10 million Samsung users tricked into downloading fake apps

10 million Samsung users have downloaded a fake “update” app that could swindle them out of money.

The app, which can be downloaded for free on the official Google Play Store is called “Updates for Samsung – Android Update Versions”.

Created by a brazen trickster, the app was named that way to attract people looking for updates on their Samsung phone.

Free software updates for Samsung can be downloaded easily through the handset’s settings.

“‘Updates for Samsung’ does not seem to offer users much of value besides a lighter wallet,” said Aleksejs Kuprins, malware analyst at CSIS Security Group, who discovered the app.

“During our tests, we too have observed that the downloads don’t finish, even when using a reliable network,” he wrote.

Users are then asked to install the $34.99 premium package to download files.

It uses its own payment system, breaking Google’s rules and leaving your payment data open to hackers.

For users who don’t know where to find Samsung phone updates then gets conned out of cash.

Here’s the official advice from CSIS Security Group to avoid Samsung Scam Updates

  • “We recommend users to follow Samsung’s designed procedure for downloading firmware updates.
  • “That is, by opening the “Settings” application on your Android device and navigating to the “About phone” -> “Software Update” menu.
  • “These updates are guaranteed to come directly from the vendor and are free of charge.”

To prevent malware on your Android smartphone, here are some tips:

  1. Download apps only from reliable sources

  2. Password protect your phone

  3. Install OS updates instantly

  4. Avoid viewing sensitive information on public Wi-Fi

  5. Try installing a mobil security app

  6. Do not install anything if unaware of it

  7. Uncheck the “install from unknown sources” option

  8. Read the permissions carefully

  9. Make use of a virus scanner

FinSpy strikes again: New versions for iOS and Android targeted surveillance revealed

In a press release earlier today (11 July), Kaspersky revealed that its experts have uncovered new versions of the advanced malicious surveillance tool ‘FinSpy’. The new implants work on both iOS and Android devices, can monitor activity on almost all popular messaging services, including encrypted ones, and hide their traces better than before.

The basic functionality of the malware includes almost unlimited monitoring of the device’s activities: such as geolocation, all incoming and outgoing messages, contacts, media stored on the device, and data from popular messaging services like WhatsApp, Facebook messenger or Viber. All the exfiltrated data is transferred to the attacker via SMS messages or the HTTP protocol.

The latest known versions of the malware extend the surveillance functionality to additional messaging services, including those considered ‘secure’, such as Telegram, Signal or Threema. They are also more adept at covering their tracks, noted Kaspersky.

For instance, the iOS malware, targeting iOS 11 and older versions can now hide signs of jailbreak, while the new version for Android contains an exploit capable of gaining root privileges – almost unlimited, complete access to all files and commands – on an unrooted device.

Based on the information available to Kaspersky, in order to successfully infect both Android and iOS-based devices, attackers need either physical access to the phone or an already jailbroken/rooted device. For jailbroken/rooted phones there are at least three possible infection vectors: SMS message, email, or push notifications.

According to Kaspersky telemetry, several dozen mobile devices have been infected over the past year.

“The developers behind FinSpy constantly monitor security updates for mobile platforms and tend to quickly change their malicious programs to avoid their operation being blocked by fixes. Moreover, they follow trends and implement functionality to exfiltrate data from applications that are currently popular,” said Alexey Firsh, security researcher at Kaspersky Lab.

“We observe victims of the FinSpy implants on a daily basis, so it’s worth keeping an eye on the latest platform updates and install them as soon as they are released. Because, regardless of how secure the apps you use might be, and how protected your data, once the phone is rooted or jailbroken, it is wide open to spying,” he added.

To avoid falling victim to FinSpy, Kaspersky researchers suggest users to practise the following measures:

  • Do not leave your smartphone or tablet unlocked and always make sure nobody is able to see your pin-code when you enter it.

  • Do not jailbreak or root your device since it will make an attacker’s job easier.

  • Only install mobile applications from official app stores, such as Google Play.

  • Do not follow suspicious links sent to you from unknown numbers.

  • In your device settings, block the installation of programs from unknown sources.

  • Avoid disclosing the password or passcode to your mobile device, even with someone you trust.

  • Never store unfamiliar files or applications on your device, as they could harm your privacy.

  • Download a proven security solution for mobile devices, such as Kaspersky Internet Security for Android.

For the full report, click here.

Ivacy VPN: Lifetime Subscription

https://stacksocial.com/sales/ivacy-vpn-lifetime-subscription-5

Enjoy P2P file-sharing with complete anonymity and blazing fast speeds with Ivacy VPN. With a lifetime subscription to this highly-reviewed service, you can unblock and enjoy buffer-less HD streaming of your favorite movies, TV shows, and sports events. Defeat geo-restrictions and embrace Internet freedom by connecting to more than 450+ servers in 100+ locations worldwide! Official partners with National Cyber Security Alliance, Ivacy VPN promotes cybersecurity and privacy education and awareness. 

TrustPilot: “Great VPN app with great features at the most competitive price out there!” 

  • Lock down your browsing w/ powerful 256-bit encryption

  • Enjoy fast uninterrupted P2P file-sharing with complete anonymity

  • Quick-connect to 450+ servers in 100+ locations across 50+ countries

  • Get a dedicated VPN add-on for Kodi

  • Protect yourself against hackers, spyware, & government surveillance

  • Anonymize your online activity against spammers & identity thieves

  • Overcome ISP speed throttling & port blocking

  • Access region-blocked content anywhere in the world

  • Enjoy amazing Ivacy features on a range of compatible devices

  • Log in on 5 devices simultaneously

Strict No Logging Policy

Reviews

  • VPNMentor: ★★★★★

  • BestVPNProvider: ★★★★★

What every Security Expert must know to tweak your device security

The browser is the weakest link to the internet and can be easily exploited. Common folders like Download and Temp are standard folders all hackers will look for. Although you cannot change your Temp folder where all materials of a web page is downloaded, cookies and your history files are located, there are ways to protect your Download for by renaming it in your browser. Make it harder for would be hackers to know what they are against.  Your cache can be manipulated to activate java, not many know how to do it. I will not give hackers a field day. Clear all your temp files including cache by

<Start><Run><Temp>delete all files.

<Start><Run><%Temp%>delete all files.

File Folder <Windows><SoftwareDistribution>delete all files(This is where your Windows Update files contain.  

Use Windows Cleanup.

Use a VPN service. Windows has a default service but you need to manually set it up, connection by connection, on every site you visit.

For Andriod you can also use a VPN service by downloading from Google Play. Most of them do not give you full protection from a free service and the connection is extremely slow. Better go for a paid service.

Never use your credit/debit card on the internet. Especially those sites that does not hide your credit card details. You do not want to suddenly find your money missing by fraud. My recommendations is to use Paypal as a service, add your credit/debit card details and have peace of mind. Do not expect high compensation from insurance companies, if part of the reason is you did not take basic steps to protect yourself.

How your mobile phone can be attacked. 1) The attack your VTAP touch on your mobile. 2) Your keystroke, tap and brush can be monitored. 3) They can activate the Airplane mode. 4) They can dim your Display 5) Your messages and voice can be monitored. 6) They can activate and launch apps on your mobile. 

Your USB and USB-C has no protection against hacking to retrieve your data.

Your network you chose to connect to the internet is the weakest link especially in Public Wifi and the ISP you chose. Remember your ISP has access to all your information online including history, software or apps you use and all your payment details.

Only Whatsapp communications are encrypted, everything else is open.

Fake deals offered by websites that are too incredible to be true. What they want is you details and credit /debit card info.

Do not download any software from sites you do not trust as you are opening up your PC and mobile for attacks.

There are logs in your activity details on the different platform you use. If you detect any unauthorised activity, immediately change your password. Especially for your payment/banking account, turn on two-step verification.

Use Last Pass to remember your master password and let the software manage all the different passwords to different websites. Do not use a common password for different websites as who knows the admin who has access to your info can use it to access your other accounts. I do not follow my own rules as I am able to setup a trojan horse and trace and identify who has hacked into my account and get back at them.

If you are concerned about your privacy you must know that Windows 10 track all your activities and Facebook and Youtube track all your likes, comments and subscriptions so as to give you a better experience with relevant advertisements. You can decide not to accept cookies, browse incognito and turn off the privacy setting in windows.

I know so much because I have been attacked by so many different methods online and offline for more than 10 years and once I know the methods used, I will develop ways to counter it. 

PS : Today FB is down because more than a hundred million people accessed my webpage when I uploaded all the videos of future technologies that will come true. You can create fake statistics on every website but I know exactly what is happening in the world and nobody can tell me lies. 

Lies, Lies, and more Lies I am getting from my family members and the entire world trying to learn all my secrets but for more than 10 years they cannot find it anywhere, even trying to develop technologies to read my brain but everyone failed miserably because the time is not yet ripe. Make me angry and I will become a hermit and leave this entire world. The mastermind of all these nonsense is my mom who wants me to prove to the world and see if I can create tons of money but I am not so stupid to conform. I will never forgive her and I have prepared a place in hell for all her sins of greed, selfishness and the love of money.

Donald Trump, the issue is not about Huawei, everything on the internet is not secure and can be intercepted, unless you encrypt everything with an unhackable key or use a private VPN.

Contributed by Oogle.

 

With USB-C, even plugging in can set you up to be hacked

By Assistant Professor of Computer Science, North Dakota State University

lugging in the power – or at least what you think is power – to a USB-C powered laptop can connect your computer, and the valuable personal data on it, directly to hackers. Your personal financial information, passwords and documents stored on the laptop could help a cybercriminal steal your identity. The laptop may even be used to attack your employer’s computers and network.

The European Union is already moving to require all smartphones be compatible with USB-C power adapters – itself a move that endangers users’ privacy. If the EU made a similar standard for laptop computers, it would threaten to make the problem worse, by increasing the number of people vulnerable to what is basically the digital equivalent of pick-pocketing.

From mobile phones to laptops

Mobile phones have been hackers’ targets for years. Phones that are left behind or stolen can contain sensitive personal data that can let a criminal open a new bank account or take out a loan.

However, a far more insidious way to get the data is to simply connect to the phone and steal everything it holds. As the phone is not lost, the user may be unaware that anything is wrong. Attackers try to get access to mobile phones via their internet connections and local wireless connection technologies like Bluetooth and Wi-Fi.

But some attackers are finding a weakness in phone charging. Many newer phones use the same port – one of several types of USB – for both connecting to a computer and charging. A charger could be modified to attack your phone via that trusted connection. This has led some researchers to recommend never using public USB chargers for your smartphone.

Older mobile phones, including some smartphones, that used power-only connections didn’t have to worry about this issue. Users of these devices can plug in to public multi-device charging stations without worry, as there is no connection to the device’s data. For those with combined data and power ports, however, the same port that many people only use to power their phone is commonly used by hackers and even law enforcement to access the data on it.

Laptops can now be attacked by USB power ports

Until recently, laptop computers had enjoyed some protection, with most having a dedicated power port to connect their chargers to. Other purpose-specific ports allowed connections to desktop monitors, conference room projectors and other devices, without need for concern. USB-C changed this, with one high-speed port now able to provide and receive power, send video signals to projectors and monitors, and connect to USB thumb drives and numerous other peripheral devices.

Most of the time, this is extremely convenient, reducing the number of different ports needed on today’s lightweight and compact laptops. However, it also allows criminals to attack the computer of an unsuspecting user who is just trying to charge the device’s battery.

With the European Union potentially requiring phone makers to standardize on USB-C chargers to reduce waste and provide consumer flexibility, similar rules for laptops may not be far behind. In any case, people with laptops powered by USB-C and those who connect to USB-C screens and projectors in public areas need to be vigilant.

Compared to a mobile phone, laptops may contain far more data. Some laptop users may not have these files backed up to other locations, which makes them vulnerable to deletion or even encryption for a ransom payment. Hacked laptops can also serve as a method to get viruses and other malware into sensitive business or government facilities, bypassing firewalls, intrusion detection systems and other network security mechanisms. In short, they may be much more attractive targets to hackers.

Prevent problems by not plugging in

As someone who researches and teaches courses related to cybersecurity, I follow numerous reports of scam websitesall manner of fraudulent callers and electronically distributed viruses – all trying to steal personal information.

Criminals run these scams from the other side of the world, making them hard to track down and bring to justice. While there is little you can do to prevent your data from being released by large-scale hacks of personal data like the Equifax breach, you can reduce your risk of power-connection hacking.

USB-C laptop users should not plug in to airport, hotel or other public USB ports without protection. Charge-only adapters, portable USB batteries and cables that can shield the data connection are possible solutions. At present, in most cases, it is best to just plug the laptop’s power supply into a normal wall power outlet; many public USB ports, which follow the older USB-A standard, don’t yet provide enough power to run and charge a laptop anyway.

When connecting to other devices, check for signs of tampering, such as missing screws, scuffing and other wear – particularly around screw holes and edges. When projecting for others, use your own USB-C to VGA or HDMI converter and connecting to these ports.

Over time, the computer industry may be able to create tamper-evident USB devices and other ways of protecting USB users, like ATM manufacturers have tried to do. Until then, USB-C users need to protect themselves by not connecting to public, insecure and other potentially compromised or suspicious USB ports. Information technology managers face a tougher battle and may try to avoid USB-C powered devices or train users to use them safely.

This article was first published on The Conversation