How to know if Pegasus has infected our mobile
05/05/2022The news of recent weeks, in which it is claimed that the Pegasus espionage program has been used to enter the mobile devices of Spanish politicians, has put a lot of people on alert. Pegasus is a malicious software that, once introduced on a device, has the ability to collect information and transmit it to an external entity without the consent or knowledge of the owner of the device, be it a mobile phone, a computer or a tablet. Pegasus also erases its trail after it is installed. Among its main features, it also stands out that Pegasus is capable of detecting who the owner of the device has been with. Pegasus also, can send and recive messages autonomously and recording conversations by manipulating the attacked mobile, computer or tablet. The two ways that this spy program uses to enter on a devices is through an SMS or a fraudulent link and, according to experts, despite the fact that it is a very difficult spyware to detect, there are some signs that can make us suspect that we have been infected. Overheating or slowdown of the system are two of the main ones, but also the fact that the battery life is decreasing or that there is excessive data consumption when we are not using the device. How to make it difficult for Pegasus To try to avoid being infected by Pegaus or by any other malware, the director of Systems Engineering at Fortinet from Spain and Portugal, José Luis Laguna, in statements collected by Europa Press, recommends taking extreme precautions and a make a double-checking when personal and confidential information is provided. In addition, the Fortinet expert explains that instead of clicking on the link that we have received, to verify that it is legitimate, it is recommended to write the address of the site in the web browser, even though this means taking an additional step and not accessing directly to this service. Using protection 'software' based on behavior - EndPoint Detection and Response (EDR) -, keeping the system updated, avoiding public Wi-Fi connections and checking the permissions granted to applications, are other precautions that are also recommended.
[ ... ]
Microclaudia, the Spanish antivirus that makes the attacker think the system is already infected
28/01/2021The National Cryptologic Center (CCN-CERT) and the cyber security company S2 Grup have created "Microclaudia", a tool designed as a vaccine against malware that makes the attacking agent to believe the computer is already infected. "Microclaudia", which can work in parallel to any other protection system already installed on the computer, runs on the system and prevents the attacking of several malwares that are currently in circulation. According to the creators of "Microclaudia", this new antivirus is an important step forward to put an end to the damage caused daily by cybercrime in Spain, the second most common crime, only after theft.
[ ... ]
A new FakeUpdates campaign targeting WordPress sites has been detected
20/03/2024Over the past few weeks, a new wave of the FakeUpdates malware, also known as SocGholish, has been detected, aimed at WordPress websites. The objective is to lure users into downloading remote access trojans, allowing attackers to take control of their systems. Since its emergence in 2017, FakeUpdates has been one of the most recurring malicious software in the cyber threat landscape. It has previously been associated with cybercriminal groups like Evil Corp, who monetize its use by selling access to infected systems. In this new campaign, cybercriminals are using JavaScript to target WordPress web pages, compromising compromised administrator accounts to introduce altered versions of WordPress plugins. These adulterated versions deceive users into downloading remote access trojans, granting attackers full control over infected devices. What is the most popular type of malware? In addition to the FakeUpdates attack, the threat index from Check Point Research, whose researchers have warned about this new attack, reveals around 200 suspicious content websites directed by ransomware groups. They utilize double extortion tactics to pressure victims into paying immediate ransoms. These attacks have impacted many companies, with the Lockbit3 ransomware being the most utilized by cybercriminals, followed by Play and 8base. The most exploited vulnerabilities by malicious actors include 'Web Servers Malicious URL Directory Traversal,' 'Command Injection Over HTTP,' and 'Zyxel ZyWALL Command Injection,' affecting numerous companies worldwide and allowing attackers to access and manipulate files or execute commands on compromised systems. In Spain, despite a 7% decrease in malware attacks in February, the most sought-after malware includes FakeUpdates, Qbot, and Pandora. In the case of FakeUpdates, it has affected 11.9% of companies in Spain. Mobile Malware In the realm of mobile devices, Anubis remains the most utilized malware in Spain, followed by AhMyth and Hiddad, all designed to compromise the security and privacy of Android device users by collecting confidential information and executing malicious actions.
[ ... ]
Common front against advertising based on user surveillance
19/01/2022Facing the forthcoming vote on the EU Digital Services Law, a group of 17 civil organizations and 14 digital companies have demanded the European Parliament prohibit invasive and hostile practices with privacy that take place in digital advertising such as user tracking. According to his complaint, companies that specialize in monitoring the behavior of Internet users, integrate data from all websites, something that entails a violation of EU data protection regulations. In addition, they remember, these advertising practices make use of "inferred data that reveals vulnerabilities of the users" and, in general, they insist, this data are obtained without the knowledge of the user and beyond their control. The signatories, including the privacy-focused search engine companies DuckDuckGo and Ecosia, denounce also that these types of practices only favor a few “dominant players” based in the United States, and they specifically cite, among others, Facebook and Google. As an alternative to these advertising systems, they propose to follow initiatives such the Dutch television channels NPO and Norwegian TV2, which opted for contextual advertising and increased their income from ads.
[ ... ]
A fraudulent email simulates a WhatsApp Backup and installs a Trojan
29/09/2021WhatsApp users, Internet users' associations and also some police officers have alerted through social networks about a new virus that arrives by email with the subject "Backup of WhatsApp messages. This email offers a link to download the history of conversations in this application, which should not be clicked if you don’t want to install a Trojan on your device. The message arrives with the same appearance and usual colors of WhatsApp and provides supposed information about the number of messages deleted, restored and read through the application, looking like a real information and causing confusion in the victims If we receive the message but we don`t use the link, the Trojan will not run and we only need to delete the message to get rid of the virus. But if we have opened the link, or downloaded and opened the zip file that arrives in some emails, then the device will be infected, and we will need to use an antivirus to detect the malicious software and destroy it.
[ ... ]