Malware hits millions of Android phones

Malware hits millions of Android phones

Security researches say that up to 10 million Android smartphones have been infected by malware that generates fake clicks for adverts. The software is also installing apps and spying on the browsing habits of victims. Research suggests that the malware is currently making about £232,000 a month for its creators. The majority of phones that have been comprised by the malicious software are in China.

A spike in the number of phones infected by the malware was noticed separately by security companies Checkpoint and Lookout. The malware family is called Shedun by Lookout but Hummingbad by Checkpoint. Hummingbad is a type of malware known as rootkit that inserts itself deep inside a phone’s operating system to help it avoid detection and to give its controllers total control over the handset. The ability to control phones remotely has been used to click on ads to make them seem more popular than they actually are. The access has also been used to install fake versions of popular apps or spread programs the gang has been paid to promote.

The malware gets installed on handsets by exploiting loopholes in older versions of the Android operating system known as KitKat and JellyBean. The latest version of Android is known as Marshmallow.

Google released the latest security update for Android this month and it tackled more than 108 separate vulnerabilities in the operating system. SO far this year, security updates for Android have closed more than 270 bugs.

www.bbc.co.uk/technews (8th July 2016)

Identity Fraud up by 57% on social media

Identity Fraud up by 57% on social media

Data taken from 261 companies in the UK showed the number of victims of identity theft rose by 57% last year. Cifas, the fraud prevention service, has suggested that fraudsters are increasingly getting people’s personal information from social media sites – such as Facebook, Twitter and LinkedIn. Cifas said that there were more than 148,000 victims in the UK in 2015 compared with 94,500 in 2014. A small percentage of cases involved fictitious identities but most fraudsters assumed the identity of a real person after accessing their name, date of birth, address and bank details. More than 85% of the frauds were carried out online. Increasingly, fraudsters used social media to put together the pieces of someone’s identity.

How do you avoid being scammed?

The Get Safe Online campaign warns people –

  • not to give away details such as phone numbers, addresses or date of birth, or pictures of their home, workplace or school, in either profile information or posts
  • to use the privacy features to restrict strangers’ access to your profile
  • be aware of what friends post about you, or reply to your posts, particularly about your personal details and activities
  • pick a user name that does not include any personal information
  • use strong passwords
  • update your computer’s firewall, anti-virus and anti-spyware programmes. Up to 80% of cyber threats can be removed by doing this

www.bbc.co.uk (5th July 2016)