Search This Blog

Showing posts with label Malicious Apps. Show all posts

Threats of Discord Virus: Ways to Eliminate it

Discord has gained popularity as a tool for creating communities of interest since the launch of its chat and VoIP services, notably among gamers. Discord can be exploited, though, similar to any other platform that contains user-generated material. 

It was discovered in 2021 that hackers carried out a number of malware attacks targeting Discord. Cybercriminals use various techniques to spread more than 20 different varieties that have been found. Due to Discord's broad customizability possibilities, common users are vulnerable to attacks inside and outside the chat server. Recent security analysis on Discord has uncovered a number of cyberattack scenarios connected to its chat service, which can be quite risky for users.

How does the Discord virus infiltrate the system?

The common phrase used to describe malware programs exchanged using the official Discord app is 'Discord Virus.' To get Discord users to run malicious software, cybercriminals use a variety of tactics, the pirated version of Discord Nitro is also frequently offered by attackers. 

The Discord software has a premium edition called Discord Nitro that is packed with more sophisticated capabilities. It is important to understand that the Discord Nitro app cannot be cracked because the premium features are delivered over the servers and not embedded into the app.

The system does display a few typical signs that point to the existence of Trojan infection:
  • The CPU is abruptly utilized more than normal
  • The system regularly glitches
  • Malicious pop-ups are constantly flooding browser
  • The user is not asked to initiate the opening of a window
  • Redirection to suspicious or unreliable websites
How to Update and Fix Discord

1. Operate discord as an administrator

Running the application with administrative rights may be a simple way to fix the Discord Update Failure problem. You can download and run the most recent Discord update due to this enabling the updater to change your device.

2. Give the update.Exe file a new name

A bug with the application's update.exe file was discovered by Discord's troubleshooters. For the best chance of successfully updating Discord to the most recent version, try renaming this file.

Copy "C: Users Username AppData" without the quotations and put it into the Windows + R keyboard shortcut. The username should be changed to the username for your local account.

3. Avoid using windows defender

The Discord Update occasionally crashes due to conflicts with Windows 10's default antivirus protections. Disabling Windows Defender will allow you to try updating Discord.

4. Disable your antivirus temporarily

Antivirus programs have a reputation for causing problems on computers by obstructing your internet service or preventing services and apps from operating as intended.

Discord can give rise to predatory behaviors like cyberbullying. Additionally, extreme organizations utilize Discord to recruit new members and keep in touch with them. You should take precautions against malicious users on Discord and never give out your personal information to anyone.

While utilizing the service, Discord provides a list of precautions to take in order to avoid spam and hacking. One recommendation is to create secure passwords that are less likely to be hacked. Additionally, individuals can defend themselves by scanning for suspected phishing attempts. 


Evolution of Malware and Its Ever-Expanding Landscape

 

Whether you are a large corporation or just a regular user, the internet can be deadly. And although digital technologies offer new opportunities, fraudsters are becoming increasingly skilled at exploiting them.

CrowdStrike's 2022 Global Threat Report indicates that there were 82% more ransomware-related data breaches in 2017 than there were in 2016. Iranian hackers who are supported by the government were recently uncovered to have spied on people using phoney VPN apps. Phishing operations are frequently the easier method to strike, like the current one that targeted shoppers over Black Friday. 

All of these assaults have one thing in common: malicious software that is able to get past one or more devices' security measures and harm the users of those devices. That is what is referred to as malware in technical lingo. 

You might be tempted to believe that all you need to do to protect your data is download one of the top antivirus programmes. However, the reality is more complicated when it comes to really safeguard your device from infection. 

Because malware can take many different forms, your security strategy must also be varied. A simple mix of protection software is not the best defence against malware, either. Before you can defeat an adversary, you must understand it. Knowledge and safety measures are the first lines of defence! 

Most Typical Forms of Malware 

Ransomware: When it infects a device, it encrypts the data and systems of the users, making it impossible to access them until a ransom is paid. It frequently spreads through malicious files, and it typically targets companies rather than individuals. 

Spyware: As its name implies, this category of software tries to gather information for secretly monitoring users. Keyloggers are a type of spyware that, for instance, tracks user activity. Spyware frequently accesses devices using both fraudulent and real apps. 

Trojans: These are programmes that appear to be trustworthy while secretly carrying out malicious attacks on users' systems. They can be discovered in a variety of software programmes, such as games or other well-known apps, as well as an attachment to a malicious email. 

Mitigation Tips 

Because there are many various types of malware on the internet that behave differently, an effective defence against it needs to be varied to protect your device from all potential threats. Here are some recommendations you might want to adopt on a regular basis. 

Use a reliable antivirus 

It goes without saying that every user should have a trustworthy antivirus programme installed on their devices, including antivirus for Mac. This is because, before installation, it will ensure that all files and programmes are clean of malware. You may schedule routine scans and adjust monitor settings simultaneously based on your requirements. Just be aware that some malware may manage to evade its control. 

Maintain software updates 

Attacks are frequently launched by cybercriminals using OS and app vulnerabilities. In order to reduce hazards, it is crucial to maintain your system and software updated. To ensure that you don't miss any changes, enable automatic updates. 

Frequently backup your data 

We talked about the risk that cyberattacks like ransomware or file-wiper software pose to your data. While the latter instantly delete all the content on your device, the former frequently prevents you from regaining control of your data even after you agree to pay. Therefore, the best line of defence in case you become targeted is to periodically back up your contents on an external hard drive or encrypted cloud storage. 

Pay attention to warning signs 

Malware may infiltrate your device even if you take precautions and download the proper protection software. In these situations, your chances of reducing the hazards increase with the speed of your response. To find a cure for any sickness, you must pay close attention to the symptoms. These include emails that are sent without your knowledge, your device stalling or crashing, programmes running on their own, an unexpectedly full hard disc, and more.

SharkBot Malware Targets Thousands of Android Users Via Disguised File Manager App

 

Variants of the SharkBot banking trojan were identified in multiple file manager Android applications on the Google Play Store, some of them with thousands of downloads. 

The majority of users who downloaded the trojanized apps were located in the U.K. followed by Italy, Iran, and Germany, security researchers at Bitdefender said in an analysis published this week. 

"The Google Play Store would likely detect a trojan banker uploaded to their repository, so criminals’ resort to more covert methods," reads the advisory. One way is with an app, sometimes legitimate with some of the advertised features, that doubles as a dropper for more insidious malware." 

This was the case with multiple file manager apps, which were disguised as such to justify the request for permission to install external packages from the user. 

The permissions asked by trojanized apps included READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, GET_ACCOUNTS, REQUEST_INSTALL_PACKAGES, QUERY_ALL_PACKAGES, and REQUEST_DELETE_PACKAGES. 

"Of course, that permission is used to download malware," the researchers wrote. "As Google Play apps only need the functionality of a file manager to install another app and the malicious behavior is activated to a restricted pool of users, they are challenging to detect." 

While the applications identified by the researchers are no longer available on the Play Store, they can still be downloaded via multiple third-party stores, making them a huge threat. 

The first app examined by the researchers was 'X-File Manager,' designed by 'Viktor Soft ICe LLC' and counting over 10,000 installs before it was taken down by Google. 'FileVoyager' was the second one, manufactured by 'Julia Soft Io LLC' with nearly 5,000 downloads. 

The researchers discovered two more apps following an identical methodology, but they were never present on the Google Play store. They are called 'Phone AID, Cleaner, Booster' and 'LiteCleaner M' and were identified on the web via third-party app stores. 

The advisory published by the Bitdefender team comes weeks after threat analysts at Cleafy indicated the Android banking Trojan Vultur has reached more than 100,000 downloads on the Google Play Store.

Users who have downloaded the malicious apps are advised to delete them and change their bank account passwords immediately. Additionally, users are recommended to enable Play Store Protect and scan app ratings and reviews before downloading them.

Warning to iPhone and Android Users: 400 Apps Could Leak Data to Hackers

 


Android and iPhone users are being told to delete specific apps from their mobile phones because they could potentially steal their data. 

According to reports, Facebook has issued a warning after discovering an apparent data hack. This appears to have infected more than 400 apps and appears to have been stealing sensitive login information from smartphones. Because these apps offer popular services such as photo editors, games, and VPNs, they can easily remain unnoticed. This is because they tend to advertise themselves as popular services.

The scam apps are designed to obtain sensitive consumer information by asking users to sign in via their Facebook account once the apps have been installed. Hull Live reported that this is being done for them to be able to access their features.

It has been reported that Facebook published a post on its newsroom about a malicious app that asks users to sign in with their Facebook account. This is before they can use its advertised features. If they enter their credentials, the malware steals their usernames and passwords, which is a serious security risk.

In this case, there are official Google Play Store and Apple App Store marketplaces where these applications are available for download. This means that thousands of devices could potentially have been installed on them.

Apple and Google have already removed these apps from their application stores, however, they can still be found on third-party marketplaces, so anyone who had already downloaded the apps could still be targeted if they had done so previously.

According to Facebook, this year, they have identified more than 400 malicious Android and iOS apps that target people across the internet to steal their login information. This is in a bid to gain access to their Facebook accounts.

Apple and Google have been informed of the findings. It is working to assist those who might be affected by these results in learning more about how to remain safe and secure with their online accounts.

According to Facebook, users should take the following steps to fix the problem:

• Reset and create new, stronger passwords. Keep your passwords unique across multiple websites so that you, do not have to reuse them.

• To further protect your account, you should be able to use two-factor authentication. Preferably by using the Authenticator app as a secondary security measure.

• Make sure that you enable log-in alerts in your account settings so you are notified if anyone attempts to gain access to your account.

• Facebook also outlined some red flags that Android and iPhone users should be aware of when choosing an app that is likely to be, fraudulent.

• Users must log in with social media to use the app and, it will only function once they have completed this step.

A Facebook spokesperson added that looking at the number of downloads, ratings, and reviews may help determine whether a particular app is trustworthy.

Harley Trojan Affecting the Users by Impersonating the Applications

 

There are numerous unpatched malwares hidden under the apps in the Google Play Store that seem to be harmless but are actually malicious programs. Google Play Store is an official platform that runs every process with careful monitoring carried out by the moderators. However, some apps may evade the moderator's check since it's not possible to check all the apps before they go live on the platform. 

One such popular malware, called Trojan Subscribers has been discovered by Kaspersky. It affects the users by signing up for paid services without their knowledge. The malware exhibits similarities with the Jocker Trojan subscriber, experts presume that the two have a common origin. 

A trojan is a malicious code or software that gets downloaded onto a system, disguised as an authorized application. 

In the past 3 years, over 190 apps have been found infected with Harly Trojan on the Google play store, and the number of downloads of such apps is more than 4.8 million.  

To spread the virus to different systems, the threat actors download the original applications and place their malicious code into them and later re-upload them to Google Play Store with some other name. 

The attackers play smart by keeping the same features in the app as listed in the description so that the users do not suspect a threat. The impersonating of legitimate apps also provides advertisement. 

The Trojan malware belonging to the Harley family includes a payload inside the application and uses numerous methods to decrypt and execute the payload. 

After the decryption, the Harley gathers information about the user’s device including the mobile network. By connecting to the mobile network, the malware opens up a list of subscription addresses from a C&C server, where it automatically enters the user's mobile number followed by other options to continue the process, including the OTP from messages. As a result, the user ends up with a paid subscription for a service without their knowledge or consent.  

To avoid being a victim of such apps, anti-virus experts suggest looking for reviews of the applications before downloading them. Google has been notified about such apps and asked to remove all the Trojan-infected apps from the platform and devices that are infected with them. 

Google Removes Several Apps From Play Store Distributing Malware

 

Earlier this week, Google blocked dozens of malicious Android apps from the official Play Store that were propagating Joker, Facestealer, and Coper malware families via the virtual marketplace. 

According to the findings from Zscaler ThreatLabz and Pradeo researchers, the Joker spyware exfiltrated SMS messages, contact lists, and device information and lured victims to sign up for premium service subscriptions. 

A total of 54 Joker downloader apps were unearthed by the two cybersecurity firms, with the apps installed cumulatively over 330,000 times. Nearly half of the apps belonged to communication (47.1%) category followed by tools (39.2%), personalization (5.9%), health and, photography. 

“The tools and communication were among the most targeted categories covering the majority of the Joker-infected apps. ThreatLabz discovered daily uploads of apps containing the Joker malware indicating the high activity level and persistence of the adversary group.” reads the blog post published by Zscaler. “Consistent with previous findings, ThreatLabz's latest discoveries belonging to the Joker malware campaign continue to follow similar developer naming patterns and use of familiar techniques.” 

ThreatLabz experts also uncovered multiple apps compromised with the Facestealer and Coper malware. 

The Facestealer spyware was first unearthed in July last year by Dr. Web researchers, and was designed to steal Facebook users’ logins and passwords and authentication tokens. 

The Coper malware is a banking trojan that targets banking applications in Europe, Australia, and South America. The hackers distribute the apps by disguising them as legitimate apps in the Google Play Store. 

“Once downloaded, this app unleashes the Coper malware infection which is capable of intercepting and sending SMS text messages, making USSD (Unstructured Supplementary Service Data) requests to send messages, keylogging, locking/unlocking the device screen, performing overly attacks, preventing uninstalls and generally allowing attackers to take control and execute commands on infected device via remote connection with a C2 server.” continues the report. 

The researchers recommended users to refrain from granting unnecessary permissions to apps and verify their authenticity by checking for developer information, reading reviews, and scrutinizing their privacy policies. If you become a victim of a malicious app from the Play Store, inform Google about it immediately through the support options in your play Store app.

Facestealer Trojan Identified in More than 200 Apps on Google Play

 

Cybersecurity researchers at TrendMicro have identified more than 200 applications on Google Play distributing spyware called Facestealer used to steal user credentials and other sensitive data, including private keys. The worrying thing is that the number and popularity of these types of applications are increasing day by day, with some even being installed over a hundred thousand times. 

Some malicious applications that users should uninstall immediately include: Daily Fitness OL, Enjoy Photo Editor, Panorama Camera, Photo Gaming Puzzle, Swarm Photo, Business Meta Manager, and Cryptomining Farm Your Own Coin. 

Facestealer, first identified by Doctor Web in July 2021, steals Facebook information from users via malicious apps on Google Play, then uses it to infiltrate Facebook accounts, serving purposes such as scams, fake posts, and advertising bots. Similar to the Joker malware, Facestealer changes its code frequently and has multiple variations. 

"Similar to Joker, another piece of mobile malware, Facestealer changes its code frequently, thus spawning many variants," Cifer Fang, Ford Quin, and Zhengyu Dong researchers at Trend Micro stated in a new report. "Since its discovery, the spyware has continuously beleaguered Google Play." 

Since being denounced until now, the malicious apps have continuously appeared on Google Play under different guises. For example, Daily Fitness OL is ostensibly a fitness app, but its main goal is to steal Facebook data. Once the application is launched, it will send a request to download the encryption configuration. When the user logs into Facebook, the application opens a WebView browser to load the URL from the downloaded profile. 

Subsequently, a piece of JavaScript code is embedded in the web page to get the login data. After the user is successfully logged into the account, the application collects the cookie, then encrypts all the personally identifiable information (PII) and sends it to the remote server. 

In addition, TrendMicro researchers unearthed 40 fake cryptocurrency miner apps that are variants of similar apps that they discovered in August 2021. The apps trick users into subscribing to paid services or clicking on advertisements. 

To mitigate the risks, users should carefully read reviews from people who have downloaded them before. However, this is also not the optimal solution because many applications will hire highly appreciated services, for example, Photo Gaming Puzzle is rated 4.5 stars, and Enjoy Photo Editor is rated 4.1 stars. Enjoy Photo Editor surpassed 100,000 downloads before Google kicked it out of PlayStore.

NCSC Warns Of Threats Posed By Malicious Apps

 

A new report by the UK's National Cyber Security Centre (NCSC) has alerted of the threats posed by malicious applications. While most people are familiar with apps downloaded to smartphones, they are also available on everything from smart TVs to smart speakers. 

The government is seeking input on new security and privacy guidelines for applications and app stores. Ian Levy, the NCSC's technical director, stated app stores could do more to improve security. Cybercriminals are currently exploiting vulnerabilities in app stores on all types of linked devices to cause harm,  as per Mr Levy. 

Android phone users downloaded apps containing the Triada and Escobar malware from various third-party app stores last year, according to the FBI.  "This resulted in cyber-criminals remotely taking control of people's phones and stealing their data and money by signing them up for premium subscription services," it said.

The NCSC's report noted that apps "can also be installed on laptops, computers, games consoles, wearable devices (such as smartwatches or fitness trackers), smart TVs, smart speakers (such as Alexa devices), and IoT (internet of things) devices". It includes an example of a security firm illustrating how it could construct a malicious app for a prominent fitness tracker that could be downloaded via a link that seemed legitimate because it used the company's web address. 

Spyware/stalkerware capable of stealing anything from location to personal body data was found in the app. After the security firm alerted the company, it proceeded to rectify the situation. 

 The thirst for applications grew during the pandemic, according to the NCSC research, with the UK app market currently valued at £18.6 billion ($23.2 billion). The government's proposal to ask app retailers to commit to a new code of practice outlining baseline security and privacy requirements is supported by the cyber-security centre. 

"Developers and store operators making apps available to UK users would be covered. This includes Apple, Google, Amazon, Huawei, Microsoft and Samsung," the government stated.

 A new code of practice would require retailers to set up procedures to find and repair security problems more quickly.

Trojanized Apps are Being Employed to Steal Cryptocurrency From iOS and Android Users

 

ESET, an antivirus manufacturer and internet security firm has unearthed and backtracked a sophisticated malicious cryptocurrency campaign that targets mobile devices using Android or iOS operating systems (iPhones). 

According to ESET, malware authors are distributing malicious apps via fake websites, mimicking legitimate wallet services such as Metamask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken, and OneKey. Subsequently, attackers use ads placed on legitimate websites with misleading articles to promote the fake websites that distribute these malicious wallet apps. 

Additionally, intermediaries have been recruited via Telegram and Facebook groups, in an attempt to trick unsuspecting visitors into downloading the malicious apps. While the primary motive of the campaign is to exfiltrate users' funds, ESET researchers have mainly noticed Chinese users being targeted but with cryptocurrencies becoming more popular, the firm's researchers expect the methodologies used in it to spread to other markets. 

The campaign tracked since May 2021, seems to be controlled by a single criminal group. The malicious cryptocurrency wallet apps are designed in such a manner that they replicate the same functionality of their original counterparts, while also incorporating malicious code changes that enable the theft of crypto assets. 

"These malicious apps also represent another threat to victims, as some of them send secret victim seed phrases to the attackers' server using an unsecured HTTP connection," Lukáš Štefanko, senior malware researcher at ESET stated. "This means that victims' funds could be stolen not only by the operator of this scheme but also by a different attacker eavesdropping on the same network." 

The Slovak cybersecurity firm said it also uncovered dozens of groups promoting malicious apps on the Telegram messaging app that were, in turn, shared on at least 56 Facebook groups in hopes of landing new distribution partners for the fraudulent campaign. 

The investigation also showed that there are 13 unearthed applications that masquerade as the Jxx Liberty Waller on the Google Play store, all of which have since been removed from the Android app marketplace. However, before the takedown in January, these applications were installed more than 1100 times. "Their goal was simply to tease out the user's recovery seed phrase and send it either to the attackers' server or to a secret Telegram chat group," Štefanko concluded.