These 28+ Android Apps with 10 Million Downloads from the Play Store Contain Malware

As many as 30 malicious Android apps with cumulative downloads of nearly 10 million have been found on the Google Play Store distributing adware. "All of them were built into various programs, including image-editing software, virtual keyboards, system tools and utilities, calling apps, wallpaper collection apps, and others," Dr.Web said in a Tuesday write-up. While masquerading as innocuous

Experts Uncover 350 Browser Extension Variants Used in ABCsoup Adware Campaign

A malicious browser extension with 350 variants is masquerading as a Google Translate add-on as part of an adware campaign targeting Russian users of Google Chrome, Opera, and Mozilla Firefox browsers. Mobile security firm Zimperium dubbed the malware family ABCsoup, stating the "extensions are installed onto a victim's machine via a Windows-based executable, bypassing most endpoint security

How to Live a Digital Life Free of Spyware

Spyware is tricky. Some types notify users that they’re monitoring activity. Others function in stealth mode and use the information they collect for nefarious purposes. Spyware is a type of software that collects data about online users and reports it to a company or an individual. What just about everyone can agree on is that anonymous browsing is looking more and more appealing and is likely the way of the future.  

Here’s more about the types of spyware, which types are legal, and how you can scrub your device and live more confidently online. 

Types of Spyware 

Here are a few types of spyware and facts about each: 

 Keyloggers 

Is it legal? Definitely not! 

What is its purpose? Criminal 

Keyloggers are the most intrusive of the spyware variations. It does exactly as its name suggests: It takes note of keyboard strokes, logs them, and reports to the owner of the nefarious software. Once the cybercriminal has digitally looked over your shoulder at your online activity, they make note of your passwords, walk into your online accounts, and pilfer your private personal information. They could use this information to gain entry to your online bank accounts or steal your identity. 

Keyloggers are downloaded onto devices (cellphones, tablets, laptops, or desktop computers) without the user’s knowledge. Cybercriminals can hide them within email attachments or in malicious web pages. So, the best way to steer clear of keyloggers is to never download attachments you’re unsure about and don’t visit sites that seem unprofessional. One rule of thumb is to mostly stick to URLs that begin with https and include a lock icon. These sites are almost always secure. 

To determine if your device is infected with a keylogger, check your system’s performance. Is your device running slowly? See if there are any spikes in activity or unknown programs running in the background. This could indicate that your device is hosting a malicious program. 

Adware 

Is it legal? Sometimes 

What is its purpose? Advertising and criminal 

Adware is categorized as a type of spyware. It tracks users’ online activity and spits out targeted pop-up advertisements. If you have the pop-up blocker enabled on your browser, you’ll likely be spared from the annoyance. Additionally, pop-ups can slow your device, so that’s another reason to turn on the pop-up blocking feature. Legitimate adware often asks users to opt into targeted ads. 

Adware turns malicious (and illegal) when it contains malware. Sometimes cyber criminals hide malware within pop-ups. It’s easy to accidentally hit a link within a pop-up when you’re aiming quickly for the X to close it. 

It’s easy to spot a device with an adware infestation. First, the number of pop-ups will be out of control. Also, the device will crash often, run very slowly, and have a short battery life. An antivirus program will likely be able to identify and remove the culprit. You can also check out your system monitor and end tasks that are draining your device’s power. 

Cookies 

Is it legal? Yes 

What is its purpose? Advertising 

Cookies are delicious, especially to advertisers who use them to better target ads and make profits selling collected user data to third-party companies. Cookies are sometimes categorized as spyware, because they log the websites you visit and report them. You may notice the banners on websites that ask you to accept cookies. 

Many users today are uneasy with sharing their online activity with strangers and advertisers. Sometimes the ads that pop up on your social media feed or in sidebars seem a little too targeted and it feels like someone is listening in to your conversations and attempting to make a profit from them. 

How to Browse Free of Spyware 

To scrub cybercriminals from your devices and confuse advertisers, consider the following steps you can easily add to your daily routine: 

1. Clear your cache periodically. This is a quick way to delete all the cookies from your device. It also helps if your device is running slowly. Clearing your cache deletes your browsing history, meaning that you won’t be able to type in your usual shortcuts to your most-visited sites and the browser won’t automatically auto-fill the rest of the URL or remember your passwords. Consider making bookmarks of your favorite sites for quick access and entrust your passwords to a password manager that will remember them for you. 
2. Know how to spot phishing attempts. Cybercriminals often hide their spyware within phishing texts and emails, so it’s key to know how to spot them. Phishers trick users into acting quickly, either through scare tactics or fake exciting news, to download attachments or give up personal information. Luckily, phishing attempts usually aren’t too difficult to identify and delete immediately. Did you enter a contest lately? No? Then why would someone get in touch saying you’re a winner? Also, phishing messages are often full of typos and poor grammar. Before you click any links in an email, hover your cursor over it to see where the URL will take you. If it has typos, is filled with a long string of letters or numbers, or doesn’t match the site the message says it’ll redirect you to, delete it. 
3. Browse in incognito mode. Browser sallow users to toggle incognito mode to use the internet anonymously. Once users exit incognito mode, all of their browsing history and the cookies collected during the session are deleted. Incognito mode, though effective against cookies, does not combat keyloggers or aggressive adware.  
4. Use a VPN. A virtual private network (VPN) is even more secure than incognito mode. It completely scrambles your online data, making it impossible for a spy to hack into your device if you’re connected to a public wi-fi network. A VPN doesn’t stop cookies, but the geographic information they report may be incorrect. 
5. Sign up for antivirus software. A comprehensive online protection software suite that includes antivirus software, such as McAfee Total Protection, can boost your confidence in your online safety. It can scan your phone, tablet, or computer for viruses or malware and automatically logs you into a VPN for secure browsing. 

The post How to Live a Digital Life Free of Spyware appeared first on McAfee Blog.

5 Ways to Protect Your Online Privacy

When you open your laptop or your mobile device, what is the first thing you do? Do you head to your favorite social media site to skim the latest news, or do you place your weekly grocery delivery order? No matter what your daily online habits are, even the slightest degree of caution can go a long way in staying secure online.  

That’s because hackers are experts at hiding malware in your everyday online routines, or even infiltrating your cookies to steal login information and learn about your personal preferences.  

According to a StatsCan Canadian internet use survey, six out of ten internet users reported experiencing a cybersecurity incident. There are many hoops to jump through when navigating the digital landscape. By taking the necessary steps to remedy vulnerabilities in your digital activity, you can dramatically improve your online protection.  

Three online threats to watch out for  

Cybercriminals take advantage of online users through routine avenues you would not expect. Here are three common ways that cybercriminals eavesdrop on online users.  

1.  Adware  

Adware, or advertising-supported software, generates ads in the user interface of a person’s device. Adware is most often used to generate revenue for the developer by targeting unsuspecting online users with personalized ads paid by third parties. These third parties usually pay per view, click, or application installation.   

Though not always malicious, adware crosses into dangerous territory when it is downloaded without a user’s consent and has nefarious intent. In this case, the adware becomes known as a potentially unwanted application (PUA) that can remain undetected on users’ devices for long periods of time. According to a report by the Cybersecure Policy Exchange, an unintentionally installed or downloaded computer virus or piece of malware is one of the top five cybercrimes that Canadians experience. The PUA can then create issues like frequent crashes and slow performance.   

Users unknowingly download adware onto their device when they download a free ad-supported program or visit a non-secure site that does not use the Hypertext Transfer Protocol Secure (HTTPS) to encrypt online communication.   

2.  Malvertising  

Hackers also use invasive tactics known as ad injections, where they inject ads with malicious code for increased monetary gain. This is a practice known as “malvertising.” If a user clicks on a seemingly legitimate and well-placed ad, they risk exposing themselves to numerous online threats. These ads can be infected with malware such as viruses or spyware. For example, hackers can exploit browser vulnerabilities to download malware, steal information about the device system, and gain control over its operations. Hackers can also use malvertising to run fraudulent tech support scams, steal cookie data, or sell information to third-party ad networks.  

3.  Autofill  

Another vulnerability that many may not realize is their browser’s built-in autofill functions. As tempting as it is to use your browser’s autofill function to populate a long form, this shortcut may not be safe. Cybercriminals have found ways to capture credentials by inserting fake login boxes onto a web page that users cannot see. So, when you accept the option to autofill your username and password, you are also populating these fake boxes.   

Tips for rethinking your online habits  

Take a proactive approach to your digital protection the next time you are browsing the internet by reassessing your online habits. Check out these five tips to ensure you are staying as safe as possible online.  

1.  Clear your cookies on your browser  

Cookie data can contain anything from login information to credit card numbers. Cybercriminals looking to exploit this information can hijack browser sessions to pose as legitimate users and steal cookies as they travel across networks and servers. As a result, it is essential for online users to regularly clear out their cookies to better protect their information from falling into the wrong hands. Navigate to your browser’s history, where you can wipe the data associated with each browser session, including your cookies.   

2.  Use a reliable password manager  

Clearing your browser’s cookie data will also remove your saved logins, which is why leveraging a password manager can make it easier to access regularly visited online accounts.   

Many browsers come with a built-in password generator and manager; however, it is better to entrust your logins and password to a reputable password manager. Browser password managers are not as secure as password managers, because anyone who has access to your device will also access your online information. A password manager,  provides a more secure solution since it requires you to log in with a separate master password. A password manager also works across various browsers and can generate stronger passwords than those created by your browser.   

3.  Adjust browser privacy settings  

In addition to clearing cookie data, users should adjust their browser settings to ensure their online sessions remain private.   

Another option is to access the internet in Private Browsing Mode to automatically block third-party tracking, making it a quick and easy option to ensure private browsing. Users can also enable the “do not track” function of their browser to prevent third-party tracking by advertisers and websites. Additionally, you can adjust your browser settings to block pop-up ads and control site permissions, such as access to cameras and locations.   

4.  Use an ad blocker  

Ad blockers suppress unwanted and potentially malicious ads to ensure a safer browsing experience. Ad blockers can also make it easier to view page layout by removing distracting ads and optimizing page load speed. Additionally, they prevent websites from tracking your information that third parties can sell.  

5.  Leverage a reputable security solution   

Deploying a security solution like McAfee+ Ultimate ensures the safest internet browsing experience through a holistic approach for threat detection, protection, and remediation. Equipped with a password manager, antivirus software, and firewall protection, users can effectively sidestep online threats while browsing the internet. Moreover, it includes comprehensive privacy and identity protection, such as our Personal Data Cleanup, dark web monitoring, credit monitoring, along with ways you can quickly Lock or freeze your credit file to help prevent accounts from being opened in your name. 

Take action to ensure safe browsing  

Your online behavior can say a lot about you so make sure you safeguard your internet protection. Whether it is through malvertising or invisible forms, hackers can glean information to paint a picture of who you are to target you through deceptive tactics. Cybercriminals are always looking for vulnerabilities which is why assessing your online habits sooner rather than later is a critical first step to smarter online browsing.  

The post 5 Ways to Protect Your Online Privacy appeared first on McAfee Blog.