Microsoft calling? Mind the tech support scammer!

After a long day, there is nothing like sitting down at your computer with a cup of tea to catch up on the news online. But what would you do if you were faced with a pop-up telling you that your computer has a virus and that ‘tech support’ is conveniently letting you know?

The solution seems only a quick call away. The popup even provides you with the 1800 number.

But, it’s the people who are claiming to help you that are about to load your computer full of junk and charge your credit card for the privilege.

What these scams look like

These tech scams can appear in various ways, whether by a popup on your browser or a call on your home phone number. Here’s what to look out for:

Over the phone

Usually calling from places such as India, these scammers target any person listed in the phone directories of the U.S, Canada, the UK, or Australia.

The scam is simple. Someone calls, pretending to be calling from Microsoft or a partner company. They ask you to give them remote control access of the machine, trick you into installing their software after they show you lists of fake error reports.

Once the installation is complete, they ask for your credit card details to charge you for the ‘anti-virus’ they have just installed. In the meantime, you have absolutely no way of knowing what has been installed and what kind of private information you have just given away. Microsoft is aware of these scams and reports on their website:

“You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes.”

Pop-ups:

Causing further distress, Bleeping computer recently reported on a particular type of scam that prevents users from even closing their browser without calling the number on their screen to have the message removed. This kind of scam borders on the edge of ransomware as you feel forced to call and inevitably pay to have your system ‘cleaned.’

These popups flood websites with high amounts of traffic and popular search engines. Even if you google tech support online these scammers have paid to reach the top of search engine listings. Even if they don’t convince you with the popup, they can easily convince you from a google search that they are a legitimate online tech service.

Consequences for scammers

Recently, a collection of US companies were reported and caught for running this kind of scam by using popups to scare users into calling for tech support and pushing them into purchasing services they didn’t need. CSO Australia reports:

“Charges have been filed against Missouri-registered firms Global Access Technical Support, Global sMind, Source Pundit, Helios Digital Media, and an Indian company, Global Ites Private Limited. Defendants include three individuals who own the firms.”

What you can do

• Ignore pop-ups within your browser that lock up your screen or ask you to call a number to ‘clean your system.’


• If your browser is locked by the popup, move your mouse to the clock in the bottom right hand corner of your screen and right click to open the ‘task manager.’ Select your web browser from the list and close the program.


• If the popups continue, run Emsisoft Emergency Kit to clear your computer of potentially unwanted programs (PUPs) that may be causing the constant popups.


• If you receive phone calls claiming to be tech support or Microsoft, simply hang up.


• If you are already infected and have paid for the service offered over the phone, immediately dispute the transaction with your bank and contact a trusted computer technician to remove the software that was installed by the scammer.


• Use a reputable anti-malware solution such as Emsisoft Anti-Malware to keep nasty popups out of your browser.

Have a great (scam-free) day!

Related Posts:

• WhatsApp scam falsely promises early access to voice calling


• Emsisoft Alert: Netflix Tech Support Scam


• Beware of these popular WhatsApp scams


• What Happens When a Tech Support Scammer Cold Calls…


• Criminals defraud victims with terrifying persistency

Microsoft calling? Mind the tech support scammer!

30 seconds and 50 dollars is all it takes to steal your PC login

Imagine you’ve been at work for a few hours. It’s time to get up, grab a coffee and some morning tea. You’ll only be away from your desk for ten minutes so you know it will be easier to just hit the lock screen on your workstation than to completely log out and then log back in again when you return. No one has your password so your workstation is safe, right?

Many people believe that leaving their computer unattended won’t pose any security risks as long as the device is locked. However, researcher Rob Fuller, principal security engineer at R5 Industries demonstrates that an attacker with physical access to your device can capture your login credentials (username and password) in under a minute if your computer is still logged in.

Credit: Rob Fuller

How it works

Fuller tested the attack method using USB Armory and Hak5 LAN Turtle, two USB drive-size complete computers designed for security application and penetration testing. Each was loaded with hacking app ‘Responder’. When plugged in, these devices capture credentials from a locked, logged-in system by disguising them as a USB Ethernet adapter.

He explained that the hack worked on all versions of Windows and expressed disbelief at how easily he was able to obtain the login details of the workstation. Sure, the data is encrypted, but it can be decrypted easily at another time. The success of this attack is the speed with which credentials can be taken to be used later.

In his report Fuller writes that he “tested it so many ways to confirm” since he had such a hard time believing it was possible. “This is dead simple and shouldn’t work, but it does.”

What it looks like

In an email to Ars Technica, Fuller explained:

“What is happening in the video, is the USB Armory is being plugged into a locked (but logged in) system. It boots up via the USB power, and starts up a DHCP server, and Responder. While it’s doing this, the victim is recognizing it as a Ethernet adapter. The victim then makes route decisions and starts sending the traffic it was already creating to the Armory instead of the “real” network connection. Responder does its job and responds to all kinds of services asking for authentication, and since most OSs treat their local network as “trusted” it sees the authentication request and automatically authenticates. Seeing that the database of Responder has been modified the Armory shuts down (LED goes solid).”

Surely the scariest thing is how easily and quickly this technology can be adapted to perform more efficiently for less. Mubix reported that some people have already had success with a similar setup on a RaspberriPi Zero, making the cost of this hack around $5 with 10 minutes of configuration.

For further technical information on how his hack works, you can read Fuller’s full report.

Credit: Rob Fuller

What you can do

Anti-Malware programs can’t block attacks like this one. This kind of attack is completed by an entire computer within a usb stick that uses a design flaw in Windows to get in and is how many operating systems deal with newly connected hardware.

Fuller endorses this prevention post: An intro to Windows Device Guard.

But, your simplest and best defence?

Don’t leave your workstation logged in while it is unattended. As seen above, even if you lock the screen, your login credentials can be obtained in under a minute.

Have a great (malware-free) day!

Related Posts:

• ALERT: Google Drive Phishing Scam


• Hacker group LizardSquad used home routers to attack Xbox…


• Protecting your information with hard disk encryption –…


• Large scale Windows SMB vulnerability puts user login…


• Will passwords become a thing of the past?

30 seconds and 50 dollars is all it takes to steal your PC login

Malware in sex toys: How private is your playtime?

In a time where fridges self-monitor their own food levels and cars can drive themselves, it was inevitable that the Internet of Things would catch up with the sex toy industry. Our playthings can now be controlled by an app and that can be paired to another person’s phone from wherever in the world they happen to be. But what would you do if you found out that the person at the other end of the controls was not your partner?

The We-Vibe, a device released by Standard Innovation, allows users to exchange text messages and engage in video chats when their smartphone is paired with the We-Connect app. It also allows a partner to control the device remotely. Beyond the security issues, such as a man-in-the-middle attack, a woman recently filed a lawsuit claiming the device measured highly personal information such as the date and time of each use, the intensity and mode chosen by the user, the email address of registered users and the device’s temperature at various times. This data was transmitted by the device back to the manufacturer with no explanation of how this information was being used.

Read the complaint (PDF).

CNET reports that “potential issues with the product came to light last month at the annual Defcon hacking convention when two researchers demonstrated how flaws in the software could let a hacker take over the vibrator while it’s in use. They also learned what kinds of data are being sent back to the company by taking the vibrator apart and studying the information it sends and receives.”

But, what if this information was stolen? Hacks of large companies, such as the recent attack on Yahoo which compromised over 500 million user demonstrate the magnitude of information that can be illegally obtained. One can only imagine the implications of large scale hack of very personal information such as the data held by Standard Innovation.

Is it sexual assault?

Couples toys that can be controlled by your partner remotely have been growing more and more popular. With built-in video calling and messaging, your partner can see you and control the device simultaneously.

It was revealed in the Defcon demonstration that an unknown person could easily hack the application, access your webcam and be in control of the toy without your knowledge. As well as being a gross violation of your privacy, some organisations are suggesting a far more serious crime is in play.

According to The Guardian, “a lot of people in the past have said it’s not really a serious issue, but if you come back to the face that we’re talking about people, unwanted activation of a vibrator is potentially sexual assault.”

Implications for manufacturers

In addition to the violation of a user’s privacy, there are significant security risks for manufacturers collecting such private information.

“If I hack a vibrator it’s just fun,” Raimund Genes, Chief Technology Officer at Tokyo-listed Trend Micro, told reporters at the CeBIT technology fair in Hannover.

“But if I can get to the back-end, I can blackmail the manufacturer,” he added, referring to the programming system behind a device’s interface.

Ransomware in the medical profession is highly profitable. A recent attack on a hospital in the US saw patient files held to ransom. The hospital felt forced to pay to ensure that the daily operation of the hospital was not interrupted and patient data could be returned. The collection of highly sensitive information such as that held by Standard Innovation is a prime target for a ransomware attack, risking the privacy of WeVibe’s users and the integrity of it’s manufacturer.

Sex toys that can be accessed by anyone anywhere anytime have implications for users and for the toy’s manufacturers. So, how can you stay safe?

Read the User Policies upon purchase, particularly with regards to what information apps are able to collect and how this information will be used.

Have a nice (malware-free) day!

Related Posts:

• The alarming state of computer security in healthcare


• Keysweeper: proof that it’s relatively simple to hack…


• iPhones having spyware built-in?


• LinkedIn Lawsuit: Mining Email Contact Lists


• Privacy Alert: Adobe’s Digital Editions eReader is…

Malware in sex toys: How private is your playtime?

No honour among thieves: hackers who hack each other

In ransomware, as in any profitable business, there is a constant struggle to compete in the marketplace. Ransomware, the strain of malware which crypto locks a victim’s hard drive until the developer of the malware is paid, is a highly lucrative – and illegal- income earner for its authors. The strategy is so successful that some ransomware developers have even begun sabotaging other’s ransomware in a bid to secure their share of victims.

An exploitative crime, ransomware is a type of malware that encrypts your personal data or locks your entire PC. You are asked to pay a “ransom” via an anonymous service in order to unlock your computer and free your data. Ransomware makes up a huge part of today’s active threats as it turned out to be one of the easiest income earners for attackers. Most other malware makes its developers money indirectly (by using or selling your computer power), but ransomware directly asks you (the victim) for cash to return your data or access to your PC. This is usually achieved through a lockout screen with a countdown timer and a link to a payment page where you are required to pay your ransom and receive a decryption key to unlock your files or computer.

To gain a competitive edge, hackers recently gained access to 3500 decryption keys for a competing organisation’s ransomware with a plan to release them to the public. Thus, rendering entire strains of their competition’s ransomware completely ineffective.

Fake ransomware has also become an issue which undermines the profitability of actual ransomware types, or, families. Actual ransomware developers are hacking developers of fake ransomware to ensure the continued profitability of this kind of crime.

F-secure recently reported that corporate sabotage has also been revealed as a key income generator in this field. A ransomware group claims they were paid handsomely by a Fortune 500 company to hack and infect a competing business. By locking the files of the competitor, the offending company was able to halt the competing company’s production and release a similar product first. This ransomware developer was paid twice, first by the offending company and secondly by the infected company via the ransomware lockout instructions.

If the profitability of ransomware is being threatened at all, it is being defended by those who know it best. This kind of malware shows no signs of disappearing any time soon.

How can you protect yourself from ransomware?

Though the basic features of ransomware are the same, there are many different ransomware families. We tested our product against 20 crypto-ransomware families to see how Emsisoft Anti-Malware held up. See the results here.

So, it’s not all bad. There are preventative steps you can take to keep your data free from ransomware.

1. Make sure all your software is up to date – especially your operating system, your web browser and all browser plugins like Adobe Flash Player or Oracle’s Java Platform.


2. Be cautious. Ask questions before you click. Read about how threats (and scams) work to avoid becoming a victim.


3. Backup all of your personal files and documents. If somehow your computer is infected with ransomware, you can reinstall your system and restore your files.


4. Make sure you run a strong anti-malware software with real-time protection and surf protection such as Emsisoft Anti-Malware.


5. Run an occasional scan with a second opinion scanner, such as Emsisoft Emergency Kit, Malwarebytes Anti-Malware or Hitman Pro to check whether your PC is ransomware-free.

Have a great (malware-free) day!

Related Posts:

• The smartest way to stay unaffected by ransomware? Backup!


• Strong indications that ransomware devs don’t like…


• Warning: File Encrypting Ransomware, Now on Android


• Stay one step ahead of ransomware – Emsisoft’s…


• The malware landscape has shifted – These online…

No honour among thieves: hackers who hack each other

Yahoo hack hits half a billion users

Yahoo announces that data from as many as 500 million user accounts were stolen in a breach during 2014. The data breach poses many problems for Yahoo CEO Marissa Mayer as she tries to close a $4.8bn sale to Verizon Communication who were only made aware of the leak two days ago. With the deal not set to close until early 2017, Verizon still has plenty of time to negotiate price or decide whether the takeover is worth it. But what does the biggest ever data leak made public mean for you?

“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo claimed in a recent statement on their tumblr.

Yahoo suggest the hack may have been performed by a ‘state sponsored actor’ – polite jargon suggesting the hacker(s) were potentially acting on behalf of a foreign government. The California-based company did not explain why it had taken so long to disclose the breach or how it reached its conclusions about the hacker.

Last month, Motherboard reported that a hacker known as “Peace” claimed that he had account information belonging to 200 million Yahoo users and was trying to sell the data on the dark web. However, given the timing, the significant size of the leak and the suggestion of state interference, this breach not only appears to be different but is also far more serious. Yahoo claims the FBI is now involved.

An FBI Spokesperson told CNN, “the FBI is aware of the intrusion and investigating the matter. We take these types of breaches very seriously and will determine how this occurred and who is responsible. We will continue to work with the private sector and share information so they can safeguard their systems against the actions of persistent cyber criminals.”

What you need to do

• Change your Yahoo passwords whether you believe your account has been compromised or not.


• Check your account for ANY suspicious activity.


• All Yahoo users should also update all security questions and answers.


• Other steps to protect your data include regularly changing your passwords, never using the same password twice and developing unique passwords with a password manager. This PCMag guide compares different options.

Have a nice (malware-free) day!

Related Posts:

• Researcher claims Yahoo! servers have been compromised using


• ALERT: You need to change your eBay password, now.


• Change your passwords now: Dropbox hack affects 68 million…


• Emsisoft Alert: Kickstarter Data Breach


• Twitch user accounts possibly compromised

Yahoo hack hits half a billion users

Are all hackers criminals?

Not all hackers are created equal. The terms ‘hacker’ and ‘cyber criminal’ seem to be used interchangeably in online media which is both misleading and reductive. A cybercriminal uses online means to profit from illegal activity regardless of the cost to its many victims. Hacker is a blanket term that doesn’t allow for much differentiation between those who hack for good and those who hack for evil. Many hackers hack for profit. But not all hack to profit from online crime.

In the US, western films between the 1920s and 40s contrasted heroes and villains with the use of black hats (villains) and white hats (heroes). This term has been adopted to define classes of hacker. There are essentially four kinds of hackers; black hat, white hat, grey hat and hactivists. The key to distinguishing between them lies with the permission to hack.

Black Hats

Black-hat hackers, or simply ‘black hats,’ are the type of hacker that violate computer security for personal gain. Examples of this include stealing credit cards numbers or mining for personal data to be sold to identity thieves. An example of just how lucrative this can be made the headlines recently when a hacker offered over 650,000 patient records for sale on the dark web; a class of different locations online that are hidden from public search engines and regular internet users. The data, stolen from various medical institutions, included names, addresses and social security numbers. The perpetrator will likely make close to USD$800,000.

Black hat hackers are online criminals who hack without permission for illegal financial or personal gain. Some simply hack for revenge or to prove that they can. The term ‘black hat’ is also used in everyday tech language to describe any kind of person or activity that is considered underhanded or somewhat dodgy, such as SEO black hats who drain website traffic and sell it back to the site owner.

Grey Hats

As in life, between black and white there are various shades of grey. A grey-hat hacker falls in the space between a black hat and a white hat. A grey hat doesn’t work for their own personal gain or to cause damage, but their actions may technically be illegal. A grey hat hacker does not ask permission to hack. If a flaw is found a grey hat may reveal the flaw to an organisation privately, enabling them to fix it. Sometimes, however, a grey hat may reveal the flaw publicly which is not necessarily malicious but exposes organisations to black hats who can and will exploit the vulnerability.

Hacktivists

Under the same umbrella as grey hats, hacktivists hack systems as a form of political protest. Anonymous, perhaps the most notorious hacktivists blur the lines of good and bad, always hacking without permission but for what they believe is the greater good. Anonymous have gained a lot of exposure for their Robin Hood type takedowns, such as the hacking and shutting down of child porn sites. They took it one step further however when they leaked the names of visitors to these sites.

When Michael Brown was shot by a police officer in Ferguson on August 9, 2014, Anonymous intervened, collecting evidence to expose Brown’s killer in the name of justice. However, after collating all the data they had collected, Anonymous came to the incorrect conclusion and released the name of an innocent man.

Another attempt to seek justice saw Anonymous leak details of thousands of Bay Area Rapid Transport (BART) users. The hack was in retaliation for BART shutting down cell service during a protest to stop activists communicating with each other. Many innocent personal users were caught in the crossfire and had their personal information leaked online.

Though their intentions are good, the means of hacktivists are illegal and the outcome often display mixed results. Additionally, the key objective of a hacktivist is to hack without permission to further a political cause.

White Hats

White hats hack with permission in what can be a lucrative industry for the highly skilled. Looking for vulnerabilities in companies, hackers are hired to find bugs and alert developers or companies so that they can be resolved. White hats often work for profit but don’t gain from the exploitation of others.

HackerOne is a company founded by two twenty-five year old hackers who discovered a vulnerability in their university’s grading system. After the university was alerted, and the boys were paid handsomely, they founded a business based on the idea that companies will play good money to be informed of breach points before black hats do.

Ethical Hackers are certified by a means of an exam involving penetration tests, whereby hackers seen to penetrate networks and computer systems with the purpose of finding and fixing any vulnerable access points they encounter. While unauthorized hacking, black hat hacking, is illegal, testing that is authorised by an organisation is not.

At Emsisoft, we invite ethical white hat hackers to put our software to the test. We’re keen to improve our products continuously, as we all know such a thing as perfect code doesn’t exist.

Summary

So, as you can see, not all hackers are the same. The key is the permission to hack and the means of receiving any kind of gain from found vulnerabilities.

A grey hat does not ask for permission but has no intention to cause harm or damage though their means may be illegal. A white hat is hired and permitted to do his work. A black hat is not.

Have a great (malware-free day!)

Related Posts:

• Professional hackers available for hire, charge over US$200…


• Hackers Anonymous declare (cyber)war on terrorists after…


• Watch out for this new iPhone infrared pin number hack


• When a surveillance state hacking firm gets hacked


• Hacking Identity Theft: Entry points, tools and prevention

Are all hackers criminals?

How to identify your ransomware infection to find the right decrypter tool

How would you feel if you opened your computer to find it had been locked with a ransom note demanding cash immediately? Ransomware is the most common online threat of 2016, making up a huge percentage of today’s active threats. It has turned out to be one of the easiest and highest income earners for attackers. All other malware makes its developers money indirectly (by using or selling your computer power), but ransomware directly asks you (the victim) for cash by putting you in a situation in which you feel forced to pay.

The Emsisoft team spends a lot of time looking for ways to prevent ransomware from finding it’s way onto your computer. But, what if your system is already infected? Don’t panic. Downloading various tools to attempt to unlock your system will only make matters worse. If you have ransomware, look no further.

Emsisoft is proud to support Malware Hunter Team, a group of researchers who share our commitment to protecting you and your data.

Malware Hunter Team does a great job of raising awareness of not only online threats themselves, but how to remove them if you find yourself the victim. What does this mean for you? If you find yourself with ransomware, you can identify the strain you have and find out if there is a decryption tool available.

We spoke with Michael Gillespie at Malware Hunter Team, the creator of ID Ransomware, the website that will help you to figure out what kind of ransomware you have been infected with based on the specific signatures that can be found in the ransom note you receive. He walked us through the process of identifying ransomware families.

Who are Malware Hunter Team and what do they/you do?

Malware Hunter Team is basically a small group of security researchers interested in tracking down malware and promoting cyber security. They do a great job of hunting phishing sites and other threats on a daily basis. I recently joined the team with my ransomware research, and have been coordinating with them on tracking and identifying new threats.

I personally coordinate with ransomware victims and try to hunt down new samples, and help with reverse engineering when I can – with the goal of trying to decrypt if at all possible of course.

So, if someone’s computer has been infected with ransomware, what is the first thing they should do?

I would say the first step is definitely quarantining the system – for an organization this may include finding the affected system. The system should be either shutdown, or put in ‘hibernate’ if possible. From there, the threat needs to be identified just like any other malware infection.

And that’s where you guys come in? My understanding is you specialise in working out what type of malware a user has?

Yes. That can sometimes be the tricky part, especially lately with new strains mimicking others, or flying under the radar.

With so many families and new strains, how do you tell them apart? I saw you have 100’s that can be decrypted for free through your site.

That’s the hard part. In general, we’ll classify them by the symptoms – what extension does it use, what ransom note is left, etc. Sometimes we do have to get more technical to recognize if it is the same author based on their coding style, or certain strings left in the malware.

And for a user, for example, they have a ransom lockout screen, they go to your site, what would they need to do? What is the process?

I’ve tried to make ID Ransomware as simple as possible for the user. They simply upload a ransom note left by the malware, and one of their encrypted files (I recommend something not confidential), and the website will use several methods of trying to identify which ransomware it is. If it is a positive match, it will provide an easy status on “can it be decrypted”, since that is the #1 thought to a victim at that time. It then gives a link to more information either way so they can learn more about what hit them, and possibly find how it came in in the first place.

I use a few techniques to identify by the filename of the ransom note, certain known email addresses or BitCoin addresses in the note, the pattern of the encrypted file’s name (e.g. a certain added extension), and even some hex patterns that some ransomware leave in the files. I also have some custom “plugins” for a few more advanced techniques, such as detecting an embedded image in one certain strain.

With the amount of work that goes into it. Why do you offer the service for free?

Part of it is inspiration from other volunteers in the area. I get most of my information from sources such as victims, Twitter, and Emsisoft Malware Lab. Also, I don’t want to hold a ransom on helping someone decrypt their files – that makes me no better than the criminals in some sense. The information itself should be free to all.

It seems like the appearance of ransomware is increasing constantly. What does the future of malware look like in your opinion?

I definitely see it becoming more and more of a threat in all sectors as we are seeing with the Internet of Things, and how insecure devices are found to be from the factory. In just the past year I’ve been involved with this, I’ve seen a lot of adaptations and “creativity”. We have recent ransomware we discovered that mimics a Windows Update while it decrypts, one that also creates a backdoor to the system, one that uploads passwords, etc. Malware authors are bundling more features together into one package it seems.

How should people best protect themselves?

The best protection is definitely awareness of what you are clicking on. Having good anti-malware protection is a great step, but knowing how to use it, and how to not HAVE to use it. I want to bluntly say “common sense” when it comes to what you are doing online and what you are trusting to run on your computer.

I also want to say BACKUPS BACKUPS BACKUPS. (The Emsisoft Team explored this in a recent article ‘Prevent Ransomware – Backup!’)

Which ransomwares are detected in ID Ransomware?

This service currently detects 163 different ransomwares. Here is a complete, dynamic list of what is currently detected:

777, 7ev3n, 7h9r, 8lock8, ACCDFISA v2.0, Alfa, Alma Locker, Alpha, AMBA, Apocalypse, Apocalypse (Unavailable), ApocalypseVM, AutoLocky, AxCrypter, BadBlock, Bandarchor, BankAccountSummary, Bart, Bart v2.0, BitCrypt, BitCrypt 2.0, BitCryptor, BitMessage, BitStak, Black Shades, Blocatto, Booyah, Brazilian Ransomware, Bucbi, BuyUnlockCode, Cerber, Cerber 2.0, Cerber 3.0, Chimera, Coin Locker, CoinVault, Coverton, Cryakl, CryFile, CrypMic, Crypren, Crypt0L0cker, Crypt38, CryptFuck, CryptInfinite, CryptoDefense, CryptoFinancial, CryptoFortress, CryptoHasYou, CryptoHitman, CryptoJoker, CryptoMix, CryptorBit, CryptoRoger, CryptoShocker, CryptoTorLocker, CryptoWall 2.0, CryptoWall 3.0, CryptoWall 4.0, CryptXXX, CryptXXX 2.0, CryptXXX 3.0, CryptXXX 4.0, CrySiS, CTB-Faker, CTB-Locker, DEDCryptor, DirtyDecrypt, DMA Locker, DMA Locker 3.0, DMA Locker 4.0,Domino, ECLR Ransomware, EduCrypt, El Polocker, Encryptor RaaS, Enigma, Fantom, GhostCrypt, Globe, Gomasom, Herbst, Hi Buddy!, HolyCrypt, HydraCrypt, Jager, Jigsaw, JobCrypter, JuicyLemon, KeRanger, KEYHolder, KimcilWare, Kozy.Jozy, KratosCrypt, Kriptovor, KryptoLocker, LeChiffre, Locky, Lortok, Magic, Maktub Locker, MirCop, MireWare, Mischa, Mobef, NanoLocker, NegozI, Nemucod, Nemucod-7z, NullByte, ODCODC, OMG! Ransomcrypt, PadCrypt, PayForNature, PClock, PowerLocky, PowerWare, Protected Ransomware, R980, RAA-SEP, Radamant, Radamant v2.1, Razy, REKTLocker, RemindMe, Rokku, Russian EDA2, SamSam, Sanction, Satana, ShinoLocker, Shujin, Simple_Encoder, Smrss32, SNSLocker, Sport, Stampado, SuperCrypt, Surprise, SZFLocker, TeslaCrypt 0.x, TeslaCrypt 2.x, TeslaCrypt 3.0, TeslaCrypt 4.0, TowerWeb, ToxCrypt, Troldesh, TrueCrypter, UCCU, UmbreCrypt, Unlock92, Unlock92 2.0, Uyari, VaultCrypt, VenusLocker, WildFire Locker, WonderCrypter, Xorist, Xort, XRTN, zCrypt, ZimbraCryptor, Zyklon

If you have been infected by ransomware head straight to the ID Ransomware site. If you want to learn more about Malware Hunter Team you can visit them at malwarehunterteam.com.

Have a great (malware-free) day!

Related Posts:

• Free decryption keys for CryptXXX Ransomware


• Fabiansomware: when hackers lose it


• Ransomware “Locker” automatically decrypts all…


• Apocalypse: Ransomware which targets companies through…


• Copycat Ransomware “Locker” Emerges

How to identify your ransomware infection to find the right decrypter tool

Fabiansomware: when hackers lose it

Cybercrime has existed for as long as the internet has. However, 2016 has well and truly been the year of ransomware. New ransomware families are popping up weekly and the Emsisoft Malware Lab battles them daily on the frontline.

As a result, our lab is often at the receiving end of hate from authors of such ransomware. This was the case a few months ago when we were able to break the amateurish code that makes up a ransomware family known as Apocalypse. Recently, the hate has become more personal and directly focussed at Fabian, our CTO and head of Emsisoft’s Malware Research Lab. Abusive comments have been embedded directly into Apocalypse’s malware. They recently even named their most recent strain ‘Fabiansomware’ in his honour.

So, why are we being targeted?

Online, Fabian is a comical malware hunter who shares decryption tools and online security advice.  At Emsisoft, he is the head of our malware lab. He and his team investigate new threats, develop new -and adapt existing- protection technologies and makes sure our users are protected from current and future malware threats.

Why it’s getting so personal

In June 2016, we published an article after the lab broke three variants of Apocalypse and shared a free decrypter to all Apocalypse victims. Since then, the lab has broken six new variants.

Currently, the malware authors are changing their malware to try to stay a step ahead of our lab and other malware hunters online. Currently, it takes us only an hour or two to break the new variant. And the insults continue.

The abuse has become so offensive we won’t share it here but it can be seen on Fabian’s twitter account.

Apocalypse’s crush on the head of our lab has become so out of control that in their newest variant, the contact email has been listed as fabianwosar@mail.ru

Essentially, their idea is to try to blame him for the most recent strain. It has been working to some degree as can be seen in this sprightly conversation between Fabian and a very unhappy victim.

So looks like the Apocalypse degenerates decided to rename their project to Fabiansomware. They fell hard for me. pic.twitter.com/pYkXp1vEap

— Fabian Wosar (@fwosar) August 29, 2016

A bit about Apocalypse

The Apocalypse ransomware was first seen on the 9th May 2016. The main attack vector is weak passwords on insecurely configured Windows servers running the remote desktop service. This allows an attacker to use brute force to gain access and means they can easily interact with the system as if they had access in person. Abusing remote desktop has become increasingly common over the last few months, especially for running ransomware like Apocalypse.

The earliest variants install themselves to %appdata%\windowsupdate.exe and create a run key called windows update to both HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE. This variant uses the .encrypted extension. A ransom note is created for every file in the form of *filename*.How_To_Decrypt.txt. The dr.compress@us1.l.a/dr.compress@bk.ru/dr.jimbo@bk.ru/dr.decrypter@bk.ru email addresses are used in the ransom note.

On June 9th, another version of the Apocalypse was discovered. This variant uses a different location, run key name and email address. The ransomware installs itself to %ProgramFiles%\windowsupdate.exe, and creates a run key called windows update svc. The email address used in this variant is decryptionservice@mail.ru.

On June 22nd, the newest variant was discovered, which changed a lot more. Instead of using windowsupdate, it uses firefox as a name instead. The newest version installs itself to %ProgramFiles%\firefox.exe, and creates a run key called firefox update checker. The new extension is “.SecureCrypted” and new name for ransom note *filename*.Contact_Here_To_Recover_Your_Files.txt. The email address used is recoveryhelp@bk.ru.

Our lab continues to find and crack new strains.

What you can do

The most important line of defence is a proper password policy that is enforced for all user accounts with remote access to the system. This applies to rarely used accounts created for testing purposes or by applications as well.

Apocalypse and many other families spread via Remote Desktop Protocol (RDP). If you are a small business owner or even a large company, make sure your RDP and remote control ports are closed.

Even better would be to disable Remote Desktop or Terminal Services completely if not required or at least to use IP address based restrictions to allow the access to these services from trusted networks only.

Related Posts:

• Apocalypse: Ransomware which targets companies through…


• Strong indications that ransomware devs don’t like…


• New Cryptolocker copycat PClock2 discovered that targets…


• Ransomware Cryptowall makes a comeback via malicious help…


• Decrypter for HydraCrypt and UmbreCrypt available

Fabiansomware: when hackers lose it

Change your passwords now: Dropbox hack affects 68 million users

A dropbox security breach that occurred in 2012 is now affecting millions of users as passwords and login information appear for sale online.

A 5GB document reported by a Motherboard reporter suggests that the details of over 60 million dropbox accounts have been released online. The validity of the document was confirmed by a senior Dropbox employee and contains all hashed emails and user passwords.

Though Dropbox forced password resets last week to ensure unchanged passwords were updated, they are unable to confirm how many users have been affected. The firm insists they have not had any information of a user being hacked because of this breach but urges users to change their passwords immediately as a preventative measure.

What you can do

• If you are unsure whether your account has been compromised, you can check at haveibeenpwned.com, which scans a database of all known breaches and will tell you if your email is one of the affected accounts. This page is safe and you can enter your email address to find out if your account has been compromised.


• Change your Dropbox password immediately. If your password is among the thousands stolen, it cannot be used if it has been replaced with a new one. Even if you’re not sure your details have been leaked, it doesn’t hurt to be sure


• Never use the same password across multiple sites. If it is compromised on one, be sure it will be used to access others such as your internet banking or email accounts


• Update passwords regularly


• Use a password generator to create a complex random series of numbers and characters for a more secure password. Though this cannot prevent your account details being extracted from a major website, it does ensure that your password cannot be easily guessed

Have a great (malware-free day!)

 

Related Posts:

• ALERT: You need to change your eBay password, now.


• Emsisoft Alert: Kickstarter Data Breach


• Emsisoft Security Warning: 16 Million Email Accounts hacked…


• ALERT: 18 Million Email Accounts Compromised


• 5 Million Gmail Usernames and Passwords Compromised

Change your passwords now: Dropbox hack affects 68 million users

The smartest way to stay unaffected by ransomware? Backup!

Here at Emsisoft, we know that ransomware is now the most consistently problematic type of malware to effect internet capable devices and businesses. As a security software vendor you might expect that with this blog post we would try to sell you our product as the ultimate solution against ransomware. A quality anti-malware program is vital. Our software in fact is specialized in finding and blocking ransomware, but there is one additional layer of protection you need to consider.

What would you do if an attacker gained admin access to your computer and disabled your antivirus/anti-malware software? They have cleared the way to load the encryption part of their ransomware onto your machine and now your data is lost to you. Anti-malware software detects malicious files very well, but it can’t prevent you from opening your doors to invite the bad guys in.

In the recent past our lab has dealt with many ransomware victims who’s computers were infected manually by using leaks in old, non-patched software to get admin access. So you should always have a Plan B at hand. If someone manages to disable your protection software, you need to have a backup.

Firstly, what is ransomware?

An exploitative crime, ransomware is a kind of malware that encrypts your personal data or locks your entire PC. If infected you will be asked to pay a “ransom” via an anonymous service (such as a Bitcoin page) in order to unlock your computer and free your data.

Ransomware makes up a huge part of today’s active threats as it turned out to be one of the easiest and highest income earners for attackers. All other malware makes its developers money indirectly (by using or selling your computer power), but ransomware directly asks you (the victim) for cash by putting you in a situation in which you feel forced to pay.

The key to protecting your data from a ransomware attack lies with preparedness.

It’s all about Plan B

If you have all of your data stored somewhere else, uninfected, a ransomware attack will not be such a problem for you. In fact, in most cases you will only need to wipe your computer and start again. By keeping an updated backup, you can reinstall your operating systems, programs and personal data. This applies to businesses too. If a daily backup becomes part of your daily closing procedure, customer databases, accounts and book-keeping files will always be up-to-date in case of emergency.

What should I backup?

Let’s start with the most important. First and foremost, you need to back up your personal files. Your personal data is irreplaceable. Think of it this way. If your house was burning down, aside from your loved ones, what would you want to save?

Backup any personal documents such as copies of birth certificates or saved bank statements. Your photos, home videos, and any other data such as your work files should be backed up regularly. Those can never be replaced. If you’ve spent hours ripping audio CDs to build your dream MP3 library, you may want to back those files up too.

Your operating system, programs, and other settings should also be backed up. Though it’s not necessary, it can make your life easier if your entire hard drive fails. Particularly if, like me, you are the type of person that likes to play around with program files, regularly update your hardware and run partitions for linux, having a full system image backup may be very useful for you.

Since ransomware also targets corporate users, customer information systems and databases should be backed up regularly.

Backup Options

Before choosing a backup option, the first and most important step is to take some time to properly label and organize your files into well-named and easy to follow directories. If it gets too overwhelming, try starting it on paper.

Seagate offers excellent advice on how to organize your files with a back-up master plan. Decide on the frequency with which you will back up, then consider what your best backup option is.

External hard drives are a good option as the drive can be kept physically separate to your machine and can be locked away for safe keeping. However, external hard drives only work as a backup option if the device is kept physically disconnected from the machine. If it remains plugged in, it is as susceptible to ransomware as the hard disk of your computer. So, keep your backup separate. Keep it updated. And consider encrypting both your computer’s hard disk and the portable hard drive. We explore the benefits of file encryption here.

Backing up online with a cloud service like CrashPlan can be an excellent option to protect against natural disaster, fire or any other kind of physical threat to your data.

CrashPlan is a reputable online backup service with equally popular competitors such as BackBlaze, Carbonite and MozyHome. These programs will run in the background, updating your files in the programs web storage. Keep in mind this option usually requires a monthly fee and the first backup can take quite a long time, particularly if you have a lot of data.

Cloud safety is becoming more and more undermined by cybercriminals who, rather than hacking computers directly, hack the main servers of cloud services. This means your data could still be held to ransom, just on a much larger scale among thousands of other users.

So, when considering an online backup option, look carefully for a service that supports revisioning where old versions of files are kept and are accessible if your backup files are also infected with ransomware. This table compares online backup options based on the different features they offer. If you choose an option that does not support revisioning, please ensure the service does not remain constantly connected to your main computer as even these files can be corrupted. With no alternative versions of your files, you will still lose your data.

By regularly updating with revisioning, all versions will be more recent and your loss can be minimised drastically. If ransomware changes the most recent backup, older versions should remain unchanged.

In summary: avoid infection

• Keep your software and operating systems up to date.


• Do not install applications from unfamiliar sources or untrusted websites.


• Read permissions closely when requested by programs or apps.


• Back up data and devices frequently.


• Install and regularly update a quality anti-malware product such as Emsisoft Anti-Malware. Our software has a proven ability to capture and eliminate ransomware. Read about our performance against ransomware here with our behaviour blocker technology.


• If infected, take every possible step to avoid paying. Every bitcoin in the hands of a cybercriminal increases the profitability and spread of this kind of malware. Emsisoft does not profit from emergencies. If you ever have a problem, please contact us.

Have a great (malware-free) day!

Related Posts:

• Ransomware took a company’s data hostage and almost…


• Special: backup software for free with your order at…


• How it’s done right: Emsisoft’s Behavior Blocker


• Warning: File Encrypting Ransomware, Now on Android


• Ransomware for Hire: 3 Steps to Keeping Your Data Safe

The smartest way to stay unaffected by ransomware? Backup!

Free decryption keys for CryptXXX Ransomware

BleepingComputer has long been working on helping users effected by CryptXXX Ransomware. This week, they published an article uncovering a bug on the CryptXXX ransomware’s payment server where victims are logging in and receiving their decryption key for free.

Free Decryption Key

These free keys are only being offered for certain versions of CryptXXX, namely those that add the .Crpyz and .Cryp1 extensions to encrypted files.

Though it is unknown why this is occurring – Bleeping Computer suggest it is a malfunction of the payment server- a detailed list of keys are available.

Keys being offered for free

.CRYPZ EXTENSION (ULTRADECRYPTOR)

Ransom Note Name: ![victim_id].html

Ransom Note Name: ![victim_id].txt

Example TOR Url: http://xqraoaoaph4d545r.onion.to

Example TOR Url: http://xqraoaoaph4d545r.onion.cab

Example TOR Url: http://xqraoaoaph4d545r.onion.city

.CRYP1 EXTENSION (ULTRADECRYPTOR)

Ransom Note Name: ![victim_id].html

Ransom Note Name: ![victim_id].html

Example TOR Url: http://eqyo4fbr5okzaysm.onion.to

Example TOR Url: http://eqyo4fbr5okzaysm.onion.cab

Example TOR Url: http://eqyo4fbr5okzaysm.onion.city

Does Not Provide a Free Key

.CRYPT EXTENSION (ULTRADECRYPTER)

Ransom Note Name: [victim_id].html

Ransom Note Name: [victim_id].txt

Example TOR Url: http://klgpco2v6jzpca4z.onion.to

Example TOR Url: http://klgpco2v6jzpca4z.onion.cab

Example TOR Url: http://klgpco2v6jzpca4z.onion.city

.CRYPT EXTENSION (GOOGLE DECRYPTOR)

Ransom Note name: !Recovery_[victim_id].html

Ransom Note name: !Recovery_[victim_id].txt

Example TOR Url: http://2zqnpdpslpnsqzbw.onion.to

Example TOR Url: http://2zqnpdpslpnsqzbw.onion.cab

Example TOR Url: http://2zqnpdpslpnsqzbw.onion.city

RANDOM EXTENSION (ULTRADECRYPTOR)

Ransom Note Name: @[victim_id].html

Ransom Note Name: @[victim_id].txt

Example TOR Url: 2mpsasnbq5lwi37r.onion.to

Example TOR Url: 2mpsasnbq5lwi37r.onion.cab

Example TOR Url: 2mpsasnbq5lwi37r.onion.city

NO EXTENSION (MICROSOFT DECRYPTOR)

Ransom Note Name: README.html

Ransom Note Name: README.txt

Example TOR Url: http://ccjlwb22w6c22p2k.onion.to

Example TOR Url: http://ccjlwb22w6c22p2k.onion.city

Have a great (ransomware-free) day!

Related Posts:

• VaultCrypt ransomware offers fake customer support


• Strong indications that ransomware devs don’t like…


• Apocalypse: Ransomware which targets companies through…


• Copycat Ransomware “Locker” Emerges


• RAA, a new Ransomware variant using only JavaScript

Free decryption keys for CryptXXX Ransomware

The alarming state of computer security in healthcare

Life support machines can be the difference between the recovery of a patient and the loss of a life. Imagine the implications of a poorly coded worm causing a respirator to turn on and off intermittently while connected to a loved one.

This issue was all too real for an American hospital when malware was injected through the neo natal intensive care unit to gain back access to a hospital network. The poor coding in the worm caused an error with a system of heart monitors. Premature babies went unmonitored for potentially fatal periods of time.

Why would anyone attack a hospital?

The data stored within healthcare networks remains a primary target for attackers on a global basis. By accessing a hospital network through a medical device, such as the neonatal intensive care ward heart monitors, attackers can infect medical devices with malware, then move laterally through hospital networks to steal confidential data.

Once criminals have hold of the data, they can easily keep that data hostage. Large ransoms are demanded in order to release this patient data and to unlock vital administrative systems. Hospitals have no choice but to pay if they wish to continue to offer any services.

An unfortunate outcome of these kinds of malware attacks is the unpredictable affect the worm will have on the machines they infect, such as turning heart rate monitors on and off again without warning.

According to IBM, healthcare has become the #1 most attacked industry in 2015, replacing financial services, which was the leader just two years ago. Data held for ransom is incredibly lucrative for cyber criminals. A prime example of how stolen patient data can provide a huge payday comes from the news that a hacker dubbed “thedarkoverlord” is reportedly trying to sell 655,000 patient records on an illegal online data market.

The problem with medical devices is that these kinds of hardware need to be in use for 10-20 years to pay off, but hardly any operating system is supported that long. Many of these devices were built as a static machine back then. Not as a changing or updating OS like that which we have today. If a device was to be continually updated, each update could kill the hardware drivers for the actual device so they are typically not touched or updated at all. The problem here is that once a hacker is in a network (with enough administrative rights) they can basically do anything they want such as stealing patient data and holding it for a large ransom. If these outdated machines must still be used, they have to be kept disconnected from the internet at any price.

Modern equipment comes with modern safety features

The presence of medical devices on healthcare networks creates high vulnerability. These medical devices will make these networks much more susceptible to a successful cyber attack. But, this is not only an issue in the healthcare industry. Attacks on medical devices are a prime example of what can happen if you continue to operate your business or work at home on out-of-date hardware with old software.

What can you do to avoid incidents like this?

Ask questions of your medical professionals. How do they protect client data? It’s unlikely that they will tell you anything but asking the right people might at least get those with the power to change things to start thinking about their vulnerabilities.

Have a great (malware-free) day!

Related Posts:

• US hospitals to use AC power probes to treat malware on…


• The big ‘R’: Ransomware. Why businesses and institutions


• The malware landscape has shifted – These online…


• U.S. Healthcare.gov Sick with Malware


• Cleaning vs. Protection – Why you shouldn’t rely

The alarming state of computer security in healthcare

Pokemon GO: giving hackers direct access to your phone

Pokemon GO took the world by storm over one weekend. Clusters of teens and adults alike are sweeping the streets nabbing animated creatures with their mobile phones.

With access to your clock and GPS, the app makes Pokemon; augmented animals such as dragons, rats and turtles, appear in the real world around you. As a ‘trainer’ you are to build up your Pokemon so that they can fight each other. The app uses Google Maps to guide you.

Captured Pokemon

But what else does the app have access to?

On sign up, you will be asked to provide your Google login. Apps commonly use existing credentials rather than creating their own to speed up installation and make sign up easy. However, in the case of Pokemon GO, Niantic Labs, the app’s developers, offer no clear limitation to what the app has access to.

Upon reading the Privacy Policy, the Emsisoft team were shocked to find that the app had full access to all aspects of a player’s Google account, including the ability to send and read emails, access edit and delete documents in Google Drive and Google Photos and access browser histories and location information.

There is no mention of what Niantic Labs intends to do with the data it accesses, but users should be aware that full access to a user’s personal data is a huge security risk.

The legitimate app has full access to your private information, but what if that access were to end up in the hands of, say, a malware developer, or an organisation managing a botnet? What security measures do Niantic Labs have in place to protect the mass of data they have obtained? We aren’t sure.

Further, in some countries, the app hasn’t been released yet. Players are downloading the game from third party sites which have teamed up with malware developers. Exploitative versions of the app are giving hackers backdoor access to mobile phones all over the world.

By logging in to the app, you are granting full access to a company that has amassed huge amounts of their users’ personal information without any explanation as to how it will be used, and to any hacker or malware developer who has managed to access it.

Malicious apps can be hard to differentiate from legitimate ones, particularly if they are operating quietly in the background.

So, what can you do to keep your data safe?

It is the opinion of the Emsisoft Team that using this app is not worth the risk.

It is likely that Niantic Labs will update their privacy policy to align more closely with their other app Ingress, which only needs a player’s basic profile. We advise patience. But, if you must use the app:

• Download the original app from either the official Apple Appstore or Google Play. If it isn’t out in your country yet, please wait for the official release.


• Create a brand new Google account dedicated to the game. Ensure it has no connection to your other personal accounts.


• Stay away from third party download sites


• Install and update Emsisoft Mobile Security which is built for layered Android protection.

Have a great (malware free) day.

Related Posts:

• Emsisoft Mobile Security 1.0 released!


• ALERT: Google Drive Phishing Scam


• No more nude selfies! (at least not on the cloud)


• Beware of these popular WhatsApp scams


• Covert Redirect Security Flaw in Sites Using OAuth and…

Pokemon GO: giving hackers direct access to your phone

Pokemon GO: giving hackers direct access to your phone

Pokemon GO took the world by storm over one weekend. Clusters of teens and adults alike are sweeping the streets nabbing animated creatures with their mobile phones.

With access to your clock and GPS, the app makes Pokemon; augmented animals such as dragons, rats and turtles, appear in the real world around you. As a ‘trainer’ you are to build up your Pokemon so that they can fight each other. The app uses Google Maps to guide you.

Captured Pokemon

But what else does the app have access to?

On sign up, you will be asked to provide your Google login. Apps commonly use existing credentials rather than creating their own to speed up installation and make sign up easy. However, in the case of Pokemon GO, Niantic Labs, the app’s developers, offer no clear limitation to what the app has access to.

Upon reading the Privacy Policy, the Emsisoft team were shocked to find that the app had full access to all aspects of a player’s Google account, including the ability to send and read emails, access edit and delete documents in Google Drive and Google Photos and access browser histories and location information.

There is no mention of what Niantic Labs intends to do with the data it accesses, but users should be aware that full access to a user’s personal data is a huge security risk.

The legitimate app has full access to your private information, but what if that access were to end up in the hands of, say, a malware developer, or an organisation managing a botnet? What security measures do Niantic Labs have in place to protect the mass of data they have obtained? We aren’t sure.

Further, in some countries, the app hasn’t been released yet. Players are downloading the game from third party sites which have teamed up with malware developers. Exploitative versions of the app are giving hackers backdoor access to mobile phones all over the world.

By logging in to the app, you are granting full access to a company that has amassed huge amounts of their users’ personal information without any explanation as to how it will be used, and to any hacker or malware developer who has managed to access it.

Malicious apps can be hard to differentiate from legitimate ones, particularly if they are operating quietly in the background.

So, what can you do to keep your data safe?

It is the opinion of the Emsisoft Team that using this app is not worth the risk.

It is likely that Niantic Labs will update their privacy policy to align more closely with their other app Ingress, which only needs a player’s basic profile. We advise patience. But, if you must use the app:

• Download the original app from either the official Apple Appstore or Google Play. If it isn’t out in your country yet, please wait for the official release.


• Create a brand new Google account dedicated to the game. Ensure it has no connection to your other personal accounts.


• Stay away from third party download sites


• Install and update Emsisoft Mobile Security which is built for layered Android protection.

Have a great (malware free) day.

Related Posts:

• Emsisoft Mobile Security 1.0 released!


• ALERT: Google Drive Phishing Scam


• No more nude selfies! (at least not on the cloud)


• Beware of these popular WhatsApp scams


• Covert Redirect Security Flaw in Sites Using OAuth and…

Pokemon GO: giving hackers direct access to your phone

Pokemon GO: giving hackers direct access to your phone

Pokemon GO took the world by storm over one weekend. Clusters of teens and adults alike are sweeping the streets nabbing animated creatures with their mobile phones.

With access to your clock and GPS, the app makes Pokemon; augmented animals such as dragons, rats and turtles, appear in the real world around you. As a ‘trainer’ you are to build up your Pokemon so that they can fight each other. The app uses Google Maps to guide you.

Captured Pokemon

But what else does the app have access to?

On sign up, you will be asked to provide your Google login. Apps commonly use existing credentials rather than creating their own to speed up installation and make sign up easy. However, in the case of Pokemon GO, Niantic Labs, the app’s developers, offer no clear limitation to what the app has access to.

Upon reading the Privacy Policy, the Emsisoft team were shocked to find that the app had full access to all aspects of a player’s Google account, including the ability to send and read emails, access edit and delete documents in Google Drive and Google Photos and access browser histories and location information.

There is no mention of what Niantic Labs intends to do with the data it accesses, but users should be aware that full access to a user’s personal data is a huge security risk.

The legitimate app has full access to your private information, but what if that access were to end up in the hands of, say, a malware developer, or an organisation managing a botnet? What security measures do Niantic Labs have in place to protect the mass of data they have obtained? We aren’t sure.

Further, in some countries, the app hasn’t been released yet. Players are downloading the game from third party sites which have teamed up with malware developers. Exploitative versions of the app are giving hackers backdoor access to mobile phones all over the world.

By logging in to the app, you are granting full access to a company that has amassed huge amounts of their users’ personal information without any explanation as to how it will be used, and to any hacker or malware developer who has managed to access it.

Malicious apps can be hard to differentiate from legitimate ones, particularly if they are operating quietly in the background.

So, what can you do to keep your data safe?

It is the opinion of the Emsisoft Team that using this app is not worth the risk.

It is likely that Niantic Labs will update their privacy policy to align more closely with their other app Ingress, which only needs a player’s basic profile. We advise patience. But, if you must use the app:

• Download the original app from either the official Apple Appstore or Google Play. If it isn’t out in your country yet, please wait for the official release.


• Create a brand new Google account dedicated to the game. Ensure it has no connection to your other personal accounts.


• Stay away from third party download sites


• Install and update Emsisoft Mobile Security which is built for layered Android protection.

Have a great (malware free) day.

Related Posts:

• Emsisoft Mobile Security 1.0 released!


• ALERT: Google Drive Phishing Scam


• No more nude selfies! (at least not on the cloud)


• Beware of these popular WhatsApp scams


• Covert Redirect Security Flaw in Sites Using OAuth and…

Pokemon GO: giving hackers direct access to your phone

Pokemon GO: giving hackers direct access to your phone

Pokemon GO took the world by storm over one weekend. Clusters of teens and adults alike are sweeping the streets nabbing animated creatures with their mobile phones.

With access to your clock and GPS, the app makes Pokemon; augmented animals such as dragons, rats and turtles, appear in the real world around you. As a ‘trainer’ you are to build up your Pokemon so that they can fight each other. The app uses Google Maps to guide you.

Captured Pokemon

But what else does the app have access to?

On sign up, you will be asked to provide your Google login. Apps commonly use existing credentials rather than creating their own to speed up installation and make sign up easy. However, in the case of Pokemon GO, Niantic Labs, the app’s developers, offer no clear limitation to what the app has access to.

Upon reading the Privacy Policy, the Emsisoft team were shocked to find that the app had full access to all aspects of a player’s Google account, including the ability to send and read emails, access edit and delete documents in Google Drive and Google Photos and access browser histories and location information.

There is no mention of what Niantic Labs intends to do with the data it accesses, but users should be aware that full access to a user’s personal data is a huge security risk.

The legitimate app has full access to your private information, but what if that access were to end up in the hands of, say, a malware developer, or an organisation managing a botnet? What security measures do Niantic Labs have in place to protect the mass of data they have obtained? We aren’t sure.

Further, in some countries, the app hasn’t been released yet. Players are downloading the game from third party sites which have teamed up with malware developers. Exploitative versions of the app are giving hackers backdoor access to mobile phones all over the world.

By logging in to the app, you are granting full access to a company that has amassed huge amounts of their users’ personal information without any explanation as to how it will be used, and to any hacker or malware developer who has managed to access it.

Malicious apps can be hard to differentiate from legitimate ones, particularly if they are operating quietly in the background.

So, what can you do to keep your data safe?

It is the opinion of the Emsisoft Team that using this app is not worth the risk.

It is likely that Niantic Labs will update their privacy policy to align more closely with their other app Ingress, which only needs a player’s basic profile. We advise patience. But, if you must use the app:

• Download the original app from either the official Apple Appstore or Google Play. If it isn’t out in your country yet, please wait for the official release.


• Create a brand new Google account dedicated to the game. Ensure it has no connection to your other personal accounts.


• Stay away from third party download sites


• Install and update Emsisoft Mobile Security which is built for layered Android protection.

Have a great (malware free) day.

Related Posts:

• Emsisoft Mobile Security 1.0 released!


• ALERT: Google Drive Phishing Scam


• No more nude selfies! (at least not on the cloud)


• Beware of these popular WhatsApp scams


• Covert Redirect Security Flaw in Sites Using OAuth and…

Pokemon GO: giving hackers direct access to your phone

Pokemon GO: giving hackers direct access to your phone

Pokemon GO took the world by storm over one weekend. Clusters of teens and adults alike are sweeping the streets nabbing animated creatures with their mobile phones.

With access to your clock and GPS, the app makes Pokemon; augmented animals such as dragons, rats and turtles, appear in the real world around you. As a ‘trainer’ you are to build up your Pokemon so that they can fight each other. The app uses Google Maps to guide you.

Captured Pokemon

But what else does the app have access to?

On sign up, you will be asked to provide your Google login. Apps commonly use existing credentials rather than creating their own to speed up installation and make sign up easy. However, in the case of Pokemon GO, Niantic Labs, the app’s developers, offer no clear limitation to what the app has access to.

Upon reading the Privacy Policy, the Emsisoft team were shocked to find that the app had full access to all aspects of a player’s Google account, including the ability to send and read emails, access edit and delete documents in Google Drive and Google Photos and access browser histories and location information.

There is no mention of what Niantic Labs intends to do with the data it accesses, but users should be aware that full access to a user’s personal data is a huge security risk.

The legitimate app has full access to your private information, but what if that access were to end up in the hands of, say, a malware developer, or an organisation managing a botnet? What security measures do Niantic Labs have in place to protect the mass of data they have obtained? We aren’t sure.

Further, in some countries, the app hasn’t been released yet. Players are downloading the game from third party sites which have teamed up with malware developers. Exploitative versions of the app are giving hackers backdoor access to mobile phones all over the world.

By logging in to the app, you are granting full access to a company that has amassed huge amounts of their users’ personal information without any explanation as to how it will be used, and to any hacker or malware developer who has managed to access it.

Malicious apps can be hard to differentiate from legitimate ones, particularly if they are operating quietly in the background.

So, what can you do to keep your data safe?

It is the opinion of the Emsisoft Team that using this app is not worth the risk.

It is likely that Niantic Labs will update their privacy policy to align more closely with their other app Ingress, which only needs a player’s basic profile. We advise patience. But, if you must use the app:

• Download the original app from either the official Apple Appstore or Google Play. If it isn’t out in your country yet, please wait for the official release.


• Create a brand new Google account dedicated to the game. Ensure it has no connection to your other personal accounts.


• Stay away from third party download sites


• Install and update Emsisoft Mobile Security which is built for layered Android protection.

Have a great (malware free) day.

Related Posts:

• Emsisoft Mobile Security 1.0 released!


• ALERT: Google Drive Phishing Scam


• No more nude selfies! (at least not on the cloud)


• Beware of these popular WhatsApp scams


• Covert Redirect Security Flaw in Sites Using OAuth and…

Pokemon GO: giving hackers direct access to your phone

Pokemon GO: giving hackers direct access to your phone

Pokemon GO took the world by storm over one weekend. Clusters of teens and adults alike are sweeping the streets nabbing animated creatures with their mobile phones.

With access to your clock and GPS, the app makes Pokemon; augmented animals such as dragons, rats and turtles, appear in the real world around you. As a ‘trainer’ you are to build up your Pokemon so that they can fight each other. The app uses Google Maps to guide you.

Captured Pokemon

But what else does the app have access to?

On sign up, you will be asked to provide your Google login. Apps commonly use existing credentials rather than creating their own to speed up installation and make sign up easy. However, in the case of Pokemon GO, Niantic Labs, the app’s developers, offer no clear limitation to what the app has access to.

Upon reading the Privacy Policy, the Emsisoft team were shocked to find that the app had full access to all aspects of a player’s Google account, including the ability to send and read emails, access edit and delete documents in Google Drive and Google Photos and access browser histories and location information.

There is no mention of what Niantic Labs intends to do with the data it accesses, but users should be aware that full access to a user’s personal data is a huge security risk.

The legitimate app has full access to your private information, but what if that access were to end up in the hands of, say, a malware developer, or an organisation managing a botnet? What security measures do Niantic Labs have in place to protect the mass of data they have obtained? We aren’t sure.

Further, in some countries, the app hasn’t been released yet. Players are downloading the game from third party sites which have teamed up with malware developers. Exploitative versions of the app are giving hackers backdoor access to mobile phones all over the world.

By logging in to the app, you are granting full access to a company that has amassed huge amounts of their users’ personal information without any explanation as to how it will be used, and to any hacker or malware developer who has managed to access it.

Malicious apps can be hard to differentiate from legitimate ones, particularly if they are operating quietly in the background.

So, what can you do to keep your data safe?

It is the opinion of the Emsisoft Team that using this app is not worth the risk.

It is likely that Niantic Labs will update their privacy policy to align more closely with their other app Ingress, which only needs a player’s basic profile. We advise patience. But, if you must use the app:

• Download the original app from either the official Apple Appstore or Google Play. If it isn’t out in your country yet, please wait for the official release.


• Create a brand new Google account dedicated to the game. Ensure it has no connection to your other personal accounts.


• Stay away from third party download sites


• Install and update Emsisoft Mobile Security which is built for layered Android protection.

Have a great (malware free) day.

Related Posts:

• Emsisoft Mobile Security 1.0 released!


• ALERT: Google Drive Phishing Scam


• No more nude selfies! (at least not on the cloud)


• Beware of these popular WhatsApp scams


• Covert Redirect Security Flaw in Sites Using OAuth and…

Pokemon GO: giving hackers direct access to your phone

Pokemon GO: giving hackers direct access to your phone

Pokemon GO took the world by storm over one weekend. Clusters of teens and adults alike are sweeping the streets nabbing animated creatures with their mobile phones.

With access to your clock and GPS, the app makes Pokemon; augmented animals such as dragons, rats and turtles, appear in the real world around you. As a ‘trainer’ you are to build up your Pokemon so that they can fight each other. The app uses Google Maps to guide you.

Captured Pokemon

But what else does the app have access to?

On sign up, you will be asked to provide your Google login. Apps commonly use existing credentials rather than creating their own to speed up installation and make sign up easy. However, in the case of Pokemon GO, Niantic Labs, the app’s developers, offer no clear limitation to what the app has access to.

Upon reading the Privacy Policy, the Emsisoft team were shocked to find that the app had full access to all aspects of a player’s Google account, including the ability to send and read emails, access edit and delete documents in Google Drive and Google Photos and access browser histories and location information.

There is no mention of what Niantic Labs intends to do with the data it accesses, but users should be aware that full access to a user’s personal data is a huge security risk.

The legitimate app has full access to your private information, but what if that access were to end up in the hands of, say, a malware developer, or an organisation managing a botnet? What security measures do Niantic Labs have in place to protect the mass of data they have obtained? We aren’t sure.

Further, in some countries, the app hasn’t been released yet. Players are downloading the game from third party sites which have teamed up with malware developers. Exploitative versions of the app are giving hackers backdoor access to mobile phones all over the world.

By logging in to the app, you are granting full access to a company that has amassed huge amounts of their users’ personal information without any explanation as to how it will be used, and to any hacker or malware developer who has managed to access it.

Malicious apps can be hard to differentiate from legitimate ones, particularly if they are operating quietly in the background.

So, what can you do to keep your data safe?

It is the opinion of the Emsisoft Team that using this app is not worth the risk.

It is likely that Niantic Labs will update their privacy policy to align more closely with their other app Ingress, which only needs a player’s basic profile. We advise patience. But, if you must use the app:

• Download the original app from either the official Apple Appstore or Google Play. If it isn’t out in your country yet, please wait for the official release.


• Create a brand new Google account dedicated to the game. Ensure it has no connection to your other personal accounts.


• Stay away from third party download sites


• Install and update Emsisoft Mobile Security which is built for layered Android protection.

Have a great (malware free) day.

Related Posts:

• Emsisoft Mobile Security 1.0 released!


• ALERT: Google Drive Phishing Scam


• No more nude selfies! (at least not on the cloud)


• Beware of these popular WhatsApp scams


• Covert Redirect Security Flaw in Sites Using OAuth and…

Pokemon GO: giving hackers direct access to your phone

Pokemon GO: giving hackers direct access to your phone

Pokemon GO took the world by storm over one weekend. Clusters of teens and adults alike are sweeping the streets nabbing animated creatures with their mobile phones.

With access to your clock and GPS, the app makes Pokemon; augmented animals such as dragons, rats and turtles, appear in the real world around you. As a ‘trainer’ you are to build up your Pokemon so that they can fight each other. The app uses Google Maps to guide you.

Captured Pokemon

But what else does the app have access to?

On sign up, you will be asked to provide your Google login. Apps commonly use existing credentials rather than creating their own to speed up installation and make sign up easy. However, in the case of Pokemon GO, Niantic Labs, the app’s developers, offer no clear limitation to what the app has access to.

Upon reading the Privacy Policy, the Emsisoft team were shocked to find that the app had full access to all aspects of a player’s Google account, including the ability to send and read emails, access edit and delete documents in Google Drive and Google Photos and access browser histories and location information.

There is no mention of what Niantic Labs intends to do with the data it accesses, but users should be aware that full access to a user’s personal data is a huge security risk.

The legitimate app has full access to your private information, but what if that access were to end up in the hands of, say, a malware developer, or an organisation managing a botnet? What security measures do Niantic Labs have in place to protect the mass of data they have obtained? We aren’t sure.

Further, in some countries, the app hasn’t been released yet. Players are downloading the game from third party sites which have teamed up with malware developers. Exploitative versions of the app are giving hackers backdoor access to mobile phones all over the world.

By logging in to the app, you are granting full access to a company that has amassed huge amounts of their users’ personal information without any explanation as to how it will be used, and to any hacker or malware developer who has managed to access it.

Malicious apps can be hard to differentiate from legitimate ones, particularly if they are operating quietly in the background.

So, what can you do to keep your data safe?

It is the opinion of the Emsisoft Team that using this app is not worth the risk.

It is likely that Niantic Labs will update their privacy policy to align more closely with their other app Ingress, which only needs a player’s basic profile. We advise patience. But, if you must use the app:

• Download the original app from either the official Apple Appstore or Google Play. If it isn’t out in your country yet, please wait for the official release.


• Create a brand new Google account dedicated to the game. Ensure it has no connection to your other personal accounts.


• Stay away from third party download sites


• Install and update Emsisoft Mobile Security which is built for layered Android protection.

Have a great (malware free) day.

Related Posts:

• Emsisoft Mobile Security 1.0 released!


• ALERT: Google Drive Phishing Scam


• No more nude selfies! (at least not on the cloud)


• Beware of these popular WhatsApp scams


• Covert Redirect Security Flaw in Sites Using OAuth and…

Pokemon GO: giving hackers direct access to your phone