Tag: infected | Page 3

Several govt & college websites among those infected with online betting malware

June 3, 2023/in Computer Security

Several websites belonging to government departments, municipal corporations, educational institutions have been infected with malware creating redirect web pages landing on online betting and casino websites.

The infested websites include that of Mira Bhayandar municipal corporation which is on the outskirts of Mumbai, the water supply and sewerage board of Bengaluru BWSSB, research institute ICAR. BWSSB has removed these links now but the Google search results still reflects them.

In one instance a blog titled “Betting Exchange in India” is created on the domain Mizoram.gov.in redirecting to a betting portal. While the redirect is now disabled, the blog is still live at the time of going to press. The backward classes welfare department of West Bengal government is also in the list of impacted websites.

Government and education domains can easily be ranked on search engine result pages and the online betting mafia appears to have exploited this loophole.

Among the educational institutions infested with this malware are XLRI, XLRI (Delhi Campus), NIT Delhi, Flame University Pune, Zoram Medical College Mizoram, Himachal Dental College, University of Burdwan and the list goes on. XLRI and Flame have removed these links at the time of writing this.

Betting and gambling is banned in India and the Indian government has issued multiple advisories against promoting online casino portals. With advertisements on main stream media reducing considerably, betting mafia appears to have resorted to hacking and malware infestation to reach out to users.

As all the websites appear to have infested in same way, experts say this is possibly by exploiting a backdoor on the operating systems common to these websites.

Source…

Google: Malware Infected Streaming Devices Are Built on Android Open Source Project, Not Android TV

May 28, 2023/in Computer Security

Google said Android-branded streaming devices sold through popular e-tail channels including Amazon, and loaded with adware out of the box are powered by Android Open Source Project software and not Android TV.

“We have recently received questions regarding TV boxes that are built with Android Open Source Project and are being marketed to appear as Android TV OS devices,” Google said in a blog posted late last week.

“Some of them may also come with Google apps and the Play Store that are not licensed by Google, which means that these devices are not Play Protect certified,” Google added. “To help you confirm whether or not a device is built with Android TV OS and Play Protect certified, our Android TV website provides the most up-to-date list of partners. You can also take these steps to check if your device is Play Protect certified.”

The devices in question, marketed under brand names like T95Max, RockChip X12 Plus and RockChip X88 Pro 10, are based on system-on-a-chip hardware from AllWinner and RockChip.

On Amazon, the T95 is listed as a “Android 10.0 TV Box. Nowhere is a distinction made between “Android Open Source Project” and “Android TV.”

Ontario, Canada-based IT pro Daniel Milisic published last year on GitHub his experience with a T95, which has a four-star rating on Amazon amid 744 reviews.

Milisic said the device began connecting out of the box with a botnet network of thousands of other infected Android TV gadgets around the world. The device, he said, immediately sought out a command and control server, which downloaded additional malware to his gadget.

The malware enabled the T95 to begin conducting ad-click fraud, clicking on ads in the background.

In his GitHub post, Milisic published the script he used to “defang” what he described as a “no good, awful, nasty little ARM-powered TV/hobby box.”

Milisic’s findings were confirmed by Electronic Frontiers Foundation security researcher Bill Budington in this…

Source…

Android users urged to delete these 19 Google Play Store apps infected with money-sucking malware

April 30, 2023/in Computer Security

Millions of Android users are being warned to check their phone for a string of apps which have been hijacked my malicious viruses.

There are three main viruses currently using 19 apps to steal sensitive information and secretly sign up users to premium services, monetising the infection.

One of the malware strains has already been downloaded more than three million times.

Watch the latest News on Channel 7 or stream for free on 7plus >>

Because Android is an open source operating system, it can run any third-party app, unlike iOS.

While this makes devices more customisable, it also leaves them open to harmful cyber attacks, with malware commonly hidden in the coding of seemingly harmless apps.

According to the experts at MalwareFox, cyber criminals download real apps from the Google Play Store, and inject malicious viruses into the backend coding of those programs, before re-uploading them to the store under a new name.

Malware is always adapting and finding new ways to invade devices, but cybersecurity experts are always on the hunt for them.

Here are the viruses currently doing the rounds, and the apps they are hiding in, according to MalwareFox.

Joker Spyware

This spyware gathers sensitive data like contact lists and SMS messages, and can register the device for premium services without consent.

It is hiding in the following apps:

Simple Note Scanner – com.wuwan.pdfscan
Universal PDF Scanner – com.unpdf.scan.read.docscanuniver
Private Messenger – com.recollect.linkus
Premium SMS – com.premium.put.trustsms
Blood Pressure Checker – com.bloodpressurechecker.tangjiang
Cool Keyboard – com.colate.gthemekeyboard
Paint Art
Color Message.

Harly Trojan

This Trojan uses China Telecom’s code — 46011, according to Malware experts at Kaspersky, which say it gives clues to suggest the malware developers are located in China.

It can also subscribe users to premium services in an invisible window to monetise the infection.

It is hiding in the following apps:

Fare Gamehub and Box
Hope Camera-Picture Record
Same Launcher and Live Wallpaper
Amazing Wallpaper
Cool Emoji Editor and Sticker

Autolycos Malware

This malware has already been downloaded more than three million times, according to PCrisk.

It also…

Source…

83% of Ransomware Infected Organizations Paid Over $900,000 Each / Digital Information World

April 16, 2023/in Internet Security

The average number of ransomware attacks being experienced by companies grew from four to five in 2022, and that’s just one of the many signs pointing to a worsening state of cybersecurity. Law enforcement agencies usually tell organizations to never pay ransoms because of the fact that this is the sort of thing that could potentially end up making the malicious actors target them repeatedly.

However, ExtraHop’s latest Global Cyber Confidence Inde x revealed that 83% of organizations that fell pretty to a ransomware attack ended up paying the ransom. The fear of data loss and operational disruption likely led to them biting the bullet, and it is estimated that the companies that paid the ransom had to pay an average of over $925,000 apiece.

With all of that having been said and now out of the way, it is important to note that malicious actors often use the double extortion method when companies pay up. Paying a ransom once makes it more likely that you will pay it again than might have been the case otherwise, so there is a clear correlation between failing to follow post-ransomware instructions and having to go through the ordeal all over again.

77% of experts who are working in the field of IT said that obsolete cybersecurity infrastructure was leading to an increased number of attacks with all things having been considered and taken into account. Spending nearly a million dollars to upgrade this infrastructure might be a far more useful strategy for companies to consider since it can prevent ransomware from making its way onto their systems in the first place.

In spite of the fact that this is the case, most companies tend to have a reactive strategy than a proactive one. Creating backups and keeping cybersecurity tech up to date is both more affordable as well as more efficient, yet most companies are failing to meet this very basic requirement. Until major companies start to take cybersecurity more seriously, the number of these attacks will only grow ever greater. It will be interesting to see if these findings have any sort of impact on how ransomware is dealt with.

Source…

Tag Archive for: infected