Stealthy new Android malware poses as ad blocker, serves up ads instead

Since its discovery less than a month ago, a new Trojan malware for Android we detect as Android/Trojan.FakeAdsBlock has already been seen on over 500 devices, and it’s on the rise. This nasty piece of mobile malware cleverly hides itself on Android devices while serving up a host of advertisements: full-page ads, ads delivered when opening the default browser, ads in the notifications, and even ads via home screen widget. All while, ironically, posing as an ad blocker vaguely named Ads Blocker.

Upon installation: trouble

Diving right into this mobile threat, let’s look at its ease of infection. Immediately upon installation, it asks for Allow display over other apps rights.

This is, of course, so it can display all the ads it serves.

After that, the app opens and asks for a Connection request to “set up a VPN connection that allows it to monitor network traffic.” Establishing a VPN connection is not unusual for an ad blocker, so why wouldn’t you click OK? 

To clarify, the app doesn’t actually connect to any VPN.  Instead, by clicking OK, users actually allow the malware run in the background at all times.

Next up is a request to add a home screen widget.

This is where things get suspicious. The added widget is nowhere to be found. On my test device, it added the widget to a new home screen page.  Good luck finding and/or clicking it though.

The fake ad blocker then outputs some jargon to make it look legit.

Take a good look, because this will most likely be the last time you’ll see this supposed ad blocker if you are one of the many unfortunate victims of its infection.

Extreme stealth

Ads Blocker is inordinately hard to find on the mobile device once installed. To start, there is no icon for Ads Blocker. However, there are some hints of its existence, for example, a small key icon status bar.

This key icon was created after accepting the fake VPN connection message, as shown above. As a result, this small key is proof that the malware is running the background.

Although hard to spot, another clue is a blank white notification box hidden in plain sight.

Warning: If you happen to press this blank notification, it will ask permission to Install unknown apps with a toggle button to Allow from this source. In this case, the source is the malware, and clicking on it could allow for the capability to install even more malware.

If you try to find Ads Blocker on the App info page on your mobile device to remove manually, it once again hides itself with a blank white box.

Luckily, it can’t hide the app storage used, so the floating 6.57 MB figure show above can assist in finding it. Unless you spot this app storage number and figure out which app it belongs to (by process of elimination), you won’t be able to remove Ads Blocker from your device.

Android malware digs in its fangs

This Android malware is absolutely relentless in its ad-serving capabilities and frequency. As a matter of fact, while writing this blog, it served up numerous ads on my test device at a frequency of about once every couple minutes. In addition, the ads were displayed using a variety of different methods.

For instance, it starts with the basic full-page ad:

In addition, it offers ads in the notifications:

Oh look, it wants to send ads through the default web browser:

Last, remember the request to add a widget to the home screen that seemed to be invisible? Invisible widget presents: even more ads.

The ads themselves cover a wide variety of content, and some are quite unsavory—certainly not what you want to see on your mobile device.

Infections on the rise

Needless to say, this stealthy Android malware that plasters users with vulgar ads is not what folks are looking for when they download an ad blocker. Unfortunately, we have already counted over 500 detections of Android/Trojan.FakeAdsBlock. Moreover, we collected over 1,800 samples in our Mobile Intelligence System of FakeAdsBlock, leading us to believe that infection rates are quite high. On the positive side, Malwarebytes for Android removed more than 500 infections that are otherwise exceedingly difficult to remove manually.

Source of infection

It is unclear exactly where this Android malware is coming from. The most compelling evidence we have is based on VirusTotal submission data, which suggests the infection is spreading in the United States. Most likely, users are downloading the app from third-party app store(s) looking for a legitimate ad blocker, but are unknowingly installing this malware instead.

Moreover, from the filenames of several submissions, such as Hulk (2003).apk, Guardians of the Galaxy.apk, and Joker (2019).apk., there’s also a connection with a bogus movie app store as another possible source of infection.

Additional evidence demonstrates the Android malware might also be spreading in European countries such as France and Germany. A forum post was created on the French version of regarding Ads Blocker, and a German filename was submitted to VirusTotal. 

A new breed of mobile malware

A new breed of stealthy mobile malware is clearly on the uptick. Back in August, we wrote about the hidden mobile malware xHelper, which we detect asAndroid/Trojan.Dropper.xHelper. At that time, xHelper had already been removed from 33,000 mobile devices—and the numbers continue to grow. Ads Blocker is even more stealthy and could easily reach the same rate of infection.

You can call it shameless plugging if you like, but this trend of stealthy Android malware highlights the necessity of a good mobile anti-malware scanner, like Malwarebytes. With more and more users turning to their mobile phones for banking, shopping, storing health data, emailing, and other sensitive, yet important functions, protecting against mobile malware has become paramount. Beware of third-party app stores, yes, but have backup in case apps like Ads Blocker have you fooled.

Stay safe out there!

The post Stealthy new Android malware poses as ad blocker, serves up ads instead appeared first on Malwarebytes Labs.

Labs report finds cyberthreats against healthcare increasing while security circles the drain

The team at Malwarebytes Labs is at it again, this time with a special edition of our quarterly CTNT report—Cybercrime tactics and techniques: the 2019 state of healthcare. Over the last year, we gathered global data from our product telemetry, honeypots, threat intelligence, and research efforts, focusing on the top threat categories and families that plagued the medical industry, as well as the most common attack vectors used by cybercriminals to penetrate healthcare defenses.

What we found is that healthcare-targeted cybercrime is a growing sector, with threats increasing in volume and severity while highly-valuable patient data remains unguarded. With a combination of unsecured electronic healthcare records (EHR) spread over a broad attack surface, cybercriminals are cashing in on industry negligence, exploiting vulnerabilities in unpatched legacy software and social engineering unaware hospital staff into opening malicious emails—inviting infections into the very halls constructed to beat them.

Our report explores the security challenges inherent to all healthcare organizations, from small private practices to enterprise HMOs, as well as the devastating consequences of criminal infiltration on patient care. Finally, we look ahead to innovations in biotech and the need to consider security in their design and implementation.

Key takeaways: the 2019 state of healthcare

Some of the key takeaways from our report:

  • The medical sector is currently ranked as the seventh-most targeted global industry according to Malwarebytes telemetry gathered from October 2018 through September 2019.
  • Threat detections have increased for this vertical from about 14,000 healthcare-facing endpoint detections in Q2 2019 to more than 20,000 in Q3, a growth rate of 45 percent.
  • The medical industry is overwhelmingly targeted by Trojan malware, which increased by 82 percent in Q3 2019 over the previous quarter.
  • While Emotet detections surged at the beginning of 2019, TrickBot took over in the second half as the number one threat to healthcare today.
  • The healthcare industry is a target for cybercriminals for several reasons, including their large databases of EHRs, lack of sophisticated security model, and high number of endpoints and other devices connected to the network.
  • Consequences of a breach for the medical industry far outweigh any other organization, as stolen or modified patient data can put a stop to critical procedures, and devices locked out due to ransomware attack can result in halted operations—and sometimes even patient death.
  • New innovations in biotech, including cloud-based biometrics, genetic research, and even advances in prosthetics could broaden the attack surface on healthcare and result in far-reaching, dire outcomes if security isn’t baked into their design and implementation.

To learn more about the cyberthreats facing healthcare and our recommendations for improving the industry’s security posture, read the full report:

Cybercrime tactics and techniques: the 2019 state of healthcare

The post Labs report finds cyberthreats against healthcare increasing while security circles the drain appeared first on Malwarebytes Labs.

Vital infrastructure: securing our food and agriculture

I don’t expect to hear any arguments on whether the production of our food is important or not. So why do we hardly ever hear anything about the cybersecurity in the food and agriculture sector?

Depending on the country, agriculture makes up about 5 percent of the gross domestic product. That percentage is even bigger in less industrial countries. That amounts to a lot of money. And that’s just agriculture. For every farmer, 10 others are employed in related food businesses.

In fact, the food and agriculture sector is made up of many different contributors—from farmers to restaurants to supermarkets and almost every imaginable step in between. They range in size from a single sheepherder to multinational corporations like Bayer and Monsanto.

With a growing population and a diminishing amount of space for agriculture, the sector has grown to rely on more advanced techniques to meet the growing demands for agricultural products. And these techniques rely on secure technology to function.

Precision agriculture

Precision agriculture is an advanced form of agriculture, and as such, it uses a lot of connected technology. This basically puts it in the same risk category as household IoT devices. When looking at these devices from a security standpoint, it doesn’t matter a whole lot whether you are dealing with a web printer or a milking machine.

The connected technologies that are in use in agriculture mostly rely on remote sensing, global positioning systems, and communication systems to generate big data, analytics, and machine learning.

The main threats to this type of technology are denial-of-service attacks and data theft. With limited availability of bandwidth in some rural areas, communication loss may be caused by other factors outside a cyberattack— which makes it all the more important to have something to fall back on.

Data protection and data recovery are different entities but so closely related that solutions need to account for both. Data protection mostly comes down to management tools, encryption, and access control. Recovery requires backups or roll-back technology, which is easy to deploy and the backups require the same protection as the original data.

Supply chain

The supply chain for our food is variable, ranging from farmer’s supplies to the supermarket where we buy our food. Depending on the type of food, the chain can be extremely short (farm-to-table) or quite long. You may find a pharmaceutical giant like Bayer as a supplier for a farmer, but also as a manufacturer that gets its raw materials from farmers. Recently, Bayer was the victim of a cyberattack, which was likely aimed at industrial espionage.

Given the sensitive nature of the food supply chain which directly influences our health and happiness, it is only natural that we want to control the security of every step in the process. In order to do so, we look at suppliers other than those of physical goods and systems.

Financial institutions, for example, are heavily invested in agriculture, since it is one of the largest verticals. Back in 2012, a hacking group installed a Remote Access Trojan (RAT) on the computer of an insurance agent and used it to gain access to and steal reports and documents related to sales agents, as well as thousands of sent and received emails and passwords from Farmers Insurance.

Traceability across the supply chain is increasingly in demand by the public and sellers of the end-products. They want to know not only where the ingredients or produce came from, but when the crop was harvested and how they were grown and treated before they ended up on stores’ shelves.

Physical protection

Besides disrupting the industry supply chain, cyberattacks could potentially be used to harm to consumers or the environment. An outbreak of a disease and the consequential fear of contamination could devastate a food processor or distributor.

Given the number of producers and their spread across the country, a nationwide attack as an act of war or terrorism seems farfetched. But sometimes undermining the trust of the population in the quality of certain products can serve as a method to spread unrest and insecurity.

We have seen such attacks against supermarkets where a threat actor threatens to poison a product unless the owner pays up. In Germany, for example, a man slipped a potentially lethal poison into baby food on sale in some German supermarkets in an extortion scheme aimed at raising millions of Euros.

In Mexico, a drug cartel used government information about one of the most lucrative crops, avocado, to calculate how much “protection money” they could ask of its farmers, implying they would kidnap family members if they didn’t pay.

Cybersecurity for food

In the food and agriculture sector, cybersecurity has never been a prominent point of attention. But you can expect the technology used in precision agriculture to become a target of cybercriminals, especially if resources become more precious. Whether they would hold a system hostage until the farmer pays or whether they would abuse connected devices in a DDoS attack, cybercriminals could take advantage of lax security measures if the industry doesn’t sit up and take notice.

The use of big data to enhance production and revenue makes sense, but with the use of big data comes the risk of data corruption or theft.

Meanwhile, the food and agriculture sector is operating in chains and is dependable on other chain organizations or third parties. What is true for any chain is that it is only as strong as its weakest link, which in this case tends to be single farmers or small businesses. And as in most sectors, budgets of small businesses are tight, and cybersecurity is somewhere near the bottom of the list in spending. Even though an attack on expensive farming equipment could be costly, Not to mention shutting a company down for a while in a ransomware type of attack.

You’ve got that backwards

As the farming equipment industry has no problem forcing farmers to have their maintenance done by authorized dealers, farmers have resorted to installing firmware of questionable origin on their tractors to avoid paying top dollar for repairs and maintenance. This opens up a whole new avenue for cybercriminals to get their malware installed by the victims themselves. Apparently, all you have to do is offer it up as John Deere firmware on an online forum. You can even get paid for selling the software and then collect a ransom to get the tractor operational again as a bonus.


While farmers are renowned to cooperate when buying and selling goods, and to exchange information about illnesses and diseases, there is no such initiative when it comes to sharing information about cyberthreats and how to thwart them. Setting up such an initiative might be a first step in the right direction.

In our society being able to track back where a product or its ingredients came from becomes more important. Implementing the traceability could be an ideal moment to couple it with data security.

For the same reason as with household IoT devices manufacturers should be held accountable for providing an acceptable level of security or the possibility to apply such a level into their products. No hardcoded credentials, hard to change passwords, or weak default security settings.

Stay safe everyone!

The post Vital infrastructure: securing our food and agriculture appeared first on Malwarebytes Labs.

Facebook scams: Bad ads, bogus grants, and fake tickets lurk on social media giant

We recently highlighted new steps Instagram is taking to try and clamp down on scammers sending fake messages on their platform. It turns out, other social media giants are walking a similar path for a variety of bogus ads and other attacks. Facebook scams in particular have taken off, despite the company’s efforts to stamp them out.

Facebook is now extending a rollout of their bogus ad reporting tool to Australia, after a variety of popular Australian celebrities kept appearing in fake ads. Regular readers may remember the genesis of this reporting tool being a similar incident in the UK involving popular consumer advice expert Martin Lewis.

Facebook’s ad reporting tool will allow Australian users to flag dodgy investment schemes or hard-to-cancel product trials—this alongside the corporation’s claims to have already shut down some 2.2 billion fake accounts worldwide.

While this is certainly welcome news for users of the social media platform, there’s still an awful lot of bad ads currently in circulation outside of these fake offers and adverts. Below, we’ll lead you through some of the more popular and current Facebook scams, such as efforts to hijack your social media account, swipe personal information, and of course, part you from your money.

Rogue ad campaigns

Scammers will happily compromise social media accounts, and then use them to purchase thousands of dollars of ad space before they can be shut down. In the examples given, one victim only had the ad campaign shut down because his credit card expired—else he feared he’d have been hit by $10,000 in credit card debt. Another had adverts running for about $1,550 per day until notified by PayPal. Ironically, one of the victims runs a business focused on privacy-themed adverts.

Some of the bogus ads listed certain items at a cheap price to make it look as though it had to be a pricing error of some sort. This is a common tactic going back many years, but the twist here is that the landing pages contained credit card skimmers so anyone paying up for a bargain had their payment details swiped instead.

Concert ticket fakeouts

Facebook is a popular place for some social event wheeling and dealing, especially in dedicated groups and fan pages. It turns out fake messages advertising non-existent tickets are also, sadly, quite popular.

Here’s how it works: Facebook scammers wait for an event coming up, the smaller the better to fly under the radar. At this point, they cut and paste the same bogus “I have free tickets but I can’t make it” message and wait for the replies to come flooding in. They’ll list the typical reasons why they can’t go: “I’m out of town”, “I’m undergoing surgery”, or“there’s a family emergency.”

If you spend enough time digging around, you’ll likely see the same cut and paste missive posted by multiple, supposedly independent accounts. One quick dubious money transfer later and you’ll be out of pocket with no tickets to show for it. Keeping track of event organiser pages when looking for tickets is a must to ensure you don’t fall for the same scam.

Clones, messenger grant scams, and lottery shenanigans

The old problem of “cloned” accounts rears its ugly head once more. Cloning happens when a scammer can’t gain control of a genuine social media account, so they do the next best thing—steal the photo, the bio, and any other pertinent information to replicate the real thing. From there, they try to social engineer their way into the victim’s bank balance.

The smartest part about these Facebook scams is the cloning and mapping out of potential contacts to try and trick. After that, tactics fall back to the more mundane. Scammers will message contacts with: “I’ve been in an accident and need help”or “I’m overseas and have lost my wallet” pleas for help. In this case, “A grant is available” is a commonplace and quite an old technique. The current keywords to set off alarm bells include gift cards, world bank, and grants. If you see any of those suddenly dropped into a conversation, it’s almost certainly going to be a scam.

If in doubt, check that the person talking to you is actually in your friends list—clones won’t be. Additionally, if it is genuinely your friend that doesn’t mean the danger is over. What it actually means is that they were probably compromised and don’t know about it. In both cases, find an alternate means to get in touch and verify the who, what, when, where, and why.

Lottery messenger scams work along similar lines. They claim you’ve won a prize, but once you’ve contacted a third party to claim your winnings, you’ll find you need to send them money for a variety of not quite plausible reasons. Often, the profiles telling you that you’ve won will imitate Mark Zuckerberg.

Don’t get fooled on Facebook

Looping back around to our initial fake Facebook ad problem, you can read a little more about how they operate under the hood over on BuzzFeed. We’ve covered many Facebook fakeouts down the years, our most recent being the wave of bogus Ellen profiles pushing movie streaming services.

The good news is that most, if not all, of these Facebook scams have been done before. If you’re not sure, a quick search will reveal prior examples covered on news sites, security blogs, or forum posts.

Always be cautious, remember the old “if it’s too good to be true, it probably is” routine, and keep yourself scam free on social media.

The post Facebook scams: Bad ads, bogus grants, and fake tickets lurk on social media giant appeared first on Malwarebytes Labs.

A week in security (November 4 – November 10)

Last week on Malwarebytes Labs, we announced the launch of Malwarebytes 4.0, tackled data privacy legislation, and explored some of the ways robocalls come gunning for your data and your money. We also laid out the steps involved in popular vendor email compromise attacks.

Other cybersecurity news

  • Bug bounty bonanza: Rockstar Games open up their bounty program to include the newly-released Red Dead Redemption 2 on PC. (Source: The Daily Swig)
  • The fake news problem: A study shows it’s bad news for people thinking they can avoid bogus information on social networking portals. (source: Help Net Security)
  • On trial for hacking…yourself? A very confusing story involving a judge, their office computer, and a lesson learned in workplace computer forensics. (Source: The Register)
  • Who’s there? A security flaw: an Internet-connected doorbell causes headaches for owners. (Source: CyberScoop)
  • More fake ads on Facebook: An old scam returns to imitate the BBC and fool eager clickers. (Source: Naked Security)
  • Social media spy games: an Ex-Twitter employee stands accused of spying for Saudi Arabia. (Source: Reuters)
  • Cities power down: Johannesburg up and running after a cyberattack. (Source: BusinessTech)
  • Sextortion attacks still causing trouble: A new report claims these insidious scams are still bringing grief to the masses. (Source: Tricity news)
  • Space-based infosec: If you were wondering how space factors into the US national cyber strategy, then this article will probably be helpful. (Source: Fifth Domain)

Stay safe, everyone!

The post A week in security (November 4 – November 10) appeared first on Malwarebytes Labs.

Here are the most popular robocall scams and how to avoid them

We recently examined how robocall scams are a serious threat to privacy, alongside the astonishing rate at which their volume continues to increase. Forty-three billion calls in 2019 with an average of 131 calls per person in the US alone is not something to be sniffed at. No matter how careful you are with your number, no matter which security measures you take, it can all be undone with one leaked database—then you’re on another list, forever.

Despite all precautions, it’s sadly inevitable that you’ll eventually wind up on a robocalling list or two. Then it’s a case of limiting damage and endless number blocking. Automated dialing ensures they’ll never, ever get tired of calling you unless you take some preventative action.

This week, we’re going to look at some specific examples of robocalls, the types of threats they present, and what’s at stake, including loss of privacy, finances, or even both simultaneously.

Can we listen to some robocall recordings?

You sure can.

A writer for Marketplace decided to take some of these robocalls instead of simply hanging up to see what kind of scam was on offer, and recorded portions of the calls. If you ever wanted to hear an authentic Chinese robocall scam in action, then today’s your lucky day.

Some of the call introductions are quite inventive. As always, there’s the faintest whiff that you may have done something wrong…maybe…and even if you didn’t, your details may be in the hands of criminals. You’d want to get that sorted out as soon as possible, especially if the nice person at the bank is telling you to do so. Right?

As far as specifics go, tactics involve:

  • Claiming your information was on debit cards sold illegally
  • Claiming your identity has been stolen
  • Claiming irregular activity has been flagged on your bank account

As with many similar scams, fraudsters are hoping potential victims are so rattled by these claims that they won’t notice they’re being primed for information. Why would a bank or similar institution ask you to confirm your name without volunteering it themselves? The answer, of course, is that they don’t have it and can’t address you unless you tell them first.

It’s a basic slice of cold reading, frequently deployed by con artists and tricksters who’d rather you just hand over what they need so they can turn it back on you.

Robocall scams targeting Chinese students

As demonstrated in the Marketplace article, there’s a solid wave of Chinese language robocalls right now, something which seems to have begun in earnest around two years ago. While the calls emulate the most common robocall tactics—fake caller ID, spoofing a trusted business entity, leaving a short automated message hoping you’ll press a specific number on your phone—they deploy some additional measures designed to bait, harass, and worry Chinese targets as much as possible. 

Last month, I looked at how mainland China–based scammers are targeting Chinese students in the UK with threats of deportation. Focusing on immigration status, alongside mentions of embassies and potential legal trouble all make an unwelcome reappearance in US robocalls. Students once again have become popular targets, whether resident in the United States or simply visiting. Fraudsters even make use of text and send potential victims sensitive information about themselves, such as passport scans—just like the international student attacks in the UK.

It’s not just happening in the US; the same tactics exploded into life in Australia in May 2018, with threatening calls supposedly coming from the Chinese embassy in Canberra.

Press 1 to perform a fake kidnapping

Possibly the most extreme version of robocall scams involves staged kidnappings. After the standard “You’re in trouble” robocall messages, things take a sharp turn into the surreal as scammers convince people to take photos of themselves as if they’ve been kidnapped, before sending said imagery to other relatives who’ll be told they need to pay a ransom. People don’t want their relatives falling foul to terrible kidnappers, so of course it’s pretty much game over in the “will they, won’t they” pay up stakes.

Is that really Apple robocalling you?

Another popular robocall tactic involves spoofing the geniuses at Apple. On October 31, Missouri Attorney General Eric Schmitt put out an alert regarding robocalls where the scammers pretend to be Apple support. You know all those endless, awful fake Apple emails clogging up your inbox on a daily basis? They’re down the other end of your telephone now, hunting for personal information and money.

The recorded message plays out like this:

This is Molly from Apple Support. We have found some suspicious activity in your iCloud account, that your iCloud account has been breached. Before using any Apple device please contact an apple support advisor

They even leave a phone number you can dial later if you don’t have time to process the robocall when they ring you.

Robocall SSN scams

It seems there’s something in the air at the moment, because the IRS warned of Social Security Number robocall scams making the rounds on October 24. These aren’t people pretending to be embassies; they’re more akin to those Facebook viral chain hoaxes where talented hackers will delete your profile by a certain date unless you repost their message.

Here, they’re threatening to wipe your SSN unless you address a fictitious unpaid tax bill. As per their own advice, neither the IRS nor their collection agencies will ever:

  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, iTunes gift card or wire transfer. The IRS does not use these methods for tax payments.

  • Ask a taxpayer to make a payment to a person or organization other than the U.S. Treasury.

  • Threaten to immediately bring in local police or other law-enforcement groups to have the taxpayer arrested for not paying.

  • Demand taxes be paid without giving the taxpayer the opportunity to question or appeal the amount owed.

Internet and offline scams have a long history of flagging themselves as fake by throwing decidedly unofficial payment methods (iTunes vouchers, Steam gift cards) into supposedly official routines. These would appear to be no different.

The other social security scam

The Social Security Administration (SSA) scam became prominent in September 2019, but hasn’t really gone away. The pattern is familiar: There are claims of benefits being suspended, with the only way out being money wires, or cash being placed onto gift cards.

Attacks along these lines can take terrifying amounts of money away from their victims. And they don’t just focus on the elderly: Anyone and everyone, including millennials, can be a target as far as robocallers are concerned.

A problem for everybody

While the majority of robocall articles focus on calls coming from China, the problem isn’t confined to that region. Indeed, the US has more than its fair share of robocall-related issues, with five US states contributing to the top locations for robocall origination. Mexico, the Philippines, Costa Rica, Guatemala, and India complete the list, according to the Federal Trade Commission (FTC).

Alex Quilici, CEO of robocall-blocking app YouMail, told USA Today that he estimates “hundreds of millions” of calls originated from inside the US. In June 2019, the FTC cracked down on US-based robocalls, and reported that the majority of scams they shut down were based in California and Florida.

What can we do about it?

As robocalling has been such a common problem over the years, we already have a full rundown on what you can do to avoid these attacks as best as possible. The people behind them will continue to slather us with their nonsense pressure, fictitious time limits, and bizarre fake kidnapping requests. But there’s one simple way to ensure they never win: Just don’t pick up the phone.

Avoid all that chaos by resisting the temptation to press buttons or pick up and yell. Robocall scammers have been known to ensnare even the most savvy users. Simply let unknown numbers ring into the void forevermore. When your identity and bank account are safe and sound, you’ll be glad you did.

The post Here are the most popular robocall scams and how to avoid them appeared first on Malwarebytes Labs.

ACCESS Act might improve data privacy through interoperability

Data privacy is back in Congressional lawmakers’ sights, as a new, legislative proposal focuses not on data collection, storage, and selling, but on the idea that Americans should be able to more easily pack up their user data and take it to a competing service—perhaps one that better respects their data privacy.

The new bill would also require certain tech companies, including Facebook, Google, and Twitter, to introduce “interoperability” into their products, allowing users to interact across different platforms of direct competitors.

These rules, referred to in the bill as data portability and interoperability, would presumably allow Americans to, for example, download all their data from Facebook and move it to privacy-focused social network Ello. Or talk directly to Twitter users while using the San Francisco-based company’s smaller, decentralized competitor, Mastodon. Or even, perhaps, log into their Vimeo account to comment on YouTube videos.

Data portability and interoperability are nothing new: Mobile phone users can keep their phone number when switching wireless providers; enterprise software can today read the files made on competitor programs, like the various documents made by Apple Pages, Microsoft Word, and Google Docs.

But few, if any, notable examples of data portability and interoperability came at the behest of federal legislation. Whether this new bill will succeed—in passage, in improving data portability and interoperability, and in its stated purpose of improving data security—remains to be seen.

Avery Gardiner, senior fellow of competition, data, and power for the Center for Democracy and Technology, said that the bill has a few good ideas, but in trying to improve data privacy, it strangely does not focus on the issue itself.

“If we have a privacy problem, which we do have in America, let’s fix that with privacy legislation,” Gardiner said.

Cory Doctorow, a writer, activist, and research affiliate with MIT Media Lab, appreciated the bill’s focus on interoperability—a topic that could use smart rule-making and which is getting little attention in Congress, as opposed to the constant, possibly futile attempts to strictly regulate Big Tech offenders, like Facebook.

“This aims to fix the Internet,” Doctorow said, “so that Facebook’s behavior is no longer so standard.”


On October 22, US Senators Mark Warner (D-VA), Josh Hawley (R-MO), and Richard Blumenthal (D-CT) introduced the Augmenting Compatibility and Competition by Enabling Service Switching Act, or, ACCESS Act.

The bill would regulate what it calls “large communications platforms,” which are online products and services that make money from the collection, processing, sale, or sharing of user data, and that have more than 100 million monthly active users in the United States. The bill calls the owners of these products “communications providers.”

Plainly, the bill applies to both Big Tech companies and the platforms they own and operate, including Facebook and its Messenger, WhatsApp, and Instagram platforms, Google and its YouTube platform, and the primary products of LinkedIn and Pinterest.

But rather than placing new rules on these tech giants in an effort to break them up—a rallying cry for some Democratic presidential candidates—the bill instead aims to open up competition against them, potentially creating a level playing field where users can easily leave a platform that betrays their trust, runs afoul of federal agreements, or simply stops providing an enjoyable experience.

“The exclusive dominance of Facebook and Google have crowded out the meaningful competition that is needed to protect online privacy and promote technological innovation,” said Sen. Blumenthal, who helped introduce the bill, in a prepared statement. “The bipartisan ACCESS Act would empower consumers to finally stand up to Big Tech and move their data to services that respect their rights.”

The ACCESS Act has three prongs—data portability, interoperability, and “delegability,” which we’ll discuss below.

First, on data portability, any company that operates a large communications platform would need to develop a way for users to grab their user data and move it over to a competitor in a secure, “structured, commonly used, and machine-readable format.”

While some companies already provide a way for users to download their data—one Verge reporter downloaded 138 GB of their own data following the passage of the European Union’s General Data Protection Regulation—the potential to seamlessly port it over to a competitor could lower barriers to leaving behind Big Tech companies that dominate today’s social media ecosystem.

CDT’s Gardiner said that the bill’s attempt to introduce data portability is good, but whether it will be effective depends on a robust, competitive landscape where upstarts can actually accept a user’s data in a meaningful way. Right now, she said, that landscape does not exist.

“The way that your data would be useful is pretty specific to the way it is already in someone’s platform,” Gardiner said. “You’re not going to port your Facebook data into Twitter because it wouldn’t help you do anything, as a user.”

Gardiner said she understood what the bill is trying to accomplish, but she questioned whether it was the most effective route.

“When I read the press statements, I think part of what they’re saying is that privacy failures by some of the Big Tech companies are, in part, due to the lack of competition, so we should facilitate competition for communications platforms,” Gardiner said. “I have a simpler approach to solve that problem, and that’s to pass privacy legislation.”

On the bill’s demands of interoperability, companies must develop an “interoperability interface” for every large communications platform they own. For a company like Facebook, that would mean allowing interoperability with its Messenger, WhatsApp, and Instagram platforms, as CEO Mark Zuckerberg promised earlier this year, as well as with outside competitors that want to enter the field.

Finally, on “delegability,” the bill asks that Americans be given the opportunity to select a third party to manage their privacy and account setting across the various platforms they use. Those third parties, which the bill calls “custodial third-party agents,” must register with the US Federal Trade Commission and abide by rules that the Commission would need to issue after the bill’s passage.

Custodial third-party agents could charge a fee for their services, the bill says, and must protect the privacy and security of their users’ data.  

Interoperability’s importance

The ACCESS Act seeks a type of interoperability in which competitors can attract new users to their platforms by making their services compatible with a dominant player in the market. If users don’t need to use Facebook’s Messenger to stay in touch with their friends, for instance, they may find it easier to leave Messenger behind altogether, loosening Facebook’s hold on users today.

This type of interoperability has already helped dislodge the near-monopolies of Microsoft and IBM out of their respective markets—the enterprise software applications Word, Excel, and Powerpoint; and the PC itself.

But interoperability could do more than put large tech companies on watch. It could actually lead to a safer Internet for users, Doctorow said.

Doctorow told an anecdote about his friend, a comic book writer who receives targeted harassment from a group of predominantly male Twitter users. The users, angered by the writer’s feminist views, send threatening direct messages to her. But, after she reads the direct messages, they delete them.

This is for two reasons, Doctorow said. One, users cannot report a direct message to Twitter unless that direct message is still available and not deleted. Twitter does not accept screenshots in harassment reports because of the potential for faked claims.

Two, once the direct message has been deleted, the same harassers will comment publicly on the comic writer’s Twitter feed, and to several other women in her online community. These public comments, Doctorow said, reference the same content of the threatening direct messages, re-traumatizing the writer.

This is a cycle of harassment in which direct threats skirt consequences, only to reappear in similar content, increasing the feeling of powerlessness for the victim.

Interestingly, Doctorow said, there might be an opportunity for interoperability to help.

The comic writer and her small community of friends could use an outside competitor (or develop one themselves) to continue their discussions—which typically take place on Twitter—while setting up rules that would prevent the harassers’ direct messages and Tweets from showing up in their feeds and inboxes.

It’s more than a blocklist, Doctorow said. It’s giving power to users to engage with meaningful, online communities that already exist in a way that supports and protects them.

Interoperability, then, might offer a potential solution for users to avoid online harassment—until aggressors find them on a new platform. But will interoperability actually serve the ACCESS Act’s stated goal of improving data privacy?

How to regulate data privacy

The ACCESS Act is at least the sixth federal bill proposed in the past year that aims to improve Americans’ data privacy.

As Malwarebytes Labs has reported, each federal bill seeks to improve data privacy through various means. One Senator’s bill would enforce a “Do Not Track” list, another would create a “duty to care” for user data, and another would require clear and concise terms of service agreements.

The ACCESS Act, on the other hand, is the first data privacy bill to focus on data portability and interoperability. Both concepts have provided proven, better experiences for technology users across multiple sectors. College students can take their transcripts to a new university when they wish to transfer schools. Healthcare patients can take their records to a new provider.

But with Congress taking a winter recess in just six weeks, there is essentially zero chance that any of these data privacy bills will pass in 2019.

Maybe 2020 will be better for users and their data privacy.

The post ACCESS Act might improve data privacy through interoperability appeared first on Malwarebytes Labs.

Announcing Malwarebytes 4.0: smarter, faster, and lighter

Malwarebytes was founded on the belief that everyone has a fundamental right to a malware-free existence. Every product we make is built on that premise. That’s why we’ve been hard at work on the latest version of Malwarebytes for Windows that not only sports a whole new look, but packs cutting-edge detection methods into a lightweight, lightning-fast program.

We proudly present: Malwarebytes 4.0.

Malwarebytes 4.0 signifies a big step forward in the fight against online crime. It uses smarter technologies to quickly identify stealthy malware and scan faster than ever—all with 50 percent less impact on CPU during scans.

Malwarebytes 4.0: What’s improved

Our first step in taking malware defense to the next level was making important improvements to our existing Malwarebytes for Windows technologies. They include:

  • Improved zero-hour detection that pinpoints new threats as they arise
  • Upgraded behavioral detection capabilities that catch more diverse threats—even those that use signature evasion
  • Improved overall performance and scan speed
  • Redesigned User Interface (UI) for easier, more intuitive functionality
  • Simplified Windows Security Center integration settings
  • Enhanced web protection technology

Malwarebytes 4.0: What’s new

Malwarebytes 4.0 introduces Katana, our brand-new detection engine that uses patented, dynamic methods to recognize zero-hour, often polymorphic malware even before it’s released in the wild. These same methods have been optimized with a faster threat definition process, so they’re not only smarter and more accurate, but using them results in faster scans while taking up less CPU.

“Polymorphic threats have changed the game in cybersecurity. By the time traditional antivirus creates a signature for these threats, it can be too late. Cybersecurity providers need to stay ahead of the game by recognizing potential threats before they can cause damage,” said Akshay Bhargava, Chief Product Officer at Malwarebytes.

“Malwarebytes 4.0 is designed to block these evolving threats in record time using innovative detection technology. Our new intuitive user interface helps customers more easily engage with their cybersecurity. Furthermore, the new engine is optimized and requires 50 percent less of the CPU while scanning.”

A new look and more integrations

The redesigned UI of Malwarebytes 4.0 is more informative, intuitive, and simple to navigate. Increased automation means users receive the latest updates to the product with less effort on their part. A threat statistics dashboard allows users to see which threats are blocked by Malwarebytes in real time—both on their own device and on machines throughout the world. The new UI also features dynamic integration with the Malwarebytes Labs blog, keeping customers informed on the latest cyberthreats, trends, and protection advice.

Each time Malwarebytes Labs posts a new blog, it will appear in the “Security news” section.

In addition, threats blocked or quarantined by Malwarebytes 4.0 are now linked directly to our Threat Center, so you can read up on each threat’s profile, including symptoms of infection, attack methods, and ways to remediate or protect against it.

Threat profile of Trojan.Emotet, one of the most prevalent threats detected today.

Where to find support

For instructions on how to install Malwarebytes 4.0, including the latest version of Malwarebytes for Mac, check out the following knowledge-base articles:

Malwarebytes for Windows

Malwarebytes for Mac

Should you run into any problems or have any questions that remain unanswered, please reach out to our Customer Success team. You can find information, FAQs, and several support options through our support portal.

Let us know how you like the new version in the comments or through our social media channels.

Stay safe, everyone!

The post Announcing Malwarebytes 4.0: smarter, faster, and lighter appeared first on Malwarebytes Labs.

A week in security (October 28 – November 3)

Last week on Malwarebytes Labs, we celebrated the birth of the Internet 50 years ago, highlighted reports about the US Federal Trade Commission (FTC) filing a case against stalkerware developer Retina-X, issued a PSI on disaster donation scams, looked at the top cybersecurity challenged SMBs face, and provided guidance to journalists on how they can defend themselves against threat actors.

Other cybersecurity news

  • A new infostealer called Raccoon emerged as the new malware-as-a-service (MaaS) that is causing a lot of buzz in the underground. (Source: SecurityWeek)
  • Notorious Russian APT, Fancy Bear, was found targeting sporting and anti-doping organizations worldwide. (Source: Microsoft)
  • Millions of Adobe Creative Cloud users exposed due to a misconfiguration. (Source: Sophos’s Naked Security Blog)
  • The online store of the American Cancer Society was found infected with malware by Magecart. (Source: TechCrunch)
  • According to a report from the FTC, younger adults are more susceptible to fraud compared to senior adults. (Source: The Washington Post)
  • Systems used in the state-run Nuclear Power Corp of India were found to contain malware. (Source: Reuters)
  • Sextortion scammers began hacking Blogger and WordPress sites to make threats more believable, which leads to a higher likelihood of paying up. (Source: Bleeping Computer)
  • MessageTap, a malware strain developed by Chinese APT threat actors, is capable of monitoring of SMS traffic and other mobile information to target individuals. (Source: SC Magazine UK)
  • Threat actors have their eyes set on esports tournaments. (Source: TechRadar)
  • Highly popular Android emoji app racks up millions of unauthorized purchases. (Source: The Register)
  • Gafgyt, an aggressive IoT malware, was found to force affected systems to join its botnet. (Source: ZDNet)

Stay safe!

The post A week in security (October 28 – November 3) appeared first on Malwarebytes Labs.