latest
Dangerous new malware uses cookies to break into Google accounts
Signing out and resetting passwords doesn’t deter the hackers
Browser cookies give the web browser an ability to remember what you do on websites, such as the items added to a shopping cart, data filled in forms, and login status. However, these very cookies also give dangerous malware inroads to your personal information and banking details. While Google Chrome is coming down heavily on third-party cookies, a recently discovered cookie vulnerability leaves Google accounts vulnerable even if you change your passwords, and at least six malware groups are actively selling this exploit.
Can Chromebooks get viruses?
Here's what you need to know about viruses, malware, and your Chromebook.
ChromeOS is one of the most secure operating systems. Still, it can't guarantee protection against viruses. While the chance of a virus infecting your Chromebook is slim to none, understanding your Chromebook's security features and why you don't need antivirus software will give you peace of mind when setting up your new device.
Gigabud RAT malware exploits accessibility services to swipe info
Hackers continue to target known assistive software vulnerabilities
Malware has proven to a blessedly small but still persistent-as-a-mosquito problem on Android. Hackers frequently target known weak points in the operating system to take advantage of users, and more often than not, accessibility software is exploited. Recently, cybersecurity researchers Group-IB have attributed a spate of financially-driven hacks across Southeast Asia and Central America to the Gigabud Random Access Trojan (RAT), on Android devices.
What to do if you accidentally click on a phishing link
Don't panic, you can still keep your data secure
The best way to prevent a phishing attack is to avoid clicking those links. However, as the attacks become more intelligent, they become harder to avoid. If you click a link, don't panic, there are a few steps you can take to ensure you minimize the chance of having your personal data or, worse, stolen.
How to remove viruses and malware from an Android phone
Is it really a virus or another type of malware? Let's fix it anyway
Mobile viruses are unheard of, compared to computer viruses, and internet users have long argued over their existence. While your phone can fall prey to malware, it's unlikely that it's a virus. Android phones are more exposed to malware than iPhones because of their open source operating system (OS). Downloading files from anywhere on the internet is a perk, but just this once, Apple users are lucky not to have it.
Google pulls screen recorder app from Play Store for spying on its users
It had been secretly recording users for months
Keeping malware off of people's phones has always been a tricky task. It feels like every time we see new security measures come along, it's just a matter of time before malware starts bypassing them. While the Play Store is always working to weed out malicious software, Google's efforts weren't able to stop one screen recorder app from spying on its users after receiving a malware-transforming update almost a year after its initial release.
Google gets legal approval to utterly wreck CryptBot malware
An international restraining order is no substitute for safe browsing practices
Companies like Google play a critical role in keeping software users safe in the ever-evolving world of modern cybersecurity. While oftentimes that takes a technical approach, plugging vulnerabilities prone to exploitation, it can also involve legal efforts to drag bad actors to justice. Right now, we're looking at a mix of both of those, as Google moves against the distributors of the CryptBot malware, with a little help from the courts.
Staying safe online feels like it's more challenging by the passing day, with even reputable password managers falling prey to hackers. Bad actors who cannot be bothered to develop their own utilities from scratch can even use turnkey solutions like MaaS (malware as a service) to infect devices and distribute a custom, nefarious payload. Security researchers have discovered the resurgence of one such MaaS called Nexus, designed to capture banking information from your Android device using a trojan.
Samsung's Message Guard will keep your Galaxy S23 safe from zero-click attacks
Time may tell if your older Galaxy device will get it, too
Although most modern-day Android phones are equipped with safeguards to avoid dangerous malware and spyware, newer and evolved attack forms such as what are known as zero-clicks have become increasingly prominent and potent. This is primarily due to the ease at which they can be deployed, including through standard JPG or PNG image files wherein the user doesn't need to interact with a file or its corresponding app to infect the device. Samsung is now coming up with its own method to block zero-click attacks called Message Guard and it's coming first to the recently unveiled Galaxy S23 series.
Beware of dangerous spyware masquerading as VPN apps
Infected VPN apps can steal your data and spy on your chats
Malware on Android has been a recurring, almost omnipresent, problem despite Google’s best efforts to counter the spread. New research from cybersecurity firm ESET reveals that the infamous cyber-mercenary group Bahamut APT has found a new carrier for dangerous malware targeting Android phones — VPN apps.
Researchers warn new malware campaign is pulling out all the stops to avoid Play Store detection
Malicious apps now rebadge themselves, making them harder to find and uninstall
Malware poses an evolving and omnipresent threat, and despite their best efforts, app stores like Google's are vulnerable to unknowingly being used for distribution. The Play Store regularly removes apps and bans developers flouting rules intended to stop adware, spyware, malware, and other annoying apps you’re better off without. In response, developers of these applications try every trick in the book to dodge Google’s checks. Today we're learning about some apps that have been automatically changing their name and icon after installation, so they can stay undetected on your phone while bombarding you with ads.
Security researchers warn of Joker malware's resurgence in Play Store apps
The dangerous software has been spotted in apps with over 100,000 combined installs
Google takes pride in the security of apps it distributes through the Play Store. Despite its efforts, cybersecurity researchers regularly uncover malicious, malware-laced apps masquerading as harmless download-worthy ones on the platform. One of the more persistent threats has been the Joker malware, a spyware Trojan that allows bad actors to exploit victims and install more dangerous malware on compromised devices. Now that malware's back once again, having been spotted in Play Store apps with over 100,000 combined installs.
Octo Android malware wants to get its tentacles on your banking information
This new trojan could let hackers use your device to commit fraud
A fascinating thing about the life cycle of malware is how malicious code packages evolve over time. It's a case of threat actors grabbing something that works and then improving or extending it. One example is a breed of banking malware that first popped up in 2016 called Exobot — it went after users in several countries until 2018 when it morphed into ExobotCompact, a remote access trojan (RAT) with several additional subtypes. And recently, cybersecurity researchers discovered Octo, a new RAT that essentially evolved from Exobot but has even more deceptive features — like the one that lets the trojan hide its activities even as it turns your phone into a vehicle for committing fraud.
Chinese hackers are using VLC media player to launch malware attacks
The likely state-sponsored hacks began in 2021
VLC is a super-popular media player for good reason: It's free, open source, and available on just about every platform imaginable. Plus, it can handle basically any audio or video file you throw at it. VLC is also light on resources, meaning it won't slow down your Windows computer — unless, perhaps, it's hiding malicious software. A new report indicates that's entirely possible, due to the efforts of a notorious Chinese hacking gang.
Mysterious malware linked to Russian hackers tracks you, records audio, can utterly invade your life
Check your permissions ASAP
Russian hackers have been linked to several high-profile cyberattacks, including interfering in the 2016 US presidential campaign. The Kremlin's motives in carrying out these attacks aren't always clear, but generally, they are intended to sow chaos, create distrust, and coincidentally line the hackers' — or their sponsors' — pockets as well. Russian state-supported hackers aren't just interested in going after targets in the US or Ukraine, either. The Turla group — state-sponsored Russian hackers first identified in 2020 — has been using some particularly sneaky Android malware buried inside a seemingly innocent app.
Hackers sure have been busy the last couple weeks, warns Google's Threat Analysis Group
Get the hack out of here
Hackers and hacking groups have been busy finding new ways to use the war in Ukraine as a lure in their phishing and malware campaigns. Organizations and possibly individuals based in Russia, China, North Korea, and Iran are just some of the government-backed — and, occasionally, independent — bad actors who have used various war-related themes to get people to click on malicious links. While many of these attacks aren't always sophisticated, they can be hard to detect and block, so tech giants like Google have to have their own cybersecurity army at work 24/7.
Malware disguised as cryptocurrency wallets used to steal from iOS and Android users
Are your tokens safe?
Cryptocurrency has been booming for a few years now, pulling in a lot of new investors who just want to see what's going on. This has been good for plenty of people and boosted the profiles of tokens beyond the more well-known Bitcoin and Ethereum — but the influx of new investors has also given scammers a much larger field of victims to target, and security researchers with Eset uncovered a complex scheme involving Android and iOS apps that look like well-known cryptocurrency wallets but are actually hiding malicious trojans designed to steal crypto instead.
Devious Escobar Android malware can steal credentials for 190 financial apps
No relation to Pablo — as far as we know
Colombian drug lord Pablo Escobar died in 1993, but even now, nearly 30 years later, his name remains synonymous with crime. In his time, that never included cybercrime — unless he had his henchmen steal a truckload of AOL installation CDs so customers could snort lines of coke off them, which seems improbable — but the name Escobar is back and attached to an insidious form of malware that can take over your phone and even steal multi-factor authentication (MFA) codes generated by Google's Authenticator app.
In late February, the cyber gang calling itself Lapsus$ broke into Nvidia's internal network and managed to steal a lot of sensitive data, from hashed login credentials to critical trade secrets behind the company's chips. The hackers demanded Nvidia remove the lock on its newer GPUs that automatically slowed them down when mining cryptocurrency and was given until March 4 to comply — or Lapsus$ would release those trade secrets. The cybercriminals have started making good on their threats, and now the fallout from their data dump threatens to help malware avoid detection.
Vicious SharkBot banking trojan discovered in Play Store antivirus app
You're gonna need a bigger boat
The SharkBot remote access banking trojan was first spotted in the wild in October 2021. Security researchers at Cleafy discovered it and concluded it was one of a kind, with no connection to malware like TeaBot or Xenomorph — and it had some notably sophisticated and insidious functions. One, Automatic Transfer System (ATS), is new to Android and lets attackers move money automatically out of the victim's accounts, with no human intervention needed. And as British IT security researchers discovered, an updated SharkBot is hiding inside an innocent-looking antivirus app which is still available on the Google Play Store as of Saturday.