It's been a banner year for cybercriminals. Data breaches, ransomware and phishing attacks have all been growing threats.
Scams are so rampant that Juniper Research is predicting that the cost of data breaches will rise to over $2 trillion globally by the year 2019. Yikes!
With so many scams out there, we decided to warn you about the three biggest security threats for Android users today.
Malicious software masked as authentic apps for Android gadgets has recently been discovered. Malware known as Gooligan has been infecting nearly 13,000 Android gadgets every single day since August. It has gained control of over a million Google accounts since that time.
So far, there have been 86 of the malicious apps found in third-party marketplaces. A few of those apps are named Perfect Cleaner, StopWatch and Wi-Fi Enhancer.
If one of these malicious apps is installed on your gadget, it begins the rooting process. Having root access of your gadget means the scammers can do whatever they want on it. Hackers can use the access to spy on you using the camera and microphone, read texts and emails, install other viruses or anything else they want.
Stay with us on this...
Once Gooligan has root access to the infected gadget, it downloads a malicious module from the Command and Control (C&C) server and installs it. Code is then injected into running Google Play or Google Mobile Services to copy user behavior to avoid being detected.
The module lets Gooligan steal a user's Gmail account and authenticate token information. It can also install apps from Google Play and give them positive ratings to boost their reputation. It also installs adware to bring in revenue.
Anyone who has an Android gadget that is running an older version of its operating system is at risk. These include Android 4 and 5, which are known as Android Jelly Bean, KitKat and Lollipop. Nearly 75 percent of all Android users are running these operating systems.
The reason these older operating systems are at risk is because security patches designed to fix certain flaws are not available to them or the user never installed them.
You're also at risk if you download apps from third-party marketplaces. It's a good idea to stay away from these and only get apps from trusted sources like the Google Play store. Even then, use caution!
The Gooligan malware can also infect your gadget if you click on malicious links sent through a phishing attack. Be especially careful!
With Gooligan, infected gadgets download and install software that heists tokens used to authenticate the owner's phone. These tokens give them access to Google related accounts without needing to enter a password. These accounts include Gmail, Google Play, Google Docs, Google Drive, Google Photos and G Suite.
There is a way that you can find out if your gadget has been infected.
An online tool has been created by Check Point that will let you know if your gadget has been infected. Click here to access the Gooligan Checker tool. Once there, just type your Google address into the Gooligan Checker and it will tell you if you've been hacked.
Scammers are developing fake apps to trick you into giving them personal information or credit card numbers.
These malicious apps are scary. They can cause your Android gadget to perform erratically or even lock them up altogether with ransomware. Forcing you to pay a ransom to regain control of your important files.
Criminals are likely to create counterfeit apps based on the most popular ones out there. They also try and trick you by making fake apps with titles similar to a store or company, with just a little difference to the fake one. For example, a counterfeit app named Footlocke Sports Co. Ltd., trying to emulate Foot Locker Inc., was recently discovered.
Here are some suggestions to avoiding fake apps:
- Google Play Store - The best way to avoid malicious apps is to stay away from third-party app stores. There have been a few malicious apps discovered in the Google Play Store, but it's much more likely to find them in third-party stores. That's because third-party stores do little to no vetting of the apps.
- Watch spelling - Before downloading an app, look for misspelled words or unprofessional grammar. If it seems suspicious, do not download it.
- Update your Android gadget - Make sure that you have downloaded the latest security and operating system updates. These usually include patches to help protect your gadget from the most recent threats.
- Look for links to the app - Some counterfeit apps are emulating retail stores. Check the official website of the retailer and see if there is a link to its app. This will ensure that you are shopping with the retailer's official app.
- Verify the app developer - Copycat apps will have a different developer listed than the original. For most apps, you can find the original developer through a Google search.
Ransomware attacks can be a nightmare to deal with. If your Android gadget is infected, you could lose irreplaceable photos or important documents forever.
Global ransomware attacks are at an all-time high, as cybercriminals target both individuals and businesses. In response to the increasing number of threats, the FBI is taking action.
The FBI, along with the Internet Crime Complaint Center (IC3), have issued a public service announcement. They are urging victims of ransomware to report all incidents to federal law enforcement. They are trying to get a better understanding of current threats and how U.S. victims are impacted.
The FBI says it's been difficult to know the true number of ransomware victims, as many incidents go unreported to the law. If all attacks were reported, law enforcement would gain a greater understanding of the threat and justify ransomware investigations. Having victims' details would also make it easier to determine who is behind the attacks and how victims are targeted.
If you are a victim of ransomware, you should contact your local FBI office or file a complaint at www.IC3.gov. Include all of the following details that apply:
- The date of the infection.
- Ransomware Variant - this will be identified on the ransom page or by the encrypted file extension.
- Victim company information - industry type, business size, etc.
- How the infection occurred - browsing the internet, clicking a link in an email, etc.
- Requested ransom amount.
- The Bitcoin Wallet address of the attacker - this could be listed on the ransom page.
- Ransom amount paid - if you paid the ransom, how much did you pay?
- Overall losses - how much the infection cost, including the amount of ransom paid and any other losses associated with the attack.
- Victim impact statement.