Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Fraud Apps. Show all posts

Scammers Exploit Kids with Fake Fortnite and Roblox Offers

Children are increasingly the targets of sophisticated internet fraud in an era where digital connections predominate. Recent studies point to a concerning pattern where con artists leverage children's love of well-known video games like Fortnite and Roblox to commit marketing fraud, enticing young users with phony incentives. The need for parents and guardians to be always on the lookout for their children's internet activity is underlined by the meeting point of innocent excitement and malicious purpose.

Scammers are taking advantage of the exponential growth in the number of youthful gamers in the gaming business. Threat actors have allegedly created a sophisticated method of operation that revolves around making alluring offers that promise exclusive in-game currency or content for games like Fortnite and Roblox. These fraudulent schemes are frequently disseminated through websites, PDFs, or emails that at first glance seem real.

The scam's mechanics involve leveraging children's insatiable appetite for virtual rewards. Kids are prompted to click on links or download attachments under the pretext of accessing rare skins, virtual currency, or exclusive items for their beloved games. Unbeknownst to them, these actions often lead to a cascade of malicious events. The links can take them to phishing sites designed to steal personal information, while attachments might contain malware that compromises the security of the device and data.

Young gamers need to be informed about the dangers present in the digital world by parents, guardians, and instructors. To prevent kids from becoming victims of these frauds, the following precautions can be taken:

  • Open Dialogue: Initiate open conversations with kids about online safety and potential scams. Encourage them to share any suspicious messages they come across.
  • Teach Critical Thinking: Impart critical thinking skills to help children assess the authenticity of offers. Teach them to verify the legitimacy of websites and scrutinize URLs.
  • Emphasize Privacy: Stress the importance of not sharing personal information online, including email addresses and passwords, without explicit parental consent.
  • Implement Security Measures: Install reputable security software that can detect phishing attempts, malicious links, and malware.
  • Monitor Online Activities: Keep a watchful eye on your child's online interactions, friend lists, and downloads.
Cybercriminals' strategies evolve along with technology, thus it is crucial for both young gamers and the adults who serve as their mentors to remain knowledgeable and proactive. Together, one can make sure that people who want to take advantage of children's innocence don't ruin the fun of virtual exploration and creativity in games like Roblox and Fortnite. 

Urgent Action Required: Delete Apps with Privacy Breach Potential

 


Whenever your phone is running low on storage, it's always an excellent idea to remove apps that could be taking up a lot of space - especially if you think they could spy on you. For some apps, however, the "delete" button will not suffice and you will need to do more than just hit it. It is imperative to remember that even when you think you have deleted an app, it might still exist in the background. This could make your device unstable or cause other problems.  

Several apps on the Google Play Store have been compromised with spyware that has compromised the personal information of over a million users in a matter of minutes, cyber experts warn, and the spyware could steal your information, location, videos, photos, and even your voice without warning. 

Experts urge users to delete the two compromised applications immediately from their devices. The Hill says these two compromised apps are called "File Recovery & Data Recovery" and "File Manager." The Google Play Store, where these two apps were available to download on the platform may have compromised more than a million users' data by spyware. 

An application to manage files is programmed to launch without interaction from users, according to Pradeo, a cybersecurity company. Additionally, they have been programmed to silently download sensitive user data to various malicious servers in China. From there, it is silently transferred. 

The developer of both apps was the same person. Using smartphones, social media, and email, they are stealing contact lists from devices and social media. In addition to pilfering photos, audio, and videos, the apps also collect real-time location information. The apps must still be deleted if you still have them installed, even if they have not been downloaded yet. 

According to Pradeo, it is prudent to be cautious about apps with hundreds of thousands of downloads but a lack of reviews and to always read each review and the app permissions carefully before downloading. 

Experts found that Recorder - Screen Recorder accessed users' photos, recorded audio recordings, secretly gained access to them, and even created audio recordings of them. These recommendations came just over a month after another app, iRecorder - Screen Recorder, was removed from Google Play. 

A Pradeo report indicates that the two apps have been downloaded approximately 1.5 million times combined. This security firm also believes that bots are probably responsible for inflating download numbers because their website has few reviews, which also appears suspicious. 

You do not have to worry about losing your personal information if you can remove an app completely. All your personal information will be safe. It's recommended that you know the following things when deleting an app to protect your phone and your data. 

If you want to further increase your phone's security by deleting iPhone apps, hiding apps on an iPhone, and confirming (and changing) your iPhone privacy settings, you may want to learn how to do so.

The Cost of Convenience is High 


Our daily routines feature many different apps that we use regularly throughout the day without giving them much thought, integrating them automatically into our daily routines without noticing them. The truth is, they can make our lives easier and save us time each week. However, there can also be some disadvantages associated with this convenience. 

Although users share their data hoping the app’s creator will keep it safe, that is not always the case. Many apps fail to use encryption and other security features, leaving their private information vulnerable to criminals and hackers. Tcherchian adds apps are the top mode of attack in most data breaches, according to the 2021 version of Verizon’s Data Breach Investigation Report. FYI, that’s not the only reason to worry about smartphone apps stealing your data. 

Apps You Should Avoid 


Certain apps are particularly troublesome for some users. According to experts, these apps should be deleted as soon as possible on your phone but even better, you should avoid installing them in the first place, or better yet, you should never install them at all. 

Vixamar says several apps are incredibly dangerous in terms of security and privacy since they violate a range of different protocols. Several apps out there require access to your photos, files, camera, microphone, and more, completely or in combination, so you need to be cautious. 

Whenever you use an app, you should ask yourself the question, "Is this app really in need of all of this access, or does this app fit my needs?". Before downloading an app, watch for these signs to ensure you aren’t downloading a malware-ridden app. Of course, the most important thing is for your phone to be safe within the framework of your security measures.

Cloud Cryptomining Scam in Google Play Rakes in Cash

 

Researchers stated that fraudulent crypto mining applications available for download on Google Play have scammed more than 93,400 people so far, taking at least $350,000. 

The applications, which are divided into “BitScam” and “CloudScam” variants, market themselves as delivering bitcoin mining services for a charge, according to Lookout. 

“These apps were able to fly under the radar because they don’t actually do anything malicious,” said Ioannis Gasparis, a mobile application security researcher at Lookout, in an analysis released on Wednesday. 

“They are simply shells set up to attract users caught up in the cryptocurrency craze and collect money for services that don’t exist. Purchasing goods or services online always requires a certain degree of trust — these scams prove that cryptocurrency is no exception.” 

In addition to charging for the “apps,” the fraudsters push extra services and upgrades that users may buy within the apps, either directly by transferring Bitcoin to the creators' wallets (the BitScam version) or through the Google Play in-app billing system (the CloudScam version). On the official Google Play store, there were 25 similar apps, with a total of 170 when third-party app shops are included. Although the crypto mining applications have been deleted from Google Play, there are still hundreds more accessible for side-loading, according to Gasparis. 

He said in the report, “Cloud mining introduces both convenience and cybersecurity risks. Because of the simplicity and agility of cloud computing, it is quick and easy to set up a realistic-looking crypto-mining service that is really a scam. Cybercriminals have set up similar schemes to steal from desktop users, [but this is] the first scam that packages this scheme into mobile apps.” 

Working of mobile, socially engineered cryptomining scams: 

After downloading the app and creating an account, users are presented with an activity dashboard that claims to show the “available hash mining rate.” It also has a counter for the number of coins the victims are supposed to have earned. 

“The hash rate displayed is typically very low to lure the user into buying upgrades that promise faster mining rates,” Gasparis noted. Such “virtual hardware” upgrades can range from $12.99 to $259.99, Lookout found. Other “upgrades” include spendier subscription plans with lower minimum withdrawal balances and higher supposed mining rates. Users also are told they’ll earn “20 percent” of their friend’s earnings if they refer someone to the app, and are offered “daily rewards.” 

In terms of the coin counter, the applications just show a fake balance. The counter progressed only when the app was running in the foreground in some of the applications examined, and it was reset to zero when the mobile device was rebooted or the app was resumed. Some of the totals were limited: After counting to 10 on the CloudScam software "BTC Cash," for example, the counter resets to zero. 

“If cloud mining was actually taking place in either BitScam or CloudScam, we would expect the coin amount displayed to be stored in a secure cloud database and queried via an API,” Gasparis stated. 

Users are also prevented from withdrawing any coins unless they achieve a certain minimum balance in the applications (not that any coins actually exist). Even if such balance is purportedly attained, the applications merely display a notification informing the user that the withdrawal transaction is pending while simultaneously resetting the user's coin balance to zero. The user may receive an error message stating that the balance is inadequate for withdrawal in some situations. 

According to Gasparis, the first samples of these crypto-scam apps were disseminated through third-party app stores in the second half of 2019. He went on to say that it's possible that since then, rival entities have emerged to market their products in this area. 

He added, “My conclusion that CloudScam and BitScam are run by competing groups is based on the fact that each family has completely different codebases. There are a lot of mentions of Android bitcoin miners in general on the Dark Web, though nothing specific to the apps we found.” Gasparis informed Threatpost that he had no idea how to fix the applications, including how to halt subscriptions and reclaim any costs. 

“Purchasing goods or services online always requires a certain degree of trust in the vendor or at least the app store processing the transaction,” Gasparis noted in the report.

“While this is true for any online transaction, it is even more important with respect to financial services such as cryptocurrency investments. The scammers running this scheme were able to tap into the existing frenzy created by the hot cryptocurrency market. But no matter how high cryptocurrency valuations climb, there is no substitute for appropriate due diligence before purchasing a cryptocurrency mining app.” 

Lookout has five suggestions for identifying bitcoin scammers: 

1.Get to know the app's creators. What certifications or credentials do they have, what other applications have they created, do they have a website, and can you contact them? 

2.Install it from a reputable app store. While it's difficult to identify fraud, downloading from an official shop decreases your chances of getting malware. 

3.Take the time to read the terms and conditions. The majority of scam applications contain fictitious information or lack any terms. 

4.Use the app's reviews from other users to your advantage. When it comes to spotting frauds, reading other users' experiences with the app may be eye-opening. 

5. Understand the app's permissions and functions. Examine the app's actions for any red flags. Is the program requesting rights that it doesn't require to function? Is there a sudden crash or reset of the app, a sudden reset of the bitcoin balance, and a sudden reset of the displayed numbers? 

Cryptoming Scam Apps:

The scam apps that were available on Google Play and may still be installed on victims’ phones are:

1. BitScam (18): Top Coins, Mr Bitcoin, Star BTC, Bitcoin Burn, Moon BAT, Bito Holic, Bito Hash,  BitHash, Multi Coins, BitcoinCash Miner, Airdrop, Bright Miner, Pink BTC, XMR Miner, COIN Master, ETHMINER PRO, crypto cloud mining pro and Btc Miner pro.

2. CloudScam (7): Bito Miner, Mining Machine, BTC CLOUD, BTC Cash, Black Crypto, Cloud Mining, and Crypto Pro-Miner.