Collaborate Disseminate
The Ai.type app was removed from Google Play in June 2019 – but still remains on millions of Android devices and is still available from other Android marketplaces, researchers warn. Continue reading Android Keyboard App Could Swindle 40M Users Out of Millions
It’s only been a week weeks since a researcher released an iOS exploit that could allow outsiders to jailbreak an iPhone, but scammers already are leveraging the tool to try commandeer victims’ phones. Last month, a researcher known as @axi0mx published checkm8, a series of technical instructions that enable users to remove restrictions imposed on their iPhone by Apple or telecommunication companies. Now, after weeks of publicity around checkm8, attackers have launched a malicious website that masquerades as a legitimate page, only to launch a hacking tool that tries to take over an affected device. Cisco’s Talos threat intelligence crew on Tuesday said they found checkrain[.]com, a site meant to look like an offshoot of checkra1n, a legitimate project that researchers can use to modify their iPhone’s processes and jailbreak their device. Instead of allowing that, though, the malicious checkrain site encourages visitors to download an application that clicks on […]
The post Scammers are dangling an iOS jailbreak to trick victims into downloading a malicious app appeared first on CyberScoop.
‘AdBlock’ and ‘uBlock’ impersonate legitimate extensions but instead engage in cookie stuffing to defraud affiliate marketing programs, a researcher has found. Continue reading Malicious Ad Blockers for Chrome Caught in Ad Fraud Scheme
Two widely used Adblocker Google Chrome extensions, posing as the original — AdBlock and uBlock Origin — extensions on Chrome Web Store, have been caught stuffing cookies in the web browser of millions of users to generate affiliate income from referra… Continue reading Two Widely Used Ad Blocker Extensions for Chrome Caught in Ad Fraud Scheme
More than a decade after hitting the headlines, clickjacking fraud remains an under-reported hazard on hundreds of popular websites. Continue reading Web clickjacking fraud makes a comeback thanks to JavaScript tricks
Researchers said that clickjacking is a threat that’s evolving, with new tactics just starting to emerge. Continue reading Clickjacking Evolves to Hook Millions of Top-Site Visitors
The FBI’s investigation into the largest advertising fraud operation in recent memory isn’t over yet. An application for a search warrant filed by FBI Special Agent Evelina Aslanyana on Aug. 2 and made public this week shows that investigators are seeking access to email, LinkedIn and other data about accused members of the Methbot ad fraud operation, also known as 3ve. Eight suspects were indicted in November in the Eastern District of New York for alleged involvement in a scheme to defraud advertisers out of more than $30 million by using botnets and other technical means to artificially inflate web traffic to dummy websites. Investigators previously had said the operation was disrupted when the apparent ringleaders, led by Aleksandr Zhukov, were arrested last year. The fraud, which the FBI had classified into three distinct time periods, is still underway, according to the search warrant application. In the affidavit, the FBI refers […]
The post The FBI is diving deeper into the Methbot ad fraud case appeared first on CyberScoop.
Continue reading The FBI is diving deeper into the Methbot ad fraud case
Maybe the only thing more complicated than the Methbot advertising fraud scheme was the plan that ultimately shut it all down. Last year, the FBI led a takedown operation that, with help from the bot detection firm White Ops and more than a dozen other companies, resulted in the arrest of three accused fraudsters in three different countries, as well as the seizure of more than 50 web servers and numerous bank accounts. The law operation, detailed Wednesday by FBI officials at the International Conference on Cyber Security, targeted the Methbot/3ve fraud scheme. The ad-fraud ring defrauded digital advertisers and web publishers out of more than $30 million by charging marketers for access to internet users who didn’t actually exist, according to the U.S. Department of Justice. Advertising fraud, already a billion-dollar problem, is set to cost the ad industry $44 billion by 2022. The investigation, which lasted more than […]
The post FBI investigators describe Methbot investigation as ‘beautiful concert of things shutting down’ appeared first on CyberScoop.
A malicious software campaign tied to a Chinese internet company has exploited known vulnerabilities in Android mobile phones to infect roughly 25 million devices as part of a far-reaching ad fraud scheme, according to findings published Wednesday by Check Point. Hundreds of apps in a third-party Android marketplace disguised cocktails of malicious software that researchers say leveraged a number of known security issues to broadcast fraudulent advertisements. It’s only the latest example of near-daily revelations about apps acting in ways unwitting victims could not have anticipated — though this malicious activity is especially innovative. The programs — which mostly masqueraded as gaming, adult entertainment or photo apps — also contained code that allowed scammers to reach into legitimate apps that already existed on a victims’ phone, and commandeer those apps to broadcast advertisements. By displaying banner ads to so many users, the fraudsters could charge real advertisers for access to millions […]
The post A Chinese company has 25 million Android devices tangled in an ad fraud scheme appeared first on CyberScoop.
Continue reading A Chinese company has 25 million Android devices tangled in an ad fraud scheme
Next time you’re thinking about downloading a new app — especially if it’s a freebie from the Google Play Store — and ask yourself: Is this worth getting hacked over? If that sounds overly cautious, look at new findings published Monday by Trend Micro, which provide the latest evidence that the Play Store is littered with programs that aim to leverage unwitting users’ devices for their own purposes. The problem of malicious apps isn’t new, but the urgency to solve the problem is growing as web users increasingly connect to the internet with only their phone, and scammers’ techniques evolve. Researchers from the Japanese security giant found 182 gaming and camera-related apps, which collectively had been downloaded more than 9.3 million times, that came loaded with malicious software that exploited victims’ phones to boost advertising revenue. This discovery come less than a week after Symantec and Wandera unveiled other Android apps meant to […]
The post Google Play Store scrubs more than 100 adware-infected camera and gaming apps appeared first on CyberScoop.
Continue reading Google Play Store scrubs more than 100 adware-infected camera and gaming apps