This malicious application is called Mods Minecraft. The app doesn’t function like an ad at all, instead it turns the victim’s smartphone and tablet into an ad-player in an extremely sophisticated way. (Photo: Kaspersky) Accordingly, after the first run, the application will hide its icons from the screen and continuously open the browser to display ads. The app can also play videos from YouTube, access the Google Play app store, and more. Security experts at Kaspersky found that the app opens the browser every two minutes, rendering the device essentially inoperable. use to be. (Photo: Kaspersky) What’s especially worrisome is that it’s hard for users to know what’s going on with their devices, which apps are responsible for the trouble, and how to prevent it. The security experts at Kaspersky informed Google of their findings and the malicious app was quickly removed from the store. Minecraft is one of the best-selling games in the world with about 180 million copies worldwide. (Photo: Mojang) However, removing this app from Google’s app store does not mean the removal of all malware. In the past, developers of this type would simply upload new, slightly modified versions, using different names, from different developer accounts to further trick victims. An example can be mentioned is the VK Music Trojan. This app stole VK user accounts, but despite being reported, the app has survived on the Google Play app store for several years. (Artwork: Unsplash) Kaspersky ran a search for malicious Minecraft Mods-like apps – and found a few. In addition to the malicious application Mods Minecraft, a utility called File Recovery was also found to contain malware in version 1.1. However, that version has since been removed and version 1.1.1 of the app, available on Google Play, is safe.

(Artwork: Presse-citron) Specifically, the Teabot (or Anatsa) malware, which can allow hackers to take over the victim’s Android device completely; steal their banking and other important personal information through tools like keyloggers. The analysis report from Bitdefender researchers said that Teabot malware can perform attacks through Android Accessibility Services, view private messages, steal banking information, steal authentication codes. of Google,… and even take full remote control of the victim’s devices. (Artwork: Unsplash) Distributing malware directly from app stores would be difficult, so hackers use the method of impersonating top-rated apps distributed on third-party websites. . According to research by Bitdefender, fake Android apps include antivirus, media player, health, etc. To deceive users, the fake app’s name and logo will be copied. copy almost or exactly like the real application. (Artwork: Panda Security) Here are 6 malicious apps impersonating famous apps to scam users. If you are using Android devices, please check all the applications on the device. In case your phone has 1 of the 6 applications below, quickly remove them immediately. The main app icon (right) and the fake app (left) have some differences in the 5th and 6th apps. (Image: Bitdefender) Bitdefender emphasizes that the campaign against these malicious applications is still active. For this reason, Android users need to be careful about downloading apps, especially apps from third parties, that aren’t part of the Google app market; Don’t click on strange links and always look carefully at the permission requests of Android apps.

This means that users should update their iPhone immediately, even if their device is running smoothly. (Photo courtesy: Guardsquare) Accordingly, iOS 14.6 contains patches for 43 security holes, with some of which are considered to need serious attention. Apple’s support document says the update addresses a number of security vulnerabilities that could allow attackers to remotely execute code on a device. In a sharing with Forbes, security expert Sean Wright said the security flaws – which have been resolved in the latest iOS update – are “pretty bad to get.” (Artwork: NewsBeezer) While there is no indication that any of the security vulnerabilities Apple lists have been actively exploited, iPhone/iPad users should update their devices as soon as possible. Apple notes that some of the vulnerabilities were discovered by security researchers working for Trend Micro, a multinational cybersecurity company. (Artwork: Getty Images/iStockphoto) Some of the security and performance issues that have been fixed by the listed update include: – A memory corruption issue in the ASN decoder affecting the handling of manually generated certificates can lead to arbitrary code execution. – Audio problems related to the processing of audio files loaded with malware that can lead to arbitrary code execution. – ImageIO interferes with the processing of an image loaded with malware that can lead to arbitrary code execution. (Artwork: PhoneArena) The kernel allows a malicious application to execute arbitrary code with system kernel privileges. – The I/O pattern affects handling of a manually generated USD file that can lead to unexpected application termination or arbitrary code execution. – WebKit affects the processing of web content with malware installed that can lead to scripting on multiple sites. (Artwork: Rahul Chakraborty / Unsplash) Currently, iOS 14-compatible iPhone/iPad users can download the iOS 14.6 and iPadOS 14.6 updates for free via the OTA protocol. To update to iOS 14.6, users need to access the app Setting => General settings => Software updates .

A malware attack against Commport Communications puts 1 million of Canada Post’s customers at risk of having their personal data exposed. Illustration: VNA A malware attack targeting Commport Communications, one of Canada Post’s providers, has affected 44 of Canada’s largest business customers, Canada Post, Canada’s national postal group, said. Canada Post across the country and nearly a million people are at risk of having their personal data exposed. Commport Communications operates in the field of electronic data exchange, management of shipping declaration data of large parcel delivery businesses. Commport Communications’ systems have access to information such as the names and addresses of senders and recipients when large parcels are shipped. Canada Post said the cyberattack obtained information about delivery activity between July 2016 and March 2019. According to Canada Post, 97% of the information stolen was names and addresses. This attack did not have access to financial information. Canada Post is currently working closely with Commport Communications and has invited external cybersecurity experts to fully investigate and take appropriate action. Canada Post said it proactively notified affected business customers and provided the information and support needed to help them determine next steps. At the same time, the Privacy Commissioner’s Office was notified of the incident.

According to this leader, he never intended to experiment with opening 3rd-party app stores for its devices, because that would push users closer to the risk of malware exposure. Tim Cook appeared in court on May 21. Photo: Yahoo Finance. The view of Apple CEO received approval from Professor Justin Cappos, working at Tandon School of Engineering , belonging to New York University . “Clearly it is not possible for users to arbitrarily install software from their own application store,” Professor Justin Cappos stated on the website. Yahoo Finance . “Even if it’s a familiar app, there’s still the potential for increased malware and phishing on the iPhone.” Of course, Apple’s blocking of 3rd party app stores on iPhones is not simply about protecting consumers. The company also collects a 30% fee on transactions made through the App Store. In other words, while Apple is right when it comes to consumer protection, the dominance of the App Store still gets it in trouble with antitrust regulation. Tim Cook’s stance In an antitrust lawsuit being considered by the court, Epic claims Apple abused the position of the App Store, forcing developers to use a payment system it managed and paying a 30% fee. From summer 2020, Epic kicks things off with a Fortnite update, adding the option to pay for in-game currency through its own channel at a cheaper price than the App Store. Apple responded by removing Fortnite from the app store and locking down Epic’s developer account. The game company quickly filed a lawsuit against Apple for monopoly behavior, demanding a reduction in transaction fees through the App Store or allowing 3rd party app stores to operate on the iPhone. CEO Epic appeared in court on May 20. Photo: Yahoo Finance. The trial took place in May with many fierce arguments, and Judge Yvonne Gonzalez Rogers is expected to announce the ruling next week. Here, Epic argues that if a 3rd-party app store appeared on the iPhone, developers could reduce the price of the app because it wouldn’t cost Apple 30% of the fee. Present in court, Tim Cook defended its stance on not allowing external app stores to appear on the iPhone. By comparing the amount of malware on iOS with platforms that allow the installation of 3rd party applications – Cook asserts that the iPhone accounts for only 1-2% of malware infections, while this rate on Android, Windows up to 30-40%. “If you look at the malware on iOS compared to Android and Windows, it’s really insignificant.” The numbers are on Apple’s side Cook’s view is reinforced by Report on smart device threats in 2020 published by Nokia. Accordingly, 26.64% of malware infections come from Android devices. This number is down from 47.15% in 2019. Nokia believes that security on Android has improved compared to before, in addition, hackers are gradually shifting attacks to IoT devices. Meanwhile, 38.92% of all malware infections originate from Windows PCs. The corresponding rate on Apple’s iPhone is only 1.72%. The rest belongs to other IoT devices. The rate of malware infection on iPhone is much lower than on other platforms. Photo: Yahoo Finance. Why the difference between the 3 operating systems? Professor Cappos says there are several factors at play, including iOS being updated more frequently than Android and Windows. Operating system updates will patch bugs that hackers can exploit with malware, making devices harder to jailbreak. In addition, Android and Windows are two of the most used platforms in the world, which makes them attractive targets for cybercriminals. Both the App Store and Play Store have automated malware detection processes, but Google has trouble allowing users to access 3rd-party app stores. Most security experts recommend not downloading it. download applications from these places due to the risk of malicious code insertion. Meanwhile, Windows allows users to install apps through the Windows Store or download them from anywhere on the web. Can’t “Security Flag” protect Apple? Apple does not disclose revenue from the App Store, instead, it bundles it with Services. This business, which includes Apple TV+, Apple Music+, and iCloud, will bring in $53.7 billion in 2020, or 20 percent of Apple’s $274 billion in total revenue. That proves the App Store is generating a lot of money for the company. With huge profits and strict controls on the app store, Apple may face accusations of unfair competition. According to Professor Shubha Ghosh of Syracuse University of Law , Apple needs to demonstrate that this business is up to the level of security it offers. Sometimes in the eyes of Judge Gonzalez Rogers, the 30% commission per transaction and the security of the platform don’t go together. Even security may not be the judge’s concern. “Antitrust courts don’t care so much about safety – they care about competition,” says Professor Sam Weinstein of Cardozo Law School explain. Why does Apple want to repair the iPhone itself? Apple wants to repair iPhones themselves instead of empowering 3rd parties or users.

The form of attack and distribution of malware via email is quite common. Photo: Yahoo Recently, Microsoft’s security research team discovered a new attack via email. When the victim downloads and opens the attached PDF files, the Trojan will access the device and steal login information, passwords, etc. In addition, the malware also takes control of the system and disguises itself as fake ransomware. “Version 1.5 of the malware has quite a few changes compared to the previous version, but their functionality remains largely the same, including collecting browser passwords, running remote commands and PowerShell, remembering operations. keyboard operation… and some other features”. Malicious PDF file attached to email. Photo: Microsoft According to the report of Threatpost , malware is being distributed by attackers by email, users can identify their signs through messages like “Outgoing Payments”, “Accounts Payable Department” … Microsoft said that Microsoft 365 Defender software can detect and prevent malware from attacking computers based on machine learning.

Ransomware is a type of malware that encrypts the victim’s data. Cybercriminals using ransomware also often steal data. The hackers then demanded a payment to unlock the files and promised not to leak the stolen data. In recent years, hackers have targeted victims with cyber insurance policies, and large volumes of sensitive consumer data make them more likely to pay ransoms, according to cybersecurity experts. According to the unnamed source, CNA paid the hackers about two weeks after a bunch of company data was stolen and CNA officials were locked out of its own network. CNA does not comment on the ransom, with a CNA spokesperson saying CNA followed all laws, regulations and guidelines, including OFAC’s 2020 ransomware guide, in handling the matter. CAN also shares attack intelligence and hackers’ identities with the FBI and the Treasury Department’s Office of Foreign Assets Control because facilitating ransom payments to hackers can cause punishment risk. The largest ransom amount Ransomware attacks – and payments in particular – are rarely disclosed so it’s difficult to know what the largest ransom is. The $40 million payout is larger than any previously disclosed payments to hackers. The hackers attacking CNA used malware called Phoenix Locker, a variant of ransomware called ‘Hades.’ According to cybersecurity experts, Hades was created by a Russian cybercrime organization called Evil Corp. Evil Corp. was sanctioned by the United States in 2019. However, identifying attacks can be difficult because hacking groups can share code or sell malware to each other. CNA, which provides cyber insurance, said its investigation concluded that the Phoenix hacker group was not on the US sanctions list. The disclosure of the payment is likely to draw outrage from lawmakers and regulators who are unhappy that US companies are paying large sums of money to criminal hackers who over the past year have targeted hospitals, drug manufacturers, police forces and other entities critical to public safety. The FBI discourages organizations from paying ransoms because it encourages additional attacks and does not guarantee data will be returned. Last year was a standout year for ransomware groups, with a task force made up of security experts and law enforcement agencies estimating that victims paid around $350 million in ransom last year, up 311% compared to 2019. The Task Force suggested 48 actions the Biden administration and the private sector could take to mitigate such attacks, including better regulation of money markets. digital currency used to make ransom payments. The report, prepared by the Institute for Security and Technology, was delivered to the White House days before the Colonial Pipeline Company was compromised in a ransomware attack that resulted in fuel shortages and long lines at stores. gas stations along the US East Coast Bloomberg reported that Colonial paid hackers nearly $5 million shortly after the attack. Colonial CEO Joseph Blount, in an interview with the Wall Street Journal published Wednesday, confirmed that the company paid the hackers – $4.4 million in ransom. According to two people familiar with the CNA attack, the company initially ignored the hacker’s request and attempted to recover the data without negotiating with the criminals. But within a week, the company decided to start negotiating with the hackers, who were demanding $60 million. Residents said the payment was made a week later. According to Barry Hensley, chief intelligence officer at cybersecurity firm Secureworks Corp. then the Phoenix Locker seems to be a variation of Hades based on the overlap of the code used in each. He said they have not yet identified which hackers used the Hades variant to attack CNA. Cybersecurity firm CrowdStrike Holdings Inc believes Hades was created by Evil Corp. to bypass US sanctions against the hacking group. In December 2019, the Treasury Department announced sanctions against 17 individuals and six entities associated with Evil Corp. At the time, the Treasury Department said Evil Corp used malware “to infect computers and collect login information from hundreds of banks and financial institutions in more than 40 countries, causing more than 100 million dollars of theft. “It is illegal for any U.S. company to knowingly pay a ransom to Evil Corp. According to Melissa Hathaway, President of Hathaway Global Strategies and a former cybersecurity adviser to Presidents George W. Bush and Barack Obama, demand for ransomware has grown exponentially over the past six months. Hathaway said the average hacker’s ransom demand is between $50 million and $70 million. Those claims are often negotiable, and companies often pay ransoms in the tens of millions of dollars, in part because cyber insurance policies cover some or all of the costs. Hathaway estimates that the average payout is between $10 and $15 million. Ngoc Linh – According to Insurance Journal

The US has opened an investigation into this cyber attack. Ransomware is a type of malware designed to lock down a system by encrypting data and demanding a ransom from the victim to regain access. Colonial Pipeline asked a cybersecurity company to coordinate with federal law enforcement agencies to investigate this cyberattack. President Joe Biden was briefed on the incident. The White House said Washington will work to help the Colonial Pipeline resume the interrupted fuel supply. This is considered the largest cyber attack on the US energy system Colonial Pipeline is providing nearly half of the fuel for the US east coast. This is considered one of the largest ransomware attacks ever recorded against US energy infrastructure. The shutdown of the largest fuel pipeline network in the United States will cause the price of this item and related products to spike. Colonial Pipeline transports 2.5 million barrels of gasoline and other fuels per day through 8,850 kilometers of pipeline connecting Gulf Coast refineries to the eastern and southern United States. The company also supplies fuel to several major US airports, including Hartsfield Jackson Airport in Atlanta, which has the world’s largest passenger traffic.

This information was confirmed by the iTunes Customer Experience Manager at the time, Dale Bagwell, on Motherboard in an email that 128 million consumers downloaded more than 2,500 apps infected with malware that came from fake copies. Xcode’s appearance. In total, these 2,500 infected apps were downloaded more than 203 million times in the App Store. Another Apple recruiter mentioned that “China represents 55% of customers and 66% of downloads”, also referring to the malware “XcodeGhost”. According to multiple internal Apple emails, about 18 million affected users are based in the US. Notably, Apple has had many internal discussions about how to send warnings to affected developers and users because the number of customers potentially exposed to malicious code is quite high. Even so, App Store VP Matt Fischer notes that this will pose some challenges in terms of localization of the email’s language, since downloading these apps takes place in the App Store. all over the world. As a result, Apple failed to send warnings to users and developers. Even popular apps like WeChat and Angry Birds 2, designed for the Chinese market, are on the affected list, the report said. As soon as the malware was identified, Apple asked developers to immediately recompile their apps with a genuine version of Xcode. Lookout explains that “developers are drawn to downloading this fake version of Xcode because it will download much faster in China than the official version of Xcode from Apple’s Mac App Store.” Following this incident, Apple increased the security of Xcode installation and malware scanning when submitting apps to the App Store. In testimony from one of the heads of the App Store at the trial of the lawsuit between Epic and Apple, this person said the iOS app review process is part of Apple’s charge for the App Store.

Colonial Pipeline’s Dorsey hub in Maryland, USA. Photo: Reuters The difficulty in fuel supply has raised concerns that gasoline prices at pumping stations will escalate during the peak summer travel season. Colonial Pipeline said the company is trying to resume operations this weekend after its fuel pipeline system was paralyzed since May 7 after being hit by a cyber attack. The shutdown of the Colonial Pipeline’s fuel pipeline system shut down nearly half of the US East Coast’s fuel supply. The US Energy Administration on May 10 called for mandatory cybersecurity standards for fuel pipeline operators and operators. “Incentivizing the voluntary application of standards to pipelines is inadequate,” said US Federal Energy Regulatory Commission Chairman Richard Glick. The US Federal Bureau of Investigation (FBI) has accused a cybercriminal group called “DarkSide” of causing a ransomware attack on Colonial Pipeline. Reuters news agency quoted cybersecurity experts as saying that DarkSide is based in Russia or Eastern Europe, so the gang usually avoids targeting computers that use the languages ​​of the former Soviet republics. However, US President Joe Biden on May 10 expressed he did not believe that the Russian government was behind the cyber attack on the Colonial Pipeline. “So far there is no evidence based on our intelligence that Russia is involved,” Biden said. A statement titled DarkSide group on May 10 stated: “Our goal is to make money and not create problems for society.” Ransomware attack is a type of malware designed to disable computers by encrypting data and blackmailing victims if they want to regain system access. It is not clear what price the hackers offered for Colonial Pipeline, and the company has not commented on the matter. Fuel demand in the southeastern United States has increased sharply in recent days as consumers fear fuel shortages. The Southeastern region of the United States has long depended mainly on the supply of fuel flowing through the Colonial Pipeline’s pipeline system. The average national gasoline price rose 6 cents to $2.96 a gallon last week, the highest since May 2018 and close to a peak set in 2014, the American Automobile Association said. also warned of speculation about fuel hoarding as the supply continued to decrease. Katina Willey, a resident of Florida on May 10, said she had to go to 5 gas stations to buy gas. “Consumers have to wait in long lines at three of the five gas stations I go to,” added Katina Willey. Many other car owners said they were also looking to refill their gas tanks out of fear that the fuel situation could worsen. If the Colonial Pipeline’s pipeline disruptions continue, fuel suppliers may be able to force fuel transportation by trucks and trains to partially ease the fuel shortage. The US Department of Transportation on May 9 lifted travel restrictions for fuel truck drivers in 17 states affected by supply disruptions.

How the fake Google Chrome app infiltrates the phone Specifically, the crook will initially send you an SMS and ask to pay a small fee to receive the parcel. When the user clicks on the attached link, the screen will display a message asking to update the Google Chrome browser (actually fake software) and pay 1-2 USD fee to receive the goods via credit card. use. If you do, the crooks will instantly get your credit card information and take your money. In addition, the malware also uses the device to send about 2,000 phishing SMS messages per week to random phone numbers. According to the researchers, the malware’s propagation speed is relatively fast, able to target hundreds of thousands of users in a short time. How to limit? The researchers recommend that users absolutely do not give out credit card information to strangers. Also only update apps directly through Google Play or the App Store, do not click on suspicious links, even if they are sent by friends or relatives.