Minecraft Modpacks Carrying Malware Returned to the Play Store Under New Names| TechNadu

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

  • The authors of adware-ridden Minecraft modpack apps have found a way into the Play Store again.
  • The apps now use an extra module that adds more functions like opening app pages or YouTube videos.
  • Keeping malware outside the Play Store is practically impossible, so users are advised to pick their apps carefully.

Back in November 2020, Kaspersky discovered several fake Minecraft “modpack” apps on the Play Store, which had the sole purpose of infecting unsuspecting users with adware. After the apps were reported to Google and quickly removed, their authors had to return to the drawing board, and according to Kaspersky’s latest report, they did. The malware-ridden apps have returned on the Google Play Store, albeit under new names and themes, and also with some additional hiding tricks under their sleeve.

More specifically, Kaspersky decided to look at the currently available Minecraft modpack apps again and was not surprised to find that many of them were again adware. The addition this time comes in the form of an extra module fetched by the apps after installation, enabling them to carry out more functions. These include hiding their icons, run the browser, play YouTube videos, open Google Play app pages, and more.

Of course, the apps download this module after their installation to evade review-stage rejections and also to secure the granting of risky permissions from the user. As such, this is yet another reminder to pay attention to what is requested from you on the permissions prompt and not just approve anything that is thrown at you.

Source: Kaspersky

In addition to the Minecraft mods, which appears to be a pretty risky category, Kaspersky mentions an app named “File Recovery – Recover Deleted Files” v1.1.0, which carries the same adware. The app has been available on the Play Store until late February 2021, so there’s a good chance that a significant number of Android devices still have it. After its removal at that point, the developers uploaded a clean version, number 1.1.1, which isn’t dangerous to use.

More recent examples come in the form of fake Madgicx and fake TikTok ad-management apps, which are basically just phishing Facebook accounts…


5 new rules ransomware gangs play by nowadays: Kaspersky report

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

Over the last few years, technology has moved ahead immensely, and alongside so has the ways cybercriminals distribute malware and ransomware since the older, now common, methods no longer work. Till some time ago, cybercriminals would use encrypted files to spread ransomware on a large scale, now ransomware attacks have become more focused. Nowadays, cybercriminals and hackers examine their targets in detail and do their research so as they can gain additional leverage. Ransomware gangs behave like fully-fledged online service providers and use traditional marketing techniques. Experts at Kaspersky have identified five examples of how these ransomware distribution methods, and how they work, have altered by studying the Darkside ransomware gang as an example.

1. Darkside actively establishes contact with the press.

On the Darkside website, there’s a semblance of a press center set up to enable journalists to ask questions and receive first-hand information, and to learn about upcoming publications of stolen information in advance. In fact, DarkSide operators strive to get as much resonance in the networks as possible.

2. Ransomware groups collaborate with decryption companies.

As the Kaspersky report points out, this is evident because many state-owned companies are prohibited from entering negotiations with cybercriminals. This has created a demand for intermediaries like decryption companies, who provide legitimate data decryption services.

3. Darkside claims to donate part of their income to charity.

They show those who do not want to finance crime, that some of their money will go to a good cause. However, some charities are prohibited from accepting illicit money, and such payments would be frozen.

4. The cybercriminals now carefully analyze stolen data and the market.

Before publishing information, they study the contacts of the company and identify well-known customers, partners, and competitors. Kaspersky experts state that the main purpose of this is to maximise target damage, to intimidate victims, and to increase the chances of getting a ransom.

5. The Darkside ransomware gang now has its own code of ethics.

There’s honour among criminals, just like in real enterprises….


ISIS IT Group Warns of Vulnerability of Google Play Store Messaging App – Homeland Security Today

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

An ISIS-supporting cybersecurity group warned followers of the terror group that installing a Google Play app would leave them vulnerable to surveillance by intelligence agencies.

The alert was issued by the Electronic Horizons Foundation, which launched in January 2016 as an IT help desk of sorts to walk ISIS supporters through how to encrypt their communications and otherwise avoid detection online while coordinating with and recruiting jihadists.

EHF released a 24-page cybersecurity magazine for ISIS supporters last May that walks jihadists through step-by-step security for smartphones — while encouraging them to use a computer instead for more secure terror-related business — and warns of “nightmare” Microsoft Windows collecting user data from geolocation to browsing history.

The new EHF “important warning” distributed online told supporters that “spies of intelligence agencies are using a new method to track down supporters through Google Play Store.”

“One of the spies,” EHF said, uploaded a custom app that “collects identifiable information of android phones.”

“Then he targets and communicates with supporters by claiming that they have received a money transaction, and they need to install the application in order to receive it,” the alert continued. “Beware of installing or using suspicious apps promoted by unknown individuals, whether it’s an APK file or uploaded to app stores. Intelligence mercenaries are trying to use users’ trust in the app store in order to target supporters using malicious apps uploaded to the app store.”

The app named by EHF is advertised on Google Play as a highly secure messaging app with end-to-end encryption. Concerned about the security of their information on social media and Telegram messenger, EHF recently has been trying to steer ISIS followers toward using the Element messenger.

EHF last year urged followers to use alternate operating systems such as Qubes, Tails or Whonix. The ISIS cyber group has also highlighted “wrong security practices” including browsing the internet without Tor or VPN, downloading apps from third-party sources, failing to encrypt the device or storage devices, neglecting to…


Parler app removed from Google Play Store (Update: Apple suspends iOS app)

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

parler app icon

  • Parler, a “free speech” social media app, has been removed from the Google Play Store.
  • In a statement, Google said Parler had not done enough to “implement robust moderation for egregious content.”
  • Apple has also warned Parler to put in better moderation or its iOS app will be removed from Apple’s app store.

Update: January 9, 2021 – 8:36 p.m. ETDeadline reports that Apple has now suspended the iOS Parler app from its App Store as well. Apple told Parler in an email that the social networking company “has not taken adequate measures to address the proliferation of these threats to people’s safety.”

Original story – January 9, 2021 – Parler, the social media app that centers on conservative themes and content, has had its app removed from the Google Play Store. Launched in 2018, Parler has become more popular over the last several months among US conservatives.

In the wake of Wednesday’s looting of the US Capital in Washington D.C. by a mob, it had been discovered that Parler was used by some right-wing groups and individuals to promote participation in that mob and to advocate violence during that event. Late Friday night, Google decided that was enough to remove the Parler app from the Play Store.

In an email statement from Google, as posted by XDA Developers, the company stated:

In order to protect user safety on Google Play, our longstanding policies require that apps displaying user-generated content have moderation policies and enforcement that removes egregious content like posts that incite violence. All developers agree to these terms and we have reminded Parler of this clear policy in recent months.

We’re aware of continued posting in the Parler app that seeks to incite ongoing violence in the U.S. We recognize that there can be reasonable debate about content policies and that it can be difficult for apps to immediately remove all violative content, but for us to distribute an app through Google Play, we do require that apps implement robust moderation for egregious content. In light of this ongoing and urgent public safety threat, we are suspending the app’s listings from the Play Store until it addresses these issues.

In addition to the…