Caution Flags 

The radical simplicity and irresistible pull of the Coinbase spot was the talk of the post-game ad reviews. But out of the din of this discussion came another message — this one from the Federal Bureau of Investigation (FBI). Inc Magazine’s Jason Aten pointed to a warning they had issued a month prior to the big game – the first lines lay out the situation quite clearly:

The FBI is issuing this announcement to raise awareness of malicious Quick Response (QR) codes. Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information.

QR Codes Are Back, And Bigger Than Ever

Once again, it seems that bad actors have seized on a popular trend to help them do their dirty work. A simple technology dating back to the 90’s, QR Codes are on the rise lately – as they’ve become a very effective digital tool for marketers who want to quickly convert mobile phone readers into shoppers and buyers. The Wikipedia entry on QR codes gives you a quick grasp of just how powerful they can be when scanned on a mobile phone:

QR codes may be used to display text to the user, to open a webpage on the user’s device, to add a Card contact to the user’s device, to open a Uniform Resource Identifier (URI), to connect to a wireless network, or to compose an email or text message.

All you have to do is think about how hackers might use that kind of power, and you can quickly see that indiscriminate scanning of QR codes could lead you into some serious trouble. 

Two Primary Sources of QR Code Danger

The first danger with malicious QR codes is the fact that they can transport you seamlessly to a fake website. As with most hacks, the first layer of the transaction seems to be legitimate: the QR code works! The user arrives at a site that has the offer or information they were seeking. 

And this is when many users will let their guard down, and fail to notice telltale signs that the site isn’t legitimate. Super-sweetened offers can also play a role in softening up otherwise careful users. The bad website can be a collection point for private information and financial data, and the path to financial losses and ID Theft is paved.

The second danger is QR codes that include malware themselves. Once again, let’s turn to the FBI for — “just the facts”:

Malicious QR codes may also contain embedded malware, allowing a criminal to gain access to the victim’s mobile device and steal the victim’s location as well as personal and financial information. The cybercriminal can leverage the stolen financial information to withdraw funds from victim accounts.

That’s about as bad as it can get. So, short of forsaking the use of all QR codes — how do you defend yourself?

What Can You Do?

Here are the five steps you can take – we discuss each below in more detail:

1. Get informed about what QR codes are and what they can do.
2. Make sure your device has good security software.
3. Use that security software regularly!
4. Before scanning any QR code, scan “the situation.” 
5. Make sure you land where you expected to!

You’ll be glad to know that you’re well on your way to completing the first step. We hope this article has helped in this regard, and if you want to get even more up-to-date on potential threats to you and your mobile device, we highly recommend these two companion articles:

Six Ways That Cybercriminals Try To Take Over Your Device – QR codes are covered here along with several other traps, like WiFi Honeypots, Fake Apps, and even Subtitles in Streaming Apps. Do give it a careful read – lots to learn here.

Can a QR Code Be Used In A Phishing Attack? – If you’ve followed us so far, you know the answer to this question is YES! But hit the link to get more information on how QR codes can bait the hook for hackers’ big Phishing expeditions.

Security Help

If you’re using dfndr security, make sure you activate the anti-hacking feature to protect you from scams and malware. dfndr security PRO plan also has a dedicated Safe App function to help sniff out apps that contain malware, and also provides complete Identity Theft reports should you suspect trouble.

Eyes Up!

But your awareness is always going to be your first line of defense. Remember that QR codes primary benefit is to help you connect to a specific spot on the web without your having to type in a URL. The “fun” of seeing this work is no doubt a major part of the success of that Coinbase ad. 

If you decide you do want to scan a QR code – make sure you can verify it’s from a trusted source, and take a good close look at the surroundings: the copy and design, the context of use. Is the code stuck on a wall outside a club? Or did it come to you via a traceable source like a mass mailing? If you can verify that the code is from a trustworthy source – make sure the landing spot is what you expected it to be.  

Just remember what your friends in the FBI told you: a QR code isn’t a game to be taken lightly — or a Pokemon type game where you have to capture and collect. They serve a very specific function, and they’re more powerful than they look. Treat QR codes with the same caution you’d give to any unknown app or web address.

O post Careful With That QR Code! Five Steps For QR Code Safety apareceu primeiro em PSafe Blog.

The film tells the story of a conman who uses the Tinder app to insinuate himself into the lives of three female victims. In the film, Simon Leviev sets up elaborate romantic cons to appear as a wealthy diamond heir, then uses the trust he has gained to steal information, then money – only to use that money to fund the con for his next victim.

It’s a taut and dramatically told story, but without a clear moral or ending. (The New York Post has reported that Leviev has signed with a Hollywood agent, and “wants his own dating show.”)   

How To Stay Safe: Five Scammer Prevention Keys

But the moral for users of Tinder — and social media in general — are still the same: proceed with caution!  Below are a Five Keys to help you stay safe as you navigate dating apps like Tinder — they’re also useful guidelines for people you might meet on any other social app like Facebook:

• Do some research — and take your time. Before meeting in real life with anyone you’ve met online, take the time to do a little background research and find out if the person you’re speaking to is who they say they are. 

• Consider bringing a friend for the first date(s), and meet in public. Yes, this will keep you safer, and it might also help provide a more casual atmosphere where you can learn a little bit more about your new friend.

• Be sensitive about peculiar information requests. Spoiler alert: The Tinder Swindler orchestrated reasons to get Passport information, and then quickly put it to nefarious use. Whatever the reason given, a quick pivot to requests for detailed personal data is always a sure warning sign, especially in a new relationship.

• Keep your purse, phone, and ID’s close. Don’t overlook simple physical sources of data like these. Don’t leave them unattended. 
• If you have any suspicions, check in to things. If anything seems odd in terms of your interactions, don’t bury your head in the sand. A good security solution like dfndr security can help you track where your data is going and also protect your physical phone from theft. Stay on top of your bank and credit card accounts.

Remember: Most Scammers Don’t Do A Lot of Romancing

The Tinder Swindler is also a healthy reminder that most scams are not quite as elaborate as those cooked up by Simon Leviev.  But most scams operate on the same human emotions of romance and self-interest. 

Set some clear rules for yourself in the dating world – and also for when you’re answering emails and text messages — or when you’re looking for work on a job site.  If it looks too good to be true – it probably is! 

O post Avoid the Tinder Swindler: how to date online safely apareceu primeiro em PSafe Blog.

Strandhogg 2.0: Worse Than The Original

“StrandHogg 1.0” used Android’s task affinity to hijack applications—by matching the packageName of any other app, then allowing “TaskReparenting,” the StrandHogg app would be launched, undercover, in place of the target app — then share the information with the attacker and the targeted app (to go unnoticed).

Image Source: Promon

Emilio Simoni, research director at dfndr lab explains:  “Using this method, you would see (for one typical example) what looks like a fully legitimate Gmail icon on your phone, with the usual login dialogue — just exactly as it would appear when you’re logging back  into your account. But once you enter your credentials, you’ve unknowingly shared them with the attacker too. To shield its intervention, your info is also sent to Gmail (or whatever other legitimate application has been hijacked), continuing your transaction and leaving no signs you’ve been compromised. The malware comes on board in the form of innocent looking game apps — one named SuperHappyFunGame — but it does its worst work undercover.”

StrandHogg’s 1.0 weakness was the presence of sketchy task affinity codes in the Android Manifest. Scouring for the 1.0 version required simply scanning the Google Play store for these problematic taskAffinity declarations. But StrandHogg 2.0 doesn’t require any special settings, because the attacking code isn’t necessarily present on the Play Store. Instead, the attacker just downloads the attack code later, once the trojan app or game has taken up residence.

StrandHogg 2.0 also hijacks additional data via app permissions: so contacts, photos, and it can even victim’s movements and location are compromised. Simoni advises: “With the right permissions, StrandHogg 2.0 can even siphon off entire text message conversations, which can enable hackers to defeat two-factor authentication protections.”

The Norwegian security firm Promon, the firm that gave the malware its name,  suggests that updating Android devices with the latest security updates — out now — will fix the vulnerability. Users are advised to update their Android devices as soon as possible. 

“However,” Simoni warns, “the key is protecting yourself from the next StrandHogg.  For that, you need a front line of defense.” 

Protecting Your Devices and Data From Unsafe Apps

You should always count on a extra layer of security for your phone. dfndr security, for example, has a Safe App Installer feature that can operate as your advance-line of defense against apps like SuperHappyFunGame, and the next generation of trojans  StrandHogg uses. Safe App Installer will also keep you protected from all other malicious apps. “The feature lets you know if an app is unsafe before you even install it,” Simoni advises, “and our team does the work to constantly update our database of malicious apps.” With Safe App Installer, every app you consult before installation will be rated for trust. 

There are two levels of alert if Safe App Installer discovers an issue:

• Security Alert: If the app is malware.
• Privacy Alert: If the app already experienced a data breach

An app is rated as Trusted only if the app is not malware or has never experienced a data breach.  

dfndr security also offers Anti-Theft Protection for your device, and Identity theft protection for you.  “Our PRO package has been very thoroughly thought out to provide users with the full suite of protections they need,” Simoni concludes.

We’ll continue to provide updates here on the PSafe blog for new malware that could compromise your security and safety — stay tuned!

O post StrandHogg 2.0 Steals Data From Real Apps apareceu primeiro em PSafe Blog.

However, there’s one great reason to always stay on top of things and update your Android apps whenever they offer one. And it may just be the best reason of all: SECURITY.

“Most apps will update for a variety of different reasons, but one of the most common reasons is security,” says Emilio Simoni, Research Director at dfndr lab. “Engineers are always testing and discovering vulnerabilities in their apps, so even if an update has no new features, for your own good, you should make it a habit to update. Or, set your device to update apps automatically.”  

Why You Should ALWAYS Update dfndr security

dfndr security’s main objective is to keep you safe. That is the reason why you should always do updates with dfndr security immediately when you receive notice of them. Our antivirus database is constantly being updated, often with the defense against the latest, most widespread threats – so if there’s ONE app you want to keep up to date, make it dfndr security.

Why not take a moment and check now to see if your drndr security is up to date?

Follow the instructions from Google below to make sure your dfndr security app always updates automatically:

• Open the Google Play Store app.
• Tap Menu > and then > My apps & games.
• Select dfndr security as the app you want to update.
• Tap More.
• Tap Enable auto update.

dfndr security will then update automatically when updates are available. To turn off automatic updates, just uncheck the box.  This is what the Enable Auto Update looks like when selected:

Set Your Android Apps To Update Automatically

Android lets you control automatic updating so that it always occurs only when you’re connected to WiFi. Setting to Auto Update with WiFi is a great way to make sure all your apps are always up to the second.  Here’s how to make that happen:

• Open the Google Play Store app.
• Tap Menu, Menu and then Settings.
• Tap Auto-update apps.
• Select the Over Wi-Fi only option to automatically update apps only when connected to Wi-Fi.

If you need to do an emergency update and you have no WiFi you can override this setting.

Viruses, Hackers, and Malware Are Out There.  Keep them OUT!

“We’re seeing lots of aggressive activity among hackers since the start of the Coronavirus Pandemic,” Emilio reminds us, “If you keep your dfndr security always app up-to-date it’s going to give you the best protection we have to make sure you can use the web safely.” Simoni concludes: “And right now, with social distancing still in effect in so many places, you want to make sure your access to the web is safe and secure.”

O post Always Update Your Android Apps: Start With dfndr security apareceu primeiro em PSafe Blog.

“Eventbot” leverages Android accessibility to reap private data from financial applications. It also has the ability to hijack SMS-based two-factor authentication codes, and it can even read user SMS messages. A very foreboding mix of capabilities. 

“This one is especially dangerous,” remarks Emilio Simoni, Research Director at dfndr lab, “Eventbot is a trojan that targets over 200 different financial apps.” Simoni explains that these  include banking, money transfer services, and crypto-currency wallets like Coinbase, Paypal Business, TransferWise, HSBC, CapitalOne, Santander, Revolut, and Barclays… and many more.

How EVENTBOT Does Its Damage

 First identified in March 2020, Eventbot makes its way onto phones by posing as a legitimate app: Adobe Flash, Microsoft Word, and similar.  Eventbot primarily resides on unofficial Android App stores and other unauthorized websites, it has also been delivered through bulk SMSs and Emails, typically offering special savings on popular Android apps.

When installed, Eventbot requests a robust list of permissions, including accessibility settings; “read” permission from external storage; the ability to send and receive SMS messages; run in the background; and launch after system boot.

Users who grant these permissions unwittingly enable EventBot to operates as a keylogger, which can extract notifications about other installed applications, and scan and scrape the content of open windows. It also further-leverages Android’s accessibility services to steal the lock-screen PIN — then sends all of its stolen data in an encrypted format to its command-center server. 

Simoni explains: “The ability to track SMS messages also enables this malware to pass-through SMS-based two-factor authentications, which opens the gates wide for financial attacks of the very worst kind.”

Protect Yourself

“It’s important to always rely on a security mechanism. dfndr security, for example, has a Safe App Installer feature that is designed expressly to deal with dangerous apps like this,” Simoni offers, “This feature lets you know if an app is safe before you ever install it, and its updated constantly by the PSafe security team. We scan the web constantly for updates and information to enrich our database.”

With Safe App Installer, any app you intend to install will be rated for trustworthiness. There are two levels of alert if the feature discovers an issue:

• Security Alert: If the app is malware;
• Privacy Alert: If the app already experienced a data breach;
• Trusted: If The app is not malware or has never experienced a data breach. 

 “Eventbot would absolutely trigger a security alert,” Simoni notes.

The free version of dfndr security also has an anti-hacking capability that blocks scams directly on the SMS app, web browsers and messaging apps (WhatsApp and Facebook Messenger). It also offers a URL checker to check the security of any URL you enter.

Further Safety Measures for EventBot (and Similar Trojans)

One of the easiest ways to protect yourself is to make sure that you are only downloading mobile apps from authorized sources,” Simoni emphasizes. “With malwares as dangerous as Eventbot making the rounds, you have to be doubly alert and careful with any unofficial links.” As a rule, you’ll want to avoid any links sent by people unknown to you, and from bulk marketing SMSs and Emails. Finally, be careful with permissions required by various apps — if the list is extremely long or doesn’t make sense, be on guard.

Consider dfndr Pro

One of the best ways to protect your information now is to upgrade your dfndr security app (if you haven’t already) to PRO.  (This link will help you learn more, and you can use it to download PRO if you decide it’s right for you.).

 With dfndr Pro in your toolbox, the rest is a matter of staying as aware as you can to protect yourself and your family. PSafe will continue to provide updates here for new malwares that we discover that is especially noteworthy.

This one is VERY dangerous, so be careful out there!

O post New Android Malware, “Eventbot” Targets Financial Data apareceu primeiro em PSafe Blog.

Is iOS Safe?

Every mobile operating system has its irregularities and flaws. However, many people still believe that iOS is 100% secure and its technology is not affected by scams or malware.

According to Emilio Simoni, director of dfndr lab, PSafe’s digital security lab, says that having an iOS doesn’t mean you can ignore all threats and risks on the internet, such as phishing, malware, and ramsonware. It’s important to know how to protect your iPhone from viruses, circumvent vulnerabilities, and watch over the privacy and security of your data.

According to a Forbes report, a survey revealed that 38% of all iOS apps contain critical vulnerabilities, the vast majority due to inaccuracies found in the early stages of app development. These types of flaws can give opportunities to hackers who are facilitating scams and consequently compromising the protection of Apple users. The number may be shocking, but that’s just the tip of the iceberg.

Symptoms of a Broken iOS

As the popular phrase says, “Prevention is better than the cure.” We’ve listed 5 characteristics of a broken iOS that are easy to spot:

Your Battery Doesn’t Last Long
When it is noticeable that battery life has shortened significantly with recent use or your iPhone takes longer to fully charge, malware could be a possibility. Another indicator may be if your phone feels unusually warm, which almost always points to software problems. If your device is warming up even without being used, it may mean that a virus is acting in the background.

Phone Performance Diminishes
The presence of malware on any system makes it operate poorly. It’s important to pay attention to any performance issues with your iPhone. Unusual slowdowns, apps that suddenly close or crash excessively are some indications that something is not right.

Your Data Runs Out
If you notice a spike in your data charges, it may be that there are malicious apps that run even with the screen locked, draining data sneakily from your phone.

There’s Non-User Activity
Links, messages, posts, likes, and shares that you did not perform may point to an identity theft case. If a hacker has access to your device, they also have access to all the accounts linked to it.

Phone Makes Strange Sounds
During a call, a compromised iPhone may make strange background noises, often described as echoes, squeaks, or clicks. These sounds can be caused by a weak signal, interference, or the worst scenario possible: someone is listening to your microphone. Be aware of any odd sounds your iPhone makes when not in use.

How to Protect my iOS from Scams

The dfndr lab experts have put together key measures to keep your iPhone safe: 

Choose a Strong Password
Always, always create good passwords for your accounts. They should be alphanumeric (composed of letters, numbers, and symbols). Also, it’s important that you have a different password for each online account. Avoid sequences like “1234abc” or important dates. Security experts also recommend changing your password every 30 days.

Keep Your Operating System Current
It’s essential that iOS is always the latest version, as hackers occasionally encounter exploitable coding flaws, making it easier to access personal data. Apple offers periodic updates as a way to correct these inconsistencies, so in addition to protecting your iPhone from viruses, it also improves performance overall.

Don’t Click on Suspicious Links
Be wary of links that offer great deals and discounts, especially if they are advertised in messaging apps such as WhatsApp. In addition, fake news also presents a certain risk that goes well beyond misinformation. Always research the information to make sure it’s from credible sources. When in doubt, do a link analysis, such as the offered by dfndr lab. The link checker lets you know if a site is dangerous without having to access it.

Use Trusted Antivirus
There is controversy about using security applications for the iPhone. But, according to Simoni, there will always be cybercriminals looking for vulnerabilities, whether on the Android or iOS system. It’s vital to keep a good security system installed on your phone to keep it secure. dfndr security is available for Android and iOS provides several tools to protect you against identity theft, malicious links, scams, and fake websites. You can download dfndr security for free here.

O post Is iOS safe? Discover Some Secrets About your iPhone apareceu primeiro em PSafe Blog.