Instagram hacking on the rise with need for more followers.

insta

Instagram users have been the target of several new credential stealers, appearing on Google Play as tools for either managing or boosting the number of Instagram followers.

Under the detection name Android/Spy.Inazigram, 13 malicious applications were discovered in the official Google Play store. The apps were phishing for Instagram credentials and sending them to a remote server. Altogether, the malicious apps have been installed by up to 1.5 million users. Upon ESET’s notification, all 13 apps were removed from the store.

All the malicious app seem to be using the same technique in their operation. They operate by harvesting Instagram credentials and sending them to a remote server. Ironically instead of their own boosting, these users accounts end up being used to increase followers for other people.

Graphic2

The question is what happens to stolen credentials? Apart from an opportunity to use compromised accounts for spreading spam and ads, there are also various “business models” in which the most valuable assets are followers, likes and comments.

In our research, we’ve traced the servers to which the credentials are sent off and connected these to websites selling various bundles of Instagram popularity boosters.

The scheme below explains how it works:

ig_credential_stealers_scheme_final-768x801

 

There are several measures you need to put in place to ensure that you are protected.

  • If you’ve downloaded one of these apps, you will find one of its icons under your installed applications. to clean your device, uninstall the above mentioned apps found in your Application manager or use a reliable mobile security solution to remove the threats for you.
  • Change your Instagram password immediately you notice from Instagram about someone attempting to log into your account to secure your account. In case you use the same password across multiple platforms, change these as well as malware authors are known to access other web services using the stolen credentials, you are advised to use a different password on each of your accounts.
  • Also avoid putting sensitive information to these third party apps.
  • Have an up to date antivirus to protect and control the download of third party apps for example ESET that has help in blocking of these malicious apps.

Credits: welivesecurity

 

 

 

GMAIL PHISHING ATTACKS ON THE RISE

gmail-phishing-scamIn the past years, hacking and phishing has evolved to a whole new level. This leaves us wondering will you know you are being hacked or even if it’s just a scam that can cost you loads? Today if you were to receive a scam email, how confident are you that you would not open or download any attachments?

According to previous reports, 40% of fraudulent e-mails are opened and attachments downloaded. The numbers may seem small and harmless but in the world of e-mail open rates, that is poisonous. On this note, it is scary that Gmail phishing is on the rise since it is going beyond bounds to effectively trick users.

maxresdefaultHow it works

The new tactics are so good that the e-mail will not fall under the scam folder. This is why Gmail scams are affecting many victims. First and foremost, it all begins by receiving an e-mail from someone you know and maybe trust. Someone that may have been hacked and account stolen. The email contains information that looks familiar.

This familiarity of the details makes you open the email and even download the attachments. At one look everything looks legitimate to you. When downloading or previewing the attachments, it will take you to a Gmail login page that looks so real with no grammatical errors or even unrelated images and the graphics are perfect. The only error would be in the URL but who checks when the rest is fine? At the start of the URL, you’ll see “data:text/” and yet it should not exist. You may also see a green lock symbol at the start of the URL if you are using Chrome.12

For the many who do not take note of the above, just quickly sign in and once the submission of your credentials is successful, everything is over and you know become the victim with your email being used to scam others. With your account in the hand of the hacker, they are now poisoned to compromise your personal and professional life and that may just be the beginning.

This does not happen only to Gmail users. Everyone is in danger. It only takes one to be naïve and lack legitimate and proper antivirus software that would have noted the phishing emails and the fake redirected cite. ESET products have the sole purpose of protecting you against this situations, whether on your mobile phone or tablet or computer. Enjoy safer technology today with ESET.

IMG_20170227_170302

 

 

GOLDEN EYE RANSOMWARE ATTACK

wannacryIn the recent past, a ransomware known as WannaCry was detected  by ESET as Win32/Filecoder.WannaCryptor.D . WannaCry also was known as WannaCrypt or Wanna Decryptor has had effects on PCs all over the world. It estimated that the ransomware had affected over 50 countries since May of this year. However an what is termed as an advanced version of Wannacry was detected a few days ago by  ESET as Win32/Diskcoder.C Trojan. The ransomware is called Petya or The Golden Eye

 

goldenThe Petya malware attacks a computer’s MBR (master boot record), a key part of the startup system. If the malware successfully infects the MBR, (master boot record), it will encrypt the whole drive itself. The computer user then receives a message that the files have been encrypted, with a demand that a ransom be paid to release them.

 

 

induThe ransomware targets from industries to financial institutions, individual users, healthcare and governmental agencies. These not only resulted in the valuable loss of sensitive data but also abrupt crippling of businesses. Hence, users need to take utmost precaution to find all possible vulnerabilities in their network and use patch updates to safeguard any probable exploit.

ESET has however made this a story not to worry about anymore. With the Ransomware Shield, Network Attack Protection, and Cloud Malware Protection Systems, ESET ensures that there is use multilayered malware prevention and detection to keep criminals from holding your data hostage. It also prevents spread of ransomware by protecting against vulnerabilities for which a patch has not yet been released or deployed and analyzes submitted malware and provides results to endpoints without requiring an update.

protect                                                                   How to protect yourself with  ESET from Petya

ESET, Proven, Trusted and Tested.

 eset petya

 

 

 

 

.