FixMeStick’s Sunday Scaries (June 2020)

By Category: FixMeStick Blog, Sunday ScariesTags:

Hey FixMeFans and StartMeStars! We’re back with the Sunday Scaries – our way of keeping you in the loop with the latest news on malware and scams that are hitting the internet. Updated every Sunday, we aim to keep you informed on the newest threats that you might encounter while on the web.

You can read up on May’s edition here!

Here’s a summary of what’s been happening throughout June!

We’ve experienced a lot of threats throughout June! Here’s a summary of the biggest threats to your cybersecurity and what you can do to protect yourself.

More Scams Inspired by COVID-19 and Black Lives Matter

With every major event that surfaces, there seem to be scams that tag alongside it. Typically spread through email, these scams will have you open the files contained within the email in order to gain access to your computer.

We began noticing many COVID-19 related scams over the past few months. However, recently, more Black Lives Matter related scams are popping up. In these cases, reports indicate that individuals receive emails prompting them to fill out a survey, however once opened, the file spreads malware throughout the computer.

Trickbot and IcedID are two more prevalent examples of the malware that’s been popping up, and as with most malware, there are a few things you can do to protect yourself from the damages of the virus. 

  • For prevention, make sure you don’t download or open files from untrusted sources: Many viruses and scams are using current issues as a way of taking advantage of unsuspecting people – make sure that you don’t open any emails or files unless you know it’s from a legitimate source.
  • If you suspect that you have it, run a virus scan: Make sure you’re using an antivirus software, such as McAfee and run a FixMeStick scan to be sure the virus is removed. FixMeTip: FixMeStick customers get an exclusive deal on McAfee Total protection. If you’re not using an antivirus software, you’re at risk! Check out this limited time offer HERE.
  • Update your passwords: Many of these viruses are after your login information for various websites – so if you’ve been hacked, it’s best to update your passwords and make sure they’re safe and secure.

Contact-Tracing Apps Pose a Risk to Your Security

As many countries have started making use of the COVID-19 contact-tracing apps, it seems as though hackers have taken note and begun programming their own fake apps in order to infect victims’ phones.

While all of the contact-tracing apps are monitored by the government, hackers have been creating their own replications, which don’t actually track the spread of the virus but instead spread malware throughout the phones of its victims.

This type of malware seems to only be prevalent on Android phones, as Android users are able to download unregulated apps that haven’t yet been verified from the Android app store.

Once installed, the malware moves to encrypt the victim’s files, then prompts the victim to pay a sum of money in order to regain access.

If you suspect an app on your Android could be malicious, check out these tips:

  • Pay attention to the permissions that are being requested the first time you launch an app. If the app begins leading you to other unfamiliar sources and enabling accessibility features, you should stop immediately.
  • Check the reviews of an app before downloading it. The reviews will often reveal more than just customer satisfaction and can let you know if the app leads to any malicious activity.
  • If you suspect that something is up, uninstall the app.

21 June 2020 Update

IcedID Banking Trojan Uses COVID-19 Themed Email to Steal Financial Information

The IcedID Banking Trojan seems to have resurfaced, and it’s using COVID-19 themed emails in order to spread the virus onto its victim’s computers.

The email typically uses COVID-19 and the Family and Medical Leave Act as its main subject, and includes various related keywords in both the subject and email line.

The malicious emails contain attachments, which when opened, trigger the virus to download itself onto the computer, effectively stealing the victim’s financial information. In the latest attacks, reports indicate that the trojan has been stealing credit card details from sites such as Amazon, Ebay, and Wells Fargo.

Wells Fargo Phishing Scam Uses Calendar Invites to Lure Victims

Recently Wells Fargo customers have been getting hit by phishing scams that use calendar invites to bring victims to phishing pages. Over 15,000 customers have found themselves targeted so far.

The emails contain a notice indicating that the targets have to update their security keys using instructions included within a calendar attachment or else their accounts will be suspended. It then leads to a fake phishing page for Wells Fargo, where users are prompted to enter sensitive information such as their username, password, PIN, and account numbers.

You can read more on the phishing scam here.

14 June 2020 Update

Fake “Black Lives Matter” Email Spreads Trickbot Malware

News of a fake voting campaign has come to light, this time hiding under the pretense of a “Black Lives Matter” poll to draw people in. Short and sweet, these emails simply prompt individuals to take part in an anonymous survey.

Unlike previous scams which capitalized on fear and panic (like the COVID-19 related scams), this scam simply asks individuals to fill out a form regarding their opinion on the current situation – however once the form is downloaded and its scripts are run, it begins to spread the Trickbot trojan, a virus designed to steal personal and financial information.

Fake COVID-19 Contact-Tracing Apps Infect Android Phones

Countries around the world are starting to introduce contact-tracing apps – which help monitor and reduce the spread of COVID-19. However, security researchers have found multiple cases of malicious Android apps posing as official government sources to distribute information-stealing malware onto devices.

In most cases, these apps are downloaded through other mobile apps, third-party stores, and other websites.

Since Android phones provide users the option of downloading applications that don’t appear within the official store, it increases the likelihood of accidentally downloading a malicious program.

Has Ransomware Encrypted Your Files? Make Sure to Double Check Your Recovery Tools

Dealing with ransomware is always tricky business, though over the years many security professionals have released free decryption tools to help decrypt the files that have been locked by the ransomware.

However, recently hackers have implemented a countermeasure to the countermeasure. A fake decryption tool is being used that actually further encrypts the files, forcing victims to pay double the ransom for their encrypted files.

One of the more popular instances of this fake decryption tool, Zorab, actually has a solution ready to fight it. Researchers have created a decrypter to counter the ransomware, which is available for download.

Though this is a great example of how the cybersecurity community is looking out for one another, there are many instances where you may find yourself in serious trouble when dealing with ransomware.

If you believe you’ve been infected, here are some steps you can take:

  • Disconnect your computer from other devices, external drives, and the internet: if you’re dealing with ransomware, you’ll want to contain the virus to one computer, making sure it doesn’t spread to different files.
  • Use a smartphone or tablet to take a picture of the ransomware screen for future reference: this will come in handy if you bring the computer to a technician or have to file a police report.
  • Run a FixMeStick scan to make sure there are no lingering threats: If you’re adamant about not paying the ransom, you can access your computer through Safe Mode to run your FixMeStick. Though running a scan won’t decrypt your files, it will at least make sure that the virus doesn’t further infect your computer.
  • Bring your computer to a technician: Decrypting your files is no easy task, so it’s in your best interest to bring your computer into a professional to see if there’s any way to save your files.

7 June 2020 Update

Millions of Android Users may be Infected with this Malicious App

Though phones tend to be safer when it comes to malware, it seems Androids have been dealing with their fair share of malicious apps lately.

Recently, the cases for Android malware has nearly doubled over the past year, as users have begun to download apps from outside of the safety of the Play Store. Reports show that the newest and most prevalent malicious app has taken the form of video app, Snaptube.

While Snaptube is not considered malware, it has been linked to defrauding users and generating adware on the device.

In these kinds of situations, it’s always a bit tricky to navigate through which apps are safe and which ones pose a threat to your security. If you suspect your Android has been infected with malware, check out these tips:

  • Check out the permissions that are being requested the first time you launch an app. If the app begins leading you to other unfamiliar sources and enabling accessibility features, you should stop immediately.
  • Check the reviews of an app before downloading it. The reviews will often reveal more than just customer satisfaction and can let you know if the app leads to any further malicious activity.
  • If you suspect that something is up, uninstall the app

Ransomware On the Rise

Microsoft has recently announced the rise of new ransomware, PonyFinal. Similar to other instances of ransomware, this particular virus is spread through the download of malicious files, which then upload the malware to the victim’s device.

We’ve seen instances of the ransomware appear over the past 2 months, largely in the US, India, and Iran. Like many other viruses, reports of PonyFinal have risen since the onset of COVID-19, and many reports indicate that the ransomware has been targeting healthcare industries as well.

If you believe you’ve been infected, here are some steps you can take!

  • Disconnect your computer from other devices, external drives, and the internet: if you’re dealing with ransomware, you’ll want to contain the virus to one computer, making sure it doesn’t spread to different files.
  • Use a smartphone or tablet to take a picture of the ransomware screen for future reference: this will come in handy if you bring the computer to a technician or have to file a police report.
  • Run a FixMeStick scan to make sure there are no lingering threats: If you’re adamant about not paying the ransom, you can access your computer through Safe Mode or the Boot Menu to run your FixMeStick. Though running your FixMeStick won’t decrypt your files, it will at least make sure that the virus doesn’t further infect your computer.
  • Bring your computer to a technician: Decrypting your files is no easy task, so it’s in your best interest to bring your computer into a professional to see if there’s any way to save your files.