An age old trick made famous by the destruction of the city of Troy. Pose as something good and deliver a devastating payload. We all download lots of apps, trial games, game mods, software upgrades, software trials and more. Everyone of these is an opportunity for an attacker to hide a malicious payload posing as a legitimate software program
How do software Trojans work? Trojan horse attacks are not like viruses, where they can replicate themselves to other machines - though they can be used to deliver a virus as a payload. Trojan horse attacks need a human to be induced into believing they are downloading a legitimate piece of software. They can trick humans using marketing emails, internet ads, chat group postings, social engineering and more to get them to click a link and download the software. Once on a victim's machine, the Trojan will also install malicious software that can take any and all actions on that machine including dropping ransomware, crypto-miners, viruses, info stealers, keyloggers and more.
What damage can they cause? The fate of the city of Troy is a perfect historical metaphor for how devastating the impact can be - loss of device functionality, loss of private data, use of the device to attack others and more!
Read about how a hacker group named 'Transparent Tribe' is using fake Android apps to deliver Trojans that allow them to take control of the device.
'Make sure your passwords are complex. Make sure you do not reuse passwords.' We keep hearing this advice ad nauseam from everyone and every company where we have an online account of some kind. But why exactly do passwords need to be complex? Also, what IS a complex password? And why can't we reuse our passwords?
What is a complex password anyway?
So, why can't we reuse passwords if they are complex? Simple again - guessing one password could open doors to multiple online accounts. And guess what? There are free, highly effective, open source credential stuffing tools such as Snipr, Hydra, PrimeKiller, STORM and Account Reaper that will automate this process for hackers and try out the same password on multiple common sites.
Oh - those fun quizzes and games that pop up on our social media feeds! They get us to reveal details such as our mother's maiden name, the color of our first car, city where we were born, the place where we met our significant other and more. Pause for a moment and ponder where else you have revealed that information. Very often, these are questions we have given to our banks or other online accounts as verification questions for password resets or second factor of authentication. Fake social media accounts are created by hackers and scammers to run such quizzes, surveys and games all the time to garner these crucial details. Remember, the fake accounts will be notified of which individuals responded on these quizzes or surveys or games by the social media platform. The next step will be to look for those individuals in past data breaches to see where they have accounts and what their passwords were. And we wonder why identitity theft is so rampant!
read the FCC's Warning on these scamsHackers are posting customer details online while router maker Plume has yet to confirm a breach. Hackers claim that they have over 8.5 million users and company staff records including device details, user id, cards, IP addresses and more.
Google is suing malware makers who scammed victims with a fake version of Google's AI engine Bard. Sounds great but they don't know who or how many people are behind the scam. Why sue people when you don't know who they are?
Holidays mean increased online shopping. Many smaller vendors and mom and pop businesses with an online presence do not have good protection on their sites against malicious actors who install card skimmers.
