It’s an especially malicious Thursday this week, with Adware, Ransomware and Phishing epidemics making a trifecta of technical turmoil. Meanwhile, a Sudo vulnerability might cause a shock for Linux’s system administrators.
The Play Store’s Malware Infection Now Has a Thrilling Sequel
This time last month, we warned Threat Thursday readers that a selection of named and shamed Android apps were harbouring the sinister ‘Joker’ Malware. A month later, a whole new list of malicious apps has been uncovered on the Play Store. Thanks to the efforts of Sophos., we can once again identify the offending apps.
The apps are assumed to be the work of the same developer – owing to some suspicious similarities in the coding of each - and they all employ a series of dirty tricks to go unnoticed or undeleted. Some hide their app icons from the home screen entirely, making it harder to locate them on the device; others disguise themselves as other, more legitimate apps in the phone’s App Settings panel. However they hide themselves, they all pull off the same stunt, filling the infected phone with unwanted, intrusive advertisements.
The apps this time are:
- Flash on Calls and Messages
- Read QR Code
- Imagine Magic
- Generate Elves
- QR Artifact
- Find Your Phone: Whistle
- Scavenger - - - Speed Guard
- Auto Cut Out Pro
- Background Cut Out
- Photo Background
- Background Cut Out New
- Auto Cut Out
- Auto Cut Out 2019
If you’re among the 1.3 million users worldwide to have downloaded one of these apps, you might want to get deleting. Sadly, with many hiding their icons, names and true intentions behind other legitimate apps, it can be hard to know what to safely uninstall. The Sophos Blog has some hints, but removing these apps might take a little more time and caution than you’re used to.
Prevention is always better than a cure. The Play Store is so open-ended that practically anybody can upload their wares on there; our advice would be to only purchase apps from names and developers you can trust, and do your research before hitting that download button.
Make sure your Android has some trustworthy virus and malware protection installed too.
Now We’re Phishing with Gas!
Two major phishing scams have hit the UK, targeting payers of both council tax and home energy.
British Gas and HMRC have been spoofed in the latest swathe of Phishing emails, which see fraudsters offering their victims the tantalising prospect of a refund on their council tax or energy bills. The emails are remarkably convincing, looking similar to legitimate correspondence from either company, though the tell-tale signs of phishing are still there; the British Gas email, for example, refers to recipients by their email address rather than their full name.
The HMRC email is similarly convincing, promising a return on overpaid taxes. The HMRC are advising students in particular to be aware of the scam; it’s believed that phishers are targeting them due to their unfamiliarity with the true tax system.
If you’re not familiar with the tell-tale signs of a phishing email, we’ve an upcoming blog this month that’ll tell you all you need to know. Until then, always check the sender’s email address – does it look like a legitimate domain? - and make sure that any links you click are going to reputable, secure web pages.
Frankly, my alarm bells would ring the moment the government willingly offered to return my overpaid taxes. That’s reason enough to be suspicious.
Beware Ryuk – A Truly Awful Ransomware with an Equally Terrible Name
I mean, how do you even pronounce that? Righ-uck? Ree-ook?
Ryuk is a growing Ransomware threat that’s so grim that we’ve covered it in greater detail in this Mirus blog (ensure you subscribe to be the first to get the low-down!). While it’s certainly not a new threat - having been around for over a year now - it seems to be popping up more frequently; cyber security specialists are warning of its prevalence once again.
Ryuk uses a combination of automated and human-controlled hacking to infiltrate systems, delete data backups, deactivate security solutions and – as is always the goal – extort the hapless victim with demands for bitcoin. It’s most often used on high-value enterprises such as financial institutions and, given its elaborate nature, it’s certainly well-poised to threaten them.
A quick Google search suggests that ‘Ryuk’ is named after the horrific-looking and all-powerful villain of the popular Anime ‘Death Note’. An apt title, then. Oh, and it’s pronounced ‘Ree-ook’.
Linux Admins Toppled by a bit of Sudo Wrestling
A vulnerability in Linux’s Sudo utility could compromise a system admin’s restrictions, granting permissions to users who might otherwise be restricted from using them.
Sudo is a Linux utility that gives system admins more flexibility over a user’s administrative privileges, removing the restrictions of certain user levels and giving them the relevant permissions where necessary. As Red Hat discovered, however, a remote code execution could give users the ability to bypass these restrictions and wreak all manner of havoc on their Linux network.
Thankfully, this vulnerability has been addressed in Sudo 1.8.28; if you’re running Sudo on your Linux environment, now’s the time to check that it’s up to date.
That wraps up another Threat Thursday, once again reminding our readers on the importance of Anti-Virus, Disaster Recovery and Phishing Awareness.
Want a Review of Your Company’s Cyber Security?
Want full protection from the threats of phishing, malware, ransomware and viruses? A Managed Service from Mirus provides your business with the best in cyber security, with firewalls, disaster recovery, cyber resilience and more – all delivered with industry-leading technology, and managed by us with the latest patches and updates.
Get in touch with us now to find out more or ask about our FREE Cyber Security Assessment.