TIME Security

Apple Isn’t Aware of Any iOS ‘Masque Attack’ Incidents Yet

Fackbook Acquires WhatsApp For $16 Billion
The Facebook and WhatsApp app icons are displayed on an iPhone on February 19, 2014 in San Francisco City. Justin Sullivan—Getty Images

Spokesperson downplays the threat posed by malware that can mimic an app

Apple has no knowledge yet of an iOS user suffering from a “Masque Attack,” a company spokesperson said Thursday, responding to recent reports that a malware infected app could open a pathway to user accounts.

Cyber security experts at the firm FireEye disclosed the method of attack on Monday, in which a hacker can email or text message a link to a popular app, such as a “New Flappy Bird” game. The link uploads malicious software that replaces an existing app with an identical looking facade and opens a pathway to login credentials and sensitive data.

“We’re not aware of any customers that have actually been affected by this attack,” Apple said in a statement to the San Jose Mercury News, adding that customers should never download apps from unknown sources outside of the App Store.

The U.S. Computer Emergency Readiness Team, which operates under the Department of Homeland Security, issued a warning Thursday about the attack.

[San Jose Mercury News]

MONEY identity theft

Here Are the Companies That Have Been Hacked — And What to Do If You’re a Customer

You're not just imagining it: Lately, a new data breach has been reported almost every week. Here's how to find out if your information has been exposed.

By mid-October, the Identity Theft Resource Center had already identified more data breaches this year than it had in all of 2013. In other words, it’s more likely than not that some of your personal information has been compromised. “There are two kinds of consumers — there are those who know they’ve been breached, and those who don’t,” says ITRC president and CEO Eva Velasquez.

Source: Identity Theft Resource Center. Data as of Oct. 30, 2014.

Many Americans are in the first camp. According to a new Gallup poll, 27% of Americans say their credit card information has been stolen in the past year, and 11% say their computer or smartphone has been hacked. And the rest are scared: Almost 70% of Americans worry that hackers will steal their credit card numbers from retailers, and 62% worry that hackers will target their personal devices.

It’s hard to say whether there has really been an increase in the number of data breaches, or we’ve just gotten better at detecting and reporting incidents, Velasquez says. Either way, the outdated magnetic stripe technology in the United States probably makes it too easy for hackers to run off with your credit card number.

“Thieves are going to go where it’s easiest to steal,” Velasquez says. “We’ve got the most antiquated technology protecting the actual cards, and we’re the biggest issuer of those cards – we’re a treasure trove.”

At MONEY, we’re tracking the major data breaches that may have exposed your personal information in recent months. Read on to see if you’ve been affected. If so, we’ll walk you through what you need to know about protecting yourself from identity theft.

 

TIME Security

Facebook and Twitter Users: Don’t Fall for MH17 ‘Actual Footage’ Scams

Be very careful which MH17 news stories you click on, especially on Facebook and Twitter, where scammers are exploiting the tragedy to spam you.

If you run across Facebook pages touting pictures of Malaysia Airlines MH17 crash victims, or tweets linking to reports on the disaster, warning: they may be fakes, harbor malware or redirect you to pornographic websites.

The BBC reports that fraudsters are exploiting the tragic destruction of Malaysia Airlines Flight 17, ostensibly shot down by a ground to air missile on July 17, by bait-and-switching users with promises of shocking video footage or tribute pages to victims that instead link viewers to spam or other offensive content.

In one instance, a Facebook page was created the day the plane crashed that purported to have video footage of the crash itself, says the Daily Mail. Clicking the link promising the video redirected viewers to a spam site, which of course contained no such video. The Facebook page has since been removed, but security expert TrendMicro, which blogged about some of this cybercriminal activity on July 18, expects MH17 exploitation to continue.

In other instances, as noted by TrendMicro, people may be using the tragedy to boost web traffic, posting suspicious tweets with links to malicious sites harboring malware, but also seemingly legitimate ones in hopes of “gaining hits/page views on their sites or ads.”

So beware and think before you click, especially if you see claims like “Video Camera Caught the moment plane MH17 Crash over Ukraine” (as noted by the BBC). There is no such video, and the chances are all but certain you’re being gamed based on someone’s perverse attempt to mine an unspeakable calamity. What you can do, on the other hand, is report such suspicious activity to Twitter or Facebook.

TIME Security

FBI Arrests Over 90 ‘Creepware’ Hackers

US Prosecutor Announces Major Crackdown On Cybercriminal Malware
Preet Bharara, U.S. Attorney for the Southern District of New York, announces a massive law enforcement action targeting the creators of the Blackshades software - a malicious computer software that was openly sold on a website- on May 19, 2014 in New York City. Andrew Burton—Getty Images

The snooping software allowed hackers to gain control of others' computers, and was famously used to take nude pictures of a former Miss Teen USA through her webcam

Law enforcement agents have arrested more than 90 hackers accused of infecting more than half-a-million computers worldwide with malicious snooping software, of the type used to surreptitiously snap nude photos of a teenage beauty queen last year.

Miss Teen USA Cassidy Wolf was one of the more prominent victims of the malware. One California hacker, Jared James Abrahams, admitted using it last year to gain control of Wolf’s computer webcam and take naked photos of her. He later tried to extort more nude photos from Wolf by threatening to expose them online.

The suspects were charged Monday with developing, selling and marketing a remote access tool, or “RAT,” that allowed users to infiltrate computers, view files and steal personal data from unwitting victims. The original creator of the software, who founded an organization called “Blackshades,” was arrested in June 2012, but investigators said an international ring of hackers continued to sell and disseminate the software after his arrest, reaching thousands of people in more than 100 countries.

19 countries participated in the arrests, and more than 300 searches had been conducted in what law enforcers described as one of the largest cybersecurity operations in history.

“As today’s case makes clear,” said Preet Bharara, U.S. Attorney for the Southern District of New York, “we now live in a world where, for just $40, a cybercriminal halfway across the globe can – with just a click of a mouse – unleash a RAT that can spread a computer plague not only on someone’s property, but also on their privacy and most personal spaces.”

 

TIME justice

Global Raids Underway Against “Blackshades” Hackers

After months of investigation, law enforcement officials in the U.S., Europe and Asia are cracking down on a hacking network employing a computer program known as “Blackshades,” which can be used as malware to control the computers of unwitting people

The FBI and law enforcement officials in countries around the world launched a massive, coordinated series of raids late this week against users of a computer program known as “Blackshades,” officials familiar with the busts tell TIME.

The raids took place in more than a dozen countries, and involved the arrest of dozens of suspects, according to the officials. Several U.S.-based suspects charged in the investigation were still being sought, the sources said.

The “Blackshades” program is sold legally around the world but can be used as malware to control the computers of unwitting people, collecting their personal information and hijacking their computers for illegal attacks.

In at least some of cases, the hackers allegedly took private online account information from users, one official familiar with the investigation said.

The investigation was months in the making and involved law enforcement agencies in Europe, Asia, Australia and North America. The U.S. charges are still sealed.

The raids were first reported on websites frequented by hackers and subsequently by the Wall Street Journal.

 

TIME Security

Android Gets a Malware Scanner for Google Play Store Apps

Google

A new Android security tool from Google will periodically check for threats, but not the ones you've been hearing about lately.

Google is adding another layer of security to Android by periodically checking users’ Google Play Store apps for malware.

The new malware scanner in Android is an extension of Google’s “Verify Apps” tool, which in the past has only scanned apps from outside of Google Play, and only upon installation. The updated version will perform routine checks even after an app is installed, regardless of where it came from. If the scanner detects an app that’s potentially harmful, users will see a warning and an option to remove the offending app.

Google already scans apps before letting them into the Google Play Store, using a tool called “Bouncer.” But Bouncer doesn’t exist on users’ devices, and doesn’t scan apps that users have installed already. It’s also not foolproof, for a variety of reasons. With the new malware scanner, Google can keep a closer eye on apps that users are actually running on their phones and tablets.

In an interview, Android security head Adrian Ludwig said not to expect any significant impact on system resources. The scanner will be triggered by behaviors that are potentially harmful, such as premium text messages and root access, but otherwise will check in every couple days or so. “It’s very, very lightweight, and not something we’d ever expect a user to interact with,” Ludwig said.

Ludwig wouldn’t say how many users have been infected by malware through Google Play Store apps in the past, and said that any data from the malware scanner rollout is still too preliminary to share. But he did say that for apps outside of Google Play, users only installed them 0.18 percent of the time after being warned about potentially malicious behavior. Google expects that most users will never come across a warning.

It’s worth noting that many of the questionable Android apps that have made headlines recently would not fall under the malware scanner’s purview, because Google doesn’t view these apps as harmful to users.

For instance, Virus Shield, a $4 app that purported to wipe out security threats but actually did nothing, would not be detected by Google’s Verify Apps tool. Although Virus Shield was a scam, the app itself didn’t cause any further harm once users had purchased it. (Google has removed Virus Shield from the Play Store, and users can request refunds in these kinds of situations.)

Verify Apps also wouldn’t have picked up on Google Play Store apps that are secretly mining Litecoins and Dogecoins on users’ devices. Two such apps were discovered this week by security firm TrendMicro, and they’ve since been removed from the Google Play Store.

The issue in that case appeared to be that the apps weren’t disclosing their behavior, but Ludwig defended cryptocurrency mining in general as a potential business model for developers. “I think cryptocurrency is an extraordinarily good example of innovation happening that could not happen on a platform that blocks first and allows later,” Ludwig said. He added that the industry will have to think about how to disclose and implement cryptocurrency mining, and some of those practices may not be appropriate for Google Play, but he defended Android’s ability to let developers experiment.

Google’s attitude toward what constitutes malware underscores the divide between the company and third-party security firms, who sell their own apps to combat threats on Android. As another example, a popular flashlight app that secretly tracked users’ locations and sold the info to ad networks would probably not be flagged by Verify Apps, but many third-party tools will detect such behavior and send a warning to users.

While security firms do tend to overstate Android security risks — particularly by pointing out obscure apps or apps from outside of Google Play — they also offer a level of protection that Android on its own does not. (Google, for what it’s worth, sees the availability of these tools as a benefit of Android.)

Verify Apps is part of Google Play Services, which means users don’t have to do anything to add it to their devices. It’s enabled by default, but users can disable it by going to Google Settings > Verify Apps or Settings > Security > Verify Apps, depending on the Android version. The new malware scanner is rolling out gradually, and will be available on devices running Android 2.2 or higher.

TIME malware

Beware: Missing Malaysian Flight Malware Is a Thing

The search for a missing Malaysia Airlines passenger jet
Indonesian Search And Rescue (SAR) personnel keep a lookout on a rescue ship that is heading to the Andaman sea conducting a search operation for the missing Malaysian Airlines plane flight MH370, in the Indian Ocean, near the tip of Sumatra Island, Indonesia, March 15 2014. Hotli Simanjuntak—EPA

Facebook and Twitter links promising video of the missing plane are bogus

Don’t believe the web-hype. Fake links promising unsuspecting web surfers “shocking” videos of missing Malaysia Airlines Flight MH370 are scams. Video links are spreading on Twitter and Facebook with titles suggesting that the flight was discovered and that handfuls of passengers have been saved, CNET reports.

How to spot a bad link? Sample hoax links could include headlines such as these:

“Shocking Video: Malaysian Airlines missing flight MH370 found at sea”

“Malaysian Airplane MH370 Already Found. Shocking Video Release Today by CNN”

“Plane has been spotted somewhere near Bermuda triangle. Shocking videos released today. CNN news”

The Facebook links require those who click to complete a survey similar to ones frequently found on the site that request access to profiles. But in this case the information users provide goes to hackers. CBS News reports the company has removed the links; phishing scams and spam violate the sites community standards.

[CNET]

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser