Uncategorized

How to Spot Malicious Apps

A malicious app is created specifically with the intention to cause harm.

They’re usually designed to appear as innocent apps, or even clones of official apps, to steal sensitive information.

For example, a malicious developer could design a storage cleaner app to steal files and data from the users that install it on their devices. Or, clone a familiar banking app to take your account details.

What Makes an App Malicious?

There are plenty of applications that exist that could be vulnerable to hacking but overall have no sinister intentions.

For example, any app that collects location data could be intercepted by a hacker looking to steal that information. These appear as riskier apps but aren’t developed to cause deliberate harm.

Malicious apps, on the other hand, exist primarily to either steal information from the user who installs it or to manipulate the device it’s installed on.

Malicious Behavior to Look Out For

Developers have smart ways to make malicious apps appear genuine, so it’s vital you understand how to spot a malicious app before downloading it to your device.

Avoid third-party APK files

The Apple and Google official app stores protect you and your data from harm by verifying that the apps they offer are safe. Third-party sites offering APK files to download do not offer protection and pose a significant security threat.

Apple verifies all apps in the store. On Android, look for the ‘Verified by Play Protect’ message when installing an app.

App Store Reviews and Strange App Descriptions

A legit app has lots of genuine reviews and ratings left by users. They also have descriptive information about how the app works.

If you come across an app that has almost no reviews, or the reviews appear to be copied and pasted, this could be a warning sign.

Similarly, if there’s no app description or the information is vague with lots of grammatical errors, chances are the app could be malicious.

Check for higher-than-usual data usage

Malicious apps often use your data to perform sketchy tasks in the background without your knowledge.

Check your monthly data usage in your settings, or install a dedicated data monitor like GlassWire.

If something doesn’t seem right, and the problematic app appears to be using far more data than it should be, uninstall it immediately.

Common Mobile Vulnerabilities

Mobile devices can be susceptible to malicious apps or other kinds of security threats because they have certain vulnerabilities that hackers exploit.

Data Leaks

When you install an app, how often do you check what permissions you’re allowing?

Apps often collect sensitive data and we don’t read the fine print to see what this is. You could potentially be handing over a lot of your personal information without realizing it.

Open Wifi

Open wifi spots—ones you can connect to without a password—can be convenient in a pinch.

However, they pose a massive risk.

When your device is connected, hackers can easily intercept the data you’re sending and receiving and even access your device.

Old or Out-of-Date Device

Did you know that mobile devices only receive software and security updates for a certain number of years?

After that, the device becomes a huge target for hackers.

As newer models come out, developers stop providing support for the older devices. This leaves big gaps in security which can be exploited.

Poor Password Protection

Kaspersky Labs found that over half of consumers don’t password-protect their mobile devices. Are you one of them?

Leaving your mobile device easy to access poses a threat to your personal data if the phone is lost or stolen.

Avoiding Malicious Apps with a Personal Firewall

Choosing a personal firewall proactively protects your devices in several ways.

A quality personal firewall can:

  • Monitor network traffic for threats by inspecting packets of data received
  • Defend against viruses by identifying thousands of new types every week
  • Prevent hackers from accessing your data through anti-fraud and anti-phishing methods
  • Adds a layer of privacy to your data by encrypting files, protecting location info, and preventing unwanted microphone access

In Summary

Malicious apps are out to steal your data.

Protect your devices with firewalls, data monitors, and strong passwords. Avoid open wifi networks and third-party app websites.

Take care in only installing trusted apps from official app stores and if something feels off about an app you’ve installed, like higher data usage or strange permissions, uninstall the app immediately to keep yourself safe from attack.

Uncategorized

News and Interests annoyance

by Chris Taylor

About Chris Taylor:  Chris is on the Community Review Board for SANS’s OUCH! (the security awareness newsletter designed for everyone), has given over 470 computer-related presentations at the Ottawa Public Library, and is President of the Ottawa PC Users’ Group.

In May of 2021, Microsoft imposed foisted released News and interests—a tray icon app that can provide information. I like that it provides local weather information at a glance.

What I definitely do not like is that a huge window pops up if my mouse just happens to pass over the News and interests tray icon.

 Fortunately, there is a simple fix.

Right-click a blank area of the Taskbar (1) and select News and Interests (2) in the pop-up menu. You can turn off News and interests completely by clicking Turn off (3). Or click Open on hover (4) to remove the check mark for that option.

News and interests will no longer open a big box when your mouse passes over its icon. You can still access the full News and Interests: you just have to click the icon.

Privacy

Spyware, why you should avoid them

The internet comes with a certain level of risk and it probably goes without saying that using it exposes us to these risks. Many technologies are already monitoring our online activity from pixel trackers and cookies to session tracking. That’s why when it comes to keeping yourself secure online, as a rule of thumb, you should always act as though someone is watching. We are not alone in what we do online and knowing this you should operate with a certain level of vigilance.

Moving on the non-legit side, the web is also full of several types of malware roaming around eager to jump into your computer, and among them, spyware is certainly the most sneaky and dangerous. You could also easily get one via phishing, so be aware of the emails you open. But…

What really is spyware?

Spyware is a piece of software sneaking into your device and starting running in the background, almost invisibly. While running, it listens to your activity and records relevant information stored on your computers such as personal information, usernames and passwords, payment information, emails, or even the websites you visit and the files you download. Once collected, it silently waits for a trigger to run additional software or share them with a remote computer. 

Frequently connected to spyware is identity theft, leading to unwanted access to email clients, social media, and bank accounts. In addition, once into your device, you’ll have a hard time getting rid of it, that’s why it is better to prevent spyware infection to secure your important information.

No matter the device, or the operating system

Historically, the preferred operating system for hackers has been Windows. As a matter of fact, it has been widely used, and it’s still the most used OS all over the world, constituting a very large base of potential victims to look for.

In spite of that, Windows is less popular in richer countries, where a share of the market is manned by Apple. That’s why since 2017 Mac spyware arose, starting to infect many devices. These viruses are mainly password stealers but could also come in the form of other malware, such as info stealer or keylogger (read below). They could also disguise themselves by pretending to be a parental control software or a system monitor app.

Your OS may not guarantee the security of your connection, let alone your device type. With mobile being in the pockets of everyone, spy apps designed to affect them are no less widespread, with major cases of mobile spying reported over the years. 

They started rising in number in parallel with the development of mobiles themselves, evolving also in their technology. Mobile spyware affects Android and Apple smartphones with no distinction. They are also particularly devious, as they run in the background but background applications are not so evident on mobiles as they are on a computer. 

They lay in the background undetected and steal sensitive information, including recording phone calls and reading SMS and keeping track of the user’s activities.

Even worse, once your mobile is infected with malware, the software may leverage additional data such as your GPS location, the image from your camera, or the audio that your microphone records. To deceive you, even more, they also use apps recompiled with harmful code and malicious apps posing as legitimate ones, as well as fake download links.

The way spyware breaches into your smartphone are usually through open wifi connections, flaws in the operating systems, and malicious apps.

There are a few actions you can do to prevent infections and avoid getting spyware on your phone. You’d better connect to trusted networks at home and at work, keep every software updated, especially the operating system, and avoid third-party apps downloading and installing.

Types of spyware

Spyware come in the form of different software, intended to perform several tasks at once. There is not a unique “spyware” definition. However, the main functionalities of spyware include the following:

Keylogger

Keyloggers’ main function is to record the system activity. Back in the day, they were responsible for keeping track of the pressure of the keys of your keyboard. The software has evolved over the years to the point where it can now record the victim’s desktop, monitor the documents sent to a printer, look at websites visited, and even read emails and chats. This information is then sent to the attacker to use at his disposal.

Bank trojans

If general keyloggers collect information with no distinction, bank trojans are specifically designed to infect computers and gather credentials for banks and financial institutions. Acting mainly on the web, so in your browser, they can use the retrieved information to place bank transfers and steal money. 

Infostealers

Less specific but equally harmful, infostealers seek information out from the infected device, looking for any file or piece of information the author of the virus may consider useful. They could virtually be anything, from system information to documents, from email addresses to media files and even personal data. They usually exploit browser vulnerabilities to enter your computer, do their job, and send the loot to the attacker.

Password stealers

These applications are typically designed to exploit your system by looking for passwords. No matter if you store them in a password manager software, in your browser, or in a spreadsheet file, their unique job is to find them. Once retrieved, they will send them over to the attacker, opening a range of critical scenarios.

Protect your computer from malicious software

Prevention always wins over repair. That’s why it is so important to understand which are the main channels for infection and how to avoid getting a virus through them.

Phishing & spoofing

Phishing has been a major threat over the last few years. Pretending to present you with the login interface of well-known software and making you download malware or type in your credentials, phishing attacks are often the medium of infection for many viruses, spyware included. Usually, they are paired with spoofing, referring to the disguise of an email sender to appear to be from an individual or an organization you trust.

Bundleware

Bundleware is an infection based on the multiple downloads and installations of software. Usually, you apply for a free trial and just want to download and install a single software but by accepting all the terms of service from the provider you end up with several add-ons and plugins installed on your device. Install software only from trusted sources, and avoid third-party or unknown sources.

Backdoors, trapdoors, and other security vulnerabilities

Used by developers as methods to easily bypass the authentication and run debugging, backdoors (known also as trapdoors) are exploited by cybercriminals to enter a system and take control. Other than being just mistakes, backdoors may be the results of the action of separate software, installed on purpose by a third-party malware (via a trojan or a phishing attack). That’s the case of Back Orifice, one of the most famous backdoor installers and widely exploited by attackers all over the world.

There are very few actions you can do as a user if a software contains backdoors in its code. Usually, similar vulnerabilities are fixed as soon as they are discovered and reported. The only advice we can provide here is to keep your software up to date.

Misleading communication and trojans

As one of the oldest ways to deceive the perception, selling something for what is not is evergreen in frauds. That’s why spyware is never presented for what they are but for everything that could look appealing or useful. A good example is malware presented as utility software on a malicious website, pretending to speed up your device, clean your disk or even repair your system from catastrophic errors. 

Protect your computer from spyware

If you’ve got a malware infection or specifically a spyware on your computer, don’t despair, it’s not too late.

There are a lot of malware scanner software and malware removal tools that can just get rid of them in a few clicks. 

A spyware detector, usually combined with a spyware remover, may be enough to detect spyware in your pc and get rid of the unwanted virus but if it’s not, you’d best access all your critical accounts (bank, email, social networks) and change all the passwords from a different device. That should add an additional layer of protection while preventing the malware from recording the new passwords.

As expected, things may also be not that simple and the detection and removal of spyware could be harder. 

As they are designed to hide and run in the background, spyware are usually quite complex to find.

Modern browsers are quite secure and don’t let web applications dump files into your computer without your consent. Infections are usually a consequence of some human actions, like allowing a download or installing a component. That’s why it is so important to adopt a critical surfing behavior.

For example, how many of you hover with your mouse to check the link you are about to click, before actually clicking?

That’s a best practice that lets you spot unwanted destinations before getting into trouble.

Another good piece of advice is on emails. Always check the email address of the sender. 

Quite often phishing attempts make use of email addresses that look almost like the ones they are supposed to be, but with little typos, punctuation signs here and there, and other small differences that should give you a heads up. Emails from unknown senders should always be handled with suspicious eyes.

Monitoring the activity of your computer is also a good method of prevention. 

GlassWire is a free network monitoring and security tool with a built-in firewall that can easily increase the security of your device with a few clicks.

At GlassWire, we provide a useful tool to keep track of the volume of data exchanged by the software running on your computer, so anyone can simply check for suspicious peaks in data exchange and block the responsible app if this is the case.

Recent Entries

Adopting MFA in your company

Accessing your accounts with a single username and password simply isn’t enough to keep sensitive data safe.

With cyberattacks sharply on the rise, it’s essential you implement multi-factor authentication (MFA) to protect your business.

Cyberattacks are estimated to cost global business $10 trillion by 2025.

And it doesn’t matter how small your business or the industry in which you operate. Every business is vulnerable.

Cleaning up your disk

by Chris Taylor About Chris Taylor:  Chris is on the Community Review Board for SANS’s OUCH! (the security awareness newsletter designed for everyone), has given over 470 computer-related presentations at…