Black Friday and Cyber Monday are almost here and so are awesome deals in almost all of your favorite online stores. There are lots of obvious advantages to shopping online in your favorite websites especially during the holiday season, like skipping the queues and browsing through an unlimited catalog of products.
However, there are also a few disadvantages and dangers to it. The major one of them being hackers and cybercriminals who are waiting to target the millions of people trying to buy their favorite products online and steal their data or scam them.
The cybercriminals take advantage of a huge volume of target audience trying to spend their money during this holiday weekend and entering their credit card details in a hurry so as to buy something before the deal ends, sometimes without even verifying the integrity of the website.
So, in this article, we will first discuss the ways which cyber criminals generally use to trick the users into stealing their data like their credit card information or contact details or scam them by making them pay money to a product that doesn’t exist. We will then discuss 9 tips that would help you to stay safe online during this Black Friday and Cyber Monday sales.
Common ways used by cybercriminals for scamming and stealing user data
Phishing attacks are probably the most common way used by cybercriminals and hackers to steal user data. They mainly involve in sending an email to the target user and use some sort of social engineering to lure the user into providing details about him which might later be used against him.
For instance, the attackers might send an email that says that your password for a particular account has been compromised and click on the link in the email to reset it. But once you click the link and enter your old password for resetting it, the attackers will now have access to your password.
Spoofing of popular eCommerce websites
One more way used by cybercriminals to scam people is by creating a fake version of popular eCommerce sites like Amazon and eBay and then spreading the links to these fake sites to the target users.
These sites might look very similar both in looks and functionality to the legitimate versions but will have slight differences in the name of the URL or the product catalog. Most of these sites will also lack an SSL certificate which is necessary to make secure online transactions.
Posting malicious links in social media
Hackers also use social media sites like Facebook and Twitter to spread malicious links to popular eCommerce sites. While these links might actually redirect you to the official websites sometimes, they are usually injected by some form of Malware.
This means that once you click on these links and purchase something from the site using your credit card information, the details would be sent to the attacker.
Affecting your system with Malware
While this method is not commonly used for scamming the users, it is a very popular way incorporated by the cybercriminals to steal confidential user data like credit card information, security questions, passwords and so.
They usually involve in installing a program called Keylogger into the target system of the user and this program will then record each and every keystroke of your computer and will forward this data to the attacker. He will now have access to all your confidential information, including your passwords and can practically do anything with this information.
Related: Cyborg Ransomware spreading via fake Windows update
Now that we have seen some of the most common ways used the hackers and cybercriminals especially during the holiday season, we will now discuss the ways you can protect yourself from getting scammed or losing your personal data. So, here are 9 tips to stay safe online during Black Friday & Cyber Monday.
9 tips to stay safe online during Black Friday & Cyber Monday
Update all the software
The first and the most important tip to stay safe online during your shopping spree this Black Friday is to make sure all the software on your mobile, PC and any other device you might use for online shopping is updated to their latest version.
This includes your operating system, any password managers you might use and especially your browser apps. This is because older versions of software might be vulnerable to a number of attacks and you might get into the danger of these vulnerabilities being exploited by the attackers.
If you are using any kind of extensions on your browser, it is recommended that you update those to the latest version as well. Hackers and cybercriminals would be actively looking for entry points and vulnerabilities in the target devices to compromise your device and steal your personal information.
So, it is absolutely essential that you stay as safe as possible and do not have any kind of vulnerable software installed on any of your devices.
Use two-factor authentication wherever possible
Make sure you set up the two-factor authentication feature on all your accounts and sites, at least on the ones that have that option.
In a worst-case scenario when your data has already been compromised and an attacker is trying to access your accounts by logging in using the information he stole from you, a two-factor authentication setup in place will certainly be useful in warning you that someone besides you is trying to access your account.
In that case, you can know that your passwords have been compromised and can immediately change your password and take other necessary measures that you stay safe.
While there are advanced attack mechanisms where hackers could even get access to your two-factor authentication code, that is a rare possibility and it wouldn’t hurt to enable an extra layer of security for all your accounts.
Use Antivirus software and a browser plugin
Having a good Antivirus software setup on your computer and all the other devices that you might use to do online shopping is always a good way to ensure that your computer is safe from virus or Malware and the websites you are visiting is not malicious or have not been tampered by any attackers.
Many popular antivirus software also comes with a corresponding browser plugin that scans the websites you are visiting and lets you know if they have been compromised or are not secure so that you can avoid shopping on those websites.
Use ad blockers on your browser
While ad blockers generally affect the revenue of many genuine websites as most of them depend on advertisements for a major part of their income, they also help you in blocking malicious advertisements and advertisements on certain sites which might redirect you to a harmful site or try to install Malware to your system or compromise your data.
So, even if you don’t generally use an ad blocker on your browser, it is recommended that you use a good ad-blocking plugin on your browser both on your PC and mobile to stay safe during this holiday weekend on Black Friday and Cyber Monday.
Most Android smartphones come with Chrome browser installed as default, which unfortunately doesn’t support ad blocking extension on the mobile version. So, if you want to use your mobile browser for shopping instead of apps, you can try using Opera or Mozilla Firefox temporarily or any other browser app that supports ad-blocking extension.
Beware while downloading shopping apps and using them for shopping instead of your browser as attackers might upload fake versions of these apps to the app store as well to try and scam the users.
Check the URL of the website and presence of SSL certificate
Whenever you are visiting a website by clicking on a link shared by someone or some link you found on social media or sent through mail, there is a high chance that the link might not be a legitimate website or might redirect you to a malicious site set up by attackers in an attempt to scam you or steal of your data.
In such cases, you can verify whether the website is actually safe and secure or is harmful by clicking on the ‘lock’ icon on the corner of your browser’s address bar.
This can be done on both PC and mobile phones and once you click on the ‘lock’ icon you will be displayed information about whether the site you are currently on is secure or not by the presence of an SSL certificate. If you find out that a site is not secure, then it is highly recommended that you do not use this site to do your online shopping.
It is also recommended to check the URL of the website before you proceed with the payment because sometimes attackers might even install an SSL certificate to their spoof websites, but they cannot get the same domain name as of the legitimate versions of the websites they are trying to spoof.
Avoid clicking on unknown or shortened URLs and links
Some of the attackers use URL shorteners to mask their malicious links and share them to social media or spread them through emails, hoping someone would click on them and visit their website. While these links might look genuine, they are most probably not and are just an attempt of the attackers to scam you and steal your information.
So, if you see any links for some awesome deals that are too good to be true, more often than not they are probably that. So, it is best practice to directly visit the website you want to do your online shopping on manually and then search for the deals yourself instead of clicking on random links you find online.
Related: Malvertising: The most popular way to Spread Malware
Enable alerts on your credit cards and banking apps
While it is generally a good practice to enable spending and transaction alerts on all your banking apps and credit cards, it is especially necessary to do that during this holiday season. Because chances are your card or bank account details are already compromised and you are not even aware of it and some cybercriminal or hacker is using your details to make online purchases.
So, if you enable these alerts you can immediately know if someone is using your cards to make payments without your knowledge and you can temporarily block or disable your card to avoid losing more money.
It is also recommended that you transfer any additional funds you might have on your primary bank to a secondary account during this holiday season to avoid any unnecessary incidents like this from happening on Black Friday and Cyber Monday shopping.
Avoid unknown or insecure internet connection
You might be tempted to use any internet connection you might get your hands on this holiday season to grab that deal before it ends, but it is generally not advisable to do that.
This is because if you are using any unknown or insecure internet connection to connect your device to the internet and do your Black Friday or Cyber Monday shopping, you might not realize that the network you are using might be compromised or be monitored by an attacker.
Using advanced network monitoring tools combined with some other attack mechanism, a cybercriminal or a hacker might be able to gain access to your passwords, credit card information or even compromise your system and install Malware in it.
So, it is always recommended to use your personal internet or home internet connection when you are doing sensitive tasks like shopping online using your card details.
Update all your passwords
Password breaches and account compromises are happening almost every day these days and chances are that your account is already compromised by some hacker and your password is out there.
If you are someone who uses the same password for all or most of your accounts, then it is highly recommended that you change your password immediately. If your password is compromised, then an attacker could easily gain access to all your accounts, especially if you use the same password everywhere.
So, update your password across all your accounts and if you think it would be a difficult and time-consuming task to come with multiple new and complicated passwords, you can use some of the popular password manager software out there to help you.
Password managers not only help you to generate complicated passwords for all your accounts but also store them safely and sync them across your devices, so you don’t need to remember lots of long and complicated passwords.
Have a safe Black Friday and Cyber Monday
I hope that these tips would help you to stay safe online this Black Friday and Cyber Monday and to do your online shopping and get your favorite products without getting scammed by some hacker or cybercriminal or losing your data or money.
If you know any other tips for safe online shopping, let us know in the comments section below.
Malvertising, formally known as Malicious advertising is one of the most popular ways which attackers and people with malicious intent use to spread Malware to targeted systems. Infact, 1 in every 100 advertisements you see online is a Malvertisement injected by Malware.
The attackers basically uses online advertisements in the websites you visit to deliver different kind of Malware to your system. The worst part about this method of spreading Malware is that it requires almost no interaction from the user to affect his system.
How Malvertising works:
Malvertising attacks generally begin by the atackers submitting some kind of malicious advertisement in the form of text, image or a video to the advertising agencies. This malicious advertisement might be delivered to the users visiting the websites associated with these advertising networks and they often appear in the form of legitimate advertisements.
Related: Cyborg Ransomware spreading via fake Windows update
Most of these Malvertisements come in the form of pop up ads or flashy warning or alerts that attract or scare the users into clicking them immediately. This might even be a warning message saying that your browser has been infected by a Malware and click here to remove it, ironically. So, in a way these attackers also heavily rely on social engineering for spreading their Malware, however some of them do not even need any kind of interaction from the user to get downloaded to his system.
So, once you click on a Malvertisement in the website you just visited or sometimes when you just load a webpage that contains a malicious advertisement, the following things happen.
Related: Purelocker Ransomware: Working and evasion
- The malicious code embedded into the malvertisement will now get executed and the Malware will be installed on the target system.
- The user might get redirected to a malicious website which hosts the Malware.
- Redirect you to a fake version of an official website to trick you into gathering your personal and confidential information.
- Try to exploit your browser using any existing vulnerabilities and install any toolbars or malicious extensions.
Tips to protect yourself from Malvertising:
In General, a proactive nature is highly essential to protect yourself from getting infected by a Malware and the consequences. The following are some of the tips which you could follow to save yourself from a Malware attack.
- The most common Malvertising attacks occur is through your web browser. So, it is important that you keep all your browsers and the software that connect to the internet updated to the latest versions at all times.
- Try using an ad blocker on unknown sites to prevent pop up and redirect ads.
- Use an anti virus program and corresponding extension on your browser to scan and eliminate any malicious files and to block the downloads of Malware to your system.
- Resist yourself from clicking on suspicious ads or links and make sure not to open any links or emails sent to you by unknown source or untrusted sources.
- Check your list of installed programs and browser extensions regularly and uninstall any unnecessary ones.
Worst comes to worse, after taking all these precautions you might still be a victim to a Malvertising attack. So, it is always better to keep a local backup copy of all your important files.
Related: Top 4 Dangerous Android Malware discovered in 2019
This will help you to restore all your data in case of a Malware attack when you can just format your entire system and restore your data and start fresh and simply hope that you would be safer this time.
Let us know in the comments below what you know about Malvertising and If you know any other tips to prevent a Malware from infecting your device.
Cyborg Ransomware is the latest Ransomware that has been identified by researchers to target Windows-based systems and it is currently spreading through fake emails about a Windows update with the subject line that reads, “Critical Microsoft Windows Update!”.
The email poses as a one that has been sent by Microsoft is clearly fake which could be easily identified by the improper formatting, lack of official headers or logos and also the fact that Microsoft never sends critical updates over email to its users.
The Ransomware is embedded into the fake update attachment included in the email, which is apparently an executable file with a .jpg extension. The file has been given a randomly generated name and its approximately 28KB in size. The executable file’s purpose is to deliver a Malware to the target system, which according to the code of the Cyborg Ransomware is another executable file downloaded from GitHub.
Also Read: Purelocker Ransomware: Working and Evasion Techniques
How the Cyborg Ransomware Works:
As mentioned earlier, the main part of the Cyborg Ransomware is the attachment sent in the fake Windows update email. Once the victim of the targeted system clicks on or opens the attachment in the email, it will download an executable file containing the malware from the GitHub website. The file that was downloaded was named as bitcoingenertor.exe and it was supposedly downloaded from the account misterbtc2020, which has now been removed from GitHub.
Once the Cyborg Ransomware embedded in the file bitcoingenerator.exe has been downloaded to the targeted system, it will then start encrypting all the data files in the victim’s system and add the extension .777 to the encrypted files. The memory dump of the Ransomware file with the list of file extensions to encrypt is given below.
Once all the data files in the target system have been encrypted by the Cyborg Ransomware, it then leaves a ransom note in the form of a text file named, Cyborg_DECRPT.txt on the desktop of the target system. The Ransom note instructs the victim to send a Ransom of $500 in the form of bitcoins to the provided wallet and to send an email to the provided email id to be able to get the decryption key to decrypt all the files in the victim’s system that has been encrypted by the Cyborg Ransomware.
How to protect yourself:
While the most common way the Cyborg Ransomware is currently spreading across Windows systems is through a fake email prompting the targeted users to install a critical Windows update by sending an attachment, there are also other ways through which the Cyborg Ransomware might make its way to your system.
Basically anyone who gains access to the Ransomware builder file from the GitHub repository or from other means could build their own version of the Cyborg Ransomware and then either embed it to an attachment and send it to you as an email with different contents or even attach it to a link and attempt to spread it through malvertising methods.
Either way, it is important that you protect yourself from these kinds of Ransomware and it is always recommended that you regularly backup all your important files and keep both a local copy and a one stored in the cloud. Also, do not click on any attachments or open emails from suspicious senders or visit shady websites that might be a target of malvertising.
Even Microsoft has released an official set of guidelines and preventive measures you could take to stay away from the Ransomware. You could view those guidelines here.
Purelocker Ransomware is the latest Ransomware in town and it seems to be designed to specifically target production servers at the enterprise level. The Purelocker Ransomware was detected last week by researchers at Intezer and IBM X-Force.
Upon analysis, they have identified that the Ransomware has been used by Cobalt Gang and FIN6 among other threat groups mainly targeting Windows and Linux based servers. The name Purelocker has been assigned to this Ransomware as it has been written completely using a programming language called Purebasic.
Purebasic is a pretty uncommon programming language but the choice of this particular language by the attackers has to do with the fact that the code written using Purebasic is compatible across multiple platforms like Windows, Linux, and macOS, making it easier for the attackers to target multiple operating systems at once.
Also, since the Purebasic programming language is not that common or popular, the Antivirus companies are finding it difficult to generate reliable and accurate detection engines and signatures to be able to detect the Purelocker Ransomware. This is also part of the reason why the Ransomware went undetected even after being active for several months.
According to the researchers, the initial process involved in analyzing a Windows Sample of the Purelocker Ransomware and they have identified it to be a 32-bit DLL file which was posing as a C++ based cryptography library called Crypto++. The researches become suspicious as some of the functions in the library were related to music playback and controls.
As mentioned earlier, the Purelocker Ransomware managed to stay undetected by popular Anti Virus engines for the first few weeks after its attack. The attackers managed to stay under the radar by using the Purebasic programming language to write the ransomware instead of using some popular programming language which is widely popular and has several detection signatures already available.
Also, the attackers behind the Purelocker Ransomware has programmed it so that it will only begin its execution in its target attack system after ensuring that it is not being analyzed or used for debugging by anyone. If that is not the case, the Ransomware would automatically exit itself from the target system, without even deleting itself.
The Ransomware also executes from the regsrv32.exe, so it verifies that it is indeed executed by the process, and also that the current year on the target system is 2019 and that it has administrator rights on the system. If any of these checks fail, the ransomware would immediately exit the system as mentioned above, so as to not leave any traces of its functionality or working.
Working of Purelocker Ransomware:
Once the Ransomware performs all the verification checks on the target systems and if it gets the desired results, it will start working by first encrypting all the files on the target system with the AES+RSA combination using a hardcoded RSA Key.
The Ransomware mainly executes the data files on the system with .CR1 extension and it mostly ignores the executable files in the target system. It then proceeds to delete all the originals of the files it has encrypted to prevent the user from performing file recovery. Finally, it leaves a ransom note as a text file in the user’s desktop with the name, YOUR_FILES.txt.
While, a traditional Ransomware includes the information about how much Ransom the attackers want the victims to send to them and the means to send that, which is typically a bitcoin-based transaction, the attackers behind the Purelocker Ransomware has instructed the victims to contact them via email instead.
They also seem to use an anonymous and encrypted email service provider for this purpose with different email addresses for each of the victims. Once the attackers communicate with the victims and get their desired ransom amount, they then send the decryption keys to the victims using the same email addresses they have provided for contacting them.
Unconventional ways of Purelocker Ransomware:
Right from using an unconventional programming language like Purebasic to code the Ransomware, its evasion technique, and even the way the Ransomware functions and collects the Ransom from the victims, it is clearly evident that this is different in a lot of ways from the Ransomware that usually are talked about in the news.
This clearly shows that the attackers behind this Ransomware are rapidly improving and innovating the ways they use to perform targeted attacks. Therefore, it is important, now more than ever, for us to focus more on the security of our systems and try to be as safe as possible with our data and devices.
Android, as we all know is currently the most popular mobile operating system in the world with over 2.5 Billion active devices. While this is good news as more users mean more device models, quicker updates, more apps, and developer support and so on, this sheer popularity of the OS itself makes it a popular target among hackers and cybercriminals.
This is mainly because once they develop a single Malware they could potentially use it to target and attack millions and even billions of Android devices at once.
Even though Google has taken a lot of steps towards improving the security of Android devices with features such as Google Play Protect, instant security updates via the Google Play Store, more controls towards app permissions and such, somehow these Android apps and games filled with Malware find their way to the Google Play Store and ultimately into the Android smartphone of potentially millions of users.
This post will be covering some of the most dangerous Android Malware that was discovered this year in 2019, what kind of apps they affected, the impact they had on your smartphones, and how they work.
Top 4 Dangerous Android Malware discovered in 2019
A Trojan is a type of malware that disguises itself as a genuine and legitimate software or an application and tricks the user into downloading it so that it can execute malicious actions in the background without the knowledge of the user.
This Android Clicker Trojan, which was discovered earlier this August comes in two variants namely Android.Click.312.origin and Android.Click.313.origin and has already been suspected to have affected over 100 Million Android devices.
The Malware was found to be embedded in normal and legitimate-looking popular Android apps like Dictionary apps, music players and photo editors but will affect the device of the user once they install these apps on their devices.
The Android Clicker Trojan works by randomly clicking through advertisements on the internet to generate revenue for its developers. The Malware is designed to only start working 8 hours after it has affected your device thus reducing the chances of getting detected and suspecting that a background process is running on your device and performing all these malicious activities.
Once in action, the Malware will send details about your device including the model number, your location and carrier details to the Command and control server of the developer and this will enable the developers to perform malicious actions such as clicking on advertisements and even subscribing to expensive online services without the knowledge and the consent of the victim.
This not only affects the users but also the people behind the ads as they would be paying for ghost clicks generated by malware instead of an actual user. With over 100 million devices affected and about 34 apps from the Google Play Store infected with this Malware, it is probably one of the most dangerous Android Malware discovered this year.
The Agent Smith Android Malware has affected over 25 Million Android smartphones and it is quite difficult to detect the presence of this Malware on your Android device even after you are affected.
This is because once the Malware infects your Android device it will automatically replace a genuine app installed on your phone to a version that serves malicious advertisements thus tricking the users into clicking on these ads.
According to researchers, the malware replaces popular apps like Whatsapp or Opera browser and even some of the manufacturer apps like Samsung or Google apps and then it hides in your phone by removing the app icon from the home screen and app drawer.
From here, the app does all the work in the background making it difficult to identify which app is responsible for all these malicious activities.
One good thing about this Android Malware is that it has not yet affected the Google Play Store and is currently spreading through the 9apps.com App store and is only targeting the developing markets.
However, researchers reveal that they have found pieces of code belonging to the Agent Smith Android Malware in some apps on the Google Play Store, however, they were dormant at that time and Google has immediately removed these apps from the Play Store.
CamScanner is one of the most popular Android apps with over 100 Million downloads in the Google Play Store and has a pretty good rating as well.
The app is used for scanning the photos and images of documents to be able to digitally store and edit them on your mobile device and while the app was seemingly genuine and useful all these years, this June, security researchers at Kaspersky has discovered a Malware in the app which evidently showed intrusive and malicious ads to its users and even attempted to subscribe them to expensive paid services online.
The app was infected by this Malware when CamScanner started using a third party advertising module which contained a Trojan dropper in its code.
This incident clearly shows that not even apps that have a good reputation and millions of downloads can be trusted blindly and necessary steps should be taken to ensure that all the apps are completely safe and free from Malware every time you download or update them on your device.
The Joker Android Malware discovered just a couple of weeks back reportedly has affected over 24 Android apps which have a combined download count of about half a million.
This Malware signs up the users of the affected devices to paid subscription services by stealing their device details and even their SMS messages to get the OTP or confirmation messages from the bank or subscription services.
Most of the apps infected by this Joker Android Malware were wallpaper or customization apps and there was even an Antivirus app that was affected by this Malware. Upon analysis of the Malware code, researchers have reported that some of the code was written in Chinese which gives them a hint about the developers behind this Malware.
The Malware seems to mainly target the users in the European and Asian regions. While Google has already removed the affected apps from the Play Store, it is advisable to uninstall them from your device in case you have downloaded and installed any of them. Below is the list of the apps that were affected by the Joker Android Malware.