Morrissey Technology

Loading

Tag Malware

Malware in Chrome Web Store
News

Watch out! Lots of Malware in Chrome Web Store

Morrissey Technology – Google may claim that less than 1% of extension installations from the Chrome Web Store contain malware. However, other security researchers have different data. For your information, currently the Chrome Web Store contains more than 250 thousand extensions — a kind of additional application for the Chrome browser. Google boasts that its security team has succeeded in reducing the number of extensions containing malware from the Web Store.

“Just like other software, extensions can also contain risks,” said Google’s cybersecurity team.

However, other data emerged from a Stanford University security research team, consisting of Sheryl Hsu, Manda Tran, and Aurore Fass, who collaborated with the CISPA Helmholtz Center for Information Security.

They researched the Security-Noteworthy Extension (SNE) in the Web Store, and this SNE is an extension that is categorized as malware, violates Chrome Web Store rules, or an extension that has security holes.

During July 2024 to February 2023, there were 346 million users who installed extensions in the SNE category FOR4D. 63 million of them violated Web Store rules, and three million had security holes, meaning extensions containing malware were installed 280 million times.

In fact, in that time period there were only 125 thousand extensions available in the Chrome Web Store. The trio of researchers also found that Chrome extensions that are safe and do not contain malware usually don’t last long, only 51.8 to 62.9% survive after one year. Meanwhile, extensions that fall into the SNE category can actually last for an average of 380 days, and can even reach 1,248 days if they only contain security holes.

The SNE that lasted the longest in the Chrome Web Store was TeleApp, which lasted for 8.5 years and was last updated on December 13, 2013. When it was discovered to contain malware on June 14, 2022, this extension was removed. What’s worse, the application or extension rating doesn’t help much to find out the presence of malware in this SNE case.

“Overall, users never give SNE a low rating, which may be because users may not realize that this extension is dangerous. There is also the possibility that there are bots that give fake reviews and give high ratings to the extension,” wrote the research team in his paper.

https://knowyouridol.com/-/for4d/

https://stirringthefire.com/-/for4d/

Malware
News

Signs That Your Cellphone has Been Affected by Malware and How to Deal With it, Don’t Underestimate it

Morrissey TechnologyMalware viruses are dangerous enemies and threaten the devices you own, including the smartphone you currently hold. The reason is, malware can steal various information on the device, including banking information. There are several signs that your cellphone has been infected with malware that you should be aware of. Don’t ignore it, your account balance can run out if you ignore it. The following are the characteristics you should be aware of.

Characteristics of a cellphone being affected by malware

1. There is a warning about viruses that may infect you
2. The antivirus software used is no longer functioning
3. There is a significant decrease in the operating speed of the device FOR4D
4. You notice that the storage space on your device has decreased significantly and unexpectedly
5. Your device stops working or doesn’t work at all.

Here are the steps you can take to protect your device from malware:

1. Activate Google Play Protect

It’s easy. First, open the Google Play application, then tap the Profile icon FOR4D. Continue to Tap Protect > Settings > enable or disable Scan apps with Play Protect.

2. Update the device

Make sure to always update your device when it is available. If you don’t find notifications because they are turned off, you can go to Settings > System > System update. Later you will see a status update to continue.

3. Delete suspicious applications

It is important to delete or uninstall applications that are not important, untrusted, sourced from third parties, or outside the Google Play Store. To delete it, do the steps Settings > Apps & notifications > See all apps > click the application you want to uninstall > Uninstall.

4. Security checkup

• On your Android phone or tablet, open a web browser such as Chrome

• Go to myaccount.google.com/security-checkup FOR4D

• To fix security issues in your account, follow the steps provided.

DuneQuixote
News

Get to know DuneQuixote, The Malware Used by Hackers to Steal Data

Morrissey Technology – Dangerous malware continues to evolve. According to the cyber security company, Kaspersky, a new type of malware called DuneQuixote is currently emerging which targets government entities, both in the Middle East, Asia Pacific, Europe and North America.

DuneQuixote incorporates snippets taken from Spanish poetry to increase persistence and avoid detection, with the ultimate goal of cyber espionage. With this malware, hackers are able to spy on and retrieve the target’s sensitive data.

In its official statement, Kaspersky revealed that the initial malware dropper was disguised as a corrupted installer file for a legitimate tool called Total Commander. Inside this dropper, embedded are strings from Spanish poetry, with the strings varying from sample to sample.

According to principal security researcher at Kaspersky’s GReAT (Global Research and Analysis Team), Sergey Lozhkin, this variation aims to change the signature of each sample, making detection with traditional methodologies more difficult.

Embedded within the dropper is malicious code designed to download additional payloads in the form of a backdoor called CR4T. This backdoor, developed in C/C++ and GoLang, aims to give attackers access to the victim’s machine.

Specifically, the GoLang variant uses the Telegram API for C2 FOR4D communications, implementing public Golang telegram API bindings.

“This malware variation shows the adaptability and ingenuity of the threat actors behind this campaign. “At the moment, we have found two similar implants, but we strongly suspect the presence of additional implants,” said Sergey.

Kaspersky telemetry identified victims in the Middle East as early as February 2024. Additionally, multiple uploads of the same malware to semi-public malware scanning services occurred in late 2023, with more than 30 submissions. Other suspected sources of VPN exit points are located in South Korea, Luxembourg, Japan, Canada, the Netherlands, and the United States.

To avoid becoming a victim of attacks targeted by known or unknown cybercriminals, Kaspersky researchers recommend implementing the following steps:

Give your SOC team access to the latest threat intelligence (IT). The Kaspersky Threat Intelligence Portal is a single point of access for enterprise IT, providing cyber attack data and insights collected by Kaspersky over more than 20 years.

Upskill your cybersecurity team to address the latest targeted threats with Kaspersky online training developed by GReAT experts. For timely endpoint-level detection, investigation and remediation of incidents, deploy an EDR solution like Kaspersky Endpoint Detection and Response

In addition to adopting critical endpoint protection, implement enterprise-grade security solutions that detect advanced threats at the network level at an early stage, such as Kaspersky Anti Targeted Attack Platform

Since many targeted attacks start with phishing or other social engineering techniques FOR4D, introduce security awareness training and teach practical skills to your team for example, through the Kaspersky Automated Security Awareness Platform.

VPN Malware
News

Watch Out For 28 VPNs and This Application is Listed as a Google Warning Indicating Malware

Morrissey Technology – The use of VPNs has surged in recent years along with the growing need to browse the web more safely and avoid geo-fenced content.

Millions of people have installed VPNs on their Android phones, but it’s a good idea to pay attention to these warnings before downloading a new VPB on your device.

The HUMAN team of cybersecurity experts at Satori threat intelligence has issued a warning after discovering some VPN malware and bad software.

Once installed, they can use a new threat, called PROXYLIB, to carry out ad fraud as well as phishing for personal data and password spraying. This is a brute force attack that attempts to break into accounts using passwords found in previous data breaches.

Even more concerning, all the apps found to contain the malware were available through the Google Play Store, meaning millions of people may have been able to access them.

All of them have been banned by Google but this serves as a reminder to be careful before installing new software.

“The Satori Threat Intelligence HUMAN team recently identified a group of VPN apps available on the Google Play Store that turn users’ devices into proxy nodes without their knowledge,” the team explained in a blog post.

“The 28 apps containing the PROXYLIB SDK identified in this report have been removed from the Play Store and HUMAN continues to work to stop the threat posed by PROXYLIB.”

It has been confirmed that the Google Play Protect service will help stop PROXYLIB FOR4D attacks in the future, so it’s best to make sure this function is enabled.

Unfortunately, the Satori Threat Intelligence team says more attacks are possible and Android users should remain vigilant when installing a new VPN.

“We hope that threat actors will continue to develop their TTPs to continue selling access to residential proxy networks generated by applications containing PROXYLIB,” Satori added as reported by the Mirror.

“HUMAN recommends that users download mobile applications exclusively from official marketplaces, such as the Google Play Store or iOS App Store. Furthermore, users should avoid clones or “mods” of popular applications that may allow malware or unwanted functions such as the PROXYLIB residential proxy registration of the nodes discussed in this report to masquerade as harmless software.”

You can find a complete list of apps expected to be impacted by Google’s ban. It is currently unclear whether developers knew their apps were infected with the threat or whether they were added later by cybercriminals.

The following is a list of applications affected by Google’s ban :

• Lite VPN

• Anims Keyboard

• Blaze Stride

• Byte Blade VPN

• Android 12 Launcher

• Android 13 Launcher

• Android 14 Launcher

• CaptainDroid Feeds

• Free Old Classic Movies

• Phone Comparison

• Fast Fly VPN

• Fast Fox VPN

• Fast Line VPN

• Funny Char Ging Animation

• Limo Edges

• Oko VPN

• Phone App Launcher

• Quick Flow VPN

• Sample VPN

• Secure Thunder

• Shine Secure

• Speed Surf

• Swift Shield VPN

• Turbo Track VPN

• Turbo Tunnel VPN

• Yellow Flash VPN