New Android Malware Disables WiFi To Attempt Toll Fraud

There’s a new threat to be aware of if you own an android device.  Microsoft recently warned that their researchers had spotted a new toll fraud malware strain wreaking havoc in the Android ecosystem.

Toll fraud is a form of billing fraud. It is a scheme whereby bad actors attempt to trick unsuspecting victims into either calling or sending an SMS to a premium number.

In this case, however, the scheme doesn’t work over WiFi so it forces the device the user is on to connect to the mobile operator’s network.

What typically happens in a non-scam situation is that if a user wants to subscribe to paid content, they need to use WAP (Wireless Application Protocol) and they need to switch from WiFi to the mobile operator’s network.

Most of the time, the network operator will send a one-time password for the customer to confirm their choice.

The threat actors running this scam don’t do that.  The toll fraud malware makes the switch automatically and without informing the user.  In fact, it actively suppresses warnings that might alert the user to what’s going on.  The result is that the user winds up with a hefty bill for a service they didn’t even know they were signing up for.

This is accomplished via JavaScipt injection which is hardly new. Although in this case, it’s being implemented in a novel fashion and is designed to keep the whole operation as discreet as possible.

The following items happen completely under the radar:

  • Disabling the WiFi connection
  • Navigation to the subscription page and auto clicking the subscription button
  • Intercepting the one-time password in cases where one is used
  • Send the OTP code to the service provider as necessary
  • And cancelling SMS notifications

This is a tricky one to defend against, so be sure your employees are aware and on the lookout for mysterious charges on their accounts.

Android And iOS Network Protection Added With Microsoft Defender

Recently, Microsoft added a new feature for Microsoft Defender for Endpoint (MDE) which has fans of the product cheering.

Once the new “Mobile Network Protection” feature is enabled on the iOS and Android devices you want to monitor, the security platform will provide the same robust protections and notifications that your other network devices currently enjoy.

The company had this to say about the recent addition:

“As the world continues to make sense of the digital transformation, networks are becoming increasingly complex and provide a unique avenue for nefarious activity if left unattended.

To combat this, Microsoft offers a mobile network protection feature in Defender for Endpoint that helps organizations identify, assess, and remediate endpoint weaknesses with the help of robust threat intelligence.”

This new feature is part of a larger, ongoing effort by Microsoft to expand Defender for Endpoint’s capabilities and provide an umbrella of protection that extends across multiple platforms.

Given the complexities of today’s network security environment, we’re thrilled to see tech giants like Microsoft taking bold steps to help simplify, and a cross platform security solution is seen by many as being the Holy Grail of the industry.  While it’s certainly true that Defender for Endpoint isn’t that yet, it’s clear that Microsoft is interested in seeing it become that.

Again, from Microsoft:

“With this new cross-platform coverage, threat and vulnerability management capabilities now support all major device platforms across the organization – spanning workstations, servers, and mobile devices.”

In addition to this new capability, the Redmond giant has also added a feature to MDE that allows admins to “contain” unmanaged Windows devices on their network if they are compromised, or even if there’s a suspicion that they might be.  This is in a bid to keep hackers from abusing those devices and moving laterally through corporate networks.

All of this is great news indeed and if you’re not yet taking advantage of Defender for Endpoint, we recommend giving it serious consideration.

Voicemail Phishing Attacks Called Vishing Are On The Rise

While “vishing” is by no means a new threat, it’s not something that has ever happened with sufficient frequency to get most people’s attention. So, if you haven’t heard the term before, you’re not alone.

“Vishing” is short for voicemail phishing, and it is apparently on the rise based on data collected by the security firm Zscaler. Attackers are specifically targeting tech firms and US military installations.

No actual voice mails are involved, which is interesting.  What the attackers do is send emails with links that supposedly point the way to voicemail messages stored on LinkedIn, WhatsApp, or other services. The idea behind the attacks are is to trick an unsuspecting recipient into disclosing his or her Outlook or Office 365 credentials.

To make their credential capture page more convincing, the attackers have even taken to deploying a CAPTCHA system, which makes the page look just annoying enough to be legitimate.

A spokesman for Zscaler had this to say about the company’s recent discovery of the surge in vishing attacks:

“Voicemail-themed phishing campaigns continue to be a successful social engineering technique for attackers since they are able to lure the victims to open the email attachments. This combined with the usage of evasion tactics to bypass automated URL analysis solutions helps the threat actor achieve better success in stealing the users’ credentials.”

The folks at Zscaler have a point. If your employees haven’t been made aware that this kind of attack is not only possible but growing in popularity in certain sectors, make sure they know what to be on the lookout for. Kudos to the sharp-eyed folks at Zscaler for spotting the trend.

We may not be able to keep hackers from making the attempt. However, if we can warn enough people about the tricks they’re using, we can frustrate their efforts and that’s a good start.

Simple Tips For Securing Smart Device Data

Data security isn’t something that’s at the forefront of most people’s minds, but it probably should be.  These days, we use far more than just our trusty laptops and desktops to do real, meaningful work.  Most people have a plethora of devices they tap into on a regular basis and take with them wherever they go.

From smart phones to smart watches and more, the average person has no less than four different devices they can and often do use to get stuff done.

How safe are they?  Probably not as safe and secure as you’d like.

Here are some simple ways to fix that:

1 – Software Solutions

There are a number of these, but BitDefender is a solid choice.  The great thing about BitDefender is that you can hook up to fifteen different devices to it per household, and it comes with a suite of tools designed to help keep your smart devices safe.

2 – Develop Good Password Habits

Yes, it can be easy to use the same password across multiple devices and multiple web properties you use on a regular basis.

Resist the lure of easy.  Unfortunately, easy makes you a target.  Even though it’s more trouble, take the time to develop good and robust passwords. Use a different password on every device.

Here, password vaults can be your best friend because it helps automate the process and gives you less to remember.  It’s also worth employing two-factor authentication (2FA) everywhere it’s offered. Again, it adds an extra step to your logon process, but it’s time well spent for the added security it provides.

3 – Learn to Be a Savvy Email User

Don’t click on any links embedded in any email you receive, even if you think you know the sender.  The sender’s address could be spoofed.

Similarly, don’t open an email attachment unless you’ve verified that it’s legitimate and that someone you trust has sent it to you.  Phishing emails are among the most common way that hackers gain access to systems they target.  Don’t be their next victim!

These three things do take a bit of time to set up and get working but it’s time well spent, and it will make all the smart devices you rely on significantly more secure.  That’s a very good thing.

The Surprising Ways Mobile Technology Impacts Our Lives

If you grew up in the days before the internet, it’s absolutely staggering to think of all the ways that mobile technology has changed our lives (and mostly for the better).

Remember when you had to pay for long distance telephone calls?  That’s mostly a thing of the past.  In under a minute, you can install any number of messenger apps, most of which offer VOIP capabilities and make calls to just about anywhere for nothing.

Today’s youngsters might not believe this, but many of us remember a time when if we didn’t want to listen to the radio, our only musical option was to head home to our beloved record player and vinyl albums.

A bit later we got the 8-track and not long after that, the cassette tape which was later supplanted by the CD. Today, you can have access to literally millions of songs on your mobile device.  It is even better that the days of needing an entire wall devoted to your record/tape/CD collection are gone.  Every song you can imagine is digital these days.  You can even find apps that will add the “vinyl scratchiness” sound to your music if you miss it!

The same thing goes for movies.  There is no need for piles of VHS tapes or Blu-Ray discs.  Streaming services are plentiful and you can watch your favorite movies or TV shows literally anywhere that you can get a signal on your mobile device. That is, of course, virtually anywhere.

It’s not just fun and games that have changed though.  Mobile technology has forever changed how the world works, and we got to put that to the test during the Covid-19 pandemic.  Tens of millions of people fled home and worked from there, as often as not on their trusty laptop computers.

When you’re traveling for business, between your smartphone and your laptop, you can stay in constant contact with everyone you work with. You can get real, meaningful work done on the road.  That wasn’t always possible in the earliest days of the internet, but mobile devices and our internet infrastructure have come such a long way now that both are easily done.

It’s impossible to say where mobile technology will take us next, but one thing you can be sure of is that there are more benefits to be had that we haven’t even dreamed of yet.  Mobile technology has made life more convenient in almost too many ways to count!