Hundreds of Fake Pokémon Go Apps Delivering Malware

MONTREAL CANADA - JULY 14 : Pokemon Go on Samsung s7 screen. Pokemon Go a free-to-play augmented reality mobile game developed by Niantic for iOS and Android devices.

Patience is a virtue and right now it’s a really good quality to have if you have not been able to get your copy of the Pokémon Go app from your app store. It seems there is so much demand for the little virtual creatures that servers are overloaded and crashing, leaving players disappointed and scammers excited.

Because of the inability for some to get the game, scammers are putting up fake versions of it everywhere. Some of them merely crash the device causing the user to reboot or restore their devices; some hold it for ransom and others connect the device to porn sites and ads. More than 215 unofficial versions of the app have been discovered and some of them are in app stores.

pokemonfake

Make sure to read reviews for this and any other app you are considering putting onto your devices. Read both negative and positive ones. If there is anything wrong with the app, it’ll likely be there.

When you do get the Pokémon Go app, it should be from the official developer, which is Niantic, Inc. If anyone else is listed as the developer, it could be a fake. Some of these promise user guides and cheats for the game, but are really just aiming to push pornographic ads to you. Make sure to investigate thoroughly before downloading anything.

Despite some fake versions being in the app stores, it is still less risky to get apps from those than by downloading them from other sites (also called sideloading). They go through more testing and scrutiny before being allowed into the stores. However, nothing is perfect so make sure to get them from the reputable sources.

These are not the only issues with the popular game lately. Last week two men fell from off a cliff while playing the game in San Diego, a man in New York crashed his car into a tree while playing, and a girl in Wyoming stumbled upon a dead body while searching for Pokémon.  Remember not only to use caution when downloading digital content, but keep your head up when using it too.

© Copyright 2016 Stickley on Security

Game of Thrones Phishing Scam

got

Viewers trying to watch the hit HBO series Game of Thrones illegally are the recent group being targeted by phishing scammers. In this case, the scammers are specifically trying to trick those who are pirating the series into thinking they are acting on behalf of HBO and it’s piracy firm, IP-Echelon. (Actual phishing email shown below)

Let’s be clear. HBO and IP-Echelon do indeed try to take down pirates, but in this case the demands are fake. The dialogue tries to catch unsuspecting downloaders of the Game of Thrones series and it is possible that the scammers are taking IP addresses from real torrent swarms. However, should this happen to you, contact the senders by calling the phone number on the alleged sender’s official website. Don’t use any information included in the notice. Also, hover over links in the messages and see where they lead. If they don’t go where you would expect, such as to an address on IP-Echelon’s or HBO’s domain, they likely are not real.

In this case, the scammers ask for a fee to make demands go away and send a notice stating, “You have 72 hours to access the settlement offer and settle online. If you fail to settle, the claim(s) will be referred to our attorneys for legal action. At that point the original settlement offer will no longer be and option and the amount will increase as a result of us having to involve our attorneys.”

Popular games and other entertainment are often used as bait for phishing scams. The World Cup and Olympics are always big lures and scammers also take advantage of tragedies such as the death of a celebrity or a natural disaster. Always pay attention to email messages and ads you see while using the Internet. Adware often is used for phishing for information, but can also contain malware. The recent madness surrounding the Pokémon Go game is likely to trigger phishing as well, so be on the lookout.

Besides avoiding clicking any links that you are not 100% certain are legitimate, be sure to verify any demand notice for anything is real before sending any money.  And of course the recommended action is to not pirate copyrighted material in the first place. In that case, if you receive a demand notice you will know right away that it’s fake.

© Copyright 2016 Stickley on Security

Hummer Malware Makes Cybercriminal Rich by Infecting 1.4 Million Devices a Day

hummer

For those who are on the fence about how lucrative cybercrime can be, Cheetah Mobile Security Research Lab has some information that should push you over to one side of said fence. In a new report, the security firm found that the developer of the Hummer malware family of apps made over $500,000 per day at the peak of the malware’s activity.

Hummer infects Android devices by masquerading as mobile apps such as WhatsApp, Facebook, and Uber and the number of infections is on the rise. In the first half of the year, this Trojan infected around 1.4 million devices each day, making it the #1 mobile trojan in the world while netting the developer $.50 per infection. It obtains administrator privileges and subsequently displays those dreaded popup ads. But it gets its big money by installing online banking malware and then draining the account right into their pockets.

As always, it’s advised to only download and install apps from your device’s official App stores. In the case of Android, this is the Google Play Store.  But don’t think that Androids are the only mobile devices at risk. While this particular one infects those, there are plenty of others that target iOS devices. Two that made Nokia’s top 20 list of mobile malware were XcodeGhost (a malicious version of an app development tool) and FlexiSpy (an app that allows recording of activity on a device).

Anti-malware is not just for PCs anymore. Make sure you have downloaded an anti-malware app from a reputable source and keep it updated on your mobile devices too. The same goes the notification that one is available. Don’t forget about your internet-connected devices at home like smart TVs, your climate control, and music system, to name a few. Anything that exploits a vulnerability on any of these devices can roam your home network and infect others and potentially do a lot of damage.

This malware and others don’t just try to steal information such as banking credentials. They also consume a lot of data. This can cost you money in data overage fees. One Cheetah test found that Hummer accessed the network 10,000 times and ultimately consumed over 2GB of network traffic. It also uses up your battery life in the process.

This malware cannot be removed by performing a factory reset on the device. In addition, not all anti-virus tools will get rid of it. However, there are some that will. If you suspect it’s on your device, do some thorough research to find out which ones do and get one of them. Make sure it’s from a reputable developer and read the reviews. If it’s no good or harms your device in any way, it should be noted in the reviews. Don’t be afraid to pay for a good one. If that does not work or you are not comfortable doing this, take your device to an authorized technical support provider for help.

The majority of infections noted in this report were not within the United States, but that does not mean it was not found in the U.S. It may be an indicator that training, awareness, and information sharing helps users avoid infections. The command and control center for Hummer was traced back to a Chinese email address.

© Copyright 2016 Stickley on Security

Netflix Summer Scam Asks for Your Personal Data and Remote Access to Your Computer

netflixphishing

There is yet another scam going around this summer, but it really has nothing to do with the season. The Better Business Bureau is warning about one involving Netflix. Some users have received a notice stating there is an issue with their payment card and to visit a link to resolve it. When the link is clicked, it appears to be an actual Netflix login page. However, it is a fake site.

netflixexample

The link looks like it goes to a page on the company’s site, but the page it really goes to request account information and other personal details. Then a dialogue states the account has been suspended. Of course the users panic and call the “customer service” number on the page, which actually goes to fake representatives.

But wait! There’s more! The agent, just being helpful, encourages the user to download “Netflix support software,” which is actually remote login software that allows the so-called rep to get into the user’s computer. That is not cool.

Watch out for indicators of scams like this. Whenever calling customer service, it’s always best to go to the website directly and get the contact details. In other words, don’t use the information provided on a page that you got to by clicking a link. Don’t use the info in the email message either.

And while we’re talking about links, avoid clicking those in the first place when they arrive in email messages. So often, they are phishing and the outcome is not going to be in your favor. If you have a Netflix account, or any other account, use a previously bookmarked link to get there. You can also manually type the URL into the address bar and get there. Just be careful not to type and get caught out by typo squatters.

You should never allow someone you don’t know to log into your computer remotely. In fact, unless you are getting support from an internal IT support person that you know and trust, you should not give anyone remote access to your computer. That just gives them access to do all kinds of nefarious things.

If you get an email with a link or attachment that is unexpected, view it with much skepticism and if you are not 100% certain it’s safe, just don’t click it at all. If you really want to know if it’s legitimate, contact the sender by a known phone number or by starting a completely new email message and asking.

Netflix says that they will not ask to log in remotely to anyone’s computer so if they do ask, you already know it’s a scam. Also, a Netflix page should not act as a popup. It is reported that this page does, so that is another dead giveaway that it’s phony.

One example of the notification had British spellings of words and an international phone number listed. These little details are important when identifying scams, so don’t panic and take some time to notice what is actually written. If there are typos, it sends you to a number in another country (most U.S. customer service numbers will be U. S. numbers or toll-free numbers), or doesn’t make sense, it’s likely phishing and you should just send it to the trash and go outside and enjoy the summer.

© Copyright 2016 Stickley on Security

Pointy-Eared Yellow Creature Used as Bait to Rob You and Access Your Private Information

pokemon_go_title

Does the thought of a little yellow pointy-eared creature bring back a feeling of nostalgia for you?  If so, you’re not alone. The creators of the Pokémon games have figured out a way to bring back the popular critter to create a craze once again for those who grew up with it for a new generation of fans. This time, they use a free game app called Pokémon Go, which has been luring people to parking lots, rushing river banks, parks at night, and in some cases to their deaths. And that’s not all. It also tracks your every move and accesses your personal data.

In basic terms, Pokémon Go uses the GPS, clock, and camera from a user’s smartphone to detect where and when a player is in the game. Then the little Pokémon creatures “appear” around the area (actually on the phone screen) so that they can be captured. As the players move around, more Pokémon will appear. The idea is to get people to travel around the real world to catch the Pokémon.

It’s fun for everyone, but there are some concerns about privacy. Particularly for those using the game on iOS. It’s been reported that users logging in using their Google accounts are also allowing the game’s developer, Niantic, access to not only your location, but also to your calendar, your contacts, your browsing history, and all of your photos. Basically to anything you access with your Google account, Niantic can now access too.

That said, let’s not get carried away. Niantic isn’t snooping around your device to see when you have your next dinner date. However, it does point out that many apps ask for much more access than they need; and not just Pokémon Go. Always pay attention to what any app is asking permission to use. Unless it is a calendar app, it probably doesn’t need access to your calendar and most don’t need access to your microphone. So, don’t give them those rights. It’s always good practice to go into the settings for the apps afterward and make sure you are not giving it more access than it needs to function properly.

Also consider whether or not you want to sign into any app with another account such as Facebook or Google. If you do, make sure you check the privacy settings for those accounts too, because whatever rights you give them, you are also giving to the app using the account login. It’s better to just create a new account in the app or game itself. This allows you to control each one separately based on just what it needs to function.

There is a reported workaround and a way to remove the additional access for Pokémon Go by going into your Google account in the security permissions and revoke permissions. As long as you are still signed in on the game, it seems that you can still use it according to a blogger on CNET. However, if you get kicked out or close it, you will need to revoke permissions each time.

Niantic knows of this issue and is working on a fix. If you are one of those early adopters of the game, you should apply it as soon as it is available. Otherwise, consider waiting a few weeks before jumping on the bandwagon and let them work out some of the bugs.

In addition to the privacy issue, there are physical security concerns as well. Police in St. Louis, Missouri have warned that criminals are using the geolocation feature of the game to lure players to isolated locations and rob them. At certain levels, players can congregate at places to engage in virtual battles and another feature supposedly allows the creation of beacons to lure players to a particular place. All of these create more dangers.

It’s always a good idea to seriously consider how you want to use all the features of smart phones these days. While using geolocation features allow you to do a lot of great things with the device, it also can tell others with nefarious intentions where you are and when.

Keep in mind that often, the more popular an app the more likely it will eventually be used for spreading malware and this one is already extremely popular. In fact, some are saying this game is on the verge of overtaking Twitter on Android in terms of daily active users. Make sure that if you download any game or app, get it from your device’s official app store. Getting it from elsewhere is called sideloading and that comes with added risks that aren’t as high when you use the Apple Store, Google Play, or other official store.

Pokémania is getting a second wind. Although it has only been available in the United States for a little over a week, it is causing incidents. People are so busy staring at their phones that they aren’t paying attention to oncoming traffic and getting hit, doing faceplants on sidewalks, and in one case a teenage girl stumbled upon a dead body when tracking down one of the little critters. If you happen to be near a police station, it’s not advised to go lurking around either. Police in Duvall, Washington while encouraging game play, have advised players to “be smart about it. One way of NOT playing smart is to go creeping around the Duvall PD.”

© Copyright 2016 Stickley on Security

Hackers Using Your Stolen Credentials Against You in Latest Attack

Hacker With Log-In Screen,Computer Fraud Concept Background

You might be wondering what happens when all those millions of credentials are stolen and sold on the dark web. You might be one of the 117 million LinkedIn users who was a victim recently. Cybercriminals are using the information in various ways. One of them is posing as legitimate colleagues in phishing emails.

In some cases, they send a message with the subject line of “unpaid invoice” or something similar. Inside is a Microsoft Word document that includes common malware like the PandaBanker Trojan that will infect your computer and steal your online banking credentials.

To avoid this, watch for some red flags that the message is indeed phishing:

  • Unexpected attachments or links included in the message.
  • A supposed invoice is included.
  • A dialogue appears asking you to enable macros.
  • Information from your LinkedIn or other social media or networking profile is included in the message.

Be cautious about the information you post on social media or professional networking sites. This is often used for targeted phishing attacks (spear-phishing) and are so well done in many cases, that if you are not paying attention, you could fall victim. Beware of popup or warning fatigue. This happens when a user gets inundated with dialogue messages whenever browsing the web. The hackers count on this happening and will implement malware behind those buttons. If you click the wrong one, you may lose a lot more than patience, especially if the malware is PandaBanker or others like it.

In addition, never enable macros unless you are 100% certain that it is necessary or that you created them yourself or someone you know created them. Macro malware is on the rise these days and has been seen in a lot of the newly created versions of older malware such as Dridex, which is found in 15,000 messages per day and is responsible for an estimated $15 million in corporate account takeover losses alone.

© Copyright 2016 Stickley on Security