Tag Archives: ransomware

‘Ghost Push’ Malware Threatens Android Users

Why should you update your Android device’s operating system? Two words. Ghost Push.

The well known trojan has had various iterations and it’s often updated to bypass new security updates.

At its peak, Ghost Push infected over 600,000 Android devices daily, a colossal number. The trojan is capable of rooting phones, displaying revenue-generating ads that drain your battery, and can be used by hackers as a means of spying on the infected party.

When infected, it is virtually impossible for the device’s owner to remove the virus, even by factory reset, unless the firmware is reflashed.

This is not an easy malware to get rid of.

The good news? A simple update of your Android operating system can make your phone much less penetrable to this type of malware.

However, even though Android has released version 7, Nougat, of its OS, there is still cause for concern. Recently released figures show that Android users are slow on the uptake when it comes to updating their OS. The majority of users are still running Lollipop, or earlier, meaning that they are vulnerable to the Ghost Push virus.

The latest iteration of the Ghost Push trojan.

In fact, the latest iteration of the Ghost Push trojan, which was discovered in September 2015, can infect devices running on Android Lollipop (version 5) or any of the OS that came before it.

In a recent blog post, Graham Cluley drove home the issue, emphasizing the root of what, on the surface, should be an easy problem to rectify. He said, “when you compare the take-up of new versions of Android compared to Apple iOS it’s clear that one ecosystem does a much better job of getting its users to upgrade to the latest version of their OS, protecting against security vulnerabilities, than the other.

There’s a reason for this. Whereas Apple has its own integrated app store, for Android it’s a different story. In their case, carriers, smartphone manufacturers and Google all have to work together to get a new update out to users. As such, the process takes longer, and updates are rolled out with much less frequency than they are for iOS.

Android Users

This, unfortunately, has a knock on effect that only serves to make Android users even more vulnerable. As Cluley puts it, Android users end up feeling abandoned, and this leads to many of them venturing “into the cloudy waters of installing third-party ROMs like CyanogenMod that receive regular updates.”

Recent research, also looked at the type of links that delivered the malware to users. Most were short links and ad links. The country most hit by the trojan infection, meanwhile, was India with more than 50 per cent of infections. Indonesia and the Philippines rank second and third, showing that the trojan is most prevalent in Asian countries. This doesn’t mean it’s not a threat in North America and Europe, though.

Be aware

Putting your trust in third-party sources can of course be risky, and that’s where infections like Ghost Push can be unwittingly installed by users. It’s important to be aware of what’s being installed.

Unfortunately installing third-party ROMs and applications can often lead to the installation of unwanted malicious malware and even ransomware. Android users should do their best to only download applications from reputable app stores and should avoid clicking on those suspect unknown third-party links, however tempting the proposition.

The post ‘Ghost Push’ Malware Threatens Android Users appeared first on Panda Security Mediacenter.

No More Ransom — 15 New Ransomware Decryption Tools Available for Free

No More Ransom, so is the Ransomware Threat.

Launched less than a year ago, the No More Ransom (NMR) project has increased its capacity with new partners and new decryption tools added to its now global campaign to combat Ransomware.

Started as a joint initiative by Europol, the Dutch National Police, Intel Security and Kaspersky Lab, No More Ransom is an anti-ransomware cross-industry

WYSIWYE: A User-Friendly Interface for Cybercrooks

What You See Is What You Encrypt.

The trend of installing malware on corporate networks through the Remote Desktop Protocol is booming among cybercriminals. In the last few months we have analyzed several cases of ransomware attacks directed at companies from different European countries that share this methodology and are being perpetrated by the same attackers.

Once credentials are obtained through a brute force attack on the RDP, the cybercriminals gain access to the computer.

At this point, when the goal is to deploy ransomware, attackers simply execute the corresponding malware automatically to start encryption and ultimately display the ransom message. However, here we can see a more personalized type of attack

In the intrusion analyzed, we see that the ransomware has an interface through which it can be configured according to the attacker’s preferences, starting with the email address that will appear in the ransom note that will be sent to the victim.

 

With this customized attack, it’s possible to hand-pick the network computers whose information the attacker would like to encrypt, choose files, self-delete upon completing the encryption, enter stealth mode, etc.

 

How to protect your business from customized attacks

The survival of any company in a digital environment calls for establishing a solid corporate network security strategy. Prevention in the face of unknown cybersecurity threats with the goal of neutralizing it as soon as possible, or blocking an attacker should he succeed in gaining entry to the system, plays a role of top priority today.

In the present case study, from PandaLabs we blocked attack attempts that used this form of ransomware against companies protected by Adaptive Defense in Germany, Belgium, Sweden, and Spain.

Here are the MD5s of the ransomware:

4C163E182FFBA6C87EA816B7D7A7D32B
D9489263DA3A5CA7E938315EFD32522D

A timely investment in prevention, detection, and response technologies, instead of adopting perimeter-based solutions, guarantees better preparation in the defense against cyberattacks.

The post WYSIWYE: A User-Friendly Interface for Cybercrooks appeared first on Panda Security Mediacenter.

Charger, the Most Costly Ransomware to Smartphone Users

Ransomware is evolving and becoming increasingly sophisticated, posing a greater threat to companies and private users alike. This malicious software has shown that it can propagate by using the viral mechanisms of a meme, that it can directly attack corporate servers, or even camouflage itself in false resumes. And now it has made its way to other devices, namely, our smartphones.

It is now the main threat to mobile devices, until now considered to be relatively virus-free compared with their PC counterparts. Recently, a new ransomware was discovered that goes by the name of Charger, which copies all the data from your agenda, text messages, etc., and seeks admin permissions from the devices owner. If the unwary user accepts the request, the malicious code begins its attack. A message warns the owner that their device has been blocked and their stolen personal data will be sold on the dark web unless they proceed to pay a ransom.

The Most Costly Ransom

Charger’s victims will have to pay 0.2 bitcoins (at about $1000 a bitcoin, it comes out to a round $200) to, supposedly, unblock their device. It may not be the first ransomware to affect smartphones, but never before has this figure been so high.

Also new is its means of spreading.  Until now, most cyberattacks targeting mobile phones found their gateway in applications downloaded outside official app stores. With Charger it’s different. Charger attacks Android devices through a power saver app that could be downloaded from Google Play, Android’s official app store.

It is vital for employees to be aware of the dangers of downloading apps from unverified sources. They should also know that it’s not such a great idea to store sensitive corporate data on their computers or mobile devices without taking the proper security precautions. Keeping passwords or confidential documents on an unprotected device could end up giving cybercriminals just what they need to access corporate platforms.

We’ve said it before, and we’ll say it again: new attacks like these come about every day and can take anyone by surprise, be they casual users or security experts. The unpredictable nature of attacks like Charger make an advanced cybersecurity solution indispensable. Perimeter-based security solutions are simply not enough anymore.

 

The post Charger, the Most Costly Ransomware to Smartphone Users appeared first on Panda Security Mediacenter.

Apple iOS 10.3 Fixes Safari Flaw Used in JavaScript-based Ransomware Campaign

If you own an iPhone or iPad, it’s possible you could see popup windows in a sort of endless cycle on your Safari browser, revealing your browser has been locked and asking you to pay a fee to unlock it. Just do not pay any ransom.

A new ransomware campaign has been found exploiting a flaw in Apple’s iOS Safari browser in order to extort money from users who view pornography content on their

Beware! Pre-Installed Android Malware Found On 36 High-end Smartphones

Bought a brand new Android Smartphone? Do not expect it to be a clean slate.

At least 36 high-end smartphone models belonging to popular manufacturing companies such as Samsung, LG, Xiaomi, Asus, Nexus, Oppo, and Lenovo, which are being distributed by two unidentified companies have been found pre-loaded with malware programs.

These malware infected devices were identified after a Check

Looks like one Avira email but… this is bait!

Looks like one Avira email but... this is bait!

It’s well known that Ransomware often spreads via email. Most of them are phishing emails. Of late some of those emails are claiming in their subject line that they are an invoice from Avira. But that’s not all: they also come with a malicious attachment. Are those real Avira mails? No. Avira will never send […]

The post Looks like one Avira email but… this is bait! appeared first on Avira Blog.