“Fleeceware” apps overcharge users even after the uninstall

Researchers from SophosLabs discovered that Fleeceware app overcharges users for providing its services when the short trial period got expired even if the app is uninstalled. The Fleeceware phenomenon was discovered on September last. Google took down this app due to such unfair practices. But, security experts found more culprits and the number of installers of the app exceeds 600 million. Users lose their hundred of dollars The trial period of Fleeceware app operated on opt-out basis, which means users who signed up to the apps had to cancel the trial before they get charged. The users who acquired the trial-based application and soon uninstalled the apps from their device do not get charged as developers assume that the product does not satisfy the customer.  However, some developers did not play all that fair and they charged users even if they uninstall the apps from their phones or tablets. “As Read more

Look out For Amazon Prime Support Scams in Google Search Ads

Users are redirected to fake Amazon support sites and tech support scams because a malicious ad campaign is underway in Google Search results. When a person clicks on the ad, he will be rerouted to a domain that tries to portray Amazon and includes a phone number to call to acquire help. This number is 1-844-325-7794, which is different from the legitimate Amazon support number of 1 (888) 280-4331. In addition to Amazon support scams, other ads revealed by the investigator were for the search keywords “my account” and “login” that lead to a number of different tech support scams like the one below. Thousands of users look at these ads and wonder how anyone could fall for them. The truth is that there are many people, particularly older people, who are not comfortable with computers, the Internet, and receiving support via online chat and email. These types of users Read more

After INTERPOL Action, Cryptojacking Drops by 78% in Southeast Asia

After intervention integrated by the International Criminal Police Organization (INTERPOL), the number of routers infected with coin miners in Southeast Asia dropped by 78%. INTERPOL is an inter-governmental organization that joins police forces from 194 countries in battling crime in multiple locations across the world. INTERPOL’s operation in Southeast Asia was established in June of 2019 and permits investigators and experts from 10 Southeast Asian countries to observe compromised routers. This led to repairing infected devices and removing coin miners. When the initiative got down, INTERPOL perceived over 20,000 hacked routers in the area, which accounted for over 18% of cryptojacking infections worldwide. Since the integrated operation began, the number of devices infected has dramatically decreased. However, INTERPOL’s efforts to remove the infections from leftover devices will continue into the New Year as cryptojacking continues to jeopardize safety. INTERPOL’s Operation Goldfish Alpha established in June 2019 permited cybercrime researcher and Read more

Emotet Trojan Gang Sends Christmas Party Invitation Email: Asking To Open Malicious Attachments

New Malware campaign: “Emotet Trojan inviting you to Christmas Party” email asks you to open malicious attachments According to report, Cybercriminal Group behind Emotet Trojan has started to deliver Christmas themed emails that trick you into opening the malicious attachments and become infected. One thing is clear that malware programmer behind this phishing/scam or email spam campaign wants to get the receipt to open the attached documents and infect targeted PCs with Emotet Trojan and other malware in order to open such malicious attachments. As per our research, Emotet Trojan Gang uses variety of email themes including payment invoices, payment receipts, shipping details, voicemails and eFaxes. Due to these malicious emails, attacker can easily access recipients’ PC/device and infect their machine with Emotet Trojan or other infections. Hacker Group behinds this phishing/scam takes the advantages of upcoming festival “Christmas Party” and sending our holiday-themed emails that invite you to Christmas Read more

Microsoft Explained Malware Spotted in Windows Machine Gone Down Due Major Security Improvements

Microsoft released three of more cunning phishing operations discovered in 2019 According to report, Microsoft has revealed three of more dangerous phishing operations discovered in 2019. The company has explained about the phishing attack in their recent blog post and states that scammers attempt to gain individual’s personal information via phishing tactics like use of malicious emails and fake websites, and targets the user with money and information that can be used for identity theft. Since, protections against phishing have increased and become incredibly effective, preventing billions of malicious phishing emails from the reaching end- users. Cyber security researchers & experts at Windows’ office 365 Advanced Threat Protection has noticed an malicious techniques involving the abuse of genuine cloud services like those offered by Google, Amazon, Microsoft and others. Let’s start the discussion about all three case studies of cunning phishing operations. Case Study 1: URLs that point the legitimate Read more

Zeppelin ransomware Attacks major organizations in Europe, US and Canada

Zeppelin ransomware is a new dangerous file-encoding malware that has been found to be infecting large healthcare and technology organizations worldwide. Victims of this deadly crypto-threat are largely from USA, Canada and Europe. Reports from Cylance researchers suggest that this virus is known to be Delphi-based RaaS and belongs to the family of Vega/Vegalocker ransomware. The initial Vegalocker threats were spotted at the beginning of 2019 attacking Russian speaking users. Within a period of only a bit over a month, Zeppelin ransomware was modified so much and enhanced upon Vegalocker. According to the security researchers, there might be a different hacker group spreading it altogether. Malware analysis displayed that it is developed to prevent its execution if it infiltrates your PC that is situated in Russia or other countries that fall under USSR block in the past. In a stark opposition to the Vega campaign, all Zeppelin binaries (as well Read more

PyXie RAT Targeting Health & Educational Organization: Stealing Credentials and Password

PyXie RAT uses .pyx File Extension to execute its code instead of .pyc Python-based files According to report, security experts & researchers have discovered a new Remote Access Trojan (RAT) that is currently being used to collect login credentials, record videos and keylogging components in its objectives. Security researchers have explained that PyXie RAT is new name of RAT Virus that is capable to gained access to targeted machine and cybercriminal to control their PC. However, it is also hard to detect this infection by most of the security application because this data stealing virus doesn’t shows up in lists of running programs or tasks. In other word, we can say that the action performs by PyXie RAT can be similar to those of genuine programs. Furthermore, hacker behinds this attack manages the level of resources use so that drop the performance doesn’t notify the targeted users that something’s amiss. Read more

Ransomware Attack in Spanish Radio Station and IT Company: Demanding 835,923 USD

BitPaymer Ransomware’s variant attacked Spanish’s IT provider: Spanish Radio Station hit by unknown attackers According to report, Spanish IT provider and radio station both are currently suffering from Ransomware attacks resulting in file encryption. Everis as NTT DATA Company which is described as MSP (Managed Services Provider) and Cadena SER are facing file encryption on their respected machine. For those who are not aware, Ransomware developer or hacker has targeted earlier list of high-profile companies and government agencies and this malicious activities is continue to grow Ransomware attack at alarming rate. Let’s start the discussion about Spain’s Ransomware attack in detail. Everis computer hit by Ransomware: Spanish IP provider & Radio station is targeted by hacker At the moment, Everis has not confirmed that their System attacked by Ransomware. But report says i.e., leaked image shared by Bleeping Computer that states that ransom note displayed on Everis’s computer seems to Read more

Titanium Backdoor Uses Multi-Stage Process to Target Asia-Pacific’s Users

According to report, cyber security experts & researchers have discovered a new cyber threat that targets the south and southeast Asia. Experts founded hacker group behind this malware campaign which exist as name of Platinum or Advanced Persistent Threat (APT) hacker group Platinum uses Titanium Trojan for malicious purposes. Hacker claims that Titanium is powerful backdoor malware that is delivered as final payload due to multi-stage infection process. However, this new backdoor malware developed by Platinum hacker group is targeting victims in Malaysia, Indonesia and Vietnam, located in South and Southeast Asia. Let’s start the discussion about this malware attack in detail. Platinum hacker group developed Titanium backdoor Malware: Multi-stage infection According to security experts, Titanium is one of the self-executable archives backdoor viruses that spreads as final payload due to multi-stage infection process including usage of steganographically hidden data. This infection process also helps the malware to avoid detection Read more

APIs Bug allows the developer to access Facebook Users’ Private Photos

According to report, Facebook has disclosed another APIs bug on Friday which has exposed data of about 6.8 million users. The leaked data allows the app developers to access users’ private photos with their permission. Facebook said about this APIs bug that the error impacted the hundreds of apps in which users have created accounts and sign in using their Facebook login information. Hence, we can say that due to software bug, hundreds of software developer is able to access to broader range of Facebook photos than are usually allowed. Let’s take have a look at leaked story in detail. APIs bug allows the developers to access private photos of users For those who are not aware, if someone gives the permission to any app to access their photos on Facebook, then they usually give the application access to photos people share on their timeline. Facebook shared a blogpost and Read more