How to Remove Zr89YEwgl7.exe "Zr89" Spyware/Malware [Trojan:Win32/Wacatac.B!ml]

We may receive a commission for purchases made through some ads/links on this page A new data-stealing malware is on the loose! First repor...

Showing posts with label android. Show all posts
Showing posts with label android. Show all posts

Monday, September 28, 2020

Android Malware 'Alien' Controls Your Phone and Steals Bank Accounts

  September 28, 2020    Riserbo

After the 'Cerberus Trojan' invaded the Google Play Store earlier this year, developers released its source code in August, which was quickly used to spawn new malware running similar scripts. One of these new strains of Cerberus, dubbed 'Alien', is a remote access toolkit complete with an arsenal of keyloggers, SMS control, and information harvesting software.

Alien has been observed using local phone data to steal bank accounts in the same manner Cerberus operates, but it can also set up Team-Viewer sessions between attackers and victims to give them full control in real-time. This feature makes the new strain even more dangerous.

Use Malscope Antivirus to defend your Windows 10 computer

How it works: If you're unfortunate enough to install this malware package from infected Google Play Store apps, it will begin its invasion by prompting for admin privileges. If authorized, it will immediately start running keylogging software (to store everything you type) and it will gain access to your other apps and system settings.

Once it has set up it's data-extraction environment, Alien will begin to target individual apps and phish for passwords from its victims. In other words, it will send fake login pages designed to look like they're from a trusted app. Have you been a victim of phishing? Read more about 'spearphishing' malware here. Alien can also delete any app and install new ones (presumably to install newer, antivirus-resistant versions of itself in the future).

The last stage of an Alien Android attack involves the Team-Viewer feature mentioned previously. Attackers controlling the malware may observe infected devices through the Team-Viewer software, and directly access apps so they can find and extract more valuable data.

Targeted apps: The Alien malware is known to display phishing pages for all popular banking/cryptocurrency apps as well as the following:

  • Google Play Games
  • Google Play Store
  • Gmail
  • Facebook
  • Instagram
  • Twitter
  • Snapchat
  • Skype
  • Yahoo
  • Telegram
  • WhatsApp
  • PayPal
  • Netflix
  • Amazon
  • Ebay

(This list will be updated as more phishing pages are discovered - Scroll up and click "Subscribe" to be notified) 


How to avoid infection: Google Play has implemented new security measures which should eliminate the possibility of being infected by Alien through the Play Store. That being said, be extra careful when installing newer apps which prompt for admin privileges. Alien is also being spread through online forums and message boards. For now, it's best to avoid Android apps offered outside of the Play Store altogether.
 
Alien has been one of many malware variants targeting Android devices through Google Play Store this year. Want to learn more about Android malware? We also covered the infamous 'Joker' Trojan here.
 
Windows 10 Remote Access - RemoteLance

   / /

  2 Comments

Monday, July 13, 2020

Joker Malware - The Google Playstore Virus (Prevention and Removal)

  July 13, 2020    Riserbo

Although Android malware is generally losing its grip on the Google Play store, as security is improved, there are still some prevalent strains which continue to cause chaos on infected devices. One example of this would be the "Joker" malware (also known simply as "Bread"), an infamous virus which first appeared on the Play store back in 2017. Recently, an improved version has made a comeback by hiding its payload in over 10 apps.

Android Joker Malware Graphic
 
How it Works: Joker managed to hide from Google Play's malware protection by disguising its malicious code in the form of 11 innocent-looking apps. Once installed, Joker activates through attacking URLs and signs the victim up to several seemingly random subscription services. It can do this in the background of its payload app while remaining completely invisible to the user. Joker takes advantage of certain non-accessible features on Android apps. The newest version of this virus obfuscates malware execution via several layers of URL payloads. This is why, despite numerous efforts to "secure" the Google Play Store, malware developers are able to push their code through antivirus into innocent looking apps.

Affected Apps: The following apps are currently known to be infected by the Joker malware (we will update this list accordingly - subscribe above to be notified)
  • All Good PDF Scanner
  • Mint Leaf Message - "Your Private Message"
  • Unique Keyboard - "Fancy Fonts & Free Emoticons"
  • Hummingbird PDF Converter - "Photo to PDF"
  • Tangram App Lock
  • Direct Messenger/Private SMS
  • Care Message/Part Message
  • Paper Doc Scanner/Blue Scanner/Meticulous Scanner
  • Desire Translate
  • Once Sentence Translator - "Multi-functional Translator"
  • Talent Photo Editor - Blur Focus
  • Style Photo Collage
  • com.contact.withme.texts
  • com.hmvoice.friendsms
  • com.imagecompress.android
  • com.relax.relaxation.androidsms
  • com.training.memorygame
  • com.remindme.alram
  • com.file.recovefiles
  • com.LPlocker.lockapps
  • com.peason.lovinglovemessage
  • com.cheery.message.sendsms
 
Prevention and Removal: If you have one of the apps listed above installed on your Android device, be sure to remove it immediately. Also, check your credit card charges for any suspicious subscription services or spammed orders. The Joker malware will likely adapt to stricter protections on the Google Play store in the future so be wary when installing brand new apps. Always check the reviews and research an app if your planning on getting it.
 
Windows 10 Remote Access - RemoteLance 
 

   / /

  No Comments

Subscribe to: Posts (Atom)