Oleh Diposting pada

Apple’s App Store is considered a reliable platform for downloading apps. So much so, in fact, that users often assume there’s no danger at all: what could possibly be wrong with an app that’s been moderated by Apple? App Store verification is indeed effective, and news about malicious or phishing apps on the platform is uncommon.

All the same, malware creators do occasionally sneak under the App Store’s radar. This post examines three fraudulent apps we’ve found in the official Apple store, and what precautions you can take to avoid a financial hit.

Scam apps in the App Store

The three we’ve found all share a common theme: investment. If the descriptions are to be believed, two are for tracking the current value of cryptocurrency assets. The third seems to be some kind of investment game, which, I quote, “plunges you into the world of financial decisions, making you feel like a real office worker. You will have to make complex financial decisions that will affect your character’s mood and the state of their wallet”.

Scam apps in the App Store

Scam apps we’ve found in the App Store

When the user opens any of these apps almost anywhere in the world, the program, having checked the location by IP address, shows what was promised in the description: either a simple app for tracking cryptocurrencies, or a mini-game with multiple-choice questions.

But if the user is in Russia, however, the app downloads far less innocuous phishing content. First, the victim is promised a decent income of at least $1000 a month. What’s more, you can start investing supposedly with small amounts — “from $110” — and expect your first profit “in just a few days”; access to the platform is, of course, free.

The promises of fabulous riches are followed by a rather long and detailed questionnaire. The scammers’ aim here is to get you to “invest” a certain amount of time and effort in the process; this is so that, come the key stage of the scam, the victim will be reluctant to give up that investment.

The culmination is a form asking for your first name, surname, and phone number so that “an investment platform specialist can be in touch”. Once the contact information is sent, the phishers promise to call you shortly.

And they’re true to their word. According to user reviews in the App Store, during the phone call with the “specialist”, the hapless user is persuaded to “invest” a certain amount in a highly dubious financial project. The outcome isn’t hard to predict: the fantastic payback never materializes, and the victim’s investment disappears.

Although user reviews of all three malicious apps warn about fraud, only when we reported them did the App Store moderators sit up and take notice. At the time of posting, all three apps have been removed from the App Store.

But how did they even get there in the first place? We can’t give a definite answer, of course — only Apple itself can do so after a thorough investigation. We can only assume that when the apps were being moderated, they only displayed harmless content since they were designed to download the phishing questionnaire from the internet as a regular HTML page. And then, after the apps had been approved and placed in Apple’s official store, the scammers modified the uploaded content.

How to stay safe

The iOS architecture is built to keep user apps as isolated as possible from the rest of a device’s system and also user data. Because of this, there’s no way to create a “classic” antivirus for iOS: it simply won’t have the necessary access to other programs and data running in the system. Apple works on the assumption that App Store moderation protects against malicious apps such as these. But, as we now see, its safeguards can be bypassed by substituting uploaded content with phishing once the app is approved. And because the App Store currently hosts around two million apps, the moderators simply don’t have time to respond quickly to user complaints.

Therefore, the next line of defense becomes all-important. Kaspersky: VPN & Antivirus for iOS with Plus and Premium subscriptions analyzes traffic and promptly detects attempts to open phishing sites on your device. Dangerous pages get blocked straight away and a warning is displayed.

How Kaspersky: VPN & Antivirus for iOS protects against scam apps

Here’s how Kaspersky: VPN & Antivirus for iOS responds to an attempt by a scam app in the App Store to download phishing content

And although all the scam apps we found this time around singled out users in Russia, the same technologies could just as well be used to target any audience in any country in the world — the only question is when. So, as you can see, iOS needs protection just as much as Android.


#Beware #scammers #Dangerous #apps #App #Store

Oleh Diposting pada

Videocalls became much more widespread after the COVID-19 pandemic began, and they continue to be a popular alternative to face-to-face meetings. Both platforms and users soon got over the teething problems, and learned to take basic security measures when hosting videoconferences. That said, many online participants still feel uncomfortable knowing that they might be recorded and eavesdropped on all the time. Zoom Video Communications, Inc. recently had to offer explanations regarding its new privacy policy, which states that all Zoom videoconferencing users give the company the right to use any of their conference data (voice recordings, video, transcriptions) for AI training. Microsoft Teams users in many organizations are well aware that turning on recording means activating transcription as well, and that AI will even send premium subscribers a recap. For those out there who discuss secrets on videocalls (for instance in the telemedicine industry), or simply have little love for Big Tech Brother, there are less known but far more private conferencing tools available.

What can we protect ourselves against?

Let’s make one thing clear: following the tips below isn’t going to protect you from targeted espionage, a participant secretly recording a call, pranks, or uninvited guests joining by using leaked links. We already provided some videoconferencing security tips that can help mitigate those risks. Protecting every participant’s computer and smartphone with comprehensive cybersecurity — such as Kaspersky Premium — is equally important.

Here, we focus on other kinds of threats such as data leaks from the videoconferencing platform, misuse of call data by the platform, and the harvesting of biometric information or conference content. There are two possible engineering solutions to these: (i) hosting the conference entirely on participant computers and servers, or (ii) encrypting it, so that even the host servers have no access to the meeting content. The latter option is known as end-to-end encryption, or E2EE.

Signal: a basic tool for smaller group calls

We have repeatedly described Signal as one of the most secure private instant messaging apps around, but Signal calls are protected with E2EE as well. To host a call, you have to set up a chat group, add everyone you want to call, and tap the videocall button. Group videocalls are limited to 40 participants. Admittedly, you’re not getting any business conveniences such as call recording, screen sharing, or corporate contact-list invitations. Besides, you’ll need to set up a separate group for each meeting, which works well for regular calls with the same people, but not so much if the participants change every time.

Signal lets you set up videoconferences for up to 40 participants in a familiar interface

Signal lets you set up videoconferences for up to 40 participants in a familiar interface

WhatsApp and Facetime: just as easy — but not without their issues

Both these apps are user-friendly and popular, and both support E2EE for videocalls. They share all the shortcomings of Signal, adding a couple of their own: WhatsApp is owned by Meta, which is a privacy red flag for many, while Facetime calls are only available to Apple users.

Jitsi Meet: self-hosted private videoconferencing

The Jitsi platform is a good choice for large-scale, fully featured, but still private meetings. It can be used for hosting meetings with: dozens to hundreds of participants, screen sharing, chatting and polling, co-editing notes, and more. Jitsi Meet supports E2EE, and the conference itself is created at the moment the first participant joins and self-destructs when the last one disconnects. No chats, polls or any other conference content is logged. Finally, Jitsi Meet is an open-source app.

Jitsi Meet is a user-friendly, cross-platform videoconferencing tool with collaboration options. It can be self-hosted or used for free on the developer's website

Jitsi Meet is a user-friendly, cross-platform videoconferencing tool with collaboration options. It can be self-hosted or used for free on the developer’s website

Though the public version can be used for free on the Jitsi Meet website, the developers strongly recommend that organizations deploy a Jitsi server of their own. Paid hosting by Jitsi and major hosting providers is available for those who’d rather avoid spinning up a server.

Matrix and Element: every type of communication — fully encrypted

The Matrix open protocol for encrypted real-time communication and the applications it powers — such as Element — are a fairly powerful system that supports one-on-one chats, private groups and large public discussion channels. The Matrix look-and-feel resembles Discord, Slack and their forerunner, IRC, more than anything else.

Connecting to a Matrix public server is a lot like getting a new email address: you select a user name, register it with one of the available servers, and receive a matrix address formatted as @user:server.name. That allows you to talk freely to other users including those registered with different servers.

Even a public server makes it easy to set up an invitation-only private space with topic-based chats and videocalls.

The settings in Element are slightly more complex, but you get more personalization options: chat visibility, permission levels, and so on. Matrix/Element makes sense if you’re after team communications in various formats, such as chats or calls, and on various topics rather than just a couple of odd calls. If you’re simply looking to host a call from time to time, Jitsi works better — the call feature in Element even uses Jitsi code.

Element is a fully featured environment for private conversations, with video chats just one of the available options

Element is a fully featured environment for private conversations, with video chats just one of the available options

Corporations are advised to use the Element enterprise edition, which offers advanced management tools and full support.

Zoom: encryption for the rich

Few know that Zoom, the dominant videoconferencing service, has an E2EE option too. But to enable this feature, you need to additionally purchase the Large Meetings License, which lets you host 500 or 1000 participants for $600–$1080 a year. That makes the price of E2EE at least $50 per month higher than the regular subscription fee.

Zoom supports videoconferencing with E2EE too, but you need an extended license to be able to use it

Zoom supports videoconferencing with E2EE too, but you need an extended license to be able to use it

You can enable encryption for smaller meetings as well, but still only if you have a Large Meeting License. According to the Zoom website, activating E2EE for a meeting disables most familiar features, such as cloud recording, dial-in, polling and others.


#Top #apps #encrypted #private #videocalls

Oleh Diposting pada

Just because you’re paranoid doesn’t mean they aren’t watching you. Here’s the answer to that age-old question: Are my apps spying on me?

Downloaded a weather app to your phone? You might think it’s no big deal, just a quick way to determine if you should grab your umbrella before heading out on a lunch date. But that weather app? It might be spying on you and selling the information it collects to advertisers.  

(lebih…)

Oleh Diposting pada

We’ve published multiple comparisons of secure messaging apps with end-to-end encryption, shared recommended settings, and described the respective flaws of these apps. But what about folks who want secure messengers but who aren’t exactly tech-savvy? This blogpost is just for them – based as it is on an extensive study and published report entitled What Is Secure? by a group of experts from the agencies Tech Policy Press and Convocation Research and Design.

The report contains recommendations for both users and developers. But since not everyone will read through all the 86 pages of text, we summarize the paper’s main conclusions below.

Object of study

The researchers interviewed user groups in Louisiana in the United States, and Delhi, India, to determine the strongest and weakest points of current messaging apps. The following popular apps were examined:

  • Apple iMessage
  • Meta (Facebook) Messenger
  • Messages by Google
  • Signal
  • Telegram
  • WhatsApp

The study focused on the way humans respond to in-app tips, and the way they understand the meaning of each feature. More importantly, the respondents were asked about any specific fears, and in what ways they think secure messaging apps are or could be useful in their lives. Some of the interviewees said they are worried about potential physical violence, such as domestic violence, in connection with messaging, while others fear persecution by the authorities. This had a major effect on their perception of “secure”.

Key finding

End-to-end encryption is only one aspect of security. Encrypted messaging won’t solve every problem a threatened user is having. Therefore, one needs to think through a strategy against motivated adversaries. Is there a risk of your phone being seized? A risk of you being forced to unlock it? Are you afraid that someone may try to obtain your data from the company that owns the app using litigation or a legal order? Or infect your phone with spyware? Would it be easier for the bad guys to try and extract that data from the person you’re chatting with? For many, the answer to each of the above is no, so an encrypted messaging app provides sufficient security in and of itself. And even if your answer is yes, that’s no reason to give up encryption and secure messaging: they just need to be one layer of your defenses.

As further tips, the researchers recommend that the above vulnerable user groups take several technical steps (more on those below) but, most importantly, not to carry their phones in places where they could be physically seized or forcibly unlocked. They suggest getting a second phone for such dangerous places, and keeping the main device with a person they can trust.

General tips on secure messaging

The biggest secrets are best delivered face-to-face. No method of digital communication is completely secure. Therefore, the riskiest information – especially if posing a threat to health or even life – should be discussed in person, not in a chat.

Don’t make decisions blindly. Users make conscious efforts to protect their privacy, but they often rely on popular opinion about security – not verified sources. Few read documents that accompany messaging apps: terms of use, or transparency and government data sharing reports. Research carefully what your messaging service actually stores and where, and with whom it shares data and has shared in the past. That information can be found in transparency reports and in the press.

Carefully review the app settings. Make sense of each setting and turn on all the securest options. Bear in mind that parts of the privacy settings may be spread across the phone’s general settings (especially true for iMessage in iOS, and Messages by Google in Android) or sections of the app settings (typical of Telegram).

Avoid hybrid modes. Several messaging apps support both encrypted and unencrypted messaging. In iMessage and Messages by Google, you can send open texts and encrypted messages in the same chat; however, this is a bad idea since these message types are always confused. Both Messenger and Telegram have separate encrypted and unencrypted chats, with the unencrypted mode used by default. The paper recommends using messaging apps based on full encryption: Signal or WhatsApp.

The more features – the higher the risk. Extra features, such as stories, bots or links to social networking services, provide extra surveillance and data-leak channels. It’s best to turn off these kinds of features or avoid using the app altogether.

Disable link previews, geolocation sharing, and GIFs. These features do come in handy sometimes, but they can be used to track you down by various parties, including linked websites. Another potential leak channel is finding and sharing GIFs in chats.

Messaging apps that work without a phone number are helpful. These include, to a certain extent, Telegram, Messenger and iMessage, although it does take some effort to configure each of them to use your internal username or e-mail as your identifier when chatting. According to the report, WhatsApp and Signal are planning to add a feature like this too.

Use disappearing messages. The most squeamish among us can enable chats to be deleted automatically after a short period of time, such as one minute. Unfortunately, not every messaging app has options like these, and in some of them, the shortest visibility period is 24 hours. Disappearing messages do little to protect you from screenshots or other ways that chats can be saved. Auto-deleting messages is helpful if you expect that strangers will be poking around in your phone shortly.

Encrypt chat backups. Default cloud backups are a frequent leak channel, so it’s imperative that they’re encrypted (something that needs to be enabled manually in both WhatsApp and iMessage), saved locally (for example, on an SD card if using an Android phone), or turned off altogether. Any local backups should be encrypted as well.

Compare encryption keys with the people you chat with. This procedure is called Сontact Key Verification (in iMessage), Safety Numbers (in Signal), Security Code (in WhatsApp), and Encryption key (in Telegram), and it helps make sure that you’re chatting with the right person – using the right device. Encryption keys can be verified for each chat by comparing codes or meeting face-to-face.

Protect yourself against account hijacking by turning on two-factor authentication. This feature comes under a variety of names, such as Two-Step Verification, Registration PIN, or something else, but the essence remains the same: logging in to the same account on a new device requires an extra verification step.

Train the people you chat with. This is critical for groups that chat about sensitive subjects. This requires that the members all share and observe the following ethics and security rules:

  • No forwarding of confidential information
  • No screenshots or other copies of the information in the chat
  • Supporting a culture of privacy within the community
  • Using the app settings wisely
  • Disabling potentially risky chat features

What’s the securest messaging app?

Signal is the clear leader in the study, but the requirement to expose your phone number makes the situation somewhat complicated. The table below contains a comparison of the key messaging-app security features, with the safest option in each row highlighted in green.

Apple iMessage Meta (FB) Messenger* Google Messages Signal Telegram WhatsApp
End-to-end encryption in one-to-one chats In certain cases* Special type of chat In certain cases* Always Secret chats only Always
End-to-end encryption in group chats In certain cases* Special type of group In certain cases* Always Never Always
Verified encryption protocol No Yes Yes Yes No Yes
Encrypted backups Yes, optional No backups No Yes, on by default No backups Yes, optional
Manual comparison of encryption keys Yes Yes No Yes Yes Yes
Phone number-free registration Yes Yes (complicated) No No No No
Hiding phone number from contacts Yes Yes No No Yes No
Links with other services or accounts in these Yes Yes No No No Yes
Hiding metadata** Partial Partial Partial Yes Partial Partial
Storing metadata** Yes Yes Yes No Yes Yes
Self-destructing messages No Five seconds or longer No One second or longer One second or longer 24 hours or longer and one-time viewing
Disabling link previews No No No Yes Secret chats only No
Blocking screenshots No No No Yes Secret chats only No
Screenshot alert No Yes No No No No
* Available as long as all parties are using the same platform (iOS or Android) and the appropriate app settings.
** Confidentiality settings to avoid showing to other users the following metadata partially or in full: the user’s photo, the user’s other contacts, chat and group memberships, IP address, and chat times.
The table is based on the data of the report What Is Secure?


#encrypted #messaging #apps #properly #chats #confidential

Oleh Diposting pada

Antivirus software, or commonly referred to as antivirus software, is/is designed to prevent, detect and act against malicious programs/malware (computer viruses, keyloggers, backdoors, trojans, adware, spyware) software to disarm or eliminate. ,and many more).

For effective protection, AntiVirus must always work behind the scenes and stay up-to-date in order to be able to detect the latest versions of malware.

Malicious programs, such as computer viruses, are freely designed interfering programs. Cause interference, such as: recording, changing, deleting slot depo pulsa data. The program replicates itself by spreading to other computers and over the Internet.

Antivirus programs are the most fundamental part of a multi-layered security strategy, even for the most advanced computer users. Continued attacks on browsers, plug-ins and even operating systems make antivirus protection very important.

antivirus

How antivirus software works and works on our computer

Access Scan

Antivirus software runs in the background of your computer and scans every open file. This is called on-access scanning, background scanning, administrative scanning, real-time protection, etc., depending on the antivirus program you use. When an .EXE file opens, it may appear as though the program will start immediately, but this is not the case. Antivirus software first scans the program and compares it to affected viruses, worms, and other types of malware.

Antivirus software also performs “heuristic” checks, checking programs for the types of bad behavior that might indicate a new virus. Antivirus programs also look for other types of files that may contain viruses. For example a ZIP file. Archives may contain compressed viruses or Word documents that contain malicious macros. Files are scanned each time they are used – for example, if you download an EXE file, it will be scanned immediately before you open it.

It is possible to use an antivirus program without access scanning, but this is not a good idea – viruses that exploit vulnerabilities in the program will not be caught by the scanner. Once the virus has infected the system, it is very difficult to remove. (It’s also hard to tell if the malware was actually removed.)

Full System Scan

Slot gacor deposit pulsa Due to on-access scanning, it is usually not necessary to run a full system scan. If you download a virus to your computer, your antivirus software will spot it immediately—you don’t need to run a manual scan first.

A full system scan is especially useful if you just installed an antivirus application. This helps ensure that there are no viruses on the computer. Most antivirus programs schedule a full system scan, usually once a week. This ensures that your system is scanned for active viruses with the latest virus definition files.

A full system scan is also helpful when repairing your computer. If you want to repair an infected computer, plug the hard drive into another computer and run a full system scan.

Virus Definition

Antivirus software relies on virus definitions (updates) to detect malware. Therefore, it automatically downloads the latest updates, once a day or more frequently. Definition files contain lists of viruses and other malware found on the Internet. If the antivirus software scans the file and finds that the file matches an available definition, the file is part of malware and the file is quarantined, or the antivirus software can automatically delete the file or keep it if the user believes it is A false alarm at its location. .

Antivirus companies should constantly update the latest definitions of malware to ensure malware is caught by their programs. Antivirus labs use a variety of tools to eliminate viruses and release updates in a timely manner to keep users safe from new malware.