International Calls, Crypto-Miners and Banking Trojans

There are always so many types a varieties of scams in play. And there are many varieties of malware created every hour of every day. According to G Data Software (www.gdatasoftware.com) in 2016, there were 780 new variants of malware detected every hour. This creates a virtual mountain range for the average home user or small business owner to get their head around when they start to think about computer/Internet security. Even if you prefer to hide from it and let your anti-malware suite defend you against 99% of threats, that means you are still vulnerable to 8 new threats every hour.

What can you do.

The only real choice is to be informed.

This week the spot light is on a number of different threats. International scam calls, crypto-miners, and banking trojans.

International Scam Calls

The ACCC is warning all Australian citizens and business against this type of scam after a 10 year old fell victim to it.

An international number calls your mobile.  You answer. Perhaps they speak in English, perhaps not. It might be a recorded voice message, or it might be silence. The longer that you allow that call to keep going, the more it will cost you.

These scam calls are being made using Premium call services.  Premium call services are phone services that can charge your bill at higher than usual rates irrespective of whether they call you, or you call them.

The best way to avoid these scams is to be informed, and to inform your friends and loved-ones too. Typically, the number that the call is originating from will have more than the standard two-digit area code and eight-digit number.  This is the first clue that the call is coming from overseas.

If you do not have friends or family overseas, or business partners who would be calling, or if you do not recognise the number, do not answer, and do not return the call. Simple. If however you find that you have answered the phone to one of these scam calls, hang-up immediately.

Crypto-Miners

A crypto-what? A crypto-miner.

Crypto-miners can be either legitimate or malware. Many people have intentionally installed crypto-mining programs on their computers, for the purpose of earning crypto-currency such as Bitcoin. The way which this is done is relatively simple. Many people do not use the full processing power of their computer most of the time, and for many users, their computer may be switched on, without anyone at the keyboard, so the CPU is not being used to its full capacity. Crypto-mining effectively allows a users to rent-out the spare capacity of their computer's processors to assist in cryptography algorithm calculations, and in return receive a crypto-currency payment.

Crypto-mining has become quite popular with many crypto-currencies being created and exchanged around the globe. As its popularity has increased in the legitimate user market, so has it's popularity in the cyber-criminal world. Cyber-criminals are utilising trojan packages often in infected documents attached to spam emails, and other system vulnerabilities to install crypto-mining malware on the computers and devices of home users, small businesses, and large enterprises alike.  This then allows them to steal the processing power, and electricity from your computer, and to use it to generate Bitcoins or other crypto-currencies.

Crypto-currencies have gained a lot of popularity with criminal gangs, particularly those who wish to launder large amounts of money very quickly because it is almost impossible to trace the activity, and it is very easy to move and disperse the laundered funds all over the world.

More recently crypto-currency and the illegal mining of crypto-currency using malware has become a popular method of generating wealth for the nation-state of North Korea, as it provides that government with an ability to generate income that avoids the international sanctions that are being applied against them in more legitimate and traditional trade markets.

Banking Trojans

Banking trojans are another popular tool for cyber-criminals who wish to access money belonging to others.

A trojan is a program that pretends to be one type of beneficial/desirable program, is offered in a way that entices unwary users to install it, but the underlying function of the trojan is entirely different. Banking trojans are desinged that once installed, they will monitor a computer for the user connecting to their online banking or other financial services. When this happens, the trojan program will steal the user's credentials, allowing the cyber-criminals to illegally access the victims accounts and conduct transactions against those accounts.

A recently discovered trojan has been found in the Browsealoud web-browser plugin. This is a browser plugin designed to assist users who are blind or who have other disabilities or are illiterate, by reading the content of web pages to them.  Browsealoud is a legitimate plugi, however hackers have created a version of the plugin that also installs a banking trojan in the background.

Again, this is a popular tactic of organised crime gangs - as a method of raising money or laundering money.  And some researchers have also identified that certain nation-state actors may use such malware as a means of avoiding the financial pressures of international sanctions.


Want to know more?

Keep an eye out for my up-coming seminar series. Dates, venues and topics to be announced in the coming weeks.

Remote Access Scam With a New Slant

#remoteaccessscam

I had an interesting series of calls today. Unfortunately it was still the same old remote access scam, but with an enhanced dialog aimed at fooling the unwary and those who may be aware as well.

To paraphrase the events and dialog:
- Call to home phone from an unidentified number
- Male voice, accent indicative of somewhere in the sub-continental area
- Scammer: "Can I please speak to the main owner of the computer in the residence?"
- Me: "What is this about?"
- Scammer: "We have detected strange security related activity happening from the computer. We can identify it by its licence number."
- Me: "Which company are you calling from?"
- Scammer: "BT Support. If you go to www.btsupport.us that is our website and you will see we are real."
- Me: "Never heard of you and I do not have any contract with you."
- Scammer: "No. No, you would not have heard off us, as like most people you are probably not into cyber-security."
- Me: "Which device did you detect this activity on?"
- Scammer: "We just have a licence number."
- Me: "I think this is a scam. You are working for a company that gives you a script full of lies. Goodbye."
I hang up.
Phone rings again - number is 016425888588 (not an Australian number)
- Me: "Hello"
- Scammer: "Why did you hang up on me. This is not a scam. I can give you a licence number and you can confirm that for yourself."

At that point, I'd wasted enough time and oxygen on these calls, and hung up. In hind-sight I should have kept the call going to get to what the caller referred to as the licence number.

To the unwary, the caller having a licence number does sound more legitimate. However, stop and ask yourself these questions:
- If I have registered the licence number in person or online - would I not have registered it with a company that I know I have had dealings with, and not some random company I have never heard of?
- Why would the random company be calling me to fix my computer.. this still does not happen unless they are wanting to get money for doing nothing.
- Licence number. Which one? I have multiple devices - everyone does. The devices themselves do not have licence numbers. The software and applications installed on your devices will have licence numbers, including the operating system, which made me highly suspicious when the caller was not able to identify with a company that I am aware of.

For the record:
- The second unmasked call cam from an overseas phone number.
- The website given does not work. I even tried a couple f variants in case I did not understand the caller properly - all lead to nothing.
- I Googled BT Support - the closest result I got was the customer support site for British Telecom superannuation and investments.

If you get this kind of call, just hang up. Don't waste your time with them. All that they wish to do is to trick you into believing that you have a problem on your computer so that you will let them remotely access it, so that they can put on a scripted show that makes you think that they are wizards at what they do, and they will want to sign you up for an expensive 12 month support plan that will not give you anything except an empty bank account.