You might have been the target of a malware attack without realizing it, since nothing seems to have changed on the surface. Further, you make a point of downloading your software and apps from trusted sites like Google Play. Unfortunately, there is a catch. Not all apps to be found on Google Play have been scanned properly. For example, Google removed 16 harmful (read infected) apps from its store ― but only after they had been downloaded by over 20 million Android users.
If the Battery of Your Phone Is Draining Fast …
The first clue that users get that their device has been infected with clicker trojans is when the battery of their devices begins to drain at breakneck speed. That happens when the clicker trojan browses website without your knowledge to generate counterfeit clicks and views for scamsters of phony ads, and fill their pockets. What makes the situation truly worrisome is that many of these apps are highly functional like a dictionary, high speed camera, flashlight, QR reader, currency converter, and even task managers which you would have suspected least. The full list of dubious apps that researchers of the antivirus company McAfee shared is as follows:
- High-Speed Camera (com.hantor.CozyCamera)
- Smart Task Manager (com.james.SmartTaskManager)
- Flashlight+ (kr.caramel.flash_plus)
- 달력메모장 (com.smh.memocalendar)
- K-Dictionary (com.joysoft.wordBook)
- BusanBus (com.kmshack.BusanBus)
- Flashlight+ (com.candlencom.candleprotest)
- Quick Note (com.movinapp.quicknote)
- Currency Converter (com.smartwho.SmartCurrencyConverter)
- Joycode (com.joysoft.barcode)
- EzDica (com.joysoft.ezdica)
- Instagram Profile Downloader (com.schedulezero.instapp)
- Ez Notes (com.meek.tingboard)
- 손전등 (com.candlencom.flashlite)
- 계산기 (com.doubleline.calcul)
- Flashlight+ (com.dev.imagevault)
If you have any of these apps on your phone, delete them without a second thought. Just keep in mind that even though right now all they are doing is browse websites without your knowledge or sanction; in the long run you might run into far more serious risks like identity theft, or your bank account might be cleaned out as the malware gets modified into something more vicious. Of course, not all malware are ransomware. Both malware and ransomware might be delivered via the SmokeLoader malware botnet.
Some examples of ransomware are QuiDDoss, CRYPTONITE, and Venolock. You should also verify that any software you use on any electronic device is properly licensed. If you install a pirated software even accidentally, then you run the risk of installing the Azov ransomware too.
No Substitute for Old Fashioned Caution
- You would be well advised to use circumspection when clicking on any links, especially if they come embedded in emails.
- Scrutinize the email id of the sender carefully for signals that it may not be from an authentic source.
- Never open attachments unless they come in mails from trusted/known sources.
- When you need to download any software, or install any updates, ensure that you do so only from official or trusted websites.
- Keep all software, especially the operating system (OS), updated regularly.
- Never ignore security patches released by software manufacturers, which might rectify zero day vulnerabilities.
- Ensure that you have a strong antivirus working for you.
If you still have some kind of misgivings, get in touch with our IT security experts.
Reference:
To read the McAfee blog, check it here: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-malicious-clicker-found-in-apps-installed-by-20m-users/
Watch Out for the Azov Malware
The aspect which sets the Azov malware apart from the ones which IT specialists have encountered over the years is that it wipes data 666 bytes at a time. When the first attacks were identified, there was no ransom note on how to recover lost data; only a note which advised framed certain antivirus developers. The files which do not have .exe, .dll, and .ini extensions are targeted, and the extension .azov is added on when any file is encrypted. This malware should correctly be called a destructive malware rather than a ransomware since it only destroys the data it encrypts, but there are no decryption keys to be gained in exchange for a ransom. In certain cases, you might find a ransom note in folders that Azov scans.
Need Guidance or Immediate Assistance?
We are determined to work with and for you and make your organization one of the safest business organizations to engage with for your current customers and prospective clients.
