Search This Blog

Showing posts with label Scareware. Show all posts

Advertising SDK delivers Android scareware, victims signed up with a premium-rate ringtone

Bitdefender researchers have uncovered that several legitimate applications containing the InMobi advertising SDK displays fake alert message.  It includes the older version of the legitimate "Brightest Flashlight Free" app available on Google Play.

The apps in question display pop-up informing that the user's device is infected with malware and urge them to purchase a tool to disinfect the malware.

The users who follow the link will be asked to enter the phone number to download the tool.  By doing so, they actually get signed up with a premium rate ringtone and wallpaper service that charges €3.00 per week plus taxes.

According to the researchers, the providers of the ad module ain't aware their service is being abused by cyber criminals to deliver malware. It appears the ad accidentally reached the market.

If you have fallen victim to this scam, you can just "unsubscribe by sending SMS to the number mentioned in the T&C section of the website", "immediately uninstall the apps you downloaded recently".

70% Antivirus Solutions still fails to detect Fake AV

Fake Antivirus (scareware) also referred as Rogue Security software, is one of the most frequently encountered malware threats which pretends to be legitimate security software.

Fake AV attempts to scare victims into believing their system is infected with malwares that do not really exist. It will continue to display annoying fake virus warnings and asks victims to pay money to clean up the non-existent malwares.

The recent research from Zscalar researchers shows that more than 70% legitimate Antivirus application(12/43) fails to detect the fake AV. Three years back, the detection ratio of Fake Av is 6/41.

Fortunately, Google Safe browsing and Internet Explorer (Smart Screen Filters) blocked the malicious page which serves the Fake Av.

According to the researchers, the malware disable the Firewall and existing AV solutions, disables AV updates, disables security warnings and sets itself as the default AV solution.

The malware further downloads and runs the file called 'data.exe' from a malicious domain which is blocked by Google Safe browsing, but the exe is detected by only 9/46 AV.

Scareware hides All Files and Folders, Offers Fix for $80

Bitdefender researcher come across a nasty scareware that attempts to hide all files and folders in victim system and trick users into buying a pretend repair tool for fixing.

"The approach of hiding some folders or files is not new in the cybercrime world, but hiding all folders and then offering a mending tool is an example of astute of social engineering." researcher said.

The malware simply hides files and folders by modifying file attributes. Besides hiding the files, it also disable key shortcuts.

Unfortunately, the user is neither able to see them as hidden nor set them as visible from Windows Explorer due to the intervention of Win32.Brontok.AP@mm, the Trojan that downloads the scareware on the compromised system.

As a true representative of its scareware “species”, Trojan.HiddenFilesFraud.A displays multiple error windows informing the user that it could not write something in system32 due to a critical hard-disk error. Confusing is that these messages appear to have come from the OS itself.

Just about now, the user is supposed to be scared enough and convinced to reach for his pocket and pay $80 for the repair utility that will do absolutely nothing once purchased. The scam is done, the money is gone.