Twitter post extolling the virtues of ProtonVPN.
Be vigilant about performing ‘security hygiene’ during coronavirus threat
Consumers should seek out information based on science and not just personal testimonies.
Many of the news stories discussing the global outbreak of the COVID-19 virus rightly stress the importance of practicing protective measures such as vigorous hand washing and avoiding crowded events. Authorities roundly agree that proper hygiene and adherence to your national health authorities such as the CDC is critical to containing the spread of the deadly virus.
Meanwhile, the coronavirus scare is posing other risks – some directly, others indirectly related to COVID-19. Consumers hell-bent on gathering the latest information about virus-protection techniques are being warned about phishing scams that prey on their fears. Workers holed up in home offices face ongoing threats from hackers looking to poke holes in the patchwork of home and workplace security defenses.
“It’s always important to keep our guards up, to protect ourselves against security threats,” said Martin Hron, senior researcher at Avast. “Just like we need to pay attention to our own hygiene during times like these, we should maintain a high level of security hygiene to ensure we’re keeping our risk levels low.”
Virus-related scams are on the rise. State attorneys general have put out notices to watch for illegitimate investment schemes and websites advertising coronavirus “miracle products” or vaccines. Consumers should seek out information based on science and not just personal testimonies.
Earlier this month, the World Health Organization (WHO) issued a warning about phishing emails being sent by hackers posing as WHO representatives. The agency is getting regular reports of coronavirus-related phishing attempts.
The Secret Service recently issued a warning about phishing scam from people purporting to be from a medical organization offering information regarding the virus. Clicking on a link could infect your computer. The agency called the coronavirus outbreak “a prime opportunity for enterprising criminals because it plays on the basic human conditions … fear.”
As more regions declare states of emergency in response to the coronavirus, workers that haven’t spent time working remotely suddenly have to reacquaint themselves with VPNs and document-sharing tools. Corporate remote-work rules can – and should – be stringent. Workers should review key practices with IT before embarking on long, and perhaps open-ended, remote periods.
Other corporate security measures could include the following:
- Arm employees with a list of phone numbers, so they can reach out to a human from their IT team or other responsible person in case they have any IT issues.
- Inform employees of the hardware, software, and services they can utilize that are not company issued, but could help to connect and share files with colleagues during the special circumstances.
- Lay ground rules for employees when it comes to using personal hardware while working from home, such as printers.
- Enforce two-factor authentication wherever possible to add an extra layer of protection to accounts.
- Make sure employees have limited access rights and can only connect to the services they need for their specific tasks, rather than giving employees access to the entire corporate network.
Other potential risks tie back to actual hygiene itself. Workers operating remotely in regions affected by the coronavirus have been trained to scrub their hands and cover their mouths to stop the spread of disease. But are they paying the same attention to their technology devices themselves? Phones, laptops, tablets and IT remotes can transmit viruses if they’re not properly wiped down.
“We have to be vigilant, to be sure we’re protecting ourselves in every facet of our lives,” Hron said.
IOS 13 PRIVACY VIOLATION: APPS READ YOUR COPY-PASTE DATA
It seems that dozens of hugely popular iOS apps have a bad habit: they read the copy-paste data without your consent, even if you only use them in other applications. It seems little stuff but it is not: the copy-paste in fact could include credit card numbers, passwords and other sensitive data.
A recent security research reveals an unhealthy habit of some pretty popular apps. TikTok, Reuters, The Wall Street Journal, Fruit Ninja, Viber, Hotels.com, Plants vs. Zombies Heroes and many others are reading the contents of the copy-paste (also called “clipboard”) every time they are opened, and even if the content is not intended for them. Indeed, some would not even provide the functionality of paste, but they grab it anyway.
This is a possibility provided by the operating system which allows you to switch information from one app to another; but it would be good to access this information only when the user gives a precise command, otherwise it is a clear violation. It’s as if a secretary secretly reads the notes in his employer’s desk drawer. Technically nothing prevents him, given that he has full access to the office, but still remains a betrayal of mutual trust.
Finally, to underline that, if you have Universal Clipboard activated, these apps can also automatically read the data you copy and paste on your Mac.
Here is the complete list of apps that snoop on the pasteboard every time the app is opened. The apps are listed alphabetically
- ABC News — com.abcnews.ABCNews
- Al Jazeera English — ajenglishiphone
- CBC News — ca.cbc.CBCNews
- CBS News — com.H443NM7F8H.CBSNews
- CNBC — com.nbcuni.cnbc.cnbcrtipad
- Fox News — com.foxnews.foxnews
- News Break — com.particlenews.newsbreak
- New York Times — com.nytimes.NYTimes
- NPR — org.npr.nprnews
- ntv Nachrichten — de.n-tv.n-tvmobil
- Reuters — com.thomsonreuters.Reuters
- Russia Today — com.rt.RTNewsEnglish
- Stern Nachrichten — de.grunerundjahr.sternneu
- The Economist — com.economist.lamarr
- The Huffington Post — com.huffingtonpost.HuffingtonPost
- The Wall Street Journal — com.dowjones.WSJ.ipad
- Vice News — com.vice.news.VICE-News
- 8 Ball Pool™ — com.miniclip.8ballpoolmult
- AMAZE!!! — com.amaze.game
- Bejeweled — com.ea.ios.bejeweledskies
- Block Puzzle — Game.BlockPuzzle
- Classic Bejeweled — com.popcap.ios.Bej3
- Classic Bejeweled HD — com.popcap.ios.Bej3HD
- FlipTheGun — com.playgendary.flipgun
- Fruit Ninja — com.halfbrick.FruitNinjaLite
- Golfmasters — com.playgendary.sportmasterstwo
- Letter Soup — com.candywriter.apollo7
- Love Nikki — com.elex.nikki
- My Emma — com.crazylabs.myemma
- Plants vs. Zombies™ Heroes — com.ea.ios.pvzheroes
- Pooking – Billiards City — com.pool.club.billiards.city
- PUBG Mobile — com.tencent.ig
- Tomb of the Mask — com.happymagenta.fromcore
- Tomb of the Mask: Color — com.happymagenta.totm2
- Total Party Kill — com.adventureislands.totalpartykill
- Watermarbling — com.hydro.dipping
- TikTok — com.zhiliaoapp.musically
- ToTalk — totalk.gofeiyu.com
- Tok — com.SimpleDate.Tok
- Truecaller — com.truesoftware.TrueCallerOther
- Viber — com.viber
- Weibo — com.sina.weibo
- Zoosk — com.zoosk.Zoosk
- 10% Happier: Meditation —com.changecollective.tenpercenthappier
- 5-0 Radio Police Scanner — com.smartestapple.50radiofree
- Accuweather — com.yourcompany.TestWithCustomTabs
- AliExpress Shopping App — com.alibaba.iAliexpress
- Bed Bath & Beyond — com.digby.bedbathbeyond
- Dazn — com.dazn.theApp
- Hotels.com — com.hotels.HotelsNearMe
- Hotel Tonight — com.hoteltonight.prod
- Overstock — com.overstock.app
- Pigment – Adult Coloring Book — com.pixite.pigment
- Recolor Coloring Book to Color — com.sumoing.ReColor
- Sky Ticket — de.sky.skyonline
- The Weather Network — com.theweathernetwork.weathereyeiphone
5 Methods Hackers Use To Hack Your Bank Accounts
Nothing is really safe in this digital world. Every other day, we read about hacking attempts and security threats. Since our whole life is becoming online, the number of black-hat hackers are also increasing. Hackers are not using different techniques to break into your banking accounts.
There are multiple ways a hacker could hack your banking accounts. So, if you use internet banking services, then you need to follow some security steps to safeguard your banking accounts.Contentsshow
5 Methods Hackers Use To Hack Your Bank Accounts
In this article, we are going to share a few popular methods hackers use to hack your bank accounts. By knowing the techniques, you will be in a better situation to understand how your accounts can get hacked. So, let’s check out the methods hackers use to break into your bank account.
1. Banking Trojans (Smartphones)
Hackers can use malicious apps to break into their banking accounts. In this method, hackers create a duplicate copy of a legitimate banking app and upload it to third-party app stores. Once downloaded, the app sents the username and password to the creator.
2. App Hijacking
In this method, a hacker creates a fake trojan filled banking app. When installed, it sits silently on the background and scans your phone for a banking app. When it detects a banking app, it shows a fake window that looks identical to the legitimate banking app and drives you to the login page.
The process is done so smoothly that a regular user won’t even notice the swap and will end up entering the details on the fake login page.
Smishing is an SMS version of Phishing. It’s a scam in which hackers uses SMS instead of email templates to lure recipients into providing credential via text message reply.
Smishing scams might show itself as a request from the bank, a note from the company, lottery prize, etc. Every template will ask you to make a payment by entering the credit/debit card details.
Keyloggers are another popular hacking technique used by hackers. Keyloggers are of two types – hardware and software. The software versions need installation. Once installed, it silently records your keystrokes and sends the information back to the hacker.
The hardware keyloggers need to be fitted into the line from a keyboard to a device. Hardware keyloggers need to be installed physically on the device. Once established, it serves as a software keylogger.
4. SIM Swapping
SIM swapping is one of the rare techniques that hackers can use to break into your bank account. In this method, the hacker contacts your mobile network provider, claiming to be you. They convince network providers to assign the registered phone number to a new card.
If they are successful in doing so, all incoming calls and SMS will be routed to the new SIM card. It might look harmless and unachievable at first glance, but if done correctly, it can cause lots of harm. It can hack almost every accounts linked with the phone number.
5. Man-in-the-middle attack
The man-in-the-middle attack is one of the most dangerous hacking techniques used by hackers. In a Man-in-the-middle attack, the hacker inserts him/herself into a conversation between two parties. In the banking section, the two parties will be the user and the banking application.
However, it’s an advanced technique that requires monitoring an insecure server and analyzing the data that it passes through. The ultimate goal of this attack is to steal sensitive information like banking credentials, credit card details, etc.
So, these are the five methods hackers use to break into your bank account. I hope this article helped you! Share it with your friends also.
Research3 days ago
How Worried Should You Be About the Health Risks of 5G?
The Motivator3 days ago
How to stop trolls from taking over your Zoom call
Tech News2 hours ago
How supercomputers are being used to tackle Covid-19
Tech News2 hours ago
Coronavirus: Scientists brand 5G claims ‘complete rubbish’