recentpopularlog in


« earlier   
60,000 Android devices hit by battery-saving app attack • Tripwire
Graham Cluley on a scam that "warns" you that your (Android) device - which it names, by some HTML-grabbing functionality - has a problem and recommends the app (and the only way to stop it is to kill the web page):
<p>So what happens if you do go to the Google Play store and install the battery-saving app being touted by the fake warning?

The first thing that should ring alarm bells in you is that the app demands access to a disturbing array of permissions including:

• Read sensitive log data
• Receive text messages (SMS)
• Receive data from Internet
• Pair with Bluetooth devices
• Full network access
• Modify system settings
I can’t think of any legitimate reason why a genuine battery-saving app would ever need such invasive abilities, which in combination with the app’s other functionality allows it to steal a user’s phone number, location, and details about their device including its IMEI number.

And so it comes as something of a surprise to discover that the Advanced Battery Saver app actually does live up to its advertising – monitoring a device’s battery status, killing unwanted background processes that consume significant resources, and making other attempts to keep batteries running for longer.

And it’s this strange dichotomy – the good and the bad behavior – which leads the researchers to speculate that the battery-saving app was perhaps originally designed to perform its intended advertised function (and to fulfill only that purpose) before being extended by its creators into underhand methods of income generation.</p>

There's no money in standard apps at that level now, if there ever was.

Chief among those is the app’s request for access to a user’s SMS text messages. One installed, the battery-saving app recruits devices into an ad-clicking scam, with the app “clicking” on advertising links it is sent via SMS to earn more income for the fraudsters behind the scheme.
android  malware 
yesterday by charlesarthur
. warns of a new campaign, a.k.a. which includes descriptions related t…
Typeframe  malware  NorthKorean  from twitter_favs
4 days ago by csarigoz
Tips for safe summer travels: your cybersecurity checklist - Malwarebytes Labs | Malwarebytes Labs
Summer is just around the corner in the Northern Hemisphere, and with it comes vacation plans for many. Those looking to take some time away from work and home are likely making plans to secure their home, have their pets taken care of, and tie up loose ends at work. But how about securing your devices and your data while you’re away? Here are some things to take into consideration if you want to have a trip free of cyber worries.
privacy  security  travel  technology  wi-fi  passwords  backup  malware  charger  cables  gadgets 
4 days ago by rgl7194
German nuclear plant infected with computer viruses, operator says
Hypponen said he had recently spoken to a European aircraft maker that said it cleans the cockpits of its planes every week of malware designed for Android phones. The malware spread to the planes only because factory employees were charging their phones with the USB port in the cockpit.
android  security  malware 
5 days ago by yorksranter
The state of Mac malware - Malwarebytes Labs | Malwarebytes Labs
Mac users are often told that they don’t need antivirus software, because there are no Mac viruses. However, this is not true at all, as Macs actually are affected by malware, and have been for most of their existence. Even the first well-known virus—Elk Cloner—affected Apple computers rather than MS-DOS computers.
In 2018, the state of Mac malware has evolved, with more and more threats targeting these so-called impervious machines. We have already seen four new Mac threats appear. The first of these, OSX.MaMi, was discovered on our forums by someone who had had his DNS settings changed and was unable to change them back.
mac  malware  privacy  security 
5 days ago by rgl7194
Allergic to Phish – Recognizing Phishing Messages
While phishing-related malware is still mostly Windows targeting, attacks that rely purely on social engineering and fake web sites might be delivered by any platform, including smartphones and tablets. The more cautious you are, the better informed you are, and the more you think before you click, the more chance you have of leaving phishing craft stranded.
This an updated and expanded version of advice that I’ve given many times in blog articles, white papers and conference papers. I’m not resurrecting it with reference to any particular phish (though I’m seeing an interesting selection of Apple-ID-targeting phishing mails at the moment), but because in the course of a conversation I had on a social media site, I promised to generate an update: sadly, there’s a continuing need for (hopefully) reliable advice on phishing.
Note that phishing is by no means restricted to email messages, but most of the advice given here also applies to other messaging media such as direct messaging in social media and instant messaging applications. Then there are telephone scams, but they probably deserve an article of their own, given the range of unpleasantness they cover.
The hope here is that the advice given here will make it a little easier to recognize a probably phish message. It’s probably inevitable that I’ll offer more information than some people will want – it’s an occupational hazard among security professionals – but there’s a summary of the most important points in the Conclusion. However, the more detailed content should be of use to people and organizations using this material as the basis for educational and training initiatives, for instance.
phishing  security  privacy  malware 
5 days ago by rgl7194
is one of the few analysis tools that also shows delay-loaded imported functions
malware  pestudio  from twitter_favs
5 days ago by blackthorne
Around 5% of All Monero Currently in Circulation Has Been Mined Using Malware
At least 5% of all the Monero cryptocurrency currently in circulation has been mined using malware, and about 2% of the total daily hashrate comes from devices infected with cryptocurrency-mining malware.
These numbers are the results of in-depth research of the coin-mining malware scene by security researchers from Palo Alto Networks.

The report, released yesterday, has analyzed 629,126 malware samples that have been detected as part of coin-mining operations. The research didn't analyze in-browser miners (cryptojackers), but only traditional malware families that infected desktops and servers since June last year, when there was a significant spike in coin-mining operations.
stats  malware  spunti  criptovalute  fordjbatman 
6 days ago by nicoladagostino
4 Ways to Protect Your Business from Phishing
Don’t let phishing attempts compromise your network!
malware  network  security  phishing 
9 days ago by Adventure_Web

Copy this bookmark:

to read