Oleh Diposting pada

Apple’s App Store is considered a reliable platform for downloading apps. So much so, in fact, that users often assume there’s no danger at all: what could possibly be wrong with an app that’s been moderated by Apple? App Store verification is indeed effective, and news about malicious or phishing apps on the platform is uncommon.

All the same, malware creators do occasionally sneak under the App Store’s radar. This post examines three fraudulent apps we’ve found in the official Apple store, and what precautions you can take to avoid a financial hit.

Scam apps in the App Store

The three we’ve found all share a common theme: investment. If the descriptions are to be believed, two are for tracking the current value of cryptocurrency assets. The third seems to be some kind of investment game, which, I quote, “plunges you into the world of financial decisions, making you feel like a real office worker. You will have to make complex financial decisions that will affect your character’s mood and the state of their wallet”.

Scam apps in the App Store

Scam apps we’ve found in the App Store

When the user opens any of these apps almost anywhere in the world, the program, having checked the location by IP address, shows what was promised in the description: either a simple app for tracking cryptocurrencies, or a mini-game with multiple-choice questions.

But if the user is in Russia, however, the app downloads far less innocuous phishing content. First, the victim is promised a decent income of at least $1000 a month. What’s more, you can start investing supposedly with small amounts — “from $110” — and expect your first profit “in just a few days”; access to the platform is, of course, free.

The promises of fabulous riches are followed by a rather long and detailed questionnaire. The scammers’ aim here is to get you to “invest” a certain amount of time and effort in the process; this is so that, come the key stage of the scam, the victim will be reluctant to give up that investment.

The culmination is a form asking for your first name, surname, and phone number so that “an investment platform specialist can be in touch”. Once the contact information is sent, the phishers promise to call you shortly.

And they’re true to their word. According to user reviews in the App Store, during the phone call with the “specialist”, the hapless user is persuaded to “invest” a certain amount in a highly dubious financial project. The outcome isn’t hard to predict: the fantastic payback never materializes, and the victim’s investment disappears.

Although user reviews of all three malicious apps warn about fraud, only when we reported them did the App Store moderators sit up and take notice. At the time of posting, all three apps have been removed from the App Store.

But how did they even get there in the first place? We can’t give a definite answer, of course — only Apple itself can do so after a thorough investigation. We can only assume that when the apps were being moderated, they only displayed harmless content since they were designed to download the phishing questionnaire from the internet as a regular HTML page. And then, after the apps had been approved and placed in Apple’s official store, the scammers modified the uploaded content.

How to stay safe

The iOS architecture is built to keep user apps as isolated as possible from the rest of a device’s system and also user data. Because of this, there’s no way to create a “classic” antivirus for iOS: it simply won’t have the necessary access to other programs and data running in the system. Apple works on the assumption that App Store moderation protects against malicious apps such as these. But, as we now see, its safeguards can be bypassed by substituting uploaded content with phishing once the app is approved. And because the App Store currently hosts around two million apps, the moderators simply don’t have time to respond quickly to user complaints.

Therefore, the next line of defense becomes all-important. Kaspersky: VPN & Antivirus for iOS with Plus and Premium subscriptions analyzes traffic and promptly detects attempts to open phishing sites on your device. Dangerous pages get blocked straight away and a warning is displayed.

How Kaspersky: VPN & Antivirus for iOS protects against scam apps

Here’s how Kaspersky: VPN & Antivirus for iOS responds to an attempt by a scam app in the App Store to download phishing content

And although all the scam apps we found this time around singled out users in Russia, the same technologies could just as well be used to target any audience in any country in the world — the only question is when. So, as you can see, iOS needs protection just as much as Android.


#Beware #scammers #Dangerous #apps #App #Store

Oleh Diposting pada

Short links are everywhere these days. All these bit.ly, ow.ly, t.co, t.me, tinyurl.com and the like have long since become a familiar part of the online landscape. So familiar, in fact, that most users click on them without thinking twice. But thinking is never a bad thing. With that in mind, we explain below how short links work and what privacy and security threats they can pose.

What happens when you click on a short link?

When you click on a short link, you almost go straight to the intended destination, which is the address specified by the user who created the link. Almost, but not quite: the actual route takes a quick detour via the URL shortener service.

The more efficient the service, the quicker this takes, and the smoother the transition to the end stop. Of course, the delay feels insignificant only to a person — we humans are rather slow. But for an electronic system, it’s more than long enough to get up to all kinds of activity, which we’ll discuss below.

Why short links? The main reason is one of space: making a long link shorter means it takes up less of the screen (think mobile devices) and doesn’t eat up the character limit (think social media posts). Alas, that’s not all there is to it. The creators of short links may be pursuing their own goals, not necessarily driven by concern for users. Let’s talk about them.

Short links and user tracking

Have you ever wondered why many internet links are so long and unsightly? It’s usually because links encode all kinds of parameters for tracking click-throughs, so-called UTM tags.

Usually, these tags are deployed to determine where the user clicked on the link, and thus to evaluate the effectiveness of ad campaigns, placement on blogger pages, and so on. This is not done in the name of user convenience, of course, but for digital marketing.

In most cases, this is a fairly harmless form of tracking that doesn’t necessarily collect data from link clickers: often marketers are just interested in the source of traffic. But since this additional “packaging” doesn’t look very aesthetic, and often makes the URL insanely long, shortener services are often brought into play.

What’s more unpleasant from a privacy point of view is that URL shorteners don’t limit themselves to redirecting users to the destination address. They also tend to harvest a host of statistics about the link clickers — so your data ends up in the hands not only of the creator of the short link through embedded UTM tags, but also of the owners of the URL shortener. Of course, this is the internet, and everyone collects some kind of statistics, but using a short link introduces another intermediary that holds data on you.

Disguised malicious links

Besides violating your privacy, short links can threaten the security of your devices and data. As we never tire of repeating: always carefully check links before clicking on them. But with short links, a problem arises: you never know for sure where it is you’ll be taken.

If cybercriminals use short links, the advice to check them becomes meaningless: you can only find out where a link points after clicking. And by then it may be too late — if the attackers exploit a zero-click vulnerability in the browser, the infection can occur as soon as you land on the malicious site.

Short links and dynamic redirects

Cybercriminals can also use link-shortening tools to change the target address as the need arises. Suppose that some attackers bought a database of millions of email addresses and used it to send out phishing messages with some kind of link. But here’s the problem (for the attackers): the phishing site they created was quickly discovered and blocked. Rehosting it at a different address is not an issue, but then they would have to resend all the phishing mailshots.

The solution (again, for the attackers) is to use a “shimming” service, which makes it possible to quickly change the URL users will visit. And the role of “shims” here can be played by URL shorteners, including ones originally created with dubious intentions in mind.

With this approach, a link to the shimming service is added to the phishing email, which redirects victims to the phishers’ site at their currently active address. Often, multiple redirects are used to further muddy the trail. And if the destination phishing site gets blocked, the cybercriminals simply host it at a new address, change the link in the shim, and the attack continues.

Man-in-the-middle attacks

Some link-shortening tools, such as Sniply, offer users more than just shorter links. They allow tracking the actions of link clickers on the actual destination site, which is effectively a man-in-the-middle attack: traffic passes through an intermediate service node that monitors all data exchanged between the user and the destination site. Thus, the URL shortener can intercept anything it wants: entered credentials, social network messages, and so on.

Personal spying

In most cases, short links intended for mass use are placed in social network posts or on web pages. But additional risks arise if one was sent to you personally — in a messenger or an email to your personal or work address. Using such links, an attacker who already has some information about you can redirect you to a phishing site where your personal data is pre-filled. For example, to a copy of a banking site with a valid username and a request to enter your password, or to the “payment gateway” of some service with your bank card number pre-filled, asking you to enter a security code.

What’s more, such links can be used for doxing and other types of tracking, especially if the URL shortener service offers advanced functionality. For instance, our recent post about protecting privacy in Twitch looked in detail at ways to de-anonymize streamers and how to counter them.

How to stay protected

What to do about it? We could advise never to click on short links, but, in the vast majority of cases, URL shorteners are used for legitimate purposes, and short links have become so common that total avoidance isn’t really an option. That said, we do recommend that you pay special attention to short links sent to you in direct messages and emails. You can inspect such links before clicking by copying and pasting them into a tool for checking short links, such as GetLinkInfo or UnshortenIt.

However, there is a simpler method: a high-quality security solution with an integrated approach that takes care of security and privacy at the same time. For example, our Kaspersky Premium has a Private Browsing component that blocks most known online trackers and thus prevents your online activities from being monitored.

Our products also offer protection against online fraud and phishing, so rest assured that Kaspersky Premium will warn you in good time before landing on a dangerous site — even if the link was shortened. And, of course, the antivirus will guard against any attempts to infect your devices — including ones exploiting as-yet-unknown vulnerabilities.


#Privacy #security #threats #short #links

Oleh Diposting pada

Whether or not you’re much into online banking, protecting yourself from bank fraud is a must. 

Online banking is well on its way to becoming a cornerstone of the banking experience overall. More and more transactions occur over the internet rather than at a teller’s window, and nearly every account has a username, password, and PIN linked with it. And whether you use your online banking credentials often or not, hackers and scammers still want to get their hands on them. 

The fact is, online banking is growing and is here to stay. No longer a novelty, online banking is an expectation. Today, 78% of adults in the U.S. prefer to bank online. Meanwhile, only 29% prefer to bank in person. Further projections estimate that more than 3.5 billion people worldwide will bank online, driven in large part by online-only banks. 

There’s no doubt about it. We live in a world where banking, shopping, and payments revolve around a username and password. That’s quite a bit to take in, particularly if your first experiences with banking involved walking into a branch, getting a paper passbook, and maybe even a free toaster for opening an account. 

So, how do you protect yourself? Whether you use online banking regularly or sparingly, you can protect yourself from being the victim of fraud by following a few straightforward steps. 

Here’s how you can protect yourself from online banking fraud 

Use a strong password—and a password manager to keep them straight 

Start here. Passwords are your first line of defense. However, one thing that can be a headache is the number of passwords we have to juggle—a number that seems like it’s growing every day. Look around online and you’ll see multiple studies and articles stating that the average person has upwards of 80 to manage. Even if you have only a small percentage of those, strongly consider using a password manager. A good choice will generate strong, unique passwords for each of your accounts and store them securely for you. 

In general, avoid simple passwords that people can guess or easily glean from other sources (like your birthday, your child’s birthday, the name of your pet, and so on). Additionally, make them unique from account to account. That’s can save you major headaches if one account gets compromised and a hacker tries to use the same password on another account.  

If you want to set up your own passwords, check out this article on how you can make them strong and unique. 

Use two-factor authentication to protect your accounts 

What exactly is two-factor authentication? It’s an extra layer of defense for your accounts. In practice, it means that in addition to providing a password, you also receive a special one-time-use code to access your account. That code might be sent to you via email or to your phone by text. In some cases, you can also receive that code by a call to your phone. Basically, two-factor authentication combines two things: something you know, like your password; and something you have, like your smartphone. Together, that makes it tougher for scammers to hack into your accounts. 

Two-factor authentication is practically a standard, so much so that you already might be using it right now when you bank or use certain accounts. If not, you can see if your bank offers it as an option in your settings the next time you log in. Or, you can contact your bank for help to get it set up. 

Avoid phishing attacks: Look at your email inbox with a skeptical eye 

Phishing is a popular way for crooks to steal personal information by way of email, where a crook will look to phish (“fish”) personal and financial information out of you. No two phishing emails look alike. They can range from a request from a stranger posing as a lawyer who wants you to help with a bank transfer—to an announcement about (phony) lottery winnings. “Just send us your bank information and we’ll send your prize to you!” Those are a couple of classics. However, phishing emails have become much more sophisticated in recent years. Now, slicker hackers will pose as banks, online stores, and credit card companies, often using well-designed emails that look almost the same as the genuine article. 

Of course, those emails are fakes. The links they embed in those emails lead you to them, so they can steal your personal info or redirect a payment their way. One telltale sign of a phishing email is if the sender used an address that slightly alters the brand name or adds to it by tacking extra language at the end of it. If you get one of these emails, don’t click any of the links. Contact the institute in question using a phone number or address posted on their official website. This is a good guideline in general. The best avenue of communication is the one you’ve used and trusted before. 

Be skeptical about calls as well. Fraudsters use the phone too. 

It might seem a little traditional, yet criminals still like to use the phone. In fact, they rely on the fact that many still see the phone as a trusted line of communication. This is known as “vishing,” which is short for “voice phishing.” The aim is the same as it is with phishing. The fraudster is looking to lure you into a bogus financial transaction or attempting to steal information, whether that’s financial, personal, or both. They might call you directly, posing as your bank or even as tech support from a well-known company, or they might send you a text or email that directs you to call their number. 

For example, a crook might call and introduce themselves as being part of your bank or credit card company with a line like “there are questions about your account” or something similar. In these cases, politely hang up. Next, call your bank or credit card company to follow up on your own. If the initial call was legitimate, you’ll quickly find out and can handle the issue properly. If you get a call from a scammer, they can be very persuasive. Remember, though. You’re in charge. You can absolutely hang up and then follow up using a phone number you trust. 

Steer clear of financial transactions on public Wi-Fi in cafes, hotels, and libraries 

There’s a good reason not to use public Wi-Fi: it’s not private. They’re public networks, and that means they’re unsecure and shared by everyone who’s using it, which allows hackers to read any data passing along it like an open book. That includes your accounts and passwords if you’re doing any banking or shopping on it. The best advice here is to wait and handle those things at home if possible. (Or connect to public Wi-Fi with a VPN service, which we’ll cover below in a moment.)  

If not, you can always use your smartphone’s data connection to create a personal hotspot for your laptop, which will be far more secure. Another option is to use your smartphone alone. With a combination of your phone’s data connection and an app from your bank, you can take care of business that way instead of using public Wi-Fi. That said, be aware of your physical surroundings too. Make sure no one is looking over your shoulder! 

Protecting your banking and finances even further 

Some basic digital hygiene will go a long way toward protecting you even more—not only your banking and finances, but all the things you do online as well. The following quick list can help: 

  • Update your software – That includes the operating system of your computers, smartphones, and tablets, along with the apps that are on them. Many updates include security upgrades and fixes that make it tougher for hackers to launch an attack. 
  • Lock up – Your computers, smartphones, and tablets will have a way of locking them with a PIN, a password, your fingerprint, or your face. Take advantage of that protection, which is particularly important if your device is lost or stolen. 
  • Use security software – Protecting your devices with comprehensive online protection software will fend off the latest malware, spyware, and ransomware attacks, plus further protect your privacy and identity. 
  • Consider connecting with a VPN – also known as a “virtual private network,” a VPN helps you stay safer with bank-grade encryption and private browsing. It’s a particularly excellent option if you find yourself needing to use public Wi-Fi because a VPN effectively makes a public network private. 
  • Check your credit report and monitor your transactions – This is an important thing to do in today’s password- and digital-driven world. Doing so will uncover any inconsistencies or outright instances of fraud and put you on the path to setting them straight. Online protection software can help with this as well. It can keep an eye on your credit and your transactions all in one place, providing you notifications if anything changes. That same monitoring can extend to retirement, investment, and loan accounts as well. Check out our plans and see which options work best for you.

Introducing McAfee+

Identity theft protection and privacy for your digital life


#Online #BankingSimple #Steps #Protect #Bank #Fraud

Oleh Diposting pada

Authored by SangRyol Ryu, McAfee Threat Researcher

We live in a world where advertisements are everywhere, and it’s no surprise that users are becoming tired of them. By contrast, developers are driven by profit and seek to incorporate more advertisements into their apps. However, there exist certain apps that manage to generate profit without subjecting users to the annoyance of ads. Is this really good?  

Recently, McAfee’s Mobile Research Team discovered a concerning practice among some apps distributed through Google Play. These apps load ads while the device’s screen is off, which might initially seem convenient for users. However, it’s a clear violation of Google Play Developer policy on how ads should be displayed. This affects not only the advertisers who pay for invisible Ads, but also the users as it drains battery, consumes data and poses potential risks such as information leaks and disruption of user profiling caused by Clicker behavior. 

The team has identified 43 apps that collectively downloaded 2.5 million times. Among the targeted apps are TV/DMB Player, Music Downloader, News, and Calendar applications. McAfee is a member of the App Defense Alliance focused on protecting users by preventing threats from reaching their devices and improving app quality across the ecosystem. We reported the discovered apps to Google, which took prompt action. Most apps are no longer available on Google Play while others are updated by the developer. McAfee Mobile Security detects this threat as Android/Clicker. For more information, and to get fully protected, visit McAfee Mobile Security. 

Many affected apps

How does it work? 

This ad fraud library uses specific tactics to avoid detection and inspection. It deliberately delays the initiation of its fraudulent activities, creating a latent period from the time of installation. What’s more, all the intricate configurations of this library can be remotely modified and pushed using Firebase Storage or Messaging service. These factors significantly add to the complexity of identifying and analyzing this fraudulent behavior. Notably, the latent period typically spans several weeks, which makes it challenging to detect. 

Getting latent period by using Firebase Messaging Service 

It is important to be cautious about the implications of granting permissions, such as excluding ‘power saving’ and allowing ‘draw over other apps’. These permissions can enable certain activities to occur discreetly in the background, raising concerns about the intentions and behavior of the applications or libraries in question. Allowing these permissions can result in more malicious behavior, such as displaying phishing pages, also to displaying ads in the background. 

Asked permissions to run in the background and keep it hidden 

When the device screen is turned off after the latent period, the fetching and loading of ads starts, resulting in users being unaware of the presence of running advertisements on their devices. This ad library registers device information by accessing the unique domain (ex: mppado.oooocooo.com) linked with the application. Then go to Firebase Storage to get the specific advertisement URL and show the ads. It is important to note that this process consumes power and mobile data resources. 

Observed traffic when the screen off 

If users quickly turn on their screens at this point, they might catch a glimpse of the ad before it is automatically closed. 

Example of an advertising site displayed when the screen is off 

In conclusion, it is essential for users to exercise caution and carefully evaluate the necessity of granting permissions like power saving exclusion, or draw over other apps before allowing them. While these permissions might be required for certain legitimate functionalities for running in the background, it is important to consider the potential risks linked with them, such as enabling hidden behaviors or reducing the relevance of ads and contents displayed to users because the hidden Clicker behavior. By using McAfee Mobile Security products, users can further safeguard their devices and mitigate the risks linked with these kinds of malware, providing a safer and more secure experience. For more information, visit McAfee Mobile Security

 

Indicators of Compromise (IoC’s)

Domains:

best.7080music.com 

m.gooogoole.com 

barocom.mgooogl.com 

newcom.mgooogl.com 

easydmb.mgooogl.com 

freekr.mgooogl.com 

fivedmb.mgooogl.com 

krlive.mgooogl.com 

sixdmb.mgooogl.com 

onairshop.mgooogle.com 

livedmb.mgooogle.com 

krbaro.mgooogle.com 

onairlive.mgooogle.com 

krdmb.mgooogle.com 

onairbest.ocooooo.com 

dmbtv.ocooooo.com 

ringtones.ocooooo.com 

onairmedia.ocooooo.com 

onairnine.ocooooo.com 

liveplay.oocooooo.com 

liveplus.oocooooo.com 

liveonair.oocooooo.com 

eightonair.oocooooo.com 

krmedia.oocooooo.com 

kronair.oocooooo.com 

newkrbada.ooooccoo.com 

trot.ooooccoo.com 

thememusic.ooooccoo.com 

trot.ooooccoo.com 

goodkrsea.ooooccoo.com 

krlive.ooooccoo.com 

news.ooooccoo.com 

bestpado.ooooccoo.com 

krtv.oooocooo.com 

onairbaro.oooocooo.com 

barolive.oooocooo.com 

mppado.oooocooo.com 

dmblive.oooocooo.com 

baromedia.oooocooo.com 

musicbada.oouooo.com 

barolive.oouooo.com 

sea.oouooo.com 

blackmusic.oouooo.com 

Android Packages 

Package Name  Application Name  SHA256  Google Play Downloads 
band.kr.com  DMB TV  f3e5aebdbd5cd94606211b04684730656e0eeb1d08f4457062e25e7f05d1c2d1  10,000+ 
com.dmb.media  DMB TV  6aaaa6f579f6a1904dcf38315607d6a5a2ca15cc78920743cf85cc4b0b892050  100,000+ 
dmb.onair.media  DMB TV  a98c5170da2fdee71b699ee145bfe4bdcb586b623bbb364a93bb8bdf8dbc4537  10,000+ 
easy.kr  DMB TV  5ec8244b2b1f516fd96b0574dc044dd40076ff7aa7dadb02dfefbd92fc3774bf  100,000+ 
kr.dmb.onair  DMB TV  e81c0fef52065864ee5021e1d4c7c78d6a407579e1d48fc4cf5551ff0540fdb8  5,000+ 
livedmb.kr  DMB TV  33e5606983526757fef2f6c1da26474f4f9bf34e966d3c204772de45f42a6107  50,000+ 
stream.kr.com  DMB TV  a13e26bce41f601a9fafdec8003c5fd14908856afbab63706b133318bc61b769  100+ 
com.breakingnews.player  뉴스 속보  d27b8e07b7d79086af2fa805ef8d77ee51d86a02d81f2b8236febb92cb9b242d  10,000+ 
jowonsoft.android.calendar  달력  46757b1f785f2b3cec2906a97597b7db4bfba168086b60dd6d58d5a8aef9e874  10,000+ 
com.music.free.bada  뮤직다운  a3fe9f9b531ab6fe79ed886909f9520a0d0ae98cf11a98f061dc179800aa5931  100,000+ 
com.musicdown  뮤직다운  5f8eb3f86fc608f9de495ff0e65b866a78c25a9260da04ebca461784f039ba16  5,000+ 
new.kr.com  뮤직다운  397373c39352ef63786fe70923a58d26cdf9b23fa662f3133ebcbc0c5b837b66  100,000+ 
baro.com  바로TV  3b4302d00e21cbf691ddb20b55b045712bad7fa71eb570dd8d3d41b8d16ce919  10,000+ 
baro.live.tv  바로TV  760aa1a6c0d1e8e4e2d3258e197ce704994b24e8edfd48ef7558454893796ebe  50,000+ 
baro.onair.media  바로TV  b83a346e18ca20ac5165bc1ce1c8807e89d05abc6a1df0adc3f1f0ad4bb5cd0c  10,000+ 
kr.baro.dmb  바로TV  84a4426b1f8ea2ddb66f12ef383a0762a011d98ff96c27a0122558babdaf0765  100,000+ 
kr.live  바로TV  cccfdf95f74add21da546a03c8ec06c7832ba11091c6d491b0aadaf0e2e57bcc  1,000+ 
newlive.com  바로TV  c76af429fabcfd73066302eeb9dd1235fd181583e6ee9ee9015952e20b4f65bf  50,000+ 
onair.baro.media  바로TV  6c61059da2ae3a8d130c50295370baad13866d7e5dc847f620ad171cc01a39e9  10,000+ 
freemusic.ringtone.player  벨소리 무료다운  75c74e204d5695c75209b74b10b3469babec1f7ef84c7a7facb5b5e91be0ae3e  100,000+ 
com.app.allplayer  실시간 TV  8d881890cfa071f49301cfe9add6442d633c01935811b6caced813de5c6c6534  50,000+ 
com.onair.shop  실시간 TV  1501dd8267240b0db0ba00e7bde647733230383d6b67678fc6f0c7f3962bd0d3  50,000+ 
eight.krdmb.onair  실시간 TV  bbd6ddbfee7482fe3fe8b5d96f3be85e09352711a36cd8cf88cfdeaf6ff90c79  10,000+ 
free.kr  실시간 TV  5f864aa88de07a10045849a7906f616d079eef94cd463e40036760f712361f79  10,000+ 
kr.dmb.nine  실시간 TV  ea49ad38dd7500a6ac12613afe705eb1a4bcab5bcd77ef24f2b9a480a34e4f46  100,000+ 
kr.live.com  실시간 TV  f09cff8a05a92ddf388e56ecd66644bf88d826c5b2a4419f371721429c1359a7  10,000+ 
kr.live.onair  실시간 TV  e8d2068d086d376f1b78d9e510a873ba1abd59703c2267224aa58d3fca2cacbd  100,000+ 
kr.live.tv  실시간 TV  1b64283e5d7e91cae91643a7dcdde74a188ea8bde1cf745159aac76a3417346e  50,000+ 
kr.media.onair  실시간 TV  bd0ac9b7717f710e74088df480bde629e54289a61fc23bee60fd0ea560d39952  100,000+ 
kr.onair.media  실시간 TV  d7dd4766043d4f7f640c7c3fabd08b1a7ccbb93eba88cf766a0de008a569ae4d  1,000+ 
live.kr.onair  실시간 TV  b84b22bc0146f48982105945bbab233fc21306f0f95503a1f2f578c1149d7e46  10,000+ 
live.play.com  실시간 TV  516032d21edc2ef4fef389d999df76603538d1bbd9d357a995e3ce4f274a9922  50,000+ 
new.com  실시간 TV  5d07a113ce389e430bab70a5409f5d7ca261bcdb47e4d8047ae7f3507f044b08  50,000+ 
newlive.kr  실시간 TV  afc8c1c6f74abfadd8b0490b454eebd7f68c7706a748e4f67acb127ce9772cdb  100,000+ 
onair.best  실시간 TV  6234eadfe70231972a4c05ff91be016f7c8af1a8b080de0085de046954c9e8e7  50,000+ 
com.m.music.free  음악다운  ded860430c581628ea5ca81a2f0f0a485cf2eeb9feafe5c6859b9ecc54a964b2  500,000+ 
good.kr.com  음악다운  bede67693a6c9a51889f949a83ff601b1105c17c0ca5904906373750b3802e91  100,000+ 
new.music.com  음악다운  fee6cc8b606cf31e55d85a7f0bf7751e700156ce5f7376348e3357d3b4ec0957  1,000+ 
play.com.apps  음악다운  b2c1caab0e09b4e99d5d5fd403c506d93497ddb2de3e32931237550dbdbe7f06  100,000+ 
com.alltrot.player  트로트 노래모음  469792f4b9e4320faf0746f09ebbcd8b7cd698a04eef12112d1db03b426ff70c  50,000+ 
com.trotmusic.player  트로트 노래모음  879014bc1e71d7d14265e57c46c2b26537a81020cc105a030f281b1cc43aeb77  5,000+ 
best.kr.com  파도 MP3  f2bbe087c3b4902a199710a022adf8b57fd927acac0895ab85cfd3e61c376ea5  100,000+ 
com.pado.music.mp3  파도 MP3  9c84c91f28eadd0a93ef055809ca3bceb10a283955c9403ef1a39373139d59f2  100,000+ 

 

 


#Invisible #Adware #Unveiling #Fraud #Targeting #Android #Users

Oleh Diposting pada

Authored by SangRyol Ryu  

We live in a world where advertisements are everywhere, and it’s no surprise that users are becoming tired of them. By contrast, developers are driven by profit and seek to incorporate more advertisements into their apps. However, there exist certain apps that manage to generate profit without subjecting users to the annoyance of ads. Is this really good?  

Recently, McAfee’s Mobile Research Team discovered a concerning practice among some apps distributed through Google Play. These apps load ads while the device’s screen is off, which might initially seem convenient for users. However, it’s a clear violation of Google Play Developer policy on how ads should be displayed. This affects not only the advertisers who pay for invisible Ads, but also the users as it drains battery, consumes data and poses potential risks such as information leaks and disruption of user profiling caused by Clicker behavior. 

The team has identified 43 apps that collectively downloaded 2.5 million times. Among the targeted apps are TV/DMB Player, Music Downloader, News, and Calendar applications. McAfee is a member of the App Defense Alliance focused on protecting users by preventing threats from reaching their devices and improving app quality across the ecosystem. We reported the discovered apps to Google, which took prompt action. Most apps are no longer available on Google Play while others are updated by the developer. McAfee Mobile Security detects this threat as Android/Clicker. For more information, and to get fully protected, visit McAfee Mobile Security. 

Many affected apps

How does it work? 

This ad fraud library uses specific tactics to avoid detection and inspection. It deliberately delays the initiation of its fraudulent activities, creating a latent period from the time of installation. What’s more, all the intricate configurations of this library can be remotely modified and pushed using Firebase Storage or Messaging service. These factors significantly add to the complexity of identifying and analyzing this fraudulent behavior. Notably, the latent period typically spans several weeks, which makes it challenging to detect. 

Getting latent period by using Firebase Messaging Service 

It is important to be cautious about the implications of granting permissions, such as excluding ‘power saving’ and allowing ‘draw over other apps’. These permissions can enable certain activities to occur discreetly in the background, raising concerns about the intentions and behavior of the applications or libraries in question. Allowing these permissions can result in more malicious behavior, such as displaying phishing pages, also to displaying ads in the background. 

Asked permissions to run in the background and keep it hidden 

When the device screen is turned off after the latent period, the fetching and loading of ads starts, resulting in users being unaware of the presence of running advertisements on their devices. This ad library registers device information by accessing the unique domain (ex: mppado.oooocooo.com) linked with the application. Then go to Firebase Storage to get the specific advertisement URL and show the ads. It is important to note that this process consumes power and mobile data resources. 

Observed traffic when the screen off 

If users quickly turn on their screens at this point, they might catch a glimpse of the ad before it is automatically closed. 

Example of an advertising site displayed when the screen is off 

In conclusion, it is essential for users to exercise caution and carefully evaluate the necessity of granting permissions like power saving exclusion, or draw over other apps before allowing them. While these permissions might be required for certain legitimate functionalities for running in the background, it is important to consider the potential risks linked with them, such as enabling hidden behaviors or reducing the relevance of ads and contents displayed to users because the hidden Clicker behavior. By using McAfee Mobile Security products, users can further safeguard their devices and mitigate the risks linked with these kinds of malware, providing a safer and more secure experience. For more information, visit McAfee Mobile Security

 

Indicators of Compromise (IoC’)

Domains:

best.7080music.com 

m.gooogoole.com 

barocom.mgooogl.com 

newcom.mgooogl.com 

easydmb.mgooogl.com 

freekr.mgooogl.com 

fivedmb.mgooogl.com 

krlive.mgooogl.com 

sixdmb.mgooogl.com 

onairshop.mgooogle.com 

livedmb.mgooogle.com 

krbaro.mgooogle.com 

onairlive.mgooogle.com 

krdmb.mgooogle.com 

onairbest.ocooooo.com 

dmbtv.ocooooo.com 

ringtones.ocooooo.com 

onairmedia.ocooooo.com 

onairnine.ocooooo.com 

liveplay.oocooooo.com 

liveplus.oocooooo.com 

liveonair.oocooooo.com 

eightonair.oocooooo.com 

krmedia.oocooooo.com 

kronair.oocooooo.com 

newkrbada.ooooccoo.com 

trot.ooooccoo.com 

thememusic.ooooccoo.com 

trot.ooooccoo.com 

goodkrsea.ooooccoo.com 

krlive.ooooccoo.com 

news.ooooccoo.com 

bestpado.ooooccoo.com 

krtv.oooocooo.com 

onairbaro.oooocooo.com 

barolive.oooocooo.com 

mppado.oooocooo.com 

dmblive.oooocooo.com 

baromedia.oooocooo.com 

musicbada.oouooo.com 

barolive.oouooo.com 

sea.oouooo.com 

blackmusic.oouooo.com 

Android Packages 

Package Name  Application Name  SHA256  Google Play Downloads 
band.kr.com  DMB TV  f3e5aebdbd5cd94606211b04684730656e0eeb1d08f4457062e25e7f05d1c2d1  10,000+ 
com.dmb.media  DMB TV  6aaaa6f579f6a1904dcf38315607d6a5a2ca15cc78920743cf85cc4b0b892050  100,000+ 
dmb.onair.media  DMB TV  a98c5170da2fdee71b699ee145bfe4bdcb586b623bbb364a93bb8bdf8dbc4537  10,000+ 
easy.kr  DMB TV  5ec8244b2b1f516fd96b0574dc044dd40076ff7aa7dadb02dfefbd92fc3774bf  100,000+ 
kr.dmb.onair  DMB TV  e81c0fef52065864ee5021e1d4c7c78d6a407579e1d48fc4cf5551ff0540fdb8  5,000+ 
livedmb.kr  DMB TV  33e5606983526757fef2f6c1da26474f4f9bf34e966d3c204772de45f42a6107  50,000+ 
stream.kr.com  DMB TV  a13e26bce41f601a9fafdec8003c5fd14908856afbab63706b133318bc61b769  100+ 
com.breakingnews.player  뉴스 속보  d27b8e07b7d79086af2fa805ef8d77ee51d86a02d81f2b8236febb92cb9b242d  10,000+ 
jowonsoft.android.calendar  달력  46757b1f785f2b3cec2906a97597b7db4bfba168086b60dd6d58d5a8aef9e874  10,000+ 
com.music.free.bada  뮤직다운  a3fe9f9b531ab6fe79ed886909f9520a0d0ae98cf11a98f061dc179800aa5931  100,000+ 
com.musicdown  뮤직다운  5f8eb3f86fc608f9de495ff0e65b866a78c25a9260da04ebca461784f039ba16  5,000+ 
new.kr.com  뮤직다운  397373c39352ef63786fe70923a58d26cdf9b23fa662f3133ebcbc0c5b837b66  100,000+ 
baro.com  바로TV  3b4302d00e21cbf691ddb20b55b045712bad7fa71eb570dd8d3d41b8d16ce919  10,000+ 
baro.live.tv  바로TV  760aa1a6c0d1e8e4e2d3258e197ce704994b24e8edfd48ef7558454893796ebe  50,000+ 
baro.onair.media  바로TV  b83a346e18ca20ac5165bc1ce1c8807e89d05abc6a1df0adc3f1f0ad4bb5cd0c  10,000+ 
kr.baro.dmb  바로TV  84a4426b1f8ea2ddb66f12ef383a0762a011d98ff96c27a0122558babdaf0765  100,000+ 
kr.live  바로TV  cccfdf95f74add21da546a03c8ec06c7832ba11091c6d491b0aadaf0e2e57bcc  1,000+ 
newlive.com  바로TV  c76af429fabcfd73066302eeb9dd1235fd181583e6ee9ee9015952e20b4f65bf  50,000+ 
onair.baro.media  바로TV  6c61059da2ae3a8d130c50295370baad13866d7e5dc847f620ad171cc01a39e9  10,000+ 
freemusic.ringtone.player  벨소리 무료다운  75c74e204d5695c75209b74b10b3469babec1f7ef84c7a7facb5b5e91be0ae3e  100,000+ 
com.app.allplayer  실시간 TV  8d881890cfa071f49301cfe9add6442d633c01935811b6caced813de5c6c6534  50,000+ 
com.onair.shop  실시간 TV  1501dd8267240b0db0ba00e7bde647733230383d6b67678fc6f0c7f3962bd0d3  50,000+ 
eight.krdmb.onair  실시간 TV  bbd6ddbfee7482fe3fe8b5d96f3be85e09352711a36cd8cf88cfdeaf6ff90c79  10,000+ 
free.kr  실시간 TV  5f864aa88de07a10045849a7906f616d079eef94cd463e40036760f712361f79  10,000+ 
kr.dmb.nine  실시간 TV  ea49ad38dd7500a6ac12613afe705eb1a4bcab5bcd77ef24f2b9a480a34e4f46  100,000+ 
kr.live.com  실시간 TV  f09cff8a05a92ddf388e56ecd66644bf88d826c5b2a4419f371721429c1359a7  10,000+ 
kr.live.onair  실시간 TV  e8d2068d086d376f1b78d9e510a873ba1abd59703c2267224aa58d3fca2cacbd  100,000+ 
kr.live.tv  실시간 TV  1b64283e5d7e91cae91643a7dcdde74a188ea8bde1cf745159aac76a3417346e  50,000+ 
kr.media.onair  실시간 TV  bd0ac9b7717f710e74088df480bde629e54289a61fc23bee60fd0ea560d39952  100,000+ 
kr.onair.media  실시간 TV  d7dd4766043d4f7f640c7c3fabd08b1a7ccbb93eba88cf766a0de008a569ae4d  1,000+ 
live.kr.onair  실시간 TV  b84b22bc0146f48982105945bbab233fc21306f0f95503a1f2f578c1149d7e46  10,000+ 
live.play.com  실시간 TV  516032d21edc2ef4fef389d999df76603538d1bbd9d357a995e3ce4f274a9922  50,000+ 
new.com  실시간 TV  5d07a113ce389e430bab70a5409f5d7ca261bcdb47e4d8047ae7f3507f044b08  50,000+ 
newlive.kr  실시간 TV  afc8c1c6f74abfadd8b0490b454eebd7f68c7706a748e4f67acb127ce9772cdb  100,000+ 
onair.best  실시간 TV  6234eadfe70231972a4c05ff91be016f7c8af1a8b080de0085de046954c9e8e7  50,000+ 
com.m.music.free  음악다운  ded860430c581628ea5ca81a2f0f0a485cf2eeb9feafe5c6859b9ecc54a964b2  100,500,000+ 
good.kr.com  음악다운  bede67693a6c9a51889f949a83ff601b1105c17c0ca5904906373750b3802e91  100,000+ 
new.music.com  음악다운  fee6cc8b606cf31e55d85a7f0bf7751e700156ce5f7376348e3357d3b4ec0957  1,000+ 
play.com.apps  음악다운  b2c1caab0e09b4e99d5d5fd403c506d93497ddb2de3e32931237550dbdbe7f06  100,000+ 
com.alltrot.player  트로트 노래모음  469792f4b9e4320faf0746f09ebbcd8b7cd698a04eef12112d1db03b426ff70c  50,000+ 
com.trotmusic.player  트로트 노래모음  879014bc1e71d7d14265e57c46c2b26537a81020cc105a030f281b1cc43aeb77  5,000+ 
best.kr.com  파도 MP3  f2bbe087c3b4902a199710a022adf8b57fd927acac0895ab85cfd3e61c376ea5  100,000+ 
com.pado.music.mp3  파도 MP3  9c84c91f28eadd0a93ef055809ca3bceb10a283955c9403ef1a39373139d59f2  100,000+ 

 

 


#Invisible #Adware #Unveiling #Fraud #Targeting #Korean #Android #Users

Oleh Diposting pada

He said: “Stop, comadre! I know what your identity is and I have announced you to the appropriate specialists.” A brand later, the problem was approached. Hendison detailed the problem to Google, and says it was only reimbursed by 50% of false snapshots. The greatest extortion grievances to SNAP against Google are that the organization is not the expected publicist that reimburses and is not doing what is needed to distinguish the horrible snapshots in any case. A claim in 2005 also blamed Google for hiding their extortion numbers to people in general, therefore, perhaps, growing efforts in the directure. In a section of February 28 in its Adwords blog, the organization explained that less than 10% of its advertising clicks were misleading and has a virus with, and that its location frame had been practically each of them before the promoters were charged.

Google states that the main 0.02 percent of its promotion clicks approved by the frame end up being misleading. It is the combination of paying promoters for that 0.02 percent and throwing almost 10% of the recognized terrible snapshots that costs the organization that revealed $ 1 billion every year. Verifiable records represent several side effects during these and different outbreaks. These incorporate eruptions, diseases, light aversion, loose intestines and piracy. Expanded and unbearable bubos appears reliably in many records. This is a reason why Plague assumes the guilt of such innumerable pandemics. The possibility that the bubonic plague was behind these pandemics has become a part of the standard way of thinking: it is something that everyone knows. Be that as it may, some specialists feel a bit uncertain. Then, we will investigate the bacteria behind plague and why some researchers accept that it did not cause black death.

During the Great London plague, a designer in Eyam, Derbyshire received a shipment of insect swarm. In a short time, individuals began to get sick. Under the lawyer of the City Minister, the inhabitants of Eyam decided to disconnect. Subsequently, the disease did not spread beyond the city. Family with the Eyam plague in the Eyam Museum. In 1894, the specialists made a significant leap in the investigation of the plague. The BCC field in an email should be used carefully. Its average email program has some options to send a message to more than one individual at the same time. You can stack the “To” box with numerous beneficiaries and after impact. Or, on the other hand, you can put some (or one) in the “for” and CC place the rest. Or, more than probably BCC, some or all.

The BCC can be the most complicated, since it implies that not all people are conscious of similar data. In addition, it has the best bet for traps. In general, when CC and when BCC? To begin with, you must understand what CC and BCC mean. The CC field represents duplicate; The BCC field represents a blind duplicate. The duplicates were normal in the days before the network. At the time someone required a duplicate report of a report, they embedded a leaf of carbon paper between two paper bits. The carbon paper helped the ink or the guy to move from the upper to the base, and ready, had two duplicates of a similar desktop work. Working from home, which is filling the prevalence, allows representatives to stay away from long trips. It’s 8 a.m. Monday morning. It is time to do a line of work for the workplace.

You arrive, clean your teeth and scales your direction to the kitchen to snatch some express coffee. Minutes after the fact, you go to the workplace, actually wearing your nightgown and fleece shoes. Fortunately for you, you don’t have much to go, you work at home. Working from home, or working at home, has filled fame during recent years. The USA, in fact. Working workers at home delight in making their own schedule, allowing them to plan the work around family gokuslot and individual responsibilities. With the prepared accessibility of innovation devices, similar to the Internet and home PCs, organizations are more ready to allow representatives to telework. How has the avalanche of workers at home supported innovation? How would you persuade your supervisor to allow you to telework? In addition, apart from decreasing management times, what are a part of different driving advantages?