Category: Malware

How to Get Rid of Sudden Persistent Pop-up Ads on Android Phone

So, you are casually using your android phone and suddenly this annoying ad popped-up from your Chrome or any internet browser depends on what you are using by default, interrupts what you are watching on Youtube or whatever. You got really annoyed by it and you start reviewing your installed apps on your settings and couldn’t find what app that persistently popping-up spam advertisements. Here’s how to get rid of sudden persistent pop-up ads.

Recently, I have come across on the same situation and I tried using my son’s android phone and noticed this persistent pop-up that constantly showing ads every now and then. My son keeps on complaining about it and when I finally look at it. It’s a malware app. I tried very hard to find out what app that was causing the spams. It took me time to find it out.

Steps I Made to Find the Malware App

Scan Installed Apps Permission

App persmission - How to Get Rid of Sudden Persistent Pop-up Ads on Android Phone

First, I tried scanning the installed-apps on my son’s phone and carefully checked the permission of every app. You want to check the permission so you can immediately conclude if the app can pop advertisement. To my dismay I haven’t found a single app that can do that.

Check Browsers Allowed Sites to Pop Notification

Next thing I tried is I checked the notifications of every browser on the phone. On google chrome I went to settings and notifications tab. Removed every site allowed in there.

But that didn’t fix the issue. The pop-up is still there. This time I was sure enough an external app that doing this pop.

I Installed AppWatch App

AppWatch App - Find out what causing pop-ups

This app has a tagline “AppWatch – Find out what app is causing pop-up ads” and it lived its tagline. This app is my savior. Right after installing it and allowed permission to monitor other apps. I start to casually use the phone and the annoying pop-up is pops. I immediately checked on AppWatch monitor status and I found this one app that is not on the Installed-apps and I was shocked.

How could an app that wasn’t listed on installed-apps be there? How can it hide itself? I know very sure that this app is not there because I almost uninstalled all game and unimportant apps on the phone and I would know for sure what apps is that.

I found out the problem app

The problem app is named Fish Shooting and I checked it on Google Play Store and it wasn’t there anymore. Probably because it’s a malware app. Google play probably removed it. Now, I mentioned the app is not listed on the installed-apps right? So, how did I get rid of it? Easy.

Appwatch app monitor for pop-up ads

I came back to AppWatch and clicked the small info icon beside the app and from there it redirects me to the installed app screen the screen that now you can remove the app. See image below. I’m sorry I don’t have the actual screenshot of the app since I removed it immediately.

Why the App Is not Listed on the Installed-App?

How to view system apps

Yes, I have the same question. This could be answered by probably the app is listed itself as a system app and system apps don’t immediately show on the first screen of installed-apps. You have to click on the top-right corner first and click on the “show system apps”. I’m not even sure if this is the correct answer but It’s the only logical answer I can think of.

A Bug Found in Facebook Messenger App for Desktop

How was a situation where your phone suddenly called your EX on your Facebook Messenger App? That’s quite hilarious and you will be pumping in confusion and ask yourself. Who the heck called him/her? Well, that’s probably someone made the call from miles away. Yes, you probably have been hacked! Read this…

When I first read about this issue on ReasonSecurity.com I was quite indecisive and thought Messenger has desktop app? I didn’t know Facebook Messenger has an app for desktop users. Now I know. Well, anyway that’s our subject for today.

A ReasonSecurity researcher, Shai Alfasi, found bug on Facebook Messenger for desktop. This bug uses persistence method. The bug is already fixed with the latest version of the app. You just have to update your older version and you are good to go.

The bug found on the app which is available on Microsoft app store executes series of code that should not be executed. uh, Talk about bugs. This bug which can be found on the version of Messenger 460.16 which of course you can no longer use since Facebook already aware of the issue and has updated the app.

The bug results to a vulnerability and causes the app to kinda malfunction internally this gives a way to hackers to infiltrate a video call or executes resource within the Messenger code so they can run their malware. This vulnerability gives the attacker plenty of time to execute what they want to the victims Messenger app. Reasons Labs claimed they are the first to identify the bug.

The Persistence Method Bug

Persistence bug is a method in which attacker uses so he won’t lose the connection between him and the victim. He needs the time to perform and execute series of commands to the victims machine.

Researchers can easily discover this method because the only logic malware requires to be successful are the following:

  • The attacker should be able to communicate to the victims machine.
  • The attacker should be able to run his codes.
  • The attacker should be untraceable by antiviruses.

Thought most antiviruses are able to automatically remove these threat since it can detect what is going on on your system files. It monitors your files behavior and are able to pinpoint a threat.

No reports of Threat

Internet users has dramatically increased on the past months since this COVID-19 pandemic started. Facebook alone reports 70% increase on the Facebook App usages globally. Before the discovery of the bug. There are 1.3 Billion of active users in Messenger but there are no reports from users of hacking. So we can quite sure that no one are able to take advantage of it yet. And wont be able to take advantage on it since it’s already fixed.

For more details about this bug you can to the ReasonsLab website and read the article their for complete details.

Gandcrab Ransomware – Everything You Need To Know

There’s a new ransomware going around the web. Its named Gandcrab ransomware. Now, you didn’t know what is a ransomware let me tell you some brief definition of it.

What is a Ransomeware?

A ransomware just from its name “ransom” means its a crime that involves money and a hostage. Now this hostage is your files and software stored on the infected machine or PC. The victims files will get encrypted on some language that only the attacker can decryption keys. Meaning you cannot use these files because their system language has been altered to the root! If you have an image file, documents, videos, or anything these files would be unusable. And only the attacker can make it back to normal. Of course, your files are the hostage and the attacker will ask for money to get your files back normal just like this image below.

Gandcrab ransomware
A ransomware pop up on computer screen

And no, you cannot bring them back to normal on your own. Even if you hire some top-notched computer security guy. They might be albe to crack the encrpytion but it will definitely take a lengthy amount of time and I mean lengthy I mean years of non-stop decryption. Well, I guess if you are lucky they you can call an FBI-network security guy then they might be able to fix it in no time.

What is GandCrab?

GandCrab ransomware Its a ransomeware virus that attacked more than 500,000 companies worldwide since July of 2018. And just last year it has attacked Vietname and most of Asian countries.

Where GandCrab Originated?

It’s not clear where this virus originated or who made it. On my personal opinion since its been attacking most of Asian countires it should something to do with our Chinese friends.

How to get infected with GandCrab?

  • Gandcrab like most of the viruses disguised itself a legit file. Gandcrab displays as a legitimate archive file with a file name .rar it can get attached to emails and email server cannot detect it. The email containing the virus would be sent to companies employees. The victim opens the .rar file and it will start attacking the machine, encrypting everything on its sight.

How to get back the encrpyted files?

When GandCrab ransomware was opened it will start encrypting files on the victims PC and will open a window that asks for a ransom money ranges from USD400 – USD1,000. However, after the payment its not 100% sure you will get back your files.

How to prevent such attacks?

  • Since this is fairly new kind of virus. It’s very hard to detect whether its a legitimate file or not. Anti-virus software cannot even detect is as a virus. Just don’t open random files on an email that came from someone you don’t know.
  • Make sure you have anti-virus installed on your PC. Most ransomware or almost 90% or computer viruses can be detected with the help of an anti-virus software.
  • Do not open malicious looking files. Especially from unknown email address.
  • For more details on how to prevent such attacks visit this tips to avoid email scams.

Open-source Media Player: VLC Can Be Source For Hacking

With the current fast-paced technology nowadays. Lots of fun are offered on the internet for free. This entices hackers to do their crimes. Hackers will do anything to steal precious confidential personal information. One of the media players in the market that mostly used by a lot of people today is the VLC developed by VideoLAN. Their methods of hacking recently include the use of the said software. It’s an open-source program and most of all, free. Because of that, the VLC player has become a source for malware if left un-updated to newer versions.

Why Hackers Choose VLC

One of the simple reasons hackers managed to use the VLC player as a source for hacking, it’s popularity. The said player is very compatible with most Operating Systems especially Windows and Mac with over 3 billion downloads worldwide by hundreds of millions of users. Not only that, but it is now popular also to Android and iOS mobile platforms.

Because of this, hackers have made the VLC player as a developing ground for malware creation.

VLC Malware Exploitation

The first VLC malware exploit was discovered by Symeon Paraschoudis from Pen Test Partners identified the malware as CVE-2019-12874 which is a high-severity vulnerability as it was classified. It is also a double-free issue that thrives in the “zlib_decompress_extra” function of VideoLAN VLC player and gets activated when it parses a malformed MKV type of file with the Matroska demuxer.

Another researcher which is unnamed discovered the second VLC malware exploit, a high-risk flaw and called CVE-2019-5439. It is a read buffer overflow issue that resides in the “ReadFrame” function and can be activated using a malformed AVI video file.

https://www.youtube.com/watch?v=gb4O5jZuQ34

Even though the proof-of-concepts delivered by both discoverers cause a crash error, potential hackers are still able to exploit these vulnerabilities to successfully execute arbitrary code with similar privileges of the targeted users.

The trick is the attacker just needs to create a malicious MKV or AVI video file that becomes a decoy for the users to play on using the un-updated vulnerable VLC media player versions. The said trick is similar to the infamous click-bait trap which is very popular in phishing sites.

Here is an overview of the hacking process; the user plays the downloaded malicious video file through the un-updated VLC program. After that, the malware has been successfully inserted into the user’s computer system and the hacker can steal targeted information thereon.

Why VLC Malware So Dangerous

Imagine after creating this VLC malware, potential hackers can easily target thousands of users in a short span of time. It is very easy for the attacker to do this after they successfully inserted the malicious files to the targeted ones. They can attach the malicious files unmasked through the video files. In torrent sites especially for those users who like pirated copies of a newly released movie or TV series like Game of Thrones episodes. This can also be copied from one user to another and can become very viral through social media sharing sites or the like.

Actions against the VLC Malware

The VideoLAN has already announced an advisory regarding this, by having ASLR and DEP protections enabled in their laptops or PC systems. In this way, it can help mitigate the threats but developers admit that bypassing still can occur after doing these protections.

The discoverer Paraschoudis has used the “honggfuzz fuzzing” tool find this issue along with four other bugs which were also patched by the VideoLAN team just a month ago. There are also 28 other bugs that are found by other security researchers through the EU-FOSSA bug bounty program.

Tips on Countering the VLC malware:

  • It is highly recommended or a must that every user to update their VLC media player VLC to 3.0.7 or later versions.
  • Avoid opening, playing or downloading video files from untrusted or fishy third party programs or sites.
  • Get a strong Anti-virus or Antimalware program and have installed in your desktops, laptops or even mobile and tablet gadgets. Make sure that they are updated with the latest engine protection.

It is very important for users to be knowledgeable about malware and viruses. Don’t let the hackers get a chance to steal your precious confidential information like bank accounts, phone numbers, emails, and names.