Kaspersky Lab experts have detected a new Trojan targeting Android devices that can be compared to Windows-based malware in terms of its complexity. Triada is stealthy, modular, persistent and written by very professional cybercriminals. Devices running the 4.4.4. and earlier versions of the Android OS are at greatest risk.
According to the recent Kaspersky Lab research on Mobile Virusology, nearly half of the top 20 Trojans in 2015 were malicious programmes with the ability to gain super-user access rights. Super-user privileges give cybercriminals the rights to install applications on the phone without the user’s knowledge.
This type of malware propagates through applications that users download/install from untrusted sources. These apps can sometimes be found in the official Google Play app store, masquerading as a game or entertainment application. They can also be installed during an update of existing popular applications and, are occasionally pre-installed on the mobile device. Those at greatest risk include devices running 4.4.4. and earlier versions of the Android OS.
There are 11 known mobile Trojan families that use root privileges. Three of them – Ztorg, Gorpo and Leech – act in cooperation with each other. Devices infected with these Trojans usually organise themselves into a network, creating a sort of advertising botnet that threat actors can use to install different kinds of adware.
Shortly after rooting on the device, the above-mentioned Trojans download and install a backdoor. This then downloads and activates two modules that have the ability to download, install and launch applications.
The application loader and its installation modules refer to different types of Trojans, but all of them have been added to our antivirus databases under a common name – Triada.
A distinguishing feature of this malware is the use of Zygote – the parent of the application process on an Android device – that contains system libraries and frameworks used by every application installed on the device. In other words, it’s a demon whose purpose is to launch Android applications. This is a standard app process that works for every newly installed application. It means that as soon as the Trojan gets into the system, it becomes part of the app process and will be pre-installed into any application launching on the device and can even change the logic of the application’s operations.
This is the first time technology like this has been seen in the wild.
The stealth capabilities of this malware are very advanced. After getting into the user’s device Triada implements in nearly every working process and continues to exist in the short-term memory. This makes it almost impossible to detect and delete using antimalware solutions. Triada operates silently, meaning that all malicious activities are hidden both from the user and from other applications.
The complexity of the Triada Trojan’s functionality proves the fact that very professional cybercriminals, with a deep understanding of the targeted mobile platform, are behind this malware.
The Triada Trojan can modify outgoing SMS messages sent by other applications. This is now a major functionality of the malware. When a user is making in-app purchases via SMS for Android games, fraudsters are likely to modify the outgoing SMS so that they receive the money instead of the game developers.
“The Triada of Ztrog, Gorpo and Leech marks a new stage in the evolution of Android-based threats. They are the first widespread malware with the potential to escalate their privileges on most devices. The majority of users attacked by the Trojans were located in Russia, India and Ukraine as well as APAC countries. It is hard to underestimate the threat of a malicious application gaining root access to a device. Their main threat, as the example of Triada shows, is in the fact that they provide access to the device for much more advanced and dangerous malicious applications. They also have a well-thought-out architecture developed by cybercriminals who have deep knowledge of the target mobile platform,” says Nikita Buchka, junior malware analyst, Kaspersky Lab.
As it is nearly impossible to uninstall this malware from a device, users face two options to get rid of it. The first is to “root” their device and delete the malicious applications manually. The second option is to jailbreak the Android system on the device.
Kaspersky Lab products detect Triada Trojan components as: Trojan-Downloader.AndroidOS.Triada.a; Trojan-SMS.AndroidOS.Triada.a; Trojan-Banker.AndroidOS.Triada.a; Backdoor.AndroidOS.Triada.
In our modern society, shopping and the Internet go together like bacon and eggs. After all, why leave home when you could be eating said food items and shopping simultaneously? To this end, shopping online is one of the most convenient things that modern technology has brought to us.
What makes online shopping so attractive is that it is convenient and it is instant. But is it secure? Yes and no. Remember, online security is only as good as the amount of effort expended and the systems put in place by the merchant to ensure you enjoy a secure experience.
“In recent years, shopping online has become much more convenient via mobile payment solutions,” states Gregory Anderson, country manager at Trend Micro South Africa. “However it’s important to note that when you are dashing through multiple sites on the Web from the comfort of your armchair, your accounts and financial transactions could be compromised by countless prying eyes. Due to the nature of e-commerce and the thousands of options for online shops, it can sometimes be hard to tell if you’re dealing with a legitimate merchant or a bogus one.”
According to Anderson, shopping online bears the same perils as shopping in store. You as an individual can’t rely on the merchant to shoulder all the risk; you need to become just as savvy as you would be if you were shopping in modern-day Hillbrow. What’s more, while we are all keen to secure our credit card information, online shopping doesn’t just pose a threat to your credit details but to your general privacy too.
Now that data breaches and incidents of hacking and identity theft are becoming more common, online shoppers should protect themselves against likely attacks that could threaten their privacy. There are a number of different methods that can be used to invade a user’s privacy and, sooner or later, an unaware user is bound to run into threats such as phishing, online scams, spam, Internet fraud and malicious URLs.
Here are a few general tips on how to secure and maintain your privacy and security when shopping online:
• Double-check URLs – if you hadn’t already bookmarked your favorite shopping site’s payment page and still rely on typing in names, always double check the URL. Cybercriminals can easily replace payment pages and apps with fake ones. One way to tell if a site is secure is by checking the security lock indicator (HTTPS instead of HTTP). HTTPS is more secure.
• Use an official online shopping app – if you’re an avid mobile shopper, make sure to use the official online shopping app and avoid third-party apps for secure transactions.
• Always use strong and secure passwords – attackers can easily hack online accounts, including banking and social media accounts. Since these accounts contain sensitive and personal details, it’s important that you use unique hard-to-crack passwords across all devices and change them regularly.
• Use a secure network – if you’re using a mobile device to pay, make sure that you are using the official payment app, and that you’re accessing a secure and private network.
• Think before you click – being scammed online could translate to an eventual invasion of your privacy. Before you click on unverified posts, messages or ads, think twice and stay away from suspicious-looking offers. They’re most likely used as bait to lead you to phishing sites. Check with official sites rather than relying on social media posts.
“Shopping online can be safe. But just be alert and be aware. Web threats are no longer limited to malware and scams. Attackers know that the more you perform any online activities, the more you increase the risk of revealing information about yourself – especially when you’re looking to make a purchase. Searching for items alone could lead you from one Web site to another, which increases the chance of stumbling upon a malicious one.
“So set yourself a small regime of ensuring the above each time you enter a new site. If you can do that, you will almost be assured of shopping securely and with the peace of mind you crave,” Anderson concludes.
A new ransomware “super bug”, codenamed “Locky”, is on the lose. There have been 500 000 sessions of the virus crossing the globe in the last few weeks – and now it has arrived in South Africa.
Anti-virus coverage for this type of malware is very poor – only four out of 54 service providers detected it.
It is believed that there are 4 000 infections an hour now – 100 000 infections a day.
A hospital group in the US has had to shut its doors after the fee to purchase its own files was set at $3,6-million – to be paid in untraceable Bitcoin.
There are 499 000 other cases of Locky reported so far. The virus is spread via infected Word documents.
A click on the attachment and the unfortunate victims, unable to mitigate this threat, are given a ransom demand for their files.
And a subsequent visit to the referenced Locky payment portal site reveal multiple options for victims to pay – including payment plans.
How to stay Locky-free:
• Never download freeware or files from untrusted sources as it might be infected.
• Always scan removable devices before using them.
• Regularly scan your PC to detect .locky File Extension Ransomware as well as other related threats.
• Always keep Windows Operating System updated.
• Browser’s security settings should be activated and set to medium level.
• Avoid installation of ActiveX controls as it is somewhat prone to .locky File Extension Ransomware.
• Never install potentially unwanted program on your PC.
• Always carefully read “License and Agreement” before installing any freeware.
• Turn on firewall and other security settings for better PC protection.
• Do not click on suspicious links while surfing web.
• Avoid getting carried away by unrealistic deals and offers as it can be a trick used by .locky File Extension Ransomware.
• Never respond to unknown mails and messages.
More than 720 litres of liquid methamphetamine have been seized in Australia – believed to be one of largest drug finds in the country’s history. The £620-million (A$1,26-billion) stash was smuggled from China and had been hidden in bottles of glue and inside gel bra inserts.
Police estimate it could have been used to create 500kg of high-grade crystal meth, which equates to about 3,6-million doses.
Some 190 litres of the drug was hidden in boxes of bra pads.
Four suspects from Hong Kong have been charged in Sydney over the import, and face a potential life sentence if convicted. They will appear in court next month.
Michael Keenan, Australia’s justice minister, described the seizure as “a devastating blow for the organised criminal gangs that peddle in ice (crystal meth)”.
The arrests followed a joint operation between the Australian Federal Police and the Chinese Narcotics Control Commission.
Picture: Sky News
Last year saw millions of people’s data hacked and stolen online, from T-Mobile customers to those signed up on Ashley Madison. While this is obviously bad news for those who have had their details jacked, the data posted online can be used to gain an interesting insight into how people protect themselves on the Internet.
And it turns out that many people are still terrible at picking passwords. In Splash Data’s annual list of the 25 worst passwords little has changed, with “123456” still, for some reason, topping the list.
We all know we shouldn’t do it, but for some inexplicable reason many clearly still do just run their fingers along the top of the keyboard. Those feeling a little more adventurous might manage to type out “password” or, oddly, “dragon”.
Either way, none of the top 25 passwords are particularly surprising, which in itself is a little depressing in the fact that no matter how often people are told to secure their online accounts, plenty still ignore the advice.
The data also gives some interesting insight into the minds of those using the internet. Sport, for example, is a popular choice for passwords, with “football” and “baseball” both still sitting within the top 25. But it also reflects big events happening that year, with the most noticeable being the addition of “starwars” and “solo” to the list, which could also help explain the resurgence of “princess” as a choice of password too.
We probably all know what we should be doing to at least try and make our accounts less hackable, but let’s just take a minute to remind ourselves. Firstly, and I hardly think this really needs saying, but don’t pick one of the ones below. If one of yours has already made the list, then change it.
Choose something that is at least eight characters long, which does not contain your user name, real name, or company name. Make sure it is significantly different from any previous passwords, and include a mixture of upper cases, lower cases, numbers and symbols. And finally, while I know it’s tempting, try not to use the same username and password combination. If you struggle remembering them all, then perhaps you could install a password safe.
Anyway, here is the list in full. Try not to smash your head against the keyboard in frustration:
The 25 most-used passwords (with change from 2014 indicated in brackets):
- 123456 (unchanged)
- password (unchanged)
- 12345678 (up 1)
- qwerty (up 1)
- 12345 (down 2)
- 123456789 (unchanged)
- football (up 3)
- 1234 (down 1)
- 1234567 (up 2)
- baseball (down 2)
- welcome (new)
- 1234567890 (new)
- abc123 (up 1)
- 111111 (up 1)
- 1qaz2wsx (new)
- dragon (down 7)
- master (up 2)
- monkey (down 6)
- letmein (down 6)
- login (new)
- princess (new)
- qwertyuiop (new)
- solo (new)
- passw0rd (new)
- starwars (new)
By Josh L Davis www.iflscience.com
Massmart has sponsored a survey on corruption in South Africa, and the results are not unexpected.
OKI has issued a fraud warning to its customers.
MasterCard is trying out a new technology that lets online shoppers authorise a transaction with a snapshot of their face instead of a password.
According to the results of a recent survey of more than 2 000 office workers in the US and UK, fully 93% of respondents engage in unsafe online behaviour that could jeopardise their employer’s or their customers’ data, and 97% of respondents have access to sensitive or confidential company information.
Amazon is taking legal action against more than 1 000 people it claims provide fake reviews on its Web site. The online retail giant says in the lawsuit – filed in the US on Friday – its brand reputation was being tarnished by “false, misleading and inauthentic” reviews.