TotalSystemSecurity.com

Find the Best solution for PC threats

Category: Cyber Security

Lokibot Data Stealing Virus-How to remove from Android and Windows OS

Lokibot Data Stealing Virus Detected On Android Devices

Lokibot is a dangerous Android virus that is detected as a banking trojan threat. This virus is specifically designed to steal crucial data from the infected device and also encrypt files on it.

Lokibot Data Stealing Virus Detected On Android Devices

This Trojan threat was first detected by the security researchers at SfyLab in late 2017. But its newer version is out and is infecting Android devices as well as windows OS.

Lokibot virus could spread through spam mails sent in bulks by employing bots or even can be embedded within fake apps downloaded from third-party websites. It is just like the MysteryBot Android Malware that also steals banking data.

The malware is not only restricted to steal the monetary information but even acts like a ransomware that that locks important files on the attacked device and present a lock screen alerting users of watching child pornography.

Lokibot Infection Motives

The Lokibot virus gets the administrative privilege and rights at the time of installation, as comes embedded within fake apps.

The hackers and criminal minds behind this threat is aimed to make huge profit by steal money from the bank accounts of users. So, whenever user opens their online banking apps or visit the website then the LokiBot virus presents a simulated screen that appears just like original banking page.

Obviously, users are unaware of the presence of Lokibot virus and they enter all the credentials of their bank account like login credentials, card details and PIN. As soon as user enters these data, the malware running within the background sends all the info to the hackers server. This is how they can easily get access to your confidential data and misuse it for frauds.

Not only that, Lokibot virus also distributes fake versions of legitimate apps like WhatsApp, Skype, Viber, and Outlook. This means that if you have downloaded or updated these apps from unknown sources, then it will steal all the information shared on these apps.

Thus, security experts always recommends to download/update programs from authentic and verified sources.

Capabilities of Lokibot virus

Additionally, the Lokibot virus also attempts other tricky approaches to mislead the users of infected devices:

  • Pop-up fake notifications or alerts that might appear from your bank;
  • Redirect user’s traffic to hackers websites for crypto-mining
  • Use your phone contact to send fake messages and even auto reply to them;
  • Uses administrative privilege to download updates or fake programs on the device;
  • Redirect to suspicious sites while browsing;
  • Utilize the network and OS resources for digital currency mining.

If the user tries to delete or uninstall the program related to Lokibot virus, then it momentarily starts locking the files and acts just like a ransomware. For this, the Malware quickly reboots the device and shows a locked screen along with an alert that states your device is locked due to watching child pornography.

lokibot turns into a ransomware

This is just a trick to scare users and make them pay the ransom to unlock their phones. The ransom demanded by the authors is in Bitcoins and the amount may vary $70-$100. The victims are also given the deadline to pay the ransom of about 48 hours.

According to the analysis, the encryption algorithm used by the LokiBot Trojan threat is not robust and can be recovered. It actually makes copies of original files and replace them with different names.

Users are not aware of these things and they quickly agree to pay the ransom to get their phone unlocked and in normal working condition. As the phone contains various important data which they may not have any back ups.

The cyber-criminals and hackers take the advantage of our unconsciousness to mislead and extort money. As per reports the authors of Lokibot malware had already earned over $1.5 million and is still spreading its malicious program to earn more and more money illegally.

How to Remove Lokibot Virus From Android Device

If your Android device smartphone/tablet infected with Lokibot Virus, then follow the steps:
Press and hold your device’s Power button. This will show up the Power off menu;

Now, press and hold the Power off button until you get a prompt with “Reboot to Safe Mode”;
Press “OK” to enter into the Safe mode;

Now, you need to locate the malicious app and deny all the administrative rights of the app and then remove the virus. Restart your device normally as you do.

Security experts not recommend to pay the ransom as this will only encourage the hackers to do more scams and frauds.

We recommend scanning the device with legitimate anti-virus/malware program to detect any traces of the virus remain left within device.
Now if you are done, then use data recovery software program to recover your data from your Android device.

Here is the recommended data recovery tools which you can try to recover your files.

Remo Recover for Android – Recover files lost due to accidental deletion.How to Recover data from Android Phone

Restores data after accidental format of SD card. Retrieves Android application package files (.apk) along with other music, video and image files. Uses the robust engine of award winning Remo data recovery application.data recovery tool for Android

 

Tenorshare Android Data Recovery Pro-The Most Professional Data Recovery Solution for Android. Recover all kinds of lost Android data in no time, including contacts, text messages, photos, videos, WhatsApp data, call history from Android smartphone, cell phone, mobile phone and tablet of any brands. Click here to Know More about the Recovery tool.

Preventive Measures to stop Lokibot malware Attacks On your android device

  • Be cautious while downloading any apps;
  • Do not provide any valuable information to unknown websites.
  • Try to keep backup of your important data, photos and files.
  • Never download or update any apps from spam links or third-party websites;
  • Do not download or follow links to the spam emails and attachments;
  • Keep your device locked with password;
  • Regularly scan your device with reputed security application;
  • Employ a legitimate app to trace suspicious apps.

ADB.Miner Worm: An Android crypto-mining malware targeting Amazon Fire TV and other devices

ADB.Miner Worm: An Android crypto-mining malware targeting Amazon Fire TV and other devices

Amazon Fire TV & Other Amazon Devices are the new targets of the Android Cryptocurrency Mining.

Security experts have found new Android-based cryptocurrency mining malware that is now targeting Amazon Fire TV and other Fire TV Stick Devices. After the continuous Ransomware attacks, now the hacker/cyber criminals have found new way to victimizing users and generate huge profit.

ADB.Miner Worm: An Android crypto-mining malware targeting Amazon Fire TV and other devicesADB.Miner Worm: An Android crypto-mining malware targeting Amazon Fire TV and other devices

As the Amazon devices are gaining popularity, so this has now become the easy target for the hackers to infect the Amazon devices including Amazon Fire TV and TV stick devices. The reason being is that the Amazon uses a modified version of Android named as “FireOS”. The Fire OS has a simplified user interface that helps users to control the TV more conveniently.

Secondly, the users of Amazon Fire TV devices are allowed download apps from its default “Amazon AppStore” and has no access to Google Play Store. The Amazon AppStore provides applications to be installed, so users are always looking for more apps for media and entertainment. These are provided by some third-party sites.

These third-party sites may contain the “ADB.Miner” worm which are infecting the Amazon Fire TV devices and others by Cryptocurrency Miner.

What is ADB.Miner and how the device can be infected by it?

ADB.miner is a generic detection for cryptominer that has been found on the infected devices mining for Monero digital currency. Users can get this Android crypto-miner infection along with any third-party app like one is detected by the app named as “Test”. The “Test” app contains the package name “com.google.time.timer.” Once the infection is installed on the device, it starts mining for the digital currency-Monero.

The cryptocurrency mining process requires huge amount of system power and electricity. Thus, you will soon realize your device being too slow and you will receive huge amount of electricity bill.

Also, if you have other Amazon devices connected with the same network, then it will soon spread the infection to your other Amazon devices too.

How ADB.miner infection works on your Amazon Fire TV device

This Android Crypto-miner infection starts once the malware particularly app is installed on the “Amazon Fire TV”. This app contains the mining codes for the digital currency “Monero”.

Security experts warns users to be cautious while downloading any app to watch pirated movies and TV shows.

According to the reports, the most effective way through which this malware can infiltrate is the “Android Debug Bridge” function. If this function is turned “on” on the device is on. This feature restricts the third-party or malicious apps to be installed on the device. Many users may turn on this feature who which to install third-party apps to watch pirated movies or TV shows and manage their media contents on the device.

ADB.miner is actually a worm that can spread to other devices connected with the same network using ADB feature. However, it is still unknown that through which app it travels but if one of your device gets this infection, then soon your other Amazon devices will also be infected.

Once the mining process gets started, it will slow down your device and it will take more time than usual to load the applications. The crypto-malware will utilize the 100 % resources of the device to mine for the digital currency.

A screen with “Test”- a green colored Android icon will appear randomly on the infected devices. This means your device’s resources are being utilized by the malware to mine cryptocurrency.
This will result in sudden stop of the apps, video will stuck and device hardware components will also be impacted.

The Amazon Fire TV device infected with ADB.miner will never function normally and will cost you a lot of electricity bill. Along with inconvenience in using your device.

How to prevent or stop ADB.miner worm from your device

If you feel your device has turned drastically slow and become unresponsive at times, the you should give a check, if it is infected with ADB.miner on not.

Although, the infection has no any visible file or app, so it is difficult to trace or simply uninstall the malicious app. But just to make sure, you can have a check on your apps section, if you have any suspicious third-party app or any app named as “Test”. Then quickly delete it. You can also take the help of “Total Commander” which is a file managing app to search for any malware on the device.
If your device is already infected with crypto-miner then, the best way to deal with it is to do a full factory reset of the device.
Before starting it, you need to make sure disconnect all the other devices from the network and turn them off.
Now on your infected Amazon Fire TV device follow the below steps:

  • Go to Settings
  • Scroll the menu to the right and choose SystemHow to perform factory reset on Amazon fire TV
  • Scroll down further and find the option of Reset to Factory Defaultsfire-tv-stick-reset-factory-defaults
  • Once you click on it, a warning pop-up message will appear. Go ahead and press on “Reset”.factory reset amazon fire tv
  • Be patience and wait until the process is completed.

For future preventive measure:

  • Go to Settings
  • Select Device from the menu list
  • Select Developer options.
  • You will see two things “ADB debugging” and “Apps from Unknown Sources”. Make sure you have both the options turned “OFF”.Developer-Options-ADB-Debugging-Unknown-Sources-Off

This is how you can protect your devices from being attacked by any malware or crypto-miner infections like ADB.miner in future.

As a precaution: Use only authenticated “amazon store” for installing apps and never rush for unverified third-party apps, as they may attract you initially but is just a trick to drop any malicious stuff to fulfill their own evil motive.

A New Malicious Chrome Extension Detected to Launch MitM Attack to Steal Money from bank accounts

A New Malicious Chrome Extension Detected to Launch MitM Attack-It Harvest Users Login credentials of bank accounts

Malicious Chrome Extension Detected to Launch MitM Attack to Steal Money from bank accounts

Desbloquear Conteúdo is a newly detected malicious chrome extension that is performing MitM(Man-in-the-Middle) Attack on the targeted computer system. This is done to harvest the login ids and passwords of user’s bank account to steal money.

The malicious chrome extension discovered during the analysis of suspicious chrome extensions from the Chrome Web Store. The extension is named as Desbloquear Conteúdo in portuguese which means ‘Unblock Content’ in English. The malicious extension was primarily discovered in Brazil attempting to fraud users through breaking into their online banking services.

What is MitM Attack

In this attack technique, the attackers modifies the DNS settings through which the victims web traffic is redirected to spoof page. As a result, the victims may not have the idea that they have been redirected to a hacker’s website, as it appears similar to their banking page. When the user enter any information on the page like the user id, passwords, bank account details, card number, PIN and any other information are traced by the hackers. This is how all your private information could be transferred to hacker’s database, which they uses to steal all your hard-earned money.

How Does Desbloquear Conteúdo Malicious Chrome Extension Works

To evade the antivirus detection, the malicious chrome extension Desbloquear Conteúdo is using obfustication technique. Although, its source code is not obfuscate, so it uses “WebSocket” protocol and C&C server for establishing data communication and proxy server respectively. This helps it to make the connection secure and private.
Whenever, the victim of MitM Attack visits the its Brazilian bank website, then the malicious extension, redirects the traffic to the hacker’s server.

According to the analysis, Desbloquear Conteúdo Extension uses two javascript codes named as fundo.js and pages.js. These two codes performs different operations to control the actions of the victim on the targeted machine.
Fundo.js– This javascript code initiates the data connection by initializing the websocket_init() function.
pages.js-This javascript code is used to download scripts from the hacker’s domain ganalytics[.]ga and overlays on the banks’ sites.

After establishing the successful connection, Fundo.js downloads data from the server and store them within the chrome browser. It then contacts the C&C server to receive the instructions on which IP address should the user’s traffic be redirected. It fetches the IP address by calling the function FindProxyForURL.

Another script named as “cef.js” is used for adding HTML code to the home page of the online banking website and the hackers server is connected to the banking site which then needed the one-time passwords to authenticate the user and let them access the account.

While the user is logging in to their bank page, the script runs which calls clone of the “Enter” button which is overlaid to the original “Enter” button the bank’s website. Once the user provides the data and hits “Enter” button, then the data is sent to both the banking system and the hacker’s server. The collected authentication data can be used to steal money from your bank account without your knowledge.

Thus, users are advised not to download any suspicious or unnecessary extensions to the browser. Here is the list of some safe extension that will help you to browse safety

You also need to scan your computer, if you detect any suspicious behavior on it.

Click here to Scan Now.

MysteryBot Android Trojan can encrypt your files|Beware Android Users

MysteryBot Android Trojan can encrypt your files on the Android device.

Another damaging threat is detected by the Security experts that is targeting Android mobile users. The threats is named as “MysteryBot” and it is an Android Trojan that is using various illegal ways to attack Android devices globally on a large scale.

MysteryBot Android Trojan Can Encrypt Your Files

The threat is rated as a highly dangerous as it is able modify crucial device settings that can seriously affect user’s security and privacy.

MysteryBot Android Trojan Detection and Distribution

MysteryBot Android Trojan was detected recently when the investigators discovered a malicious dropper carrying the payloads of the GandCrab Ransomware threat. The droppers were found to be a part of the botnet network which were used to distribute various threats for other computers and mobiles. This included computer viruses, Trojans, Ransomware and Android malware.

The followed research also revealed that the botnet was being used by a group of cyber criminals that are also known to distribute various kinds of threat and victimize users. The same group is responsible for distributing and controlling MysteryBot Android Trojan.

Generally, Botnets delivers spam emails in bulks and uses various other social engineering ways to convince users to do the required actions. The email may directly contain the payloads of the threat or might be hidden within any link which when clicked by the users may download the infections on the device. The email may confuse users by showing images and texts from some renowned companies or software brands. So that users quickly agree to interact with the email which generally ask to download the attachment or any software program like any fake version of Adobe Flash Player.

Also Read about the Android.Marcher.C” and “Android.Asacub.T two latest Android malware has been detected that is stealing financial data.

MysteryBot Android Trojan Actions

After getting inside the targeted device, the MysteryBot Android Trojan momentarily starts executing built-in commands. Here is the list of commands and the actions which can be executed by the threat:

  • CallToNumber — Calls a given phone number from the infected device.
  • Contacts — Gets contact list information (phone number and name of contacts).
  • De_Crypt — No code present, in development (probably decrypts the data / reverse the ransomware).
  • ForwardCall — Forwards incoming calls of the device to another number.
  • GetAlls — Shortened for GetAllSms, copies all the SMS messages from the device.
  • GetMail — No code present, in development (probably stealing emails from the infected device).
  • Keylogg — Copy and saves keystrokes performed on the infected device.
  • ResetCallForwarding — Stops the forwarding of incoming calls.
  • Screenlock — Encrypts all files in the External Storage Directory and deletes all contact information on the device.
  • Send_spam — Sends a given SMS message to each contact in the contact list of the device.
  • Smsmnd — Replaces the default SMS manager on the device, meant for SMS interception.
  • StartApp — No code present, in development (probably allows to remotely start application on the infected device).
  • USSD — Calls a USSD number from the infected device.
  • dell_sms — Deletes all SMS messages on the device.
  • send_sms — Sends a given SMS message to a specific number.

According to the report, the underlying engine of the threat is modular in nature which allows the controllers to execute custom commands. However, the updated versions of the Android OS 7 and 8 have ruined the tactics of hacker to create the overlay of the user-installed applications. Most of which are the applications like mobile banking solutions, payment services or web browsers.
This alarmed the hacker involved in MysteryBot Android Trojan to find a new way to compromise the device’s protective measures. And they came up with the new technique called “PACKAGE USAGE STATS” through which can be abuses the service permission. Through this, the hackers can enable and abuse any other permission without the user’s consent.

The further investigation on the code revealed that the MysteryBot Android Trojan contains a specially designed keylogger. This new component of the threat captures the user’s information through a grid-layout that contains the key positions just like a keyboard. The component is still in testing phase but can be implemented in future to capture all the sensitive information entered by the user.
MysteryBot Android Trojan Additional Threats

MysteryBot Android Trojan Has a Built-in Ransomware “Mystery_L0cker”

Apart from its main engine, the MysteryBot Android Trojan also contains various other modules to execute distinct actions on the targeted device. One of its built-in module is a ransomware named as Mystery_L0cker that acts just like a desktop ransomware. This will encrypt your files and make it inaccessible to users. The encryption process is followed by scanning the device directory to search for files of its built-in extensions to encrypt. Each of the encrypted file is zipped in an individual archive file and is locked with a password is generated using complex algorithm by its engine at run-time.

After the encryption process is completed, it notifies the victim by presenting a message . The victims are further threaten by showing fake alerts stating that they have been watching porn contents on their device. So their sensitive files have been locked. In order to get the files back they need to contact the hackers with the provided email address.

The developers of MysteryBot Android Trojan virus is still testing many of its modules that can be implemented in future. The modules can get the real-time data of the attacked devices and steal confidential data. The information that may be collected by the threat are name, Physical address, geo-location, email account, phone contacts, passwords and bank account credentials.

All Android users need to be more cautious as MysteryBot Android Trojan is finding more clever ways to attack your device and steal or encrypt your files.

Prowli Malware operation infects devices|Aims to spread malware and cryptojacking

Prowli is a malicious operation being used to spread malware and cryptojacking

Researchers and cybersecurity experts at GuardiCore have uncovered an immense destructive botnet that had already affected more than 40,000 devices including Servers, Modems and IoT Devices.

Prowli MALWARE

Powli operation is aimed to spread malware and infect large organizations like industries, finance, education and government. It misguides user’s traffic by redirecting to malicious websites to distribute viruses/malware and even drops cryptojacking codes to carry out mining activities.
The authors of Prowli operation have developed it to capture the control over the servers by embedding malicious codes by using various attacking techniques and spread its malware program.

How Prowli Malware can attack

The common ways of attacking includes:

  • Exploit kits;
  • Vulnerabilities;
  • Brute force attacks;
  • Exploiting weak configurations.

Prowli operation has been successful in infecting devices and machines of more than 9,000 organizations. For this, the hackers lure the innocent users by convincing them of any technical issue on their computer systems just like technical support scams and make them install any malicious program or extension which carries the payloads of the malware.

Prowli Malware

List of servers and devices that have been infected by the Prowli campaign:

  • WordPress sites
  • Joomla! sites
  • Several models of DSL modems
  • Servers running HP Data Protector
  • Drupal and PhpMyAdmin installations,
  • NFS boxes
  • servers with exposed SMB ports (all via brute-force credentials guessing)
  • Vulnerable Internet-of-Thing (IoT) devices;
  • Servers with an open SSH port;

Prowli Group are aimed to generate profit through deploying cryptocurrency miners

According to the analysis, after hacking the servers and IoT devices, the Prowli group uses the devices for massive cryptocurrency mining operations. It deploys the cryptocurrency mining codes and scripts like Monero Miner and r2r2 worm. These scripts utilizes all the computing power to generate virtual/digital currency to generate huge profit out of it.

The r2r2 is a malware that brute force the SSH logins by randomly providing user ID and password from the directory. And once it gets successful to break in, it allows the Prowli malware to spread and start to execute series of commands on the compromised device. The r2r2 worm also helps the Prowli operation to spread further to more uninfected machines and devices.

The commands then helps to download the crypto-mining components from the remote server. It includes:

  • Monero (XMR) the cryptocurrency miner;
  • The configuration file; and
  • Various copies of r2r2 worm based on different CPU architectures.

Not only that, the Prowli operation also infects the CMS (Content Management system) platforms with a backdoor “WSO web shell”. This web shell is being used by the cyber crooks to infect the websites with the malicious codes. After which the compromised website is redirects the user’s traffic to their owned or sponsored malicious sites including fake update pages, adult sites, tech scams and other misleading websites.

However, many of its TDS(traffic distribution systems) which were working for the crooks were taken down. But still there is no stopping for the prowli and is spreading its malware to generate huge profit.

How to protect your devices from the Prowli attack

Prowli operation is always in search of vulnerabilities, loopholes and low security configurations to break into your device and capture it completely. The compromised device can be used for various misleading activities. We should not encourage the cyber crooks behind the Prowli operation to do such illegitimate actions. Follow this simple steps to prevent your device from being attacked by the Prowli malware:

  1. Use strong passwords for your device which is unique and you haven’t used before.
  2. Keeping changing it within 3 months;
  3. Keep your operating system updated;
  4. Use a Real-time anti-malware protection for each of your device;
  5. Never click on any fraud or misleading links like tech scams;
  6. Install apps and extensions from the official websites only.

Beware Android Users:New malware is stealing financial data

Beware Android Users:Two Android malware has been detected that is stealing financial data

Quick Heal-the global IT security firm warned on 12 june, about the two new Android Banking trojan threats that are using sophisticated ways to get access to the Android phones. The viruses are good at exploiting mobile users in India and steal their confidential data.

Beware Android Users

The two new Banking Trojan Malware detected by the Security experts at Quick Heal Security Labs are named as “Android.Marcher.C” and “Android.Asacub.T“.

The Trojans tricks users by its sophisticated ways like popping up as notifications from legitimate social media platforms like — Facebook, WhatsApp, Skype, Instagram and Twitter. It can even mislead the Android users by imitating to be any legitimate banking apps.

Once in, it gains administrative access to the incoming messages and even allows the hackers to access the device through bypassing the two-factor authentication OTP. This security feature is used for making secure online transactions.

Sanjay Katkar, Co-founder and CTO, Quick Heal Technologies Limited said–

“Indian users often download unverified apps from third-party app stores and links sent through SMS and email. This gives hackers a lucrative opportunity to steal confidential information from unsuspecting users.”

He also added–

“The fact that we’ve detected three similar malware in less than six months indicates that hackers are now targeting mobile users, who are far more vulnerable to sophisticated phishing attacks.”

The “Android.Marcher.C” Malware imitates to be a “Adobe Flash Player” and uses its icon to appear to be genuine to users. While “Android.Asacub.T” may appear to you are as an “Android Update” icon.

All the vital information like banking credentials, card details, and login IDs/passwords are saved onto the database of the Malware without user’s consent. Till the Malware is present, the users will be tricked and misled by the malicious apps.

Tips to be avoid Malware attacks on your Android Device

  • Android users are always advised to only download apps from Google Play Store rather than depending upon third-party app stores for downloads.
  • Avoid clicking on any unknown/suspicious link provided within the SMS or email.
  • Always keep the ‘Unknown Sources’ option disabled. This will prevent installation of apps from third-party links.
    To disable this…Open settings menuSecurityUnknown sources(make sure the toggle button next to it is off).
  • Do not download unnecessary apps and verify it before giving permissions.
  • Keep the Google Play Protect service always ‘ON
  • Keep an updated mobile security application to quickly detect any suspicious activity on your device.

How to protect your data from Ransomware (2018 updated)

How to protect your data from Ransomware

Ransomware is a crypto-malware program that targets files found on the targeted computer system. The targeted files are encrypted using advanced algorithm like AES or RSA and even sometimes both and makes the file inaccessible to users.

How to protect your data from Ransomware

Ransomware attacks are growing in a rapid speed and is no where going to stop. As the authors of the Ransomware program have made it possible to victimize millions of users including big organizations, hospitals, businesses and so. And it is no doubt, that they are being successful to their actions and got huge money paid as ransom.

The authors of the Ransomware asks the victims to pay the ransom and they will provide them with the decryption key to unlock their files. But this never happens, they actually fool users by such statements, victims had never got their files back even after paying the ransom.

Here are the list of some Ransomware threats and attacks happened in 2018. Take a look. So you will understand why there is a need to be protected against such attacks.

Ransomware always keen on finding new ways to attack

Having an antivirus program active on your computer is not enough, as the cyber criminals are always finding new ways to target your computer systems without your consent. These are actually intellectual and experienced persons that use their mind in destructive methods to make huge revenues.
Today, individuals rely on their computer system to store important data, work related documents and many other personal stuffs. But is they are fully secured??? The cybercriminals take the advantage of any loopholes, unprotected data, infected network or unsafe browsing to target your system or device and get installed without any administrative permission.
As the technology have expanded so as the cyber crimes…Thus, the traditional way of just having an antivirus for your computer will not solve this issue.
They use advanced techniques and codes that can easily bypass the security of your computer and shut it down, so that no any further detection could be done.

Here is the list of sources through which Ransomware could attack your system and networks:

  • Spam email attachments
  • Exploit kits
  • Infected websites and their links
  • Poorly protected RDP
  • Freeware downloads, fake software updates
  • Ads and pop-ups
  • JavaScript codes on hacked websites
  • RaaS(Ransomware-as-a-service)
  • And other social engineering tricks.

This is not all, as the Ransomware have a capability to infect the entire network by dropping Trojans containing the payloads of the actual threat. After the payloads is dropped inside the machine, the trojan program deletes itself and the Ransomware starts to execute.

How to protect your data from Ransomware threat

How to protect our data from Ransomware threat

Once a Ransomware is out in the wild, the security experts starts on tracking its encryption code and if they get successful, then the decryption code is published for the victims for free. But this does not happens every time.
The victims might try recovering their data from shadow volume copies, but most of the Ransomware today deletes the shadow volume copies of the encrypted files, so that the victims are left with no other option then to pay the ransom and get the decryptor tool or code.
But this is not recommended by the security experts as there is no any guarantee that you will get your files back even after paying the ransom.

Another thing you can do is try to recover your data through third-party data recovery tools, but here also you may not get success. As the encryption method used by the Ransomware are too advanced.
So, the best way to avoid losing your data is following a proper protection and preventive measures to deal with ransomware attacks.

Restrict yourself from using open wifi connections
Open wifi connections are not secured and if you use it frequently then you must stop doing it. As it may be infected by used by malware authors to drop infections to your device. Also, keep your wifi connections at your home or work secured with WPA2(Wi-Fi Protected Access 2). This will keep your network and connected devices secure.

Be cautious while browsing
This is most common way through which you can invite any suspicious thing to your computer systems, laptops, mobile or tablets. Avoid visiting infected websites that may sound suspicious to you like continuing lots of pop-ups, fake alerts, adult sites, dating, video streaming and gaming sites. Never click on any link too fast without assuring its legitimacy.

DO Not open any spam mails
We often receive spam mails to our inbox, it is marked as spam because it might contain any infected attachment or link to infected your device. But sometimes, the ransomware authors uses sophisticated techniques to make users believe that they are important mails like any invoice, order delivery, mails containing the logo of big companies offering jobs or so. Please do not open any attachment linked to the mail in a hurry.

Keep your system and software updated
The malware authors always watchful and they leave no any stone untouched find a vulnerability in your system or software, through which they can easily slip inside. This is usually done by using exploit kits that are often inject malicious codes to the unpatched software or system. Thus, it is good to perform regular updates to the software and system, so that it remains up-to date and flaws or bugs could be fixed. But keep in mind to download the updates from official websites only. Do not download any software program or freeware from untrusted third-party websites. Read about Ransomware Protection-New Feature Added to Window’s Defender security Center

Keep a regular backup of your important files and documents
Backup of your important data is the best way to deal with crypto-malware threats. As ransomware could find any way to get through your system and encrypt all your data. But if you have back ups, you don’t have to worry about them, Just remove the Ransomware threat from powerful anti-malware program and then securely recover your data from backups. There are various backup solutions available that can help securing your data. This will not only prevent them from being encrypted but also help you in time you have accidently deleted the file, system got corrupted or infected. The method used for creating backup should not be linked to your system like you if backup copies to any external drive like pen drive then, it may also get attacked by the threat.

So, it better to opt for online backup solutions that are secured with cloud and are no link with your computer or device. These include Google Drive, Dropbox, iCloud and SOS online backup software.

Protect your System with Real-time anti-virus/malware software
Anti-virus program are the first which will fight against any suspicious program or threat that attacks your system. So, do not compromise with that and invest in a good and powerful anti-malware, anti-ransomware protection tool to shield your computer against malware attacks. Also, it is better to have a second opinion like if you have a primary anti-virus actively running on your system and somehow it is not able to detect the threat at the first time, then you should have a second opinion like Ransomware Defender that is capable of detecting any malicious file containing the payloads of the ransomware. It will quickly block it.

Keep your system protected with Administrative password and restrict users’ access
Always keep a strong password for your computer system and other devices, so that no nay third-party software program installs without your permission. And also you can restrict user access controls like if your home computer has many users then make a user profile for them.

By following the above steps you can keep your computer system secure from Ransomware attacks and other threats like Trojan, malware or spyware programs.

Amazon Gift card Scam:More and More Users are being cheated

Undoubtedly, Amazon is the leading e-commerce website that is continuing extending and advancing its technologies to provide best services to users. Thus, it is no wonder that users may want to leave a chance to grab any free coupon, gift card or discounts provided by Amazon. This is where the cyber criminals are taking advantage and cheat users.

They are many ways through which the cyber criminals may trap you and make fool of you to earn advantage of it. Usually, this happens while browsing when users are redirected to third-party web pages showing attractive banners, pop-ups and commercials that appear to be from Amazon. They deliver pop-ups cleverly to attract users by offering Amazon gift cards, gift vouchers, special offers, and prizes. Unfortunately, these are absolutely fake and is meant to serve their purposes of collecting user’s vital information through surveys, even they may ask you for your credit card/account details and clicking on its links could even drop any harmful program onto your computer devices.

These scams are delivered to users through many ways like:

  • Scamming websites,
  • Pop-up Ads,
  • Fake online Surveys,
  • Emails

While pop-ups, redirect web pages, surveys and ads attacks through browser at the time of visiting any ad-driven websites like gaming, online streaming pages, casino, adult and dating sites. They may titled as “Congratulations! You won the Amazon Gift Card”, to claim this you need to take on a quick survey, special offer for Amazon users and Congratulations Amazon User. Another way, is delivering fake invoices from Amazon that appears in your inbox.

Whatever it may be, it is the main intention behind this approach is to collect users data including credit card details that may often lead to frauds. Also, if you receive any such emails then, do not quickly click on them or carry out any surveys as such things encourages cyber hookers to take advantage and do harmful conducts.

Here are few screenshots of the Amazon Gift card Scam:

Whenever you encounter any such pop-ups or phishing emails, then please ignore them and mark them as spam. And never be in too hurry or exciting to get such offers or prizes. As such things leads to various fraud cases.

Stay Updated, Stay Protected!!!

Gmail users reports of spam mails in their send folder,but no accounts were hacked

Gmail Spamming Issue reported 2018 by Users….

Gmail users are reporting of their account being hacked and are used for sending spam mails to the unknown addresses. This came out first in the 21st of April, when the Gmail users filed reports within the “Gmail help forum”.

Gmail users reports of spam mails in their send folder

Since Gmail provides the feature of spam filter and 2-step authentication, yet the users found spam mails that had the sender name as “me” and contains subject weight loss, supplements for weight loss, loans, and similar which may attract users. Gmail users witnessing spam emails resides within the “Send folder”.

Yet by opening the spam email, it shows the name of the telus.net as its distributor. According to the official statement released by Google, it responded that spam emails misleading users are not anywhere associated with the TELUS. TELUS is a Canadian national telecommunications company that provides services like wireless, Internet services, TV and Home Phone services. Also, the TELUS spokesperson responded to the same issue by confirming no any accusation of Gmail accounts hacking, email spamming and misleading users.
Google’s quick respond to the Gmail spamming issue on Twitter
The Gmail spam was first reported on Saturday and Google quickly acknowledged the issue and responded on Twitter:

“We are aware of a spam campaign impacting a small subset of Gmail users and have actively taken measures to protect against it. This attempt involved forged email headers that made it appear as if users were receiving emails from themselves, which also led to those messages erroneously appearing in the Sent folder. We have identified and are reclassifying all offending emails as spam, and have no reason to believe any accounts were compromised as part of this incident.”

The issue of Gmail spamming emails appears as if the account holders send the spam messages on their own.

This Gmail spam email issue reported created an impression as if the user itself send the malicious mails to their accounts. As unlike the other email spamming, it resides within the send folder of the Gmail account users. But the accounts were not hacked. After noticing the spam mails that marked as “Me” along with the profile icon, users immediately changed their passwords. But it was nowhere helpful, as they keep on getting spam mails with subject like “Easy way to lose weight,” “Loose weight in two weeks,” “Increase hair growth with this miraculous product,” and similar.
According to a researcher Renato Marinho, said that the Gmail spam filter is not able detect the mails as they came from a spoofed but still contains the valid addresses.

Google is investigating further on this issue as to how the cyber-criminals exploited the any vulnerability if exists. Google advised users not to respond to any spam emails and quickly report them. Users need to the Open the Gmail and mark the suspicious emails, and click the “Report spam” button. (image for reference purpose only)

gmail report spam

 

Here is some Useful Tips to secure your Gmail account 2018

New Trojan threat steals data through instant messaging apps

A new Trojan threat has been discovered by the security experts that targets the popular instant messaging apps on Android phones. The threat could invade secretly inside the devices and steal all the personal information that are typed while making any conversation.

New Trojan threat steals data through instant messaging apps

The threat makes the detection process tougher as it is characterized as simple way but it could have worse impact on your device. It is capable enough to hide its identity and continue to transfer all the recorded information to the remote IP address.

The following instant messaging app found to be the targets of the threat:

  • Skype
  • Facebook Messenger
  • Twitter
  • Viber
  • Telegram Messenger
  • Line
  • Weibo
  • Tencent WeChat
  • Walkie Talkie Messenger, etc.

These messaging apps are widely used and therefore are the soft targets of the threat to steal as much data as they can worldwide.

The malware uses sophisticated approach for its distribution sources so as to any active anti-virus program could not track it. And to remain persistently active on the device, it alters “/system/etc/install-recovery.sh” file and launches its program with each ti,e device boot-up.

The security software program could not track it down due to its obfuscated configuration file and
a chunk of modules. Not only that, security analyst find it hard to detected through “Dynamic analysis” as the threat uses anti-emulator and debugger capabilities. They say that the threat hides its string within the source code and its other file like C&C server and other values are stored within a configuration file through which to communicates to its authors.

The Trojan was first detected in a Chinese application named as “Cloud Module” and the package named used is “com.android.boxa”. The threat is likely to be distributed through third-party websites and other Android application websites. As China does not have any Play Store but in other countries, it could take the advantage of various platforms to be distributed.
The data collected could be used for various illegitimate purposes. Today data breach issues are the main concern as the data may contain various vital information like: bank account credentials, login/passwords of saved websites, financial details, location and other private data.

Neil Haskins, the director of advisory services EMEA of IOActive, was cautious about the sensitive data of employees and the way the security was being handled. To this he said:

Many organizations spend time, money and resources on securing email platforms with the latest and greatest technology. They roll out email policy documents and then educate users on appropriate use of emails, forgetting that employees pass just as much info on IM, and in fact, because email is blocking them, they use IM to bypass the email controls. Such is human nature. Couple that with the fact that most people have multiple messaging apps on their laptops, tablets and mobile phones, the attack surface is huge.

Here are few tips to keep your Android secure and prevent your data from being tracked and misused by any third party app or malware:

  • Users should very cautious while downloading any applications from untrusted sites, third-party websites and clicking on ad-links. It is recommended to use only use Google Play store for downloading any app.
  • Be careful while granting permission to third-party apps being installed, as they can access your files, folders, photos, location and many so. Giving permission means they can collect your data and send them to their remote servers and further use them for various illicit purposes.
  • Configure your privacy and security settings correctly and never leave your phone open to all third-party downloads. You can do this under Settings tab>Security> Unknown Sources. Keep the toggle “off” next to this setting. This will protect your phone from third-party download or sources. And any attempt will notify you before.
  •  Keep your phone locked with strong passwords and avoid using open network connection to connect your phone as they can drop any infection. 
  • Never leave your Computer, phones, laptops, tablets and other devices defenseless against threat. A strong and powerful anti-virus acts like a bridge between malicious applications and your phone. It is very important to get notified if any threat attempts to break your security and privacy.

Here is a suggestion for you:

BetterGuard™ Mobile betterguard-mobile

BetterGuard Mobile is a powerful Android app that enables users to see what information apps are accessing and looks for potential privacy breaches. It now provides device tracking, so users can be alerted if there phone is lost. Protect your privacy with the proven power of BetterGuard™. With this app your privacy will always be protected and no any third-party apps, malicious program could attack your Phone.

 

Welcome To TotalSystemSecurity.com, we will provide users with latest news and information about computer threats like Adware, Spyware, Trojan, Browser Hijacker and Ransomeware. Here at TotalSystemSecurity.com, you will get all minute information about latest threats and manual removal instructions. We Hope our guides and articles help you troubleshoot your PC issues.

TotalSystemSecurity © 2015-2018