10 TIPS FOR SECURING YOUR SMARTPHONE

This month is National Cyber Security Awareness Month. Each week within October will take on adifferent theme, with this week's being 'Mobile'. So, with that in mind, we thought we'd prepare some tips to help keep your smartphone safe.

Top 5 threat protection best practices

Trend Micro predicts that there may be as many as a million Android malware threats by the end of the 2014. What's going on here? Make no mistake about it, there are REAL ANDROID MALWARE PROBLEMS. (Credit: Juniper Networks) Part of it is that Android is being targeted because it's extremely popular. The research company Canalys found that Android is running on 59.5 percent of all smart mobile devices that were shipped in the first quarter of 2013.

YES, YOUR SMARTPHONE CAMERA CAN BE USED TO SPY ON YOU...

Yes, smartphone cameras can be used to spy on you - if you're not careful. A researcher claims to have written an Android app that takes photos and videos using a smartphone camera, even while the screen is turned off - a pretty handy tool for a spy or a creepy stalker.

Free Security Scans - Find threats your antivirus missed

Malware is complex, seemingly everywhere and is often difficult to stop. It knows how to find your data,even on your mobile device and Mac. You can't ignore your the safety of your devices any longer: you need to recognize and stop these threats before they do MORE harm.

MALWARE ATTACKS ON ANDROID DEVICES SEE 600% INCREASE IN 2016 / 2017

Malware targeting the Android platform is exploding, with a 600 percent increase in just the past 12 months. That statistic is among the findings of a new study--Mobile Security Threat Report--unveiled last week at the Mobile World Congress in Barcelona, Spain.

Showing posts with label Banking Trojan. Show all posts
Showing posts with label Banking Trojan. Show all posts

Mobile banking Trojan Asacub hits 40 000 per day

Kaspersky Lab has picked up on a large-scale  campaign of the infamous mobile  Trojan, Asacub.
Researchers at the company estimate Asacub is reaching 40 thousand individuals each day. Although the Trojan is primarily aimed at Russian users, it has also hit users in many other countries, including Germany, Belarus, Poland, Armenia, Kazakhstan and the US.
According to Kaspersky, Asacub was discovered in 2015, and has evolved over the years. Its erlier iterations were closer to spyware than banking malware. They could steal all incoming SMS messages, irrespective of the sender, and upload them to the intruders' server. The functionality of the latest Asacub modifications help attackers gain remote  of infected devices and steal banking data.
Over the last year, Asacub authors have been upping their efforts and conducting large scale campaigns for its dissemination, to the point that it has held the leading position among mobile banking Trojans for the past twelve months.
Researchers say the reason behind its continued sustainability is that the domains of its command server change, and there are disposable phishing links for downloading the Trojan.

How it works

Asacub is distributed through phishing SMS messages, which invite victims to view a photo or MMS message. If the victim's device settings permit installations from unknown sources, Asacub is able to install itself on the target device as the default SMS application.
See also

Chrome browser flags all sites that are 'not secure'

GandCrab ransomware continues to evolve

In this way, when a new SMS message arrives, it can transmit the sender's number and message text to the intruders' command server. Asacub can withdraw funds from a bank card attached to the phone by sending SMS messages for transferring funds to another card or phone number, and it can intercept SMS messages from a bank containing one-time passwords.
Tatyana Shishkova, malware analyst at Kaspersky Lab, says the Asacub Trojan highlights how mobile malware can function for several years with minimal changes to its distribution pattern.
"One of the main reasons for this is that the human factor can be leveraged through social engineering: SMS messages look like they are meant for a certain user, so victims unconsciously click on fraudulent links. In addition, with regular change of domains from which the Trojan is distributed, catching it requires heuristic methods of detection," she adds.

Better than cure

Kaspersky advises users to follow several steps to avoid getting infected with mobile banking malware:
  • Only download applications that are from official resources;
  • If possible, disable the installation of applications from third-party sources in smartphone settings;
  • Never click on links from suspicious or unknown senders;
  • Install a reliable security solution to protect mobile devices.



via ITWeb
Read more »

Mobile’s Latest Malware Threat: The All-in-One Android Trojan


A new Android Trojan — dubbed Android.Banker.L — combines the functionality of banking Trojans, keyloggers and ransomware to compromise victim devices and steal data.
As reported by Quick Heal, the latest malware threat uses multiple methods simultaneously to attack user devices. In addition to a typical Android banking Trojan, the malware contains code that enables it to forward calls, record sound, conduct keylogging and deploy ransomware. It’s also able to launch device browsers with a URL received from its command-and-control (C&C) server, which is contacted via Twitter.
Once installed, Android.Banker.L repeatedly opens the Accessibility Settings page and asks users to turn on Accessibility Service, which allows it to leverage any device permission without the need for user input.

Why the Latest Malware Threat Is So Elusive

Quick Heal noted that the code’s main Android application package (APK) is “highly obfuscated and all strings are encrypted.” When it receives the command to encrypt all device files, it renames them and then deletes the originals.
This new attack uses financial phishing overlays that are displayed after specific applications are launched. The overlays look legitimate and encourage users to provide their login credentials.
Even if users suspect their device may have been infected, the malware takes steps to prevent deletion. For example, it displays a fake alert message warning that the “system does not work correctly” and encouraging users to disable Google Play Protect. It also displays a fake system alert for “error 495” if users attempt to uninstall the app, which is listed as “sistemguncelle.”

How Companies Can Defend Against Trojans

To combat mobile Trojans, IBM security experts recommend using unified endpoint management (UEM) solutions that offer dedicated mobile threat protection (MTP) tools and include real-time over-the-air updates, automatic detection and removal of infected apps, and the ability to intelligently identify rooted, jailbroken or compromised devices.
Security experts also advise organizations to use mobile sandbox solutions to help manage the gap between known good code and known bad code that can pose a threat to the IT environment.
Finally, users should always verify the legitimacy of any unsolicited email attachments through a separate channel and delete without opening if they are unable to validate.


via IBM
Read more »

Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes