Connect with us

Security

Here’s your latest reminder that Android security is a joke

Published

on

The pile of Android threats to watch out for has been mounting at a pretty rapid clip so far this year, with apps sneaking into the Google Play Store that can do everything from log in to your Google and Facebook accounts, access key features of your device, spread malware and so much more. Google, of course, kicks these apps out of its store as soon as they’re found, which we note each time this occurs — though each instance is also one more reminder of just how much of a minefield the threat landscape remains. Meanwhile, as if all that weren’t enough, the security firm Malwarebytes is calling attention to what may be one of the nastiest Android infections yet — a piece of malware that’s actually been circulating for a while now that can reinfect a device after almost every defense has been thrown at it, including a factory reset.

Back in August, this particular malware strain, called xHelper, had already been detected by Malwarebytes’ antivirus app on some 33,000 mostly US devices. That eventually put a target on the malware, by researchers who regarded it as a major Android threat on the basis of those numbers alone. xHelper is essentially a so-called trojan dropper, installing malicious APKs on a device that can, in turn, be used to install a variety of malicious apps.

What makes this one such a tough threat is that it can apparently survive factory resets, which return the device to its original state. Researchers at Symantec also noticed this back in October, writing about how they’d “observed a surge in detections for a malicious Android application that can hide itself from users, download additional malicious apps, and display advertisements. The app, called xHelper, is persistent. It is able reinstall itself after users uninstall it and is designed to stay hidden by not appearing on the system’s launcher.” The Symantec researchers went on to note that, by their tally, it had already infected more than 45,000 devices over the previous six months, and that many users were complaining about random pop-up ads and how the malware keeps showing up even after they’ve manually uninstalled it.

Per Symantec, once xHelper connects to its command and control server, other payloads like rootkits might be downloaded to the compromised device. It’s believed that malware from xHelper’s server can actually perform a variety of functions, “giving the attacker multiple options, including data theft or even complete takeover of the device.”

This all came back to light this week, when Malwarebytes published a report detailing how one device owner kept removing the malware only to see it return to her device inside of an hour. The source of this malware is still being investigated by researchers — but, in the meantime, device owners can keep their gadgets safe by making sure their software stays updated, avoiding unfamiliar and untrustworthy sites when downloading apps, frequently backing up data, installing a strong security app, and being aware of permissions requested by apps.

Source: https://bgr.com/2020/02/14/3d-printing-researchers-print-whole-objects-in-30-seconds/

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Be vigilant about performing ‘security hygiene’ during coronavirus threat

Published

on

By

Consumers should seek out information based on science and not just personal testimonies.

Many of the news stories discussing the global outbreak of the COVID-19 virus rightly stress the importance of practicing protective measures such as vigorous hand washing and avoiding crowded events. Authorities roundly agree that proper hygiene and adherence to your national health authorities such as the CDC is critical to containing the spread of the deadly virus.

Meanwhile, the coronavirus scare is posing other risks – some directly, others indirectly related to COVID-19. Consumers hell-bent on gathering the latest information about virus-protection techniques are being warned about phishing scams that prey on their fears. Workers holed up in home offices face ongoing threats from hackers looking to poke holes in the patchwork of home and workplace security defenses.

“It’s always important to keep our guards up, to protect ourselves against security threats,” said Martin Hron, senior researcher at Avast. “Just like we need to pay attention to our own hygiene during times like these, we should maintain a high level of security hygiene to ensure we’re keeping our risk levels low.”

Virus-related scams are on the rise. State attorneys general have put out notices to watch for illegitimate investment schemes and websites advertising coronavirus “miracle products” or vaccines. Consumers should seek out information based on science and not just personal testimonies.

Earlier this month, the World Health Organization (WHO) issued a warning about phishing emails being sent by hackers posing as WHO representatives. The agency is getting regular reports of coronavirus-related phishing attempts.

The Secret Service recently issued a warning about phishing scam from people purporting to be from a medical organization offering information regarding the virus. Clicking on a link could infect your computer. The agency called the coronavirus outbreak “a prime opportunity for enterprising  criminals because it plays on the basic human conditions … fear.”

As more regions declare states of emergency in response to the coronavirus, workers that haven’t spent time working remotely suddenly have to reacquaint themselves with VPNs and document-sharing tools. Corporate remote-work rules can – and should – be stringent. Workers should review key practices with IT before embarking on long, and perhaps open-ended, remote periods.

Other corporate security measures could include the following:

  • Arm employees with a list of phone numbers, so they can reach out to a human from their IT team or other responsible person in case they have any IT issues.
  • Inform employees of the hardware, software, and services they can utilize that are not company issued, but could help to connect and share files with colleagues during the special circumstances.
  • Lay ground rules for employees when it comes to using personal hardware while working from home, such as printers.
  • Enforce two-factor authentication wherever possible to add an extra layer of protection to accounts.
  • Make sure employees have limited access rights and can only connect to the services they need for their specific tasks, rather than giving employees access to the entire corporate network.

Other potential risks tie back to actual hygiene itself. Workers operating remotely in regions affected by the coronavirus have been trained to scrub their hands and cover their mouths to stop the spread of disease. But are they paying the same attention to their technology devices themselves? Phones, laptops, tablets and IT remotes can transmit viruses if they’re not properly wiped down.

“We have to be vigilant, to be sure we’re protecting ourselves in every facet of our lives,” Hron said.

Source: https://blog.avast.com/security-hygiene-during-coronavirus-threat-avast

Continue Reading

Security

IOS 13 PRIVACY VIOLATION: APPS READ YOUR COPY-PASTE DATA

Published

on

By

It seems that dozens of hugely popular iOS apps have a bad habit: they read the copy-paste data without your consent, even if you only use them in other applications. It seems little stuff but it is not: the copy-paste in fact could include credit card numbers, passwords and other sensitive data.

A recent security research reveals an unhealthy habit of some pretty popular apps. TikTok, Reuters, The Wall Street Journal, Fruit Ninja, Viber, Hotels.com, Plants vs. Zombies Heroes and many others are reading the contents of the copy-paste (also called “clipboard”) every time they are opened, and even if the content is not intended for them. Indeed, some would not even provide the functionality of paste, but they grab it anyway.

This is a possibility provided by the operating system which allows you to switch information from one app to another; but it would be good to access this information only when the user gives a precise command, otherwise it is a clear violation. It’s as if a secretary secretly reads the notes in his employer’s desk drawer. Technically nothing prevents him, given that he has full access to the office, but still remains a betrayal of mutual trust.

Finally, to underline that, if you have Universal Clipboard activated, these apps can also automatically read the data you copy and paste on your Mac.

Here is the complete list of apps that snoop on the pasteboard every time the app is opened. The apps are listed alphabetically

News

  • ABC News — com.abcnews.ABCNews
  • Al Jazeera English — ajenglishiphone
  • CBC News — ca.cbc.CBCNews
  • CBS News — com.H443NM7F8H.CBSNews
  • CNBC — com.nbcuni.cnbc.cnbcrtipad
  • Fox News — com.foxnews.foxnews
  • News Break — com.particlenews.newsbreak
  • New York Times — com.nytimes.NYTimes
  • NPR — org.npr.nprnews
  • ntv Nachrichten — de.n-tv.n-tvmobil
  • Reuters — com.thomsonreuters.Reuters
  • Russia Today — com.rt.RTNewsEnglish
  • Stern Nachrichten — de.grunerundjahr.sternneu
  • The Economist — com.economist.lamarr
  • The Huffington Post — com.huffingtonpost.HuffingtonPost
  • The Wall Street Journal — com.dowjones.WSJ.ipad
  • Vice News — com.vice.news.VICE-News

Games

  • 8 Ball Pool™ — com.miniclip.8ballpoolmult
  • AMAZE!!! — com.amaze.game
  • Bejeweled — com.ea.ios.bejeweledskies
  • Block Puzzle — Game.BlockPuzzle
  • Classic Bejeweled  com.popcap.ios.Bej3
  • Classic Bejeweled HD — com.popcap.ios.Bej3HD
  • FlipTheGun — com.playgendary.flipgun
  • Fruit Ninja — com.halfbrick.FruitNinjaLite
  • Golfmasters — com.playgendary.sportmasterstwo
  • Letter Soup — com.candywriter.apollo7
  • Love Nikki — com.elex.nikki
  • My Emma — com.crazylabs.myemma
  • Plants vs. Zombies™ Heroes — com.ea.ios.pvzheroes
  • Pooking – Billiards City — com.pool.club.billiards.city
  • PUBG Mobile — com.tencent.ig
  • Tomb of the Mask — com.happymagenta.fromcore
  • Tomb of the Mask: Color — com.happymagenta.totm2
  • Total Party Kill — com.adventureislands.totalpartykill
  • Watermarbling — com.hydro.dipping

Social Networking

  • TikTok — com.zhiliaoapp.musically
  • ToTalk — totalk.gofeiyu.com
  • Tok — com.SimpleDate.Tok
  • Truecaller — com.truesoftware.TrueCallerOther
  • Viber — com.viber
  • Weibo — com.sina.weibo
  • Zoosk — com.zoosk.Zoosk

Other

  • 10% Happier: Meditation —com.changecollective.tenpercenthappier
  • 5-0 Radio Police Scanner — com.smartestapple.50radiofree
  • Accuweather — com.yourcompany.TestWithCustomTabs
  • AliExpress Shopping App — com.alibaba.iAliexpress
  • Bed Bath & Beyond — com.digby.bedbathbeyond
  • Dazn — com.dazn.theApp
  • Hotels.com — com.hotels.HotelsNearMe
  • Hotel Tonight — com.hoteltonight.prod
  • Overstock — com.overstock.app
  • Pigment – Adult Coloring Book — com.pixite.pigment
  • Recolor Coloring Book to Color — com.sumoing.ReColor
  • Sky Ticket — de.sky.skyonline
  • The Weather Network — com.theweathernetwork.weathereyeiphone

Source: https://www.gizchina.com/2020/03/16/ios-13-privacy-violation-apps-read-your-copy-paste-data/

Continue Reading

Security

5 Methods Hackers Use To Hack Your Bank Accounts

Published

on

By

Nothing is really safe in this digital world. Every other day, we read about hacking attempts and security threats. Since our whole life is becoming online, the number of black-hat hackers are also increasing. Hackers are not using different techniques to break into your banking accounts.

There are multiple ways a hacker could hack your banking accounts. So, if you use internet banking services, then you need to follow some security steps to safeguard your banking accounts.Contentsshow

5 Methods Hackers Use To Hack Your Bank Accounts

In this article, we are going to share a few popular methods hackers use to hack your bank accounts. By knowing the techniques, you will be in a better situation to understand how your accounts can get hacked. So, let’s check out the methods hackers use to break into your bank account.

1. Banking Trojans (Smartphones)

Banking Trojans
Banking Trojans

Hackers can use malicious apps to break into their banking accounts. In this method, hackers create a duplicate copy of a legitimate banking app and upload it to third-party app stores. Once downloaded, the app sents the username and password to the creator.

2. App Hijacking

App Hijacking
App Hijacking

In this method, a hacker creates a fake trojan filled banking app. When installed, it sits silently on the background and scans your phone for a banking app. When it detects a banking app, it shows a fake window that looks identical to the legitimate banking app and drives you to the login page.

The process is done so smoothly that a regular user won’t even notice the swap and will end up entering the details on the fake login page.

3. Smishing

Smishing
Smishing

Smishing is an SMS version of Phishing. It’s a scam in which hackers uses SMS instead of email templates to lure recipients into providing credential via text message reply.

Smishing scams might show itself as a request from the bank, a note from the company, lottery prize, etc. Every template will ask you to make a payment by entering the credit/debit card details.

3. Keyloggers

Keyloggers
Keyloggers

Keyloggers are another popular hacking technique used by hackers. Keyloggers are of two types – hardware and software. The software versions need installation. Once installed, it silently records your keystrokes and sends the information back to the hacker.

The hardware keyloggers need to be fitted into the line from a keyboard to a device. Hardware keyloggers need to be installed physically on the device. Once established, it serves as a software keylogger.

4. SIM Swapping

SIM Swapping
SIM Swapping

SIM swapping is one of the rare techniques that hackers can use to break into your bank account. In this method, the hacker contacts your mobile network provider, claiming to be you. They convince network providers to assign the registered phone number to a new card.

If they are successful in doing so, all incoming calls and SMS will be routed to the new SIM card. It might look harmless and unachievable at first glance, but if done correctly, it can cause lots of harm. It can hack almost every accounts linked with the phone number.

5. Man-in-the-middle attack

Man-in-the-middle attack
Man-in-the-middle attack

The man-in-the-middle attack is one of the most dangerous hacking techniques used by hackers. In a Man-in-the-middle attack, the hacker inserts him/herself into a conversation between two parties. In the banking section, the two parties will be the user and the banking application.

However, it’s an advanced technique that requires monitoring an insecure server and analyzing the data that it passes through. The ultimate goal of this attack is to steal sensitive information like banking credentials, credit card details, etc.

So, these are the five methods hackers use to break into your bank account. I hope this article helped you! Share it with your friends also.

Source: https://techviral.net/methods-hackers-use-to-hack-bank-accounts/

Continue Reading
Advertisement

Trending

Copyright © 2020 Inventrium Magazine

%d bloggers like this: