News

Scary movies are great. Scary mobile threats, not so much. 

Ghosts, killer clowns, and the creatures can stir up all sorts of heebie-jeebies. The fun kind. Yet mobile threats like spyware, living dead apps, and botnets can conjure up all kinds of trouble. 

Let’s get a rundown on the top mobile threats — then look at how you can banish them from your phone. 

“I Know What You Did Because of Spyware” 

Spyware is a type of malware that lurks in the shadows of your trusted device, collecting information around your browsing habits, personal information and more. Your private information is then sent to third parties, without your knowledge. Spooky stuff. 

“Dawn of the Dead Apps” 

Think haunted graveyards only exist in horror movies? Think again! Old apps lying dormant on your phones are like app graveyards, Many of these older apps may no longer be supported by Google or Apple stores. Lying there un-updated, these apps might harbor vulnerabilities. And that can infect your device with malware or leak your data to a third party. 

“Bone Chilling Botnets” 

Think “Invasion of the Body Snatchers,” but on your mobile device. What is a botnet you ask? When malware infiltrates a mobile device (like through a sketchy app) the device becomes a “bot.” This bot becomes one in an army of thousands of infected internet-connected devices. From there, they spread viruses, generate spam, and commit sorts of cybercrime.  Most mobile device users aren’t even aware that their gadgets are compromised, which is why protecting your device before an attack is so important. 

“Malicious Click or Treat” 

Clicking links and mobile devices go together like Frankenstein and his bride. Which is why ad and click fraud through mobile devices is becoming more prevalent for cybercriminals. Whether through a phishing campaign or malicious apps, hackers can gain access to your device and your private information. Always remember to click with caution. 

“IoT Follows” 

The Internet of Things (IoT) has quickly become a staple in our everyday lives, and hackers are always ready to target easy prey. Most IoT devices connect to mobile devices, so if a hacker can gain access to your smartphone, they can infiltrate your connected devices as well. Or vice versa. 

Six steps for a safer smartphone

1) Avoid third-party app stores. Unlike Google Play and Apple’s App Store, which have measures in place to review and vet apps to help ensure that they are safe and secure, third-party sites may very well not. Further, some third-party sites may intentionally host malicious apps as part of a broader scam.  

Granted, hackers have found ways to work around Google and Apple’s review process, yet the chances of downloading a safe app from them are far greater than anywhere else. Further, both Google and Apple are quick to remove malicious apps once discovered, making their stores that much safer. 

2) Review with a critical eye. As with so many attacks, hackers rely on people clicking links or tapping “download” without a second thought. Before you download, take time to do some quick research. That may uncover some signs that the app is malicious. Check out the developer—have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps may have only a handful of (phony) five-star reviews.  

Lastly, look for typos and poor grammar in both the app description and screenshots. They could be a sign that a hacker slapped the app together and quickly deployed it. 

3) Go with a strong recommendation. Yet better than combing through user reviews yourself is getting a recommendation from a trusted source, like a well-known publication or from app store editors themselves. In this case, much of the vetting work has been done for you by an established reviewer. A quick online search like “best fitness apps” or “best apps for travelers” should turn up articles from legitimate sites that can suggest good options and describe them in detail before you download. 

4) Keep an eye on app permissions. Another way hackers weasel their way into your device is by getting permission to access things like your location, contacts, and photos—and they’ll use sketchy apps to do it. (Consider the long-running free flashlight app scams mentioned above that requested up to more than 70 different permissions, such as the right to record audio, and video, and access contacts.

So check and see what permissions the app is requesting. If it’s asking for way more than you bargained for, like a simple game wanting access to your camera or microphone, it may be a scam. Delete the app and find a legitimate one that doesn’t ask for invasive permissions like that. If you’re curious about permissions for apps that are already on your phone, iPhone users can learn how to allow or revoke app permission here, and Android can do the same here. 

5) Get scam protection. Plenty of scams find your phone by way of sketchy links sent in texts, messages, and emails. Our Text Scam Detector can block them before they do you any harm. And if you tap that link by mistake, Scam Protection still blocks it. 

6) Protect your smartphone with security software. With all that we do on our phones, it’s important to get security software installed on them, just like we install it on our computers and laptops. Whether you go with comprehensive security software that protects all of your devices or pick up an app in Google Play or Apple’s App Store, you’ll have malware, web, and device security that’ll help you stay safe on your phone.  

 

The post The Top 5 Scariest Mobile Threats appeared first on McAfee Blog.

Civil society and journalists’ organizations in Europe ask the EU to take steps to regulate spyware technologies

Researchers say password reset attacks have grown fourfold in the last year and one in four password reset attempts are fraudulent

Searchlight Cyber observed a 56% rise in active ransomware groups in H1 2024, demonstrating the growing fragmentation of the ransomware landscape

A variant of the WikiLoader malware was observed being delivered via SEO poisoning and spoofing Palo Alto Networks’ GlobalProtect VPN software

Three British men are facing jail after pleading guilty to running an MFA bypass site dubbed “OTP Agency”

London’s transport body, TfL, is playing down the impact of a cybersecurity incident on its services

The NSA’s “National Cryptographic School Television Catalogue” from 1991 lists about 600 COMSEC and SIGINT training videos.

There are a bunch explaining the operations of various cryptographic equipment, and a few code words I have never heard of before.

As the back-to-school season approaches, equipping children with the tools and knowledge to navigate social media safely is crucial. In today’s digital age, social media plays a significant role in the lives of kids, offering both opportunities and challenges. Over 93% of teens in the U.S. use social media, and 68% of pre-teens also use social media. 

From connecting with friends to showcasing their interests, social platforms offer many opportunities for self-expression and engagement. However, alongside the benefits come potential risks. How can parents be social media-savvy and help their kids stay safe on social media and empower them to proactively manage their digital footprints? 

Tips for Managing Digital Footprints 

Digital footprints represent the traces of online activity individuals leave behind, which can significantly influence their online reputation and future prospects. Parents play a vital role in educating their children about the significance of being mindful of their online sharing and the potential consequences of their digital actions. By instilling awareness and responsibility in their children regarding their online presence, parents empower them to navigate the digital world more effectively and responsibly. 

To proactively manage their digital footprints, parents and kids can: 

• Initiate regular audits: Encourage your child to periodically review their social media profiles to ensure that the content aligns with their values and desired image. By doing so, they can maintain a positive online persona while identifying and removing any inappropriate or outdated posts. 

• Limit profile information: Discuss the significance of profile information with your child, emphasizing the importance of discretion when sharing personal details. Consider whether using a real name and photo is necessary or if an avatar provides sufficient anonymity and protection. 

• Long-term impact awareness: Foster discussions about the long-term consequences of their online actions. Help your child recognize that their digital footprint can influence future opportunities and relationships, emphasizing the importance of responsible behavior and thoughtful decision-making online. 

Tips for Safeguarding a Child’s Online Presence

Additionally, as a parent, you can take proactive measures to safeguard your child’s digital presence by implementing the following strategies: 

• Maximize privacy settings: Navigating privacy settings on social media platforms can be daunting, but parents can help their children understand and customize these settings according to their preferences. Tools like McAfee’s Social Privacy Manager simplify the process, allowing users to adjust over 100 privacy settings across multiple social media accounts effortlessly. By utilizing such tools, individuals can ensure that their personal information is only accessible to the intended audience, enhancing their online safety and privacy. 

• Enable multi-factor authentication: Strengthen account security by enabling multi-factor authentication, requiring additional verification steps beyond the password to prevent unauthorized access. 

• Mindful tagging and location sharing: Teach your child about the potential implications of tagging and geo-location features. Help your child disable geotagging features on their social media posts to prevent others from tracking their exact location. Encourage them to review photos for geotags and remove them when necessary to safeguard their privacy. 

As students prepare to return to school, it’s essential to have conversations about safe social media practices. By understanding the importance of managing digital footprints, controlling privacy settings, and maintaining a positive online reputation, kids can navigate social media safely and responsibly. By working together, parents can empower kids to thrive in the digital age while protecting their online identity.  

The post A Guide for Parents to Help Kids Navigate Social Media Safely appeared first on McAfee Blog.

An old but persistent email scam known as “sextortion” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in a bid to make threats about publishing the videos more frightening and convincing.

This week, several readers reported receiving sextortion emails that addressed them by name and included images of their street or front yard that were apparently lifted from an online mapping application such as Google Maps.

The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all of your contacts unless you pay a Bitcoin ransom. In this case, the demand is just shy of $2,000, payable by scanning a QR code embedded in the email.

Following a salutation that includes the recipient’s full name, the start of the message reads, “Is visiting [recipient’s street address] a more convenient way to contact if you don’t take action. Nice location btw.” Below that is the photo of the recipient’s street address.

The message tells people they have 24 hours to pay up, or else their embarrassing videos will be released to all of their contacts, friends and family members.

“Don’t even think about replying to this, it’s pointless,” the message concludes. “I don’t make mistakes, [recipient’s name]. If I notice that you’ve shared or discussed this email with someone else, your shitty video will instantly start getting sent to your contacts.”

The remaining sections of the two-page sextortion message (which arrives as a PDF attachment) are fairly formulaic and include thematic elements seen in most previous sextortion waves. Those include claims that the extortionist has installed malware on your computer (in this case the scammer claims the spyware is called “Pegasus,” and that they are watching everything you do on your machine).

Previous innovations in sextortion customization involved sending emails that included at least one password they had previously used at an account online that was tied to their email address.