News  General
News  General
Facebook color changer malware

Facebook smartphone users warned

Users are being warned to avoid a new Facebook app claiming to allow them to change their profile page header and color. Victims are tricked into downloading the app which then directs them to a phishing website, which then takes advantage of a weakness in the way Facebook handles its app pages. More than 10,000 users have already been hit, experts from internet security firm Cheeta Mobile warned.

The app is called "Facebook color changer" and when activated allows the hackers full access to the victims Facebook contacts, profile and accounts. It is slightly unusual, and particularly sneaky, in that when first run it directs the users to a video supposedly showing how the color change function works. What the users don't realize, however, is that whilst watching this video, the hackers are actually rummaging through their Facebook account.

News  General
Phone app password fraud hits financial institutions

Global financial targets

A report this week revealed over 30 financial institutions spread over 6 countries have been hit by sophisticated malware on their smartphones. The attack convinces its victims to reveal their account details and passwords to the bad guys, even though the institutions make use of 2-factor authentication mechanisms. This is achieved by the fall-back system the bank uses which involves an SMS being sent - and where SMS's are used, smartphones - and in particular smartphone virus apps working in conjunction with other attack vectors - can be too.


Trend Micro Inc.have dubbed the attack "emmental" with a wry nod to the famous swiss cheese. Suspected to originate in Romania, institutions in Austria, Sweden, Switzerland and Japan have all been attacked, with damages totalling several millions of dollars, said Trend Micro Chief Cybersecurity Officer Tom Kellermann. Suprisingly, there is a fairly low-tech aspect to part of the attack - an email is sent with an attachment which, when opened, secretly sets up the victims PC to visit fake versions of selected banks when they later use their browsers. Then, at this later point, they see what appears to be their real bank and supply their user credentials such as their account number and passwords. The bad guys then not only harvest these but also prompt them to download an app which is in fact a smartphone virus. Thinking it is legitimate since it seems to come from a trusted source, the users follow through with this and the perpetrators then have access to their smartphone details.

Full details...

News  General
The Dark side of BitCoin

Why BitCoin?

There's no escaping it - BitCoin is everywhere now. You can't move for internet stories of how it's being used for both good, such as a powerful global currency outside of any central control, and evil such as the drug dealers on SilkRoad. This "anonymous" aspect hasn't escaped the attention of malware authors, and we're seeing the first viruses - and even warnings of a smartphone virus - which insists the victim pay using BitCoins for this very reason. Ouch.


Yes and No. Whilst it should be obvious BitCoin is less traceable than a direct bank account transfer, it's a popular myth that it's totally anonymous. Technically, it is until there is a transaction - i.e. no one can just go and look into someones account without their knowledge or permission, but if they could access the identity of a party in a BitCoin transaction it might be possible to reconstruct the chain and analyse more. The term identity is a technical one BitCoin uses as part of the transaction process - it encourages users to change it each time to minimize this risk. More is explained on the BitCoin Anonymity page - but its a fair bet anyone considering using it for the nasty stuff will certainly be aware of how to hide their tracks this, and other ways.

News  General
Android virus

A decade after Cabir infected Symbian handsets

Everyone nowadays is (or should be!) as cautious when it comes to installing new apps in their smartphones as they are when it comes to installing software to their PCs. However, this wasn't always the case. Those with long memories might remember the days when the term "smartphone" itself was new, and those which could even connect to the internet were few and far between.

Downloadable software

It didn't take the bad guys long to figure out these new devices could run malware - and the users would be virtually powerless to guard against it at that time since there was no such thing as as smartphone virus. Cabir, aimed at Nokia Series 60 Symbian handsets, spread via Bluetooth. It was capable of infecting any similar device which came within range - in fact the biggest outbreak was during the Helsinki Athletics World Cup.