FixMeStick’s Sunday Scaries (May 2020)

Hey FixMeFans and StartMeStars! We’re back with the Sunday Scaries – our way of keeping you in the loop with the latest news on malware and scams that are hitting the internet. Updated every Sunday, we aim to keep you informed on the newest threats that you might encounter while on the web.

Here’s a summary of what’s been happening during the month of May!

We’ve experienced a lot of threats throughout May! Here’s a summary of the biggest threats to your cybersecurity and what you can do to protect yourself.

Phishing Scams

We’ve noticed a huge rise in phishing scams since the onset of the pandemic. Typically, these scams take the form of emails, and will masquerade as the government, and medical and financial institutions to get access to your information. 

They will usually include malicious attachments which load malware onto your computer, or even prompt you to provide your financial information under the guise of receiving some form of financial compensation.

If you believe you’ve received some form of phishing scam, here are some tips to help you out: 

• For prevention, make sure you don’t download or open files from untrusted sources: Many viruses and scams are using COVID-19 as a way of taking advantage of unsuspecting people – make sure that you don’t open any emails or files unless you know it’s from a legitimate source.
• If you suspect that you have it, run a virus scan: Use your FixMeStick or an antivirus software such as McAfee to make sure the virus is removed.
• Update your passwords: Many of these viruses are after your login information for various websites – so if you’ve been hacked, it’s best to update your passwords and make sure they’re safe and secure.

Ransomware on the rise

Ransomware such as ProLock, Snake Ransomware, as well as Android viruses such as SLocker and Black Rose Lucy have been popping up a lot recently. These viruses are typically uploaded to the victim’s device through a malicious file, i.e.: an unverified app, or a malware infected document. After taking over the victim’s device, it effectively encrypts files and locks the device, even going as far as to infect other devices connected to the network. 

If you believe you’ve been infected, here are some steps you can take:

• Disconnect your computer from other devices, external drives, and the internet: if you’re dealing with ransomware, you’ll want to contain the virus to one computer, making sure it doesn’t spread to different files.
• Use a smartphone or tablet to take a picture of the ransomware screen for future reference: this will come in handy if you bring the computer to a technician or have to file a police report.
• Run an antivirus (such as FixMeStick) to make sure there are no lingering threats: If you’re adamant about not paying the ransom, you can access your computer through Safe Mode to run your FixMeStick. Though running a FixMeStick won’t decrypt your files, it will at least make sure that the virus doesn’t further infect your computer.
• Bring your computer to a technician: Decrypting your files is no easy task, so it’s in your best interest to bring your computer into a professional to see if there’s any way to save your files.

If you have an Android device and think you’ve been infected by ransomware, here are some tips for you as well:

• Check out the permissions that are being requested the first time you launch an app. If the app begins leading you to other unfamiliar sources and enabling accessibility features, you should stop immediately.
• Check the reviews of an app before downloading. The reviews will often reveal more than just customer satisfaction, and can let you know if the app leads to any further malicious activity.
• If you suspect that something is up, uninstall the app

Other Notable Scams and Malware

Sextortion Scam

We’ve also noticed many individuals receiving sextortion emails, indicating that their personal accounts have been hacked and that their computer has been infected with malware. The supposed hackers then ask the individual to pay a large sum, or else explicit videos will be sent to friends and family.

Like most email scams, your best bet is to ignore it. Most scammers are bluffing and are banking on people falling for their tactics. The best thing you can do in this situation is:

• Change your passwords: changing your passwords ensures that no hackers or scammers are able to access your accounts. If you need a way to manage your passwords, we always recommend Google Sync so your strong, unique passwords are easily saved across devices.
• Run a virus scan: use your FixMeStick or another antivirus program to make sure you don’t have any lingering malware.

Bots Infiltrating Food Delivery Apps

There have been more reports of malicious bots infiltrating food delivery services using methods such as account takeover and web scraping, effectively hacking into food delivery apps to gain access to personal data. 

While most of the issues are with the apps themselves, here are some ways you protect yourself: 

• Make sure your passwords are secure: having a secure password is the best way to protect against hackers. Here are some tips on ensuring that your password is safe!
• Don’t enter your credit card information unless you trust the application.

These are the biggest threats currently plaguing the digital world. If you’d like to find out more about previous threats, you can read more below!

24 May 2020 Update

Malware Using Fake Zoom Applications to Install Cryptominer

Recently, reports have indicated that several malicious programs have been disguising themselves as extensions and fake installations for the popular video call app, Zoom. The malicious app, Coinminer, would come bundled in with the application when downloaded on third party websites. 

Essentially, these viruses install a cryptominer onto your computer, effectively installing programs that eat up your computer’s data and power while mining cryptocurrency for the hackers.

While you may not notice at first, these cryptominers will slow down your computer and contribute more to lags and freezing.

As with most malware, the best way for prevention is to know exactly what to look out for:

•  Do not download applications from websites that you’re not familiar with: It’s always best to download applications from verified websites, as more often that not, other websites can provide downloads bogged down with malware.
• Check your browser extensions: Sometimes, viruses will have installed themselves without your knowledge. In this case, it’s always recommended to check your browser extensions to see if there are any suspicious downloads.
• If you suspect that you have it, run a virus scan: Use your FixMeStick or an antivirus software such as McAfee to make sure the virus is removed.

Microsoft Warns of Massive Phishing Scam

Microsoft has detailed news regarding an ongoing phishing scam which installs the NetSupport Manager remote administration tool onto the victim’s computer. This tool is apparently spread through the installation of malicious Excel attachments. 

Scammers will send individuals COVID-19 related emails, and in them include an excel attachment with relevant information. However, once opened, malicious macros will be executed to download and install the NetSupport Manager client from a remote site.While NetSupport Manager is a legit application, it is often used by hacking groups as a trojan, which can steal information and hijack your computer.

• For prevention, make sure you don’t download or open files from untrusted sources: Many viruses and scams are using COVID-19 as a way of taking advantage of unsuspecting people – make sure that you don’t open any emails or files unless you know it’s from a legitimate source.
• If you suspect that you have it, run a virus scan: Use your FixMeStick or an antivirus software such as McAfee to make sure the virus is removed
• Update your passwords: Many of these viruses are after your login information for various websites – so if you’ve been hacked, it’s best to update your passwords and make sure they’re safe and secure

ProLock Ransomware Revamps Previous Function to Gain Access to Networks

ProLock ransomware first emerged back in March 2020, and has since been getting enhancements to improve on its attacks. Recently, Prolock ransomware has merged with QakBot banking trojan for network intrusion, which means if the ransomware infects your system, it will attempt to infect any device connected to your network.

If you’re running into ransomware, here are some tips to help you out: 

• Disconnect your computer from other devices, external drives, and the internet: if you’re dealing with ransomware, you’ll want to contain the virus to one computer, making sure it doesn’t spread to different files
• Use a smartphone or tablet to take a picture of the ransomware screen for future reference: this will come in handy if you bring the computer to a technician or have to file a police report
• Run an antivirus (such as FixMeStick) to make sure there are no lingering threats: If you’re adamant about not paying the ransom, you can access your computer through Safe Mode to run your antivirus. Though running an antivirus won’t decrypt your files, it will at least make sure that the virus doesn’t further infect your computer
• Bring your computer to a technician: Decrypting your files is no easy task, so it’s in your best interest to bring your computer into a professional to see if there’s any way to save your files.

17 May 2020 Update

The Return of Zeus Sphinx Trojan

Zeus Sphinx, also known as Zloader or Terdot, first came into play back in 2015 in a wave of attacks against US banks. The malware has since disappeared from the scene, until now. Recently, reports indicate that the trojan has been coming back in a wave of attacks since the onset of the coronavirus pandemic. It seems as though the hackers are taking advantage of the recent wave of coronavirus hacks and scams, and implementing their own tactics. 

The malware is typically activated through downloading a malicious file, and from there it acts to grab credentials, such as banking details or account usernames and passwords for online services. There are few things you can do to protect yourself from this virus if you think you’ve encountered it!

• For prevention, make sure you don’t download or open files from untrusted sources: Many viruses and scams are using COVID-19 as a way of taking advantage of unsuspecting people – make sure that you don’t open any emails or files unless you know it’s from a legitimate source.
• If you suspect that you have it, run a virus scan: Use your FixMeStick or an antivirus software such as McAfee to make sure the virus is removed.
• Update your passwords: Many of these viruses are after your login information for various websites – so if you’ve been hacked, it’s best to update your passwords and make sure they’re safe and secure.
• Contact your financial institution: If you’ve fallen victim to malware and have had your financial accounts attacked, it’s best to contact your financial institution to inform them of the situation.

Recent Phishing Scam, LokiBot, linked to COVID-19 Emails

According to a series of tweets published by Microsoft Security Intelligence, a new phishing campaign is taking place, with the goal of infecting computers with LokiBot, an information-stealing Trojan. Once infected, LokiBot will steal saved login credentials from a variety of browsers, FTP, mail, and terminal programs, and then send them back to the attackers’ servers where they can be later retrieved.

Similar to other recent phishing attacks, this one uses COVID-19 inspired traps to lure people into downloading malicious files. Most of these emails ask individuals to provide banking information to issue potential refund payments. These emails also contain malicious ARJ attachments that have the ability to bypass antivirus software. 

Warnings of New Malware Used by North Korean Hackers

Recently, the U.S. Government has released information concerning three new strains of malware which they have linked to state-sponsored North Korean hackers.

The new malware strains are called COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH, and each have the capability of initiating remote access to your computer in order to steal vital personal information. Here’s a brief explanation of what each virus is capable of doing:

COPPERHEDGE, is a Remote Access Tool (RAT) capable of running arbitrary commands, performing system reconnaissance, and exfiltrating data. It’s being used by advanced threat actors to target cryptocurrency exchanges and related entities

TAINTEDSCRIBE works as a backdoor implant that masks itself as Microsoft’s Narrator screen reader utility to download malicious payloads from a command-and-control (C2) server, upload, and execute files, and even create and terminate processes.

PEBBLEDASH, like TAINTEDSCRIBE, is another trojan with capabilities to “download, upload, delete, and execute files; enable Windows CLI access; create and terminate processes; perform target system enumeration.”

Each strain of malware has been linked to the hacker group Lazarus, also known as Hidden Cobra by the US Government.  

10 May 2020 Update

Bots Infiltrating Food Delivery Apps

Since the onset of COVID-19, grocery delivery has skyrocketed in demand, but it has also opened a new avenue for exploitation. To help keep up with the demand, a variety of apps have been released to help individuals with the process, but these apps come with a risk. Recently, there have been more reports of malicious bots infiltrating food delivery services using methods such as account takeover and web scraping, effectively hacking into food delivery apps to gain access to personal data. 

While most of the issues are with the apps themselves, here are some ways you protect yourself: 

• Make sure your passwords are secure: having a secure password is the best way to protect against hackers. Here are some tips on ensuring that your password is safe!
• Don’t enter your credit card information unless you trust the application.

Snake Ransomware Returns After Brief Hiatus

Disappearing after an attack in January, Snake ransomware has recently launched a large-scale attack on May 4th, with one of the victims being Fresenius Group, Europe’s largest hospital provider. In this campaign, the hackers are able to steal their victim’s files before encrypting them. 

While most of the targets had been large organizations, there have still been more reports of ransomware affecting individuals. In the case that you’ve been infected, here are some tips on what you can do: 

• Disconnect your computer from other devices, external drives, and the internet: if you’re dealing with ransomware, you’ll want to contain the virus to one computer, making sure it doesn’t spread to different files
• Use a smartphone or tablet to take a picture of the ransomware screen for future reference: this will come in handy if you bring the computer to a technician or have to file a police report
• Run a FixMeStick scan to make sure there are no lingering threats: If you’re adamant about not paying the ransom, you can access your computer through Safe Mode to run your scan. Though running a scan won’t decrypt your files, it will at least make sure that the virus doesn’t further infect your computer
• Bring your computer to a technician: Decrypting your files is no easy task, so it’s in your best interest to bring your computer into a professional to see if there’s any way to save your files. 

About Coronavirus’ Android malware app locks users’ screens

SLocker, a form of ransomware geared towards Android phones, has recently received a makeover to keep it relevant in the age of COVID-19 – masking itself under the name “About Coronavirus” to trick users into installing the application. 

Once installed, the virus will freeze the victim’s screen, prohibiting access and demanding a ransom payment to restore proper functionality. This is an empty threat however, and can typically be removed with a reboot and by using Android Debug Bridge or Safe Mode.

In times of crisis, many scammers will try to take advantage of fear in order to trick victims into downloading malware and exposing vital information. It’s especially important to take extra caution when making an downloads, as more and more malicious software is being released each day.

3 May 2020 Update

Sextortion Scam Targets Individuals Using Old Passwords

Over the past few weeks individuals have been hit with emails indicating that their personal accounts have been hacked and that their computer has been infected with malware. The supposed hackers then ask the individual to pay a large sum, or else explicit videos will be sent to friends and family.

Like most email scams, your best bet is to ignore it. Most scammers are bluffing and are banking on people falling for their tactics. The best thing you can do in this situation is:

• Change your passwords: changing your passwords ensures that no hackers or scammers are able to access your accounts. If you need a way to manage your passwords we always recommend Google’s sync feature so your unique, complex passwords are saved across devices for you.
• Run a FixMeStick scan to make sure you don’t have any lingering malware.

Android Scams Threatens to Contact FBI Unless Credit Card Details are Handed Over

Recently, researchers have caught wind of the resurgence of malware called Black Rose Lucy, which initially had been a virus for Android phones, but now has developed into a form of ransomware. Victims of the ransomware have reported that their files were encrypted and that the attackers had taken snapshots of the victims accessing illegal pornography – if the payment isn’t met, the hackers will contact the FBI.

While it isn’t likely that the hackers will contact the FBI, or even have any incriminating information to begin with, it’s still concerning that they’re able to infect your phone. When it comes to downloading apps on your Android, you can never be too careful: 

• Check out the permissions that are being requested the first time you launch an app. If the app begins leading you to other unfamiliar sources and enabling accessibility features, you should stop immediately.
• Check the reviews of an app before downloading. The reviews will often reveal more than just customer satisfaction, and can let you know if the app leads to any further malicious activity.
• If you suspect that something is up, uninstall the app right away.