This week the bad guys use Android, abuse YouTube, target Macs, and steal credit card info.
Fake Android photo apps booted off Google Play
Cybersecurity researchers identified dozens of fake apps on the Google Play Store intended solely for malicious purposes. The apps posed as Android photo enhancers, some claiming to beautify photos as they’re taken, others claiming to provide fun filters for existing pictures. But no matter what the app claimed to be, it didn’t work as promised. The “beautifying” apps triggered a cavalcade of malware-laced ads and phishing attempts, while the “photo filter” apps uploaded user snapshots to the malware’s C&C (Command and Control Server). A trait among each of the dirty apps was the ability to disappear from the application list once installed so the user would have difficulty trying to delete it. Once alerted about the apps, Google immediately removed them from the Play Store.
Avast security evangelist Luis Corrons notes the severity of the situation and strongly advises Android users to take measures to stay safe: “More than ever, using anti-malware protection on our Android phones is a must, even if we only install apps from the official store.”
Scam artists pretend to be YouTube stars
A trend of widespread, long-running schemes by fraudsters taking advantage of naive fans was uncovered this week. Due to the way YouTube manages its direct messaging system, the cybercriminals did not have difficulty impersonating YouTube influencers. A name and appropriate profile pic is all it takes, as channel names can differ from account names. Cybersecurity experts believe this method of scamming users has been in operation for at least three years. Scammers prey on an influencer’s fan base by sending them each direct messages informing them they’ve been randomly picked to win a prize. The users are given a malicious URL to click, which takes them to a site that phishes for personal info by prompting the user through a series of phony “verification” screens in order to receive the “gift,” which is nothing at all, of course. YouTube has responded in a tweet that they are “implementing additional measures to prevent impersonations like this” in the future.
VeryMal goes after Macs
Just when you forgot what it means, steganography is back. We reported on the distribution of malware through Twitter memes back in December, and the same type of attack is happening again, only this time Mac users are the target. And instead of a meme, the vessel is a blank white rectangle. Malware in the image calls up a web page that prompts a phony Adobe Flash update. If the user clicks on the update, the malware only burrows deeper into the system. Once fully infected, the user’s system becomes part of a malicious ad army. Researchers estimate the number of infected Macs to be in the millions.
Discover card discovers breach
Following the California law that requires any data breach involving more than 500 customers to be filed with the attorney general’s office, Discover Financial Services did not provide many details as they reported on January 25th that a breach was spotted mid-August last year. Giving no indication as to what information was compromised and how many customers were affected, the company only advised that members monitor their accounts for fraudulent activity. The credit card company denies that their systems were breached, indicating that the fault lies in other outlets.
“Credit card data is one of the favorite targets of cybercriminals,” comments Luis Corrons. “And as such, financial companies are always monitoring to stop fraud from happening. One common occurrence is that many of these data breaches are discovered after the financial companies find out that a number of their customers had patronized the same shop, hotel, or website, and they let the affected party know. This is likely to be one of those cases.”
Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.