Judy Android Malware Affects 36 million Android Devices: Here is What You Need To Know.

Android Malware Judy Hits 36.5 million Android users, infected smart phones to generate fraudulent link clicks on advertisements. Biggest malware campaign on Google Play. Guys at Fraudulent link clicks on advertisements by compromising victim's Android Phones. Guys at FORENZY have been able to come out with detailed report on how this malware affects Android.

 Judy Android Malware

 The new age Android malware “Judy” has been found in 41 apps on the Google Play Store. The malware infected Android Smartphones to generate fraudulent clicks on advertisements.

Things to Know About Judy

 Researchers observed new age malware campaign “Judy” on Google Play Store. “Judy” is an auto clicking malware which was found on 40+ Android applications developed by Korean company called ENISTUDIO corp. The malware automatically simulates large number of fradulent advertisement clicks on victim’s android phone which helps in generating revenues for hacker group who placed these apps into Google Play Store, The Google’s Official App Store. The malicious apps contains series of cooking and fashion games under "Judy" Series.

Fraudulent link clicks on advertisements by compromising victim's Android Phone.

How does Judy works?

 Judy uses its Command and Control server for various operations. Google Bouncer Service, the Official Google Play Service which identifies malicious apps, was failed to detect these adware/malware. The major reason behind the Google Bouncer Failure was its Command & Control communication mechanism which recieves attacker's command dynamically at run time. According to Researchers, Judy is an auto clicking malware/adware, which simulates false clicks on advertisements and generates revenue for attackers behind this. After Google Team being informed by Researchers, they removed these apps from Google Play

Forenzy's Android Incident Response Team has done detailed analysis on "Judy" Android Malware. The facts and analysis are as per following:



 1. Analysis of package "air.com.eni.ChefJudy030" (One of the App with "Judy" Adware)
Permissions required by Malicious App "air.com.eni.ChefJudy030"

2. "Judy" Adware App Checks for "root" privilege on Android Phone
Following codes shows function "checkRootingFiles" which looks for "su" binaries which gives root privilege to "Judy" on Android Device


3. "Judy" uses su binaries to get high system privilege
Following code shows use of "su" binaries if its available on Android Phone.

 4. Judy Loads Ads from Command & Control Server
Judy uses functions such as "pauseAd", "startAd" etc. to pause and load Advertisements Dynamically from C&C Server

 How to protect against Judy?

Google has removed all malicious apps which were owned by “Judy” adware. In order to be safe against these attacks, be careful while downloading apps. Don’t install apps from third-party websites except Play Store, The Official Google’s App Store . Run malware scans regularly on your android phones. For any further query, type your comment below.

Courtesy of FORENZY security
at No comments:
Labels: , ,

Safe Browsing - Personal Security Part 2

Hello! Today we are continuing from part one of "Safe Browsing - Personal Security". Before i go to the  next tip, In Part One we concluded with Using strong password. Now strong password is a mixture of numbers, letters, and symbols to create a given password. The mixture makes it difficult for hackers to brute force and guess your password. Understand now? Good!



Don't Use One Password To All Your Online Accounts:

Not quite long ago i was among those using one password to almost all my social media and online accounts. I just couldn't have several passwords saved on my had drive upstairs since it was quite much and like you, i just wanted to have an easy and fast access to my accounts and save myself the stress of always trying to sort them out. Well i'm sorry to disappoint you but that's not an habit to be kept this days of Cyber attacks and internet frauds. You see one of your account can be hacked and that spells doom for your other accounts and also enable hackers to get sensitive information about you such as bank accounts, social security number, BVN etc. These are information that can be use for identity theft and financial fraud against you.
So it's advisable to always use different password to different account.



Log Out From Your Online Accounts After Use:

Yes! It's your phone and your notebook. We all know that, but that doesn't mean you should stay logged in after using an online account because it does not guarantee security. Always log out from websites that might have sensitive information about you. This is 21st century and most of the things we do today is done online. From shopping for the trending fashion to buying house hold stuffs. The problem here is most of the times we assume because we are using our devices for these transactions, then we are safe! But that's not safe practice in reality because hackers can remotely get access into your system and having a free pass into your online accounts thereby using it for personal gain!. So it's advisable to always log out from your online accounts after using it for your personal security!
at No comments:

Fix Bluetooth Connectivity issues on Windows 10 creator's update

Microsoft recently updated windows 10 to version 1703. And pretty much nice tweaks was added to enhance the windows experience which i find pretty awesome! The new GUI tweaks and other added features improved the beauty of windows OS and also made some features to be easily accessible.

The upgrade comes with some bugs. One of which is Bluetooth LE connectivity. By Bluetooth LE (Light Energy) one refers to all the modern Bluetooth devices and accessories including mouse, fitness trackers, smartphones and Bluetooth headphones. Well Microsoft has promised to fix this issue with upcoming update, but before that time comes here is a simple workaround.

1. Run Bluetooth Troubleshooter​:



Go to Settings --> Update & Security --> Click on Troubleshoot and head to Bluetooth. Now run Bluetooth Troubleshooter. The Troubleshooter​ will identify and try to fix the issues automatically. After doing this wait for some time till the device reconnects and then the Bluetooth pairing will work as intended.

2. Uninstall Bluetooth Drivers:


Head over to Device Manager --> Bluetooth driver and uninstall every bluetooth driver found. After that that reboot your system and you will be alright.
at No comments:

Safe Browsing - Personal Security

We all want to be online at all times to get information, updates on recent activities from the world, interact with our friends on social media, make bank transactions and to have fun!



Well, who says browsing ain't something? Life can be sometimes boring and the only time we get to feel among is to be online.... But have you ever asked yourselves, how safe are you? In times like this of Cyber attacks and cyber theft it is pertinent that we protect ourselves and our data from cyber fraudsters in order not to hand them free pass to information about us that might enable them get access to our credentials. 

But how do we really protect ourselves? - Well personal security is a de facto if you want to be safe online from prying internet eyes. In Nigeria we have heard of "Yahoo Yahoo", right? These are the people you need to protect yourselves from while being online. Your time online can be protected if you do the following:

1. Phishing: this can be pronounced as "fishing". Most of our information can be gotten by just this small act. Just like when you go fishing, this is the same methods cyber fraudsters use in order to get your credentials. Information like bank account details, credit cards password can easily be stolen if you fall for this trap. Phishing in lame man terms is presenting you with same login page of a website to get your login detail which will be use to compromise your data. Imagine when browsing your bank website and you were presented with a login page but this time the presented page is a bait from the attacker. Once you fill out the form, your login details will be stolen and be used for theft. This can be prevented by using Antivirus with phishing attacks prevention as seen in Protecting Yourself, data, identity From Cyberattacks! Also when doing online transaction always make sure the "URL" that is the address of the webpage presented has "https://", "S" means it is secured unlike the conventional "http://".

2. Use A Strong Password: Using a strong password in your online accounts in order to prevent it from being compromised. Your password can be gotten from a vulnerable server system  housing your account. But what determines your being compromised is how easy it is to guess your password. What attackers do is to use a tool with different wordlist to match your password hatch. So the stronger your password the more difficult it is for an attacker to compromise it.

To be continued..... 


at No comments:
Labels: , , , ,

Protecting Yourself, data, identity From Cyberattacks!

In recent threats of cyber attacks and internet frauds, it is important that we protect ourselves, identity and our data from attackers. There have been several attacks of recent as a result of the theft of NSA software, Eternalblue which enable access to different computer systems around the world.

A group of hackers called the shadow brokers recently got their hands on NSA secret cyber weapon and unleashed it to the open source community for free access to all who are interested. This software has made it easier for hackers to gain access to remote networks and computer systems. This is seen in a recent attacks by a ransomware called "Wannacrypt", encrypting affected system's data and asking for a price for it to be decrypted and set free. Just like kidnappers asking for a price to free it's victim(s).  Below are some ways you can protect yourselves from these modern attacks because whether you like it or not more are coming and some already deployed.


  1. Use Antivirus: using an effect antivirus can save you alot of troubles from cyber attacks and cyber crimes. Antivirus helps your​ computer system fight against viruses and malware and protect your online presence from phishing, Trojans and other form of attacks. There are free antivirus software available; Avast, Malwarebytes, 360 Total security, avg, eset etc.
  2. Use Multifactor Authentication: A Multifactor uses two or more processes for logon. A two factor method might use biometrics and smart cards for logon( Emmett Dulaney and Chuck Easttom Comptia Network security study guide). This method is advisable to be used in your organization or small businesses​.
  3. Many Internet of Things devices face infection from the Mirai and Hajime botnet worms. To avoid infection, see if you can change the default administrative passwords on your IoT devices; if not, then put them behind a firewall or a network security appliance such as the Bitdefender Box. So protect your smart devices with this method for security purposes (Tom's guide).
  4. Email server restrictions: Configure your email server to allow or restrict some file types from entering your network. File types like .doc, .pdf, .xls, .ppt, etc can be allowed since they are Normal data format used in various organizations today. But file types like .exe, .llb, .apk, .dll etc. Should be blocked from the emaik server and users should be trained on this comon file types handling.
  5.  Money transfer should be done on sites with https for secured transactions. Avoid sites without https at the url during online purchase or banking.

Also it's advisable for system administrators to provide training to staffs on some of these measures to avoid cyber attacks or theft.
at No comments:
Labels:

The Ransomware, Wannacrypt...

The internet was put in shambles some days back by a ransomware affecting about 74 countries worldwide. The ransomware called wannacrypt or wcry attacks his victim systems as a worm infecting and holding every file it can find hostage. Think of it as an arm robber kidnapping someone close to you and demanding for some amounts before they can be released. It charges $300 or $600 in Bitcoin to restore the documents. It is adept at bringing offices and homes to a halt by locking away their data. This makes your systems unusable.

Source: Kaspersky Lab


The ransomware infected hospitals, businesses, rail stations, FedEx, Universities and more organizations. WannaCrypt is installed on vulnerable Windows computers by a worm that spreads across networks by exploiting a vulnerability in Microsoft's SMB file-sharing services. It specifically abuses a bug designated MS17-010 that Redmond patched in March for modern versions of Windows, and today for legacy versions – all remaining unpatched systems are therefore vulnerable and can be attacked.

To prevent such attacks on your network you should firewall off SMB ports 139 and 445 from the outside world, and restrict access to the service where possible on internal networks.

It's also advisable to update your windows security software such as windows defender or antivirus if you are using one. This is a preventative measure against this attacks as only systems without the windows patches can be infected.

It's always advisable to use the recent version of what ever OS or software you are using and also update your antivirus regularly to prevent any form of attacks!!

at No comments:
Labels:
Subscribe to: Posts (Atom)

Intel Tiger Lake CPUs to come with Anti-Malware Protection

Intel’s Tiger Lake CPUs will come with Control-flow Enforcement Technology (CET), aimed at battling common control-flow hijacking attacks. I...