antivirus software Archives

There’s nothing worse that a new and innovative malware approach, but that’s exactly what Google users have been exposed to.

This latest attack takes advantage of Google’s kiosk mode. For those of you not familiar with kiosk mode, here’s a quick breakdown: it’s a Chrome browser mode which limits devices to use only one specific app or function, perfect for public or business use. It protects devices by locking access to the rest of the device away. Typically, they can be seen in staff sign-in devices or on devices which provide access to in-person catalogues. And hackers are now exploiting kiosk mode to launch data harvesting malware.

Understanding the Google Kiosk Attack

OALABS security researchers have revealed how the attack unfolds, so we’re going to walk you through the nefarious activity and processes. Initially starting with the execution of, in the majority of cases, the Amadey malware, the attack starts with Amadey scanning the device for available browsers. Once it finds, for example, Chrome, Amadey will launch the browser in kiosk mode and direct it to a legitimate, yet compromised URL.

Cleverly, Amadey ensures that both the F11 and Escape keys are disabled, making it difficult for victims to close kiosk mode down in an instant. It’s also particularly tricky, for users, as kiosk mode tends to run in full-screen mode, meaning typical browser features such as navigation buttons and toolbars are absent. Users, therefore, are severely restricted in what actions they can take while locked in kiosk mode.

The URL, which launches in kiosk mode, is a genuine ‘change password’ page for Google credentials. However, in the background, Amadey has launched StealC, an information stealer which will then harvest the inputted credentials and forward them to the hackers. The attack is a frustrating one, and one where the hackers hope this frustration will lead to victims entering their login credentials in sheer desperation.

How Do You Escape Kiosk Mode and Stay Safe?

If you find yourself stuck in kiosk mode, there’s a risk that you could be under attack. Luckily, there are a number of measures you can take to nullify the threat:

Use Hotkey Combos: while the F11 and Escape keys may be disabled, other hotkey combos can be used to escape kiosk mode. By trying ‘Alt + F4’, ‘Alt + Tab’, and ‘Ctrl + Alt + Delete’, you may be able to break out of kiosk mode and return to your desktop. Additionally, you can hold down ‘Win Key + R’ to open Windows command prompt where you can type ‘cmd’ and then close down Chrome by typing the following command ‘taskkill /IM chrome.exe /F.’

Perform a Hard Reset: Drastic times often call for drastic measures, so that’s why a hard reset may be your best option here. Simply hold down the power button on your device, usually for five seconds, until it shuts down. You will lose any unsaved work, but it does buy you some breathing time to rescue your device.

Run an Anti-Virus in Safe Mode: Once you’ve escaped kiosk mode, it’s important to remove the initial threat from your device. You can do this by restarting your PC and entering Safe Mode – usually by pressing F8 during the bootup process – and then running anti-virus software such as AVG or Malwarebytes.

For more ways to secure and optimize your business technology, contact your local IT professio nals.

Polyfill Website Compromised with Malicious JavaScript

antivirus software, DNS Filtering, Malicious JavaScript, Ophtek, Polyfill, secure firewallAntivirus software, DNS filtering, malicious JavaScript, Ophtek, phishing, Polyfill, secure firewallOphtek, LLC

Jul 2024

The Polyfill.io website has been caught up in a supply chain attack, with the result that malicious JavaScript is now being supplied through the site.

Along with sites such as Bootcss and BootCDN, Polyfill has been compromised by threat actors and transformed into a malicious site. Typically, Polyfill was a treasure trove of JavaScript code which allowed the use of contemporary JavaScript functions in older browsers. The Polyfill domain was sold to a new firm at the start of 2024, and it appears the infected code was inserted into the JavaScript shortly after this. With Polyfill supplying JavaScript code to an estimated 110,000 websites, the potential for damage is high.

Understanding the Polyfill Attack

Unsuspecting web developers are downloading JavaScript code from Polyfill and incorporating it into their websites, under the understanding it will help their sites load in older browsers. However, the malicious JavaScript code now hosted on Polyfill does something very different. As JavaScript will be activated once a user loads an infected website, this means the malware is then downloaded to that user’s PC.

The main impact of this malicious JavaScript is a combination of data theft and clickjacking (where a user is tricked into clicking an element on a page). Some of the infected scripts also redirect users to malicious sites containing further malware, sports betting websites, and pornographic content. The attack has been significant, with notable victims affected including Intuit and the World Economic Forum.

The infected code has been difficult to analyze as security researchers have found it’s protected by high levels of obfuscation. By generating payloads which are specific to HTTP headers and only activating on certain devices, the malicious JavaScript has been difficult to pin down and examine. The attack has also been significant enough for Google to start banning Google Ads linking to the infected sites.

Protecting Your PCs from Polyfill

If your organization has used code from Polyfill.io in the past, it’s time to remove this code from your website. This is simplest and most effective way to minimize the threat to your visitors. Nonetheless, there’s much more you can do to stay safe from malicious websites:

Use Strong Firewall and Antivirus Solutions: you can protect against malicious websites by using comprehensive firewall and antivirus software, such as AVG and McAfee. These tools filter out harmful traffic, block access to known malicious sites, and detect suspicious activities. This combination of protection prevents malware infections and data breaches which can originate from unsafe web pages.

Employ DNS Filtering: access to malicious websites can be blocked at a network level by using DNS filtering services. By filtering out dangerous domains and websites known for malware distribution or phishing, these services provide an additional layer of security, preventing users from visiting harmful sites and protecting the integrity of your IT infrastructure.

Employee Education: training your employees to recognize phishing attempts, avoid suspicious links, and understand the importance of secure browsing habits is crucial. Regularly updated cybersecurity training programs ensure your staff can identify and avoid potential threats, reducing the risk of falling victim to malicious websites.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Latin America Banks Targeted by BBTok Malware Variant

anti malware, antivirus software, banking malware, banking trojan, BBTok Malware, firewall, Ophtek, Phishing Emailanti-malware, antivirus, banking malware, BBTok, firewall, malware, Ophtek, phishingOphtek, LLC

Nov 2023

Back in 2020, a new banking trojan by the name of BBTok emerged into the digital landscape and was responsible for numerous attacks. And now it’s back.

Banks in Brazil and Mexico appear to be the main targets of BBTok’s new campaign, and it’s a variant which is far more powerful than any of its previous incarnations. Its main deceptive threat is that it is able to spoof the interfaces of 40 different banks in Brazil and Mexico. This means that it’s perfectly placed to harvest sensitive data. In particular, this new strain of BBTok is deceiving victims into disclosing their credit card details and authentication codes. This gives the campaign a financial angle and highlights the serious threat it poses.

How Does BBTok Launch Its Attacks?

BBTok’s latest strategy begins with a phishing email, one that contains a malicious link which kickstarts the attack by launching the malware alongside a dummy document. BBTok is particularly successful as it has been coded to deal with multiple versions of Windows, and it also tailors the content of the attack to both the victim’s country and operating system. BBTok also allows the threat actors behind it to execute remote commands and steal data without the victim being aware.

Most notably, however, is the way in which BBTok replicates the interface of numerous banking websites – such as Citibank and HSBC – to truly deceive the victim. Appearing to be genuine at first glance, these interfaces are used to trick victims into entering security codes and passwords associated with their accounts. This gives the threat actors full access to their financial data and, more disturbingly, full control over their finances. This means that unauthorized payments and bank transfers can quickly land the victim in severe financial trouble.

How to Stay Safe from Banking Malware

In an increasingly digital world, where we all make numerous financial transactions online every week, it’s important to remain guarded against banking malware. As well as the financial damage that malware such as BBTok can cause, it can also create a foothold for threat actors to delve deep into your networks. And this represents a major threat to the security of both your data and your customer’s data. Accordingly, you need to stay safe, and here are some crucial tips to help you:

Beware of phishing emails: your employees should always be cautious when opening emails or clicking on links from unknown sources. As with BBTok, many banking trojans spread through phishing emails which trick you in to visiting fake banking websites. This provides threat actors with the perfect opportunity to harvest your credentials. Therefore, make sure that your employees know how to quickly identify a phishing email and what to do with them.
Install a firewall: putting a firewall in front of your network is a vital step in strengthening your digital defenses. Firewalls act as keen-eyed gatekeepers who scrutinize incoming and outgoing traffic, this allows them to determine whether traffic is trusted and whether any alarms need to be raised. Banking trojans, of course, often transmit stolen data out of your network, so a firewall is the perfect way to identify and prevent this activity.
Strong endpoint security: to protect your network against malware, it’s essential that you employ robust cybersecurity measures throughout your business. In particular, employee workstations and mobile devices are most at risk, so installing advanced antivirus and anti-malware software here should be a priority.

For more ways to secure and optimize your business technology, contact your local IT professionals.

SapphireStealer: The Threat of Open Source Malware

antivirus software, firewall, Open Source Malware, Ophtek, Phishing, SapphireStealerAntivirus software, firewall, open source malware, Ophtek, phishing, SapphirStealerOphtek, LLC

Oct 2023

Malware which can be enhanced always poses a huge risk to PC users, and the rise of open source malware like SapphireStealer is magnifying this problem.

Open source programs are those which have had their source code put online and made available not only for use, but also modification. This approach is usually chosen with the main objective being public, open collaboration between coders, and the resulting programs made available to the public for free. It’s the very definition of what the internet was created for, but this doesn’t mean these intentions are always well meaning. And the story of SapphireStealer makes for the perfect evidence.

What is SapphireStealer?

The name of SapphireStealer is somewhat of a giveaway in terms of what this malware does, it’s an information stealer. SapphireStealer was first published to GitHub (an online and public source code repository) towards the end of 2022. And it proved to be a hit. As well as being simple enough for basic hackers to launch attacks, SapphireStealer was open source and could be tinkered with by fellow hackers.

SapphireStealer originally started life with a basic set of capabilities, it would grab popular files – such as Word documents and image files – before emailing them to the hacker behind the attack. However, it wasn’t perfect, and there was plenty of room for improvement. It was a fantastic opportunity for the hacking community to see how they could enhance SapphireStealer. And this was exactly what they did.

By January 2023, new variants of SapphireStealer were detected which could steal a wider range of files, and this stolen data could now be relayed through Discord and Telegram servers. And, as it remained open source, anyone on the internet could now access these more robust and dangerous variants. SapphireStealer appears to infect victims through a variety of methods:

Infected email attachments
Malvertising
Social engineering
Illegal downloads

Minimizing the Threat of SapphireStealer

At present, SapphireStealer is relatively basic in terms of the threat it carries. It isn’t going to cause financial damage like, for example, ransomware will. However, it has evolved rapidly in less than a year, and its risk level is only going to rise higher. The fact that open source malware is proving so popular also indicates that more threat actors are going to enter the digital arena. Therefore, you need to make sure you IT infrastructures are heavily guarded:

Use a firewall: a tried and trusted security measure, a firewall puts a digital barrier between your organization and the internet. This means that you can monitor incoming and outgoing traffic and put filters in place to mitigate attacks and allow access to trusted users.
Make sure your employees are aware: SapphireStealer relies on a number of well-known infection methods, but these aren’t necessarily well-known to the average PC user. Accordingly, your employees need to understand the most basic attack methods and how to identify them e.g. the telltale signs of a phishing email.
Install antivirus software: it may seem like a no-brainer, but many organizations fail to put an effective antivirus suite at the forefront of their defenses. Even free antivirus software, such as Kaspersky Free, can make a significant difference to your digital safety.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Malware Links Are Being Spread Through YouTube

antivirus software, malicious links, malicious websites, malware, Ophtek, Updates, YouTubeAntivirus software, malicious links, malicious websites, malware, Ophtek, updates, youtubeOphtek, LLC

Nov 2021

YouTube is one of the most popular destinations online thanks to the entertainment it offers. But where there are lots of people, there are always hackers.

Close to 43% of internet users visit YouTube at least once a month, so this is a significant amount of traffic. Accordingly, this presents hackers with a huge audience to target. Hacking YouTube directly is difficult, so hackers are unlikely to succeed in embedding malware into videos. However, you can embed URLs into video descriptions. These are usually used to redirect the viewer to a destination that is related to the contents of the video. For example, a video advertising a brand’s product may include a link to that product in the video description. But the truth is, this link could take you anywhere.

Spreading Malware on YouTube

Using malicious links on YouTube is nothing new, but security researchers have noted that this technique has been growing in popularity recently. In particular, two specific Trojans have been detected: Raccoon Stealer and RedLine. One of the main reasons that hackers have been targeting YouTube is down to the Google accounts they have already stolen. Setting up a YouTube channel requires you to have a Google account, so it makes sense for hackers to take advantage of YouTube.

The fake YouTube channels are then used to host videos related to topics such as VPNs, malware removal and cryptocurrency. Each video will center around a particular call-to-action, most likely involving the download of a tool e.g. a malware removal application. Viewers will be encouraged to download this from the link in the video description. These links appear to either use a bit.ly or taplink.cc address to redirect users to malicious websites. The users are then instructed to download the relevant tool. Unfortunately, all it will download is malware.

This malware is used to scan PCs for login credentials, cryptocurrency wallets and credit card details before transmitting it to a remote server. The hacker behind the attack can then harvest this data and continue to steal further data from the victim.

Remaining Vigilant Online

The number of threats we face daily seems to be rising daily and it may feel that being vigilant online is an exhausting job. However, it’s crucial for your safety that you remember the basics of online security:

Be Wary of All Online Links: Even the biggest and most secure websites are at risk of being compromised. YouTube is one of the most popular sites online and yet it still houses hackers in plain view. Therefore, the likelihood of coming across malicious links online is highly likely. Therefore, verify all links before clicking them. A good way to do this is by highlighting the link, copying it and then posting it into Google to see if it brings up any red flags.

Always Use Antivirus Software: It’s likely, at some point, that you will fall for an infected link at some point. But this doesn’t mean you should remain at the mercy of the malware. You can limit the damage caused by malware by always using antivirus software. This will automatically scan your PC throughout the day and identify any malware. In many cases it will even check all downloaded files and scan them before opening.

Install All Updates: Many strains of malware will rely on your PC being home to vulnerabilities in software and hardware. However, by regularly installing upgrades and patches, you can ensure that these holes are plugged to prevent hackers getting a foothold. Make sure that you set all updates to automatic to give yourself maximum coverage in terms of protection.

For more ways to secure and optimize your business technology, contact your local IT professionals.

1 2 Next »

Category Archives: antivirus software