Tag Archives: malware

Facebook Pages Impersonating Meta Are Spreading Malware

Meta, ,

Sketchy Facebook pages impersonating businesses are nothing new, but a flurry of recent scams is particularly brazen, TechCrunch reported.

A handful of verified Facebook pages were hacked recently and spotted slinging likely malware through ads approved by and purchased through the platform. But the accounts are easy to catch – in some cases, they were impersonating Facebook itself.

TechCrunch also reported that the compromised accounts include official-sounding pages like “Meta Ads” and “Meta Ads Manager.” Those accounts shared suspicious links to tens of thousands of followers, though their reach probably extended well beyond the paid posts.

In another instance, a hacked verified account purporting to be “Google AI” pointed users toward fake links for Bard, Google’s AI chatbot. That account previously belonged to Indian singer and actress Miss Pooja before the account name was changed on April 29. That account, which operated for at least a decade, boasted more than 7 million followers.

Meta posted on their Engineering at Meta blog information titled: “The malware threat landscape: NodeStealer, DuckTail, and more” Here is part of what the company posted:

  • We’re sharing our latest threat research and technical analysis into persistent malware campaigns targeting businesses across the internet, including threat indicators to help raise our industry’s collective defenses across the internet.
  • These malware families – including Ducktail, NodeStealer and newer malware posing as ChatGPT and other similar tools – targeted people through malicious browser extensions, ads, and various social media platforms with an aim to run unauthorized ads from compromised business accounts across the internet.
  • We’ve detected and disrupted these malware operations, include previously unreported malware families, and have already seen rapid adversarial adaptation in response to our detection, including some of them choosing to shift their initial targeting elsewhere on the internet.

“…We know that malicious groups behind malware campaigns are extremely persistent, and we fully expect them to keep trying to come up with new tactics and tooling in an effort to survive disruptions by any one platform whee they spread. That’s why our security teams tackle malware – one of the most persistent threats online – as part of our defense-in-depth approach through multiple efforts at once. 

It includes: malware analysis and targeted threat disruption, continuously improving detection systems to block malware at scale, security product updates, community support and education, threat information sharing with other companies and holding threat actors accountable in court. This helps raise the cost for these malicious groups and limits the lifecycle of any single strain of malware – forcing threat actors to continue to invest time and resources into constantly adapting to stay afloat…

Meta provided some information about Ducktail:

“…A long-running malware family known in the security community as Ducktail is a good example. For several years, we’ve tracked and blocked iterations of Ducktail originating from Vietnam that have evolved as a result of enforcements by Meta and our industry peers. Ducktail is known to target a number of platforms across the internet, including:

LinkedIn to socially engineer people into downloading malware;

Browsers like Google Chrome, Microsoft Edge, Brave, and Firefox to gain access to people’s information on desktop; and

File-hosting services such as Dropbox and Mega, to host malware.

Meta also provided some information about Novel NodeStealer malware:

“In late January 2023, our security team identified a new malware NodeStealer that targeted internet browsers on Windows with a goal of stealing cookies and saved usernames and passwords to ultimately compromise Facebook, Gmail, and Outlook accounts. NodeStealer is custom-written in JavaScript and bundles the Node.js environment. We assessed the malware to be of Vietnamese origin and distributed by threat actors from Vietnam…”

Regarding NodeStealer, Meta wrote: “While the file is a Windows executable file (with an exe Extension) it is disguised as a PDF file with a PDF icon. We also observed metadata on the file that attempts to disguise the file as a product of “MicrosoftOffice”. 

The best advice I can give people who are on Facebook is to put a 2FA app (two-factor authentication) on your phone. In addition, be wary of sketchy looking ads that have clickable links in them.

Have You Been Gooliganed?

Android, google, malware, ,

Check Point LogoA quick public service announcement….at the end of November security firm Check Point and Google announced that a variant of Ghost Push malware called Gooligan had infected over million Google accounts, with numbers increasing every day. The malware is present in apps typically downloaded outside of Google Play and infects devices on Android 4 (Jelly Bean and KitKat) and 5 (Lollipop).

Gooligan
Courtesy of Check Point

If infected, the malware exposes “messages, documents, photos and other sensitive data. This new malware variant roots devices and steals email addresses and authentication tokens stored on the device.” so it’s not very nice.

Fortunately, the team at Check Point have developed a tool which checks if your Google account has been compromised. All you have to do is enter the email address associated with your Android device.

While we are on the subject, if you want to check if your email address has been garnered in any of the recent security breaches, check out haveibeenpwned.com which tells you who’s been sloppy with your details (thanks, Adobe and LinkedIn).

Twitter banning Bit.ly, other URL Shortners on Direct Messages (DM)

spam, Twitter, , , , , ,

Twitter logoToday I was trying to send a direct message to a friend. Included was a bit.ly link to a page I needed him to see. For some reason, Twitter kept saying there was an error and cannot send the DM. After checking his page to make sure he was still following me and sending a couple test DMs successfully, I realized the problem was the bit.ly link.

I did a search and found that indeed – Twitter was blocking DMs with bit.ly links. They found many different links could not be sent via DMs. CBS.com was one of those who were blocked by Twitter DMs.

Of course, this is because of Twitter allowing n0n-followers to DM people. You have to opt-in to the option, but with this you can get messages from many different people.

The Twitter error Message Needs to Be Fixed

So direct messaging with a link could come back saying the person might not be following you. That could be totally confusing – especially if you know they are. I almost chalked it up as a twitter database error but decided to check and see if there was any changes.

The only advantage of allowing non-followers to DM is if your Twitter account is a corporate one or you have over 10,000 followers and don’t want to follow them all back.

The Problem with Blocking Bit.ly – the Mask-Around

Spammers are smart and/or intuitive. Instead of using bit.ly, they’ll use another system that gets around the twitter issue. Twitter might then block that, but in the meantime, you don’t see a bit.ly link – you see a My.website link. Give a spammer/hacker 2-3 days with an $8 /year website domain and they could make enough to buy another $8 domain and start the process over again.

Of course this is a very common problem with url shorteners. Tiny URL added spam block and virus protect tools shortly after they started. Bit.ly also has some preventative measures (using companies like Sophos, Verisign, Websense and more). Still, they are not responsible for 3rd party content using their links.

Bottom Line – Don’t click on unknown links

Usually bad links start with “Hey, is this you” or “I got a way you can make money” which really translates to “I got a way for ME to make money using you”. If you choose to opt-in to letting anyone DM you, keep in mind you will get spam in your message box. If you don’t feel confident you can sniff out the good from bad, then simply don’t check the box.

Fake Bad Piggies Malware Hits Google Play, Android Phones

Gaming, mobile, , , , , ,

Bad-PiggiesIf you are a fan of the Angry Birds series, then you know about Bad Piggies – a sequel to the popular bird game. Security company F-Secure detected there was a faux app in the Play store that looked and felt like the Bad Piggies by Rovio. However, this app had a slight alteration to the name (Bad Pigs) and a different developer name.

Since the detection, Google Play has removed this malware version from their store. Unfortunately  10,000 downloads have occurred since May 25, 2013. The app asks the user for permission to do more than just push notification and simple data collection.

If any app asks for more information – including full access to your location and personal information, you should remove the app and report it. Usually trojanized apps are popular games, since they see more downloads.

Bad Piggies is a free app that sees between 10,000 – 50,000 app downloads on Google Play. It is available on Android and iOS apps, along with Mac and PC.

If you are one of the duped app users, simply delete the app through Android App Manager.

GNC-2012-04-13 #757 Are you an Enabler?

Podcast, , , , , , , , , ,

I have a couple of fantastic stories to tell you tonight, but you have to listen all the way through to get the impact. I leave for Vegas and NAB tonight. I would expect the Monday show to be a complication of content from the first day at NAB. Next weeks Thursday show may be a challenge as I get back into Honolulu very late.

Support my Show Sponsor: 5 Best Godaddy Promo Codes
$0.01 GoDaddy coupon for a New domain name cjcfs3geek
$1.99 a month Economy Hosting with a free domain name. Promo Code: cjcgeek1h
$2.99 a month Managed WordPress Hosting with free Domain name. Promo Code: cjcgeek1w
Support the show by becoming a Geek News Central Insider

Download the Audio Show File

Links to all the articles talked about in this Podcast are on the Show Notes Page [Click Here]

Podcast: Play in new window | Download | Embed

Subscribe: Apple Podcasts | Google Podcasts | Blubrry | Email | TuneIn | RSS | More

Podcast (video): Play in new window | Download | Embed

Subscribe: Apple Podcasts | Google Podcasts | Email | RSS | More

G Data Mobile Security for Android

Android, application, google, mobile, scanner, Security, smartphone, tablet, Virus, , , , , , ,

G Data’s Mobile Security provides anti-virus and security monitoring for Android smartphones and tablets. Is this really necessary, you might ask, but I think after some of the recent malware removals by Google, there’s sufficient evidence that Android will increasingly be a target for malware and virus writers. Such is life.

Mobile Security provides three main functions, on-demand scans, blacklist control and authorisation checks for installed apps, all controlled from a main home screen.

G Data Mobile Security Main Screen

Tapping on any of the four areas will show the next screen for that function. Here’s the on-demand virus scanning – no surprises there – but Mobile Security also scans apps as they are installed from the Android Market (or elsewhere presumably) which gives additional protection against malicious software.

G Data Mobile Security Virus Scanning

The Permissions area shows a set of controlled features such as calls and internet access, and by selecting a particular feature Mobile Security shows the apps that have permissions for that feature. I thought that you might be able to then select an application and revoke its permissions to, say, access the internet, but the only option is to uninstall the app.

G Data Mobile Security Permissions    G Data Mobile Detailed Security Permissions

A settings screen is accessible from the menu key which provides greater control over the behaviour of Mobile Security’s activities. Usual stuff about scan intervals and automatic scans but all good stuff.

G Data Mobile Security Settings

The Logs area shows what Mobile Security has been doing and Update simply checks that the virus signatures are current and up-to-date. Nothing unexpected here.

G Data Mobile Security Logs

Unfortunately, I didn’t have any malware to hand so I wasn’t able to test out Mobile Security’s detection and disinfecting abilities but I would imagine that G Data’s got that covered.

It’s a free download from the Android Market to try it out, but it’s £9.99 per year to get updates for new malware and viruses. Alternatively, purchases of other G Data security products such as  G Data AntiVirus include a Mobile Security licence as part of the package.

The licence for this review was provided free of charge by G Data. Thanks.

 

Mobile Malware Rises

Android, malware, Virus, , ,

With the rise of smartphones and tablets, it’s not exactly unsurprisingly that they’ve increasingly become a target for cyber criminals and other unscrupulous individuals. In the first half of this year, malware for portable devices increased by 273% compared with 2010.

Cross-platform Trojans are the main source of the growth and most of these viruses are designed to enable spamming or other criminal activities. “With mobile malware, cyber criminals have discovered a new business model,” explains Eddy Willems, Security Evangelist at G Data. “At the moment, the perpetrators mainly use backdoors, spy programs and expensive SMS services to harm their victims. Even though this special underground market segment is still being set up, we currently see an enormous risk potential for mobile devices and their users. We are therefore expecting another spurt of growth in the mobile malware sector in the second half of the year.

If you think that it’s just hyperbole, think again. Zsone, an Android app in the Google Android Market sent subscriptions to Chinese premium SMS numbers and then intercepted the confirmations. The only way the user knew they’d been scammed was when the bill came in.

PC malware is on the rise too with a nearly 16% rise in the last six months. The graph below shows the rise of new malware each year since 2006 and if the growth continues, there will be more new malware in 2011 than 2006-09 combined.

It’s a bad world out there, so be careful no matter what platform you are on. Just because it’s a phone and not a PC, it doesn’t make you invulnerable.