During the past few months, Joker has become one of the most active Android malware infections. Joker rides on the coat-tails of seemingly legitimate apps, then covertly signs up users for pricey subscription services. It can also steal SMS messages, contact lists, and device information. 

Joker variations seem to arrive in batches, with a fresh batch leeching onto dozens of apps as recently as September. 

Joker Infiltrates The App Store

“One of the best ways to avoid malware and trojan apps is to use Google’s sanctioned app store,” says Emilio Simoni, PSafe’s dfndr lab Research Director, “but unfortunately, Joker has managed to disguise itself and mutate so profusely, that it has found its way on to several apps within the official Google Play marketplace. Of course third party app stores are also offering Joker-tainted apps — so the best protection is going to be a strong security app that sniffs out malware-tainted apps immediately, like our dfndr security Pro.”

Google removes the offending apps as soon as they’re reported — but the high rate of variation and concealment with this particular trojan keeps bringing new specimens on board.

Delay Tactics

“Part of what makes Joker so effective is that it waits to take effect,” Simoni remarks. “After the trojan-app is downloaded (many of these are knockoffs of better-known apps) it waits to drop a very small packet of code, it then reaches out to the server that loads the malware that does all the dirty work.” 

What Can You Do To Stay Safe?

Good hygiene with your digital devices includes:

• Installing only the apps that you need and use. Loading up your device with as many apps as you can imagine using is a hazardous path. 
• Being wary. Look for apps from developers you know and trust.  Do a little background checking and make sure that cool new app is coming from a known and trusted provider.
• Cleaning house periodically. To keep the number of apps you use to a minimum, do a periodic review of the apps on your phone and delete the ones you’re not using. 

“Good security habits are always the first step,” Simoni observes, “but we can see that with truly devious malware like Joker, personal vigilance may not be enough.  When a piece of malware is mutating on a monthly basis, you need a dedicated security solution to help keep you safe.” 

The Best Defense Begins BEFORE Dangerous Apps Are Downloaded

An excellent way to protect yourself is to use a security application like dfndr security Pro, which has a dedicated Safe App Installer that can tell you if the app you’re about to install has been identified as malware.  This is exactly what the Safe App Installer does: it AUTOMATICALLY protects you from malware and apps known to compromise your data — before you even install them.

More Protection for Your Digital Life

Safe App Installer is only one of the key features dfndr security Pro offers.  It also comes with a full suite of security capabilities that can protect you not only from digital threats, but from thieves “IRL” as well.

Beyond Safe App, there are four additional features dfndr security Pro offers to protect you and make your digital life easier:

Anti-theft protection: Protects against physical loss that leads to data loss: in case of theft or loss of your device, you can lock  it down remotely, find the phone on a map; or, activate a loud alarm to find it nearby. You can also get a picture of the thief, and wipe the phone of your personal data.

Privacy Protection: You can locate on a map where your app data is going and how it might be used by third-parties.

Unlimited Identity Theft Reports: These reports provide “perimeter defense,”looking out for privacy vulnerabilities beyond your own device. These reports reveal if any of your information has been leaked, with a one-click check of a database with over 10 billion compromised credentials. 

Ad-Free: As an extra bonus, Pro is totally ad-free.

Get The Protection You Need Today

Click here to download dfndr security and free trial dfndr security Pro to put all of these features to work securing your phone, your data, and your digital life. dfndr security Pro offers a full suite of protection, constantly updated, to make sure “you’re safe out there.”

O post Joker Malware is Back (And It’s No Joke) apareceu primeiro em PSafe Blog.

How Fakespy Entices Users

“Hackers are always looking for our soft spots,” remarks Emilio Simoni, PSafe’s dfndr lab Research Director “and FakeSpy uses the natural excitement people have for receiving a package of some kind. Most people immediately want to know who sent you something, and what you might have received.”

Typically, this malware loads via a fake app posing as the website for your country’s mail service — in America, the USPS; in England, the Royal Mail, and so on.  The fake app is designed to look like the real thing, and once it downloads and the fake transaction is completed, it actually passes the user on through to the real USPS site, to avoid detection. Meanwhile, the malware has loaded, and a broad host of information stealing is underway: financial information, account information, app information, contact lists — Fakespy can even read other SMS messages.  And, like most malware, Fakespy immediately begins its work to replicate itself by sending offers to its victims’ contact lists.

Permissions Required Provide a Warning…

“It’s a very sophisticated and still evolving malware,” Simoni warns, “the people behind it have been refining its design for some time now.” One strong warning-sign is that the app asks for extensive permissions — but many users have grown accustomed to approving these for sites they trust. “If the enticement of a missed package works and the fake mail-delivery site is compelling, it’s easy to see how victims can get manipulated,” Simoni says.

What Can You Do To Stay Safe?

“The first thing to remember is that hackers are using every venue available to them to get their software on your devices,” Simoni explains. “Add smishing and vishing to your malware vocabulary and keep in mind that callers and texters may not always be who they appear to be— or say they are.”  

However hard you work to stay informed, a good protection solution — with a team behind you, is almost essential to stay one step ahead of all the various threats evolving in the digital landscape.  

The Best Protection, For The Worst Threats

An excellent way to protect yourself is to always keep a security installed on your phone. dfndr security offers a full suite of security capabilities that can protect you not only from digital threat, but from everyday thieves as well. Click here to install for free.

(Remember, they steal devices and data too!) 

These are the features dfndr security Pro offers to protect you:

Safe App Installer: AUTOMATICALLY protects you from malware and apps known to have had data breaches — before you install them.

App Privacy Scan: You can locate on a map where your app data is going and how it might be used by third-parties.

Unlimited Identity Theft Reports: These reports provide an “outer-perimeter” defense, looking out for privacy vulnerabilities beyond your own device. These reports reveal if any of your information has been leaked, with a one-click check of a database with over 4 billion compromised credentials. 

Anti-theft Protection: Protects against physical loss that leads to data loss: in case of theft or loss of your device, you can lock it down remotely, find the phone on a map; or, activate a loud alarm to find it nearby. You can also get a picture of the thief, and wipe the phone of your personal data.

Ad-Free: As an extra bonus, Pro is totally ad-free.

Stay Safer!

With dfndr security in your toolbox, the rest is a matter of staying as aware as you can.  Follow a few simple rules to avoid and minimize digital damage:

• Take extra care with any link from an unknown source — and be extra wary if it promises a surprise of some kind. Check your curiosity!
• Don’t click on any links sent to you via email or SMS from unknown people.  And if you get a link from somebody you know, ask: WHY would he / she send me this?
• Only download or install software from trusted sources!
• Make sure you do regular backups on your machines!

Be careful, and we’ll keep you informed as always, whenever we hear more about Fakespy, or any other major threats!

O post “Smishing” Malware Uses Missed-Delivery Notification To Lure Victims apareceu primeiro em PSafe Blog.

Strandhogg 2.0: Worse Than The Original

“StrandHogg 1.0” used Android’s task affinity to hijack applications—by matching the packageName of any other app, then allowing “TaskReparenting,” the StrandHogg app would be launched, undercover, in place of the target app — then share the information with the attacker and the targeted app (to go unnoticed).

Image Source: Promon

Emilio Simoni, research director at dfndr lab explains:  “Using this method, you would see (for one typical example) what looks like a fully legitimate Gmail icon on your phone, with the usual login dialogue — just exactly as it would appear when you’re logging back  into your account. But once you enter your credentials, you’ve unknowingly shared them with the attacker too. To shield its intervention, your info is also sent to Gmail (or whatever other legitimate application has been hijacked), continuing your transaction and leaving no signs you’ve been compromised. The malware comes on board in the form of innocent looking game apps — one named SuperHappyFunGame — but it does its worst work undercover.”

StrandHogg’s 1.0 weakness was the presence of sketchy task affinity codes in the Android Manifest. Scouring for the 1.0 version required simply scanning the Google Play store for these problematic taskAffinity declarations. But StrandHogg 2.0 doesn’t require any special settings, because the attacking code isn’t necessarily present on the Play Store. Instead, the attacker just downloads the attack code later, once the trojan app or game has taken up residence.

StrandHogg 2.0 also hijacks additional data via app permissions: so contacts, photos, and it can even victim’s movements and location are compromised. Simoni advises: “With the right permissions, StrandHogg 2.0 can even siphon off entire text message conversations, which can enable hackers to defeat two-factor authentication protections.”

The Norwegian security firm Promon, the firm that gave the malware its name,  suggests that updating Android devices with the latest security updates — out now — will fix the vulnerability. Users are advised to update their Android devices as soon as possible. 

“However,” Simoni warns, “the key is protecting yourself from the next StrandHogg.  For that, you need a front line of defense.” 

Protecting Your Devices and Data From Unsafe Apps

You should always count on a extra layer of security for your phone. dfndr security, for example, has a Safe App Installer feature that can operate as your advance-line of defense against apps like SuperHappyFunGame, and the next generation of trojans  StrandHogg uses. Safe App Installer will also keep you protected from all other malicious apps. “The feature lets you know if an app is unsafe before you even install it,” Simoni advises, “and our team does the work to constantly update our database of malicious apps.” With Safe App Installer, every app you consult before installation will be rated for trust. 

There are two levels of alert if Safe App Installer discovers an issue:

• Security Alert: If the app is malware.
• Privacy Alert: If the app already experienced a data breach

An app is rated as Trusted only if the app is not malware or has never experienced a data breach.  

dfndr security also offers Anti-Theft Protection for your device, and Identity theft protection for you.  “Our PRO package has been very thoroughly thought out to provide users with the full suite of protections they need,” Simoni concludes.

We’ll continue to provide updates here on the PSafe blog for new malware that could compromise your security and safety — stay tuned!

O post StrandHogg 2.0 Steals Data From Real Apps apareceu primeiro em PSafe Blog.

“Eventbot” leverages Android accessibility to reap private data from financial applications. It also has the ability to hijack SMS-based two-factor authentication codes, and it can even read user SMS messages. A very foreboding mix of capabilities. 

“This one is especially dangerous,” remarks Emilio Simoni, Research Director at dfndr lab, “Eventbot is a trojan that targets over 200 different financial apps.” Simoni explains that these  include banking, money transfer services, and crypto-currency wallets like Coinbase, Paypal Business, TransferWise, HSBC, CapitalOne, Santander, Revolut, and Barclays… and many more.

How EVENTBOT Does Its Damage

 First identified in March 2020, Eventbot makes its way onto phones by posing as a legitimate app: Adobe Flash, Microsoft Word, and similar.  Eventbot primarily resides on unofficial Android App stores and other unauthorized websites, it has also been delivered through bulk SMSs and Emails, typically offering special savings on popular Android apps.

When installed, Eventbot requests a robust list of permissions, including accessibility settings; “read” permission from external storage; the ability to send and receive SMS messages; run in the background; and launch after system boot.

Users who grant these permissions unwittingly enable EventBot to operates as a keylogger, which can extract notifications about other installed applications, and scan and scrape the content of open windows. It also further-leverages Android’s accessibility services to steal the lock-screen PIN — then sends all of its stolen data in an encrypted format to its command-center server. 

Simoni explains: “The ability to track SMS messages also enables this malware to pass-through SMS-based two-factor authentications, which opens the gates wide for financial attacks of the very worst kind.”

Protect Yourself

“It’s important to always rely on a security mechanism. dfndr security, for example, has a Safe App Installer feature that is designed expressly to deal with dangerous apps like this,” Simoni offers, “This feature lets you know if an app is safe before you ever install it, and its updated constantly by the PSafe security team. We scan the web constantly for updates and information to enrich our database.”

With Safe App Installer, any app you intend to install will be rated for trustworthiness. There are two levels of alert if the feature discovers an issue:

• Security Alert: If the app is malware;
• Privacy Alert: If the app already experienced a data breach;
• Trusted: If The app is not malware or has never experienced a data breach. 

 “Eventbot would absolutely trigger a security alert,” Simoni notes.

The free version of dfndr security also has an anti-hacking capability that blocks scams directly on the SMS app, web browsers and messaging apps (WhatsApp and Facebook Messenger). It also offers a URL checker to check the security of any URL you enter.

Further Safety Measures for EventBot (and Similar Trojans)

One of the easiest ways to protect yourself is to make sure that you are only downloading mobile apps from authorized sources,” Simoni emphasizes. “With malwares as dangerous as Eventbot making the rounds, you have to be doubly alert and careful with any unofficial links.” As a rule, you’ll want to avoid any links sent by people unknown to you, and from bulk marketing SMSs and Emails. Finally, be careful with permissions required by various apps — if the list is extremely long or doesn’t make sense, be on guard.

Consider dfndr Pro

One of the best ways to protect your information now is to upgrade your dfndr security app (if you haven’t already) to PRO.  (This link will help you learn more, and you can use it to download PRO if you decide it’s right for you.).

 With dfndr Pro in your toolbox, the rest is a matter of staying as aware as you can to protect yourself and your family. PSafe will continue to provide updates here for new malwares that we discover that is especially noteworthy.

This one is VERY dangerous, so be careful out there!

O post New Android Malware, “Eventbot” Targets Financial Data apareceu primeiro em PSafe Blog.

If anything, they’ve only grown more brazen and active. “Overnight, the pandemic has become the number one subject on everyone’s mind,” explains Emilio Simoni, Research Director at dfndr lab, “and that’s irresistible to hackers and scammers.”

Simoni continues: “The first job of any scammer is to get your attention: to stop you on your path and pull your interest toward their offer or message.  The coronavirus pandemic has created a topic that everyone is intensely interested in, all over the world. This has made the scammer’s job much, much easier. And they’re making use of both the intensity of interest and the global breadth of exposure.” 

An Explosion of Coronavirus Malware

Under Simoni’s direction, the experts at the dfndr lab have found more than 227 different Coronavirus-content scams. Most of them offer a dashboard which falsely promises users access to a real-time map for global or local surveillance of COVID-19 cases. As soon as they’re downloaded, they act as ransomware. Typically, they lock the home screen and blackmail the victim into paying a specified amount of money to “unlock” the phone. The ransomware messages are often intimidating, claiming access to photos and private information, like this one:

SuperVPN: 100 Million Users, Finally Deleted From The Google Store

But coronavirus scams aren’t the only vulnerability out there. As Emilio Simoni explains: “You need security solutions that look out for more than scams and hackers. Even apps that aren’t clearly malware or ransomware can totally compromise your security. SuperVPN is a perfect case in point: it’s security problems have been known for over a year, but the app has been removed from the Google Play store very recently.”

SuperVPN offered users the ability to browse the internet as if they were coming from a different country, providing access to sites and functions that they wouldn’t normally be able to reach. For the app to work, an exchange of information between the device and the app was required. That process of exchange was loaded with serious vulnerabilities, and resulted in the theft of data like passwords and credit card numbers. Beyond its security issues, SuperVPN also appeared to violate Google Play’s algorithm in order to get more installs. They were very successful, racking up more than 100 million users before finally being removed.

“If you know anyone who has downloaded and installed SuperVPN,” Simoni remarks, “make sure they remove the app as soon as possible.”

Above is an illustration of how SuperVPN compromised user’s secure data.  (Image: VPNPro)

Protect Yourself From Hackers AND Vulnerabilities

One of the best ways to protect your information now is to upgrade your dfndr app (if you haven’t already) to dfndr Pro.  (Here’s a link where you can learn more, and download Pro if you decide it’s right for you.)

As apps with hidden “cracks” in security like SuperVPN illustrate, you have to be not only informed enough to resist the hackers and scams, you also have to have proven technical tools to keep your devices safe.

As Emilio Simoni explains it: “As we publicize these cases of hackers and scams, we want to be cautious and let people know that all data breaches or “malware” won’t always follow a specific pattern. Lots of data breaches happen with very reputable software makers or business transactions. There are many ways your data can be compromised. To be safe, you need more than your own human intelligence at work.” 

This is why dfndr Pro offers a full suite of security capabilities:

Unlimited Identity Theft Reports: These provide your “outer-perimeter” defense, looking out for privacy vulnerabilities beyond your own device. These reports reveal if any of your information has been leaked, with a one-click check of a database with over 4 billion compromised credentials. 

Anti-theft protection: Protects against physical loss that leads to data loss: in case of theft or loss of your device, you can lock  it down remotely, find the phone on a map; or, activate a loud alarm to find it nearby. You can also get a picture of the thief, and wipe the phone of your personal data.

Safe App Installer: Protects you from apps known to have had data breaches — before you install them.

App Privacy Scan: You can locate on a map where your app data is going and how it might be used by third-parties.

Ad-Free: As an extra bonus, Pro is totally ad-free.

Stay Vigilant!

With dfndr Pro in your toolbox, the rest is a matter of staying as aware as you can and protecting yourself and your family.  Consider adopting these rules for use of digital devices in your home:

• Take extra care with any link or article about coronavirus. Use reliable sources, such as legitimate government websites, to get real, fact-checked stories and information on COVID-19.
• Don’t click on links sent to you via email from unknown people. 
• Look very closely at email addresses and names: If the source looks or sounds like someone you know but the name or email address seems even slightly off…stay away! If the name is right but the message is brief or confused, or not at all like the person you know…your friend could be the victim of a hack themselves.
• Only download or install software from trusted sources. Make sure you double check url’s! 

Stay safe! We will keep you up to date on all the latest we hear about scams of all kinds: coronavirus-related, and otherwise. Until then, stay safe and keep your loved ones safe and informed too. 

Finally,  if you or someone you know is a healthcare worker, please accept (or pass on) our grateful thanks.  

O post Be Careful: There’s A Malware Pandemic Underway Too… apareceu primeiro em PSafe Blog.