Every year we trust our digital devices to store more of our personal information, and the Internet is becoming the backbone of the modern world. This has brought immeasurable benefits to billions of people around the world, but it has also opened up huge opportunities for those who want to harm us. Crime is no longer bound by geography — someone you’ve never met, from a country you’ve never been to, might be targeting you.
Some of the threats we were introduced to (phishing, viruses and spam) are now staples of our online lives. However, each passing year brings with it a new set of technologies, with new feats in tow. We’ve gathered together some of the most important security threats of 2017 and what you can do about them.
What is it: a worm used to download additional malware, collect banking credentials, and receive commands from a remote command and control server.
What is he doing: Pinkslipbot aims to capture and collect all financial and banking credentials through tools such as keyloggers, browser MITM attacks, and digital certificate theft. While Pinkslipbot has been around since 2007, McAfee discovered a recently updated variant in 2017. The malware was first designed to harvest credentials for online banking and other digital financial services. The new variant has been updated to act as a Trojan, a worm, and as part of a botnet. . Pinkslipbot is believed to control over 500,000 computers.
You will be affected if: Malware can be downloaded from a variety of sources, but often from malicious or compromised websites. . . Another important infection point is phishing emails. and their dangerous investments.
How to check it: Since Pinkslipbot has been around in various forms for over a decade, most modern antivirus software should be able to eliminate the threat immediately. However, if you still need confidence, McAfee has released a tool that scans for any instance of Pinkslipbot.
How to clean it up: Your antivirus should be able to remove malware once it is detected. However, the 2017 update also changes the port forwarding settings so that your computer works as part of its botnet. Your antivirus will most likely not detect these changes and they can be difficult to detect. The McAfee tool is also capable of removing malware and, if you follow the user guide, should be able to fix any port forwarding issues created by Pinkslipbot.
What is it: a malicious ad library preinstalled in a number of Android applications.
What is he doing: In the ad library is part of a malware advertising campaign. the purpose of which is to infect your device with malware and steal data. Malicious ads can install APKs on your phone without notice on older Android devices. Xavier allows you to execute code remotely, giving hackers full access to your phone. In addition, it may also collect your personal data, device brand and model, SIM card IDs, and a list of installed applications.
You will be affected if: Trend Micro identified 75 apps that were serving Xavier malicious ads on your Android phone. If you have installed any of these apps, it affects you. However, the ad library was available to any Android developer and may not have been served only by those identified by Trend Micro.
How to check it: Compare all the applications you have installed against Trend Micro’s list. Even if you managed to avoid the listed applications, there is a possibility that you have been affected. To be on the safe side, watch for any signs that your Android device is infected with malware. .
How to clean it up: Immediately remove any applications identified by Trend Micro as malicious Xavier ads. You can also remove them from the Google Play App Library so you don’t accidentally reinstall them in the future. To minimize the risk of infection be sure to read app reviews and only install apps from well-known developers.
3.OSX / Dok Malware
What it is: macOS-specific malware that can intercept and read all HTTPS traffic.
What is he doing: by abusing the developer’s signed certificate, the malware can be installed without any problems. Once installed, it replaces your system’s AppStore login with its own so that the malware runs every time you reboot your system. It then warns you that a security issue has been detected and asks for an administrator password to update. After entering the password, the malware gains administrator rights on your system. It uses this to route your internet traffic through a proxy and impersonate any website using fake security certificates.
You will be affected if: The initial infection comes from an email attachment named Document.zip . If you downloaded and tried to open it, the malware displays a fake «package corrupted» error message but copies itself to the /Users/Shared folder.
How to check it: infection occurs with an email attachment with the name Document.zip . If you tried to open this file and the script above sounds familiar, then you are probably infected. Apple has already revoked the original fake developer certificate. However, malware creators have been able to find a way around this, so the threat still exists.
How to clean it up: To remove the infection, you need to start by exiting all open applications, especially Safari. You will then need to remove the failing proxy and LaunchAgents. captures Finally, removing the fake developer certificate will rid your Mac of OSX/Dok malware. To protect yourself from infection, learn how to spot phishing emails and beware of suspicious email attachments. discover – even if they come from contacts you trust !
4. Not Petya
What it is: a strain of fast-growing ransomware that gained notoriety in 2017.
What does it do: ransomware is a particularly malicious form of malware Once your computer is infected, the malware will encrypt all your files — on your hard drive and in the cloud. encrypt your cloud can encrypt your cloud He will then demand a ransom before unlocking them. Even after payment, there is no guarantee that your files will actually be released. A similar ransomware known as WannaCry hit many government agencies and large companies around the world in mid-2017.
You will be affected if: ransomware can affect anyone if you are unlucky enough to get infected. NotPetya infects computers indiscriminately regardless of your personal circumstances. However, like all malware, there may be signs that your computer is infected.
How to test it: there is no need to check NotPetya or other ransomware, they will let you know they are there. In most cases, the attacker is not interested in your files — they ransom money.
How to clean it up: If you are infected with NotPetya (or any other form of ransomware), don’t pay the ransom . Instead, disconnect from the Internet, go back to a previous system restore point, and restore your files from a backup. To protect against ransomware, you need to take precautions in advance, such as regular backup to backup backup. Make sure all your apps and software are fully up to date and install some form of antivirus software will also play a part in protecting you.
5. Leaker Locker
What it is: ransomware for your android phone.
What is he doing: most ransomware variants infect your device, encrypt your files, and then demand a ransom to unlock them again. Instead, LeakerLocker is aimed at your Android phone’s lock screen. It collects all the data on your device and blackmails you to pay a ransom to unlock your device and prevent your data from being leaked.
You will be affected if: McAfee found LeakerLocker hiding in two specific Android apps: Wallpaper Blur HD and Booster & Cleaner Pro . Combined, these apps had about 15,000 downloads when the malware was discovered. If you have installed any of these applications, it may affect you. However, as noted earlier, the ransomware is pretty quick to let you know it’s there.
How to check it: although it was hidden in these two specific applications, there may be other points of infection that were not initially discovered. Malware running on phones Android under Android/Ransom.LeakerLocker.A! pkg . If you see it working on your device, then you have been infected with LeakerLocker.