So let me start off by saying Happy Anniversary. Okay, that’s sarcastic, because for the IT service world, this one is nothing to celebrate. It’s WannaCry’s second anniversary. Did we learn?
So let’s turn back time. On May 13, 2017, The WannaCry virus spread globally like a raging wildfire. But great Britain got the worst of it. It almost shut down hospitals, transportation, and governments. Some hackers took over user’s files and other sensitive info. However, they didn’t demand cash. Instead, they demanded cryptocurrency, like Bitcoin. There was also a lot of blame to go around. Some blamed the NSA. But in actually, a North Korean hacking group used NSA documents and they launched the attack. In fact, they even used NSA backdoor Double Pulsar, to deliver WannaCry to the world.
So why do I talk about this cyber attack two years later? Because look at the impact it had. Back in 2017, there was already little trust for the NSA or the IT support world. Then WannaCry came along and made many of us even more cynical. Here’s an example. Microsoft released patches to fight the attacks. But people were slow to patch these systems. Political leaders called out the NSA on the damage it caused.
The WannaCry virus caused over $2 billion in damage. Also, nobody was indicted or anything. So why do I talk about this? Because today 1.7 million Internet endpoints that are still venerable. And guess where the most venerable devices are? You guessed it, right here in the USA. The WannaCry is mostly contained, it still causes problems. One thing I remember is that it targeted systems still using Windows XP, a system Microsoft stopped supporting years ago. They got hit really bad. So the next time a computer repair expert says to stop using certain software, will you at least consider it? It’s WannaCry’s second anniversary. What did we learn?
So for many years, a weakness of Android has been security. In fact, stat after stat says their cyber security is weaker than rival Apple’s. But now, there are over two billion Android smartphones out there. I have one myself, so do many others in IT?service. That’s why Android fights dangerous apps and security threats.
So I read some interesting numbers today. They even gave an annual report of their security. Now, 0.o4% of Google’s apps are potentially harmful. That’s comparing to 0.02% just two years ago. But don’t panic. It doubled in the last two years because Google is doing a better job finding and tracking the dangerous apps. We can thank certain API’s (application programming interface). They add extra layers of privacy. There is also a built-in malware scanner. There are stronger attempts at keeping non-Google Play store apps out of Androids. That is where many of the problems seem to come from. Even the chances of getting a malicious app is less. For example, in 2017, there is a 0.56% chance you will download a bad app. But today, there is a 0.45% chance your Android will get a bad app.
Let’s keep in mind not all malicious apps will rob you financially. Some will. But other bad apps just invade your privacy. In some ways, that is even worse. This is why Android fights dangerous apps. And they’re doing a better job of it. But we in computer repair have to tell Apple users all the time: You’re not immune. Over the past few years in computer repair, many an Apple user got hit by malware and other dangers. And it shocks them. So just because you don’t have a Droid, it doesn’t mean you’re totally safe. Even iPhones are venerable. What can both Droid and Apple users do to be safe?
So for almost a month, cyber security company Cisco warned about the VPNFilter malware. If it gets on your router, then it can stop it from working, maybe even permanently. The IT service term is ‘bricking’. The FBI urges people to restart routers to fight malware.
So here is what we know. The VPNFilter came from Russia. The original target was Ukraine, in response to the conflict between those two nations. But Ukraine isn’t the only victim. In fact, over 500,000 routers in over 50 countries are affected. This includes the United States. This malware also has the power to spy on you, even during your most private moments. Then it can steal your sensitive information too. No routing maker is immune: Netgear, Asus, D-Link, Linksys, Mikrotik. Here is a list of specific routers that are in danger.
So what do we do about it? This is why the FBI urges people to restart routers. All you have to do is unplug your router. Leave it for 10 seconds, maybe even a few seconds longer. Then plug it back in. If your router is on the list, then do this immediately! Cyber experts also suggest you update your router’s firmware and change your router’s passwords. Remember, the harder they are, the harder hackers can break into them.
But now, I’d like to ask some questions? How does a malware they use to fight a national conflict spread all around the world? How did it cause a potential crisis? Why would they send it worldwide, if they meant it to be a fighting tool between two nations? These are questions I can’t answer. Some say they used the VPNFilter in the 2016 election to influence the results. But let’s not open up that can of worms again. But if you need help with routers issues, our pc repairs team can help. What questions do you have about this?
So do you remember the 2014 movie The Interview? It caused so much controversy they had to take it off many theaters. In fact, NK dictator Kim Jung Un threaten havoc. But four years later, they’re still retaking havoc. This is the new North Korean malware: consumer alert.
According to the FBI and Homeland Security, North Korean hackers are using remote access tools to steal passwords and other important data. Furthermore, North Korea did this since 2009 and continue to do so in 2018. They’re biggest targets are media, pop culture, and financial sectors. Jonap, one of the tools, can carry hackers’ commands. Then, it infects a system already weak by other malware. Users get hit when they visit infected sites or open malicious emails and attachments.
And the new North Korean malware isn’t just hitting US sites. Jonap is affecting 87 other nations from around the world. Then there is Brambul. Brambul is a worm they put on by dropping malware. After this, it gets IP addresses. Then, they get illegal access to your system. If that isn’t enough, they’ll make up their own IP addresses. These fake addresses help them carry out more attacks. Now, they have IP addresses, usernames, passwords, emails, and all the other sensitive information they need.
For the IT support community to find, or even deter, North Korea’s hackers is going to be hard. First of all, they’re hard to find. Then, look at their twisted cause. Keep in mind only a small percentage of the North Korean people even have online access. Also keep in mind there are less than three million smartphones in North Korea. However, their population is around 30 million. So who in North Korea is doing these hacks? Who in North Korea gives the international IT service community such a headache? Could a select handful people under North Korean dictator Kim Jong Un’s orders be behind this?
So did Android recently ship a smartphone to you? Then you better go and check it. This isn’t a riddle or joke, but this is a consumer alert. Android unknowingly ships low cost phones.
So according to Avast, these low cost shipped phones have a malware they call Cosiloon. It hides behind ads to trick users into downloading apps they don’t want or need. The kinds of phones in question are ZTE, Archos and myPhone. The Anddrpod has dropper and payload. Dropper is a Trojan that installs malware to a certain target. Then there is payload, the malware part that actually does the dirty work.
But in this case, Avast sees the dropper with two names: Crash Service and Ime Mess. They connect to a website that hackers, not you, want to instill on your phone. Furthermore, once dropper gets on your smartphone, it’s not easy to remove. Because it installs apps through unencrypted HTTP wothout the users’ knowledge or approval. Therefore, there is no way the user can remove the dropper nor payload by him/herself. Because it’s a system app and it’s part of your firmware. In other words, it’s at the core of your machine. Our techs at and near our Boston computer service shop can do it, but that’s another story.
Keep in mind the title. Android unknowingly ships low cost phones. I’m happy they’re at least doing something something about it.? That’s another thing. Our clients often ask, “What is the best way to protect my machine from harm?”. Our IT support experts almost always tell them to use Avast. And here again, Avast proves why we tell them that. Avast is finding and removing these droppers and payloads. In fact, Avast gives instructions on how to take out the dropper on their blog. So once again, we highly recommend Avast. It’s the top anti-virus protection that keeps systems safe. No, they don’t pay us to say it. We say it because it works. But if you don’t have Avast, get some sort of protection. What else can we do to keep safe?
So for years, we know Android products are venerable to malware. It’s a little better now, but the threat is making a comeback. Android malware is back: the new threat.
Because in the last few days, cyber security company Symantec found not one, but seven different rouge apps. We all thought these fake apps were gone. However, they just got a new publisher. Also, the fake apps are just changing names. Furthermore, these dangerous apps pretended to be productive and even use Google’s imagery in order to hide their real cause. They pretend to be legit. In fact, they even look friendly enough. But in reality, all they want to do is promote scams and infect malware to our devices.
There is good news here. Google took these fake apps down. But they still don’t know how these bad apps got through in the first place. This is especially troublesome after they worked months to make Android products malware free. Or should I say, to make them more malware free. Plus, this kind of malware slipped into Google Play. That’s even more alarming because this rarely happens to Google Play. Yes, malware sneaks in there once in a while. But rarely does it come back as a new strain of malware. In most cases, it shouldn’t be as easy as a name change. But that’s what happened here.
Did I title this blog wrong saying Android malware is back? Should I say, “Android malware never left”? Because not just here, but in IT support in general, we see this a lot. For example, we treat a malware threat. But a year or two later, that same threats comes back because hackers come up with a new way to threaten your computer. It is one of the biggest reasons we have laptops fixed. If Android malware threatened your computer, what would you do?
