social engineering Archives

Winsage

December 25, 2024

3 reasons you get more viruses on Windows than on Mac or Linux

The majority of malware is spread through social engineering, targeting users with limited computer security knowledge, particularly among Windows users. Windows has a larger user base, with approximately 1.6 billion devices and over 70% market share, making it a prime target for malware. In contrast, Macs account for about 15% of the market and benefit from robust security protocols, while Linux holds around 5% and its users generally possess higher technical expertise. Windows allows many applications to run with administrator access by default, which can create vulnerabilities, whereas Mac and Linux require explicit permissions for actions, enhancing security. Apple uses digital signatures and sandboxing to protect against malicious software, while Windows' security features are often limited to Pro and Enterprise editions. User behavior and knowledge significantly influence the likelihood of encountering malware, regardless of the operating system used.

Tech Optimizer

December 24, 2024

‘Fix It’ social-engineering scheme impersonates several brands

Malicious actors are increasingly exploiting web browsers to deliver malware, often bypassing conventional antivirus defenses through sophisticated social engineering. A notable tactic involves copying harmful commands into the clipboard, allowing victims to execute them unknowingly. Recent investigations revealed a campaign using malicious advertisements and counterfeit pages that mimic reputable software brands, leading victims to a fake Cloudflare notification that prompts them to execute specific key combinations. This process triggers PowerShell code that retrieves and installs malware. The investigation began with a suspicious advertisement for a 'notepad' application, which redirected users to a Cloudflare-like page asking them to verify they are human. Instead of a standard CAPTCHA, users encountered a prompt instructing them to follow steps that would inadvertently execute a malicious command. By clicking a 'Fix It' button, the harmful command is copied to the clipboard, and users are led to paste and run it, initiating a download from a remote domain. The campaign targeted several brands, including Microsoft Teams, FileZilla, UltraViewer, CutePDF, and Advanced IP Scanner. The same domain linked to the malicious PowerShell command for Notepad++ also appeared in another campaign. Indicators of compromise include various malicious domains and URLs associated with the malware and its command and control server. Malwarebytes provides protection against these threats.

AppWizard

December 16, 2024

Android users warned of chilling Russian spy attack that records phone calls

Recent findings from Lookout reveal malware targeting Android devices, specifically designed to record phone calls and access personal photos. This malware is hidden in counterfeit versions of popular apps like Telegram and Samsung Knox. Two strains identified are BoneSpy, operational since 2021, and PlainGnome, discovered earlier this year, both linked to the Gamaredon group associated with Russia's FSB, primarily targeting Russian-speaking users. BoneSpy can collect text messages, record audio and calls, capture location data, take pictures, access browser history, and read notifications. PlainGnome includes all these features but operates more stealthily, recording audio and calls only when the device is idle, making detection less likely. Neither strain has been found on Google Play, suggesting victims install it through social engineering attacks. Signs of infection include being signed out of Google accounts, persistent pop-up ads, alerts about viruses, malfunctioning antivirus software, decreased device speed, unexpected storage loss, and unauthorized changes to browser settings. Users may also notice their contacts receiving messages they did not send.

Tech Optimizer

December 16, 2024

AI-powered deception: The sneaky macOS malware masquerading as your next video call

Artificial intelligence (AI) is being used by cybercriminals to enhance their scams, exemplified by a malware called Realst that masquerades as video-calling software. This malware targets macOS and Windows users and has been active for about four months. The hackers behind Realst operate under the fake company name "Meetio" and have used various aliases. They employ social engineering tactics, often contacting victims through platforms like Telegram, presenting fraudulent business opportunities, and leading them to download the malware from a deceptive website. Once installed, Realst scans for sensitive information, organizes it, and sends it to a remote server. It can extract credentials from applications like Telegram and web browsers. To protect against such malware, users are advised to verify software sources, be cautious of unexpected contacts, enable two-factor authentication, use strong passwords, keep software updated, and consider personal data removal services.

Winsage

December 15, 2024

Dangerous New Windows Drive-By Security Alert—What You Need To Know

Cloak ransomware, emerging in 2022, has quickly become a significant threat in the cyber landscape, with a new variant raising concerns due to its advanced capabilities. The group uses initial access brokers and social engineering techniques, including phishing and malicious advertising, to gain network access. The ransomware employs a drive-by download method, disguising itself as legitimate system updates. Cloak may have connections to the Good Day ransomware group and utilizes a variant derived from leaked Babuk ransomware source code. Once delivered, it employs sophisticated mechanisms for extraction and privilege escalation, terminating security processes and modifying system settings to hinder recovery. The encryption process uses Curve25519 and SHA512 algorithms, and it exhibits advanced evasion techniques. Cloak ensures payload persistence by altering Windows registry entries and restricting user actions, disrupting essential system utilities and leading to operational downtime. Its extortion tactics include disguising ransom notes as desktop wallpapers and employing intermittent encryption to maximize damage. The ransomware deletes shadow copies and backups, complicating recovery efforts. Cloak also utilizes a data leak site to publish or sell stolen data if ransom demands are not met, claiming a ransom payment success rate of 91% to 96%. Windows users are advised to implement comprehensive security measures to reduce the risk of attacks.

Tech Optimizer

December 3, 2024

How Hackers Are Using Corrupted Word Docs To Cleverly Evade Antivirus Tools

Security researchers at Any.Run have discovered a zero-day attack that bypasses detection tools used by security professionals. This attack utilizes deliberately corrupted files that evade antivirus software, obstruct uploads to sandboxes, and circumvent Outlook's spam filters. These files are sent via email, disguised as communications from payroll or human resources. When opened, they prompt a restoration process in software like Microsoft Word, which can redirect users to credential-stealing sites. This method combines social engineering and malware, posing a significant threat to organizations reliant on detection tools.

AppWizard

December 3, 2024

Google removes several active Android “SpyLoan” apps after McAfee detects over eight million downloads

Android users are facing a persistent threat from SpyLoan applications, which are malicious apps designed to deceive individuals into seeking quick loans. A recent investigation by McAfee identified fifteen new SpyLoan apps that have collectively been downloaded eight million times. Although Google has removed these apps from the Play Store, experts expect the threat to continue as cybercriminals adapt their tactics. These apps, categorized as potentially unwanted programs (PUPs), use social engineering to collect sensitive user information by presenting themselves as legitimate financial tools. Users often receive less than the promised loan amount while being required to repay the full sum along with additional fees. In December 2023, Google removed a previous batch of SpyLoan apps that had over twelve million downloads. The latest campaigns are targeting regions like Latin America, Southeast Asia, and Africa, using methods such as requiring a one-time password for download validation. Users are pressured to provide personal information, including identification, employment details, and banking data, which can then be used for harassment and blackmail.

AppWizard

December 1, 2024

15 SpyLoan Android apps found on Google play had over 8 million installs

Recent findings by McAfee researchers identified 15 SpyLoan Android apps on Google Play, which have collectively garnered over 8 million installs, primarily targeting users in South America, Southeast Asia, and Africa. These apps use social engineering tactics to extract sensitive user information and secure excessive permissions, leading to extortion, harassment, and financial losses. Many were promoted through misleading advertisements on social media. McAfee reported the apps to Google, resulting in some being suspended while others were updated by developers. The prevalence of SpyLoan activity increased by over 75% from the second to the third quarter of 2024. SpyLoan apps promise quick loans but primarily collect personal information for exploitation. They mimic legitimate financial institutions and request unnecessary permissions, including access to contacts and SMS. Victims face threats such as personal data misuse and harassment. Authorities in Peru raided a call center linked to SpyLoan apps that had extorted over 7,000 victims across Peru, Mexico, and Chile. The issue is global, exploiting users' trust and financial desperation, complicating detection and dismantling efforts.

AppWizard

November 28, 2024

These 15 Android apps are SpyLoan, you should delete them now

A report by McAfee’s mobile research team has identified up to 15 SpyLoan apps on the Google Play Store that compromise user privacy by collecting sensitive data without consent. These apps, disguised as legitimate loan services, have collectively garnered around 8 million downloads. Some of the identified apps have been removed or updated to remove harmful features, but users must manually uninstall any previously downloaded malicious apps. The report warns that similar threats may emerge, particularly during the holiday season when cybercriminals exploit increased consumer activity.

AppWizard

November 27, 2024

Choosing the right secure messaging app for your organization

Liad Shnell, the Chief Technology Officer at Rakuten Viber, discussed key factors organizations should consider when selecting secure messaging applications. Important features include end-to-end encryption, global accessibility, integration capabilities, AI-driven extensibility, and privacy standards like SOC 2 Type 2 and GDPR compliance. To mitigate phishing and malware risks, users should exercise caution with links and verify sender identities. Leading platforms like Viber implement security measures, such as filtering messages from unknown senders and using algorithms to block suspicious activities. The SANS 2024 Security Awareness Report indicates that 89% of respondents view social engineering attacks as a primary concern, emphasizing the need for security awareness programs, clear communication policies, and AI-driven detection tools. Balancing usability and security is essential, with a focus on user experience through AI-driven automation and zero trust principles. Emerging trends include post-quantum cryptography and enhanced AI detection capabilities to maintain authenticity in conversations as technology evolves.