FixMeStick’s Sunday Scaries (Updated May 24th)

Hey FixMeFans and StartMeStars! We’re back with the Sunday Scaries – our way of keeping you in the loop with the latest news on malware and scams that are hitting the internet. Updated every Sunday, we aim to keep you informed on the newest threats that you might encounter while on the web.

Check up with us every Sunday to make sure you’re up to date and keeping out of harm’s way! Be sure to share on Facebook to keep your friends and family safe and secure!

24 May 2020 Update

Malware Using Fake Zoom Applications to Install Cryptominer

Recently, reports have indicated that several malicious programs have been disguising themselves as extensions and fake installations for the popular video call app, Zoom. The malicious app, Coinminer, would come bundled in with the application when downloaded on third party websites. 

Essentially, these viruses install a cryptominer onto your computer, effectively installing programs that eat up your computer’s data and power while mining cryptocurrency for the hackers.

While you may not notice at first, these cryptominers will slow down your computer and contribute more to lags and freezing.

As with most malware, the best way for prevention is to know exactly what to look out for:

  •  Do not download applications from websites that you’re not familiar with: It’s always best to download applications from verified websites, as more often that not, other websites can provide downloads bogged down with malware.
  • Check your browser extensions: Sometimes, viruses will have installed themselves without your knowledge. In this case, it’s always recommended to check your browser extensions to see if there are any suspicious downloads.
  • If you suspect that you have it, run a virus scan: Use your FixMeStick or an antivirus software such as McAfee to make sure the virus is removed.

Microsoft Warns of Massive Phishing Scam

Microsoft has detailed news regarding an ongoing phishing scam which installs the NetSupport Manager remote administration tool onto the victim’s computer. This tool is apparently spread through the installation of malicious Excel attachments. 

Scammers will send individuals COVID-19 related emails, and in them include an excel attachment with relevant information. However, once opened, malicious macros will be executed to download and install the NetSupport Manager client from a remote site.While NetSupport Manager is a legit application, it is often used by hacking groups as a trojan, which can steal information and hijack your computer.

  • For prevention, make sure you don’t download or open files from untrusted sources: Many viruses and scams are using COVID-19 as a way of taking advantage of unsuspecting people – make sure that you don’t open any emails or files unless you know it’s from a legitimate source.
  • If you suspect that you have it, run a virus scan: Use your FixMeStick or an antivirus software such as McAfee to make sure the virus is removed
  • Update your passwords: Many of these viruses are after your login information for various websites – so if you’ve been hacked, it’s best to update your passwords and make sure they’re safe and secure

ProLock Ransomware Revamps Previous Function to Gain Access to Networks

ProLock ransomware first emerged back in March 2020, and has since been getting enhancements to improve on its attacks. Recently, Prolock ransomware has merged with QakBot banking trojan for network intrusion, which means if the ransomware infects your system, it will attempt to infect any device connected to your network.

If you’re running into ransomware, here are some tips to help you out: 

  • Disconnect your computer from other devices, external drives, and the internet: if you’re dealing with ransomware, you’ll want to contain the virus to one computer, making sure it doesn’t spread to different files
  • Use a smartphone or tablet to take a picture of the ransomware screen for future reference: this will come in handy if you bring the computer to a technician or have to file a police report
  • Run an antivirus (such as FixMeStick) to make sure there are no lingering threats: If you’re adamant about not paying the ransom, you can access your computer through Safe Mode to run your antivirus. Though running an antivirus won’t decrypt your files, it will at least make sure that the virus doesn’t further infect your computer
  • Bring your computer to a technician: Decrypting your files is no easy task, so it’s in your best interest to bring your computer into a professional to see if there’s any way to save your files.

17 May 2020 Update

The Return of Zeus Sphinx Trojan

Zeus Sphinx, also known as Zloader or Terdot, first came into play back in 2015 in a wave of attacks against US banks. The malware has since disappeared from the scene, until now. Recently, reports indicate that the trojan has been coming back in a wave of attacks since the onset of the coronavirus pandemic. It seems as though the hackers are taking advantage of the recent wave of coronavirus hacks and scams, and implementing their own tactics. 

The malware is typically activated through downloading a malicious file, and from there it acts to grab credentials, such as banking details or account usernames and passwords for online services. There are few things you can do to protect yourself from this virus if you think you’ve encountered it!

  • For prevention, make sure you don’t download or open files from untrusted sources: Many viruses and scams are using COVID-19 as a way of taking advantage of unsuspecting people – make sure that you don’t open any emails or files unless you know it’s from a legitimate source.
  • If you suspect that you have it, run a virus scan: Use your FixMeStick or an antivirus software such as McAfee to make sure the virus is removed.
  • Update your passwords: Many of these viruses are after your login information for various websites – so if you’ve been hacked, it’s best to update your passwords and make sure they’re safe and secure.
  • Contact your financial institution: If you’ve fallen victim to malware and have had your financial accounts attacked, it’s best to contact your financial institution to inform them of the situation.

Recent Phishing Scam, LokiBot, linked to COVID-19 Emails

According to a series of tweets published by Microsoft Security Intelligence, a new phishing campaign is taking place, with the goal of infecting computers with LokiBot, an information-stealing Trojan. Once infected, LokiBot will steal saved login credentials from a variety of browsers, FTP, mail, and terminal programs, and then send them back to the attackers’ servers where they can be later retrieved.

Similar to other recent phishing attacks, this one uses COVID-19 inspired traps to lure people into downloading malicious files. Most of these emails ask individuals to provide banking information to issue potential refund payments. These emails also contain malicious ARJ attachments that have the ability to bypass antivirus software. 

Warnings of New Malware Used by North Korean Hackers

Recently, the U.S. Government has released information concerning three new strains of malware which they have linked to state-sponsored North Korean hackers.

The new malware strains are called COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH, and each have the capability of initiating remote access to your computer in order to steal vital personal information. Here’s a brief explanation of what each virus is capable of doing:

COPPERHEDGE, is a Remote Access Tool (RAT) capable of running arbitrary commands, performing system reconnaissance, and exfiltrating data. It’s being used by advanced threat actors to target cryptocurrency exchanges and related entities

TAINTEDSCRIBE works as a backdoor implant that masks itself as Microsoft’s Narrator screen reader utility to download malicious payloads from a command-and-control (C2) server, upload, and execute files, and even create and terminate processes.

PEBBLEDASH, like TAINTEDSCRIBE, is another trojan with capabilities to “download, upload, delete, and execute files; enable Windows CLI access; create and terminate processes; perform target system enumeration.”

Each strain of malware has been linked to the hacker group Lazarus, also known as Hidden Cobra by the US Government.  

10 May 2020 Update

Bots Infiltrating Food Delivery Apps

Since the onset of COVID-19, grocery delivery has skyrocketed in demand, but it has also opened a new avenue for exploitation. To help keep up with the demand, a variety of apps have been released to help individuals with the process, but these apps come with a risk. Recently, there have been more reports of malicious bots infiltrating food delivery services using methods such as account takeover and web scraping, effectively hacking into food delivery apps to gain access to personal data

While most of the issues are with the apps themselves, here are some ways you protect yourself: 

Snake Ransomware Returns After Brief Hiatus

Disappearing after an attack in January, Snake ransomware has recently launched a large-scale attack on May 4th, with one of the victims being Fresenius Group, Europe’s largest hospital provider. In this campaign, the hackers are able to steal their victim’s files before encrypting them. 

While most of the targets had been large organizations, there have still been more reports of ransomware affecting individuals. In the case that you’ve been infected, here are some tips on what you can do: 

  • Disconnect your computer from other devices, external drives, and the internet: if you’re dealing with ransomware, you’ll want to contain the virus to one computer, making sure it doesn’t spread to different files
  • Use a smartphone or tablet to take a picture of the ransomware screen for future reference: this will come in handy if you bring the computer to a technician or have to file a police report
  • Run a FixMeStick scan to make sure there are no lingering threats: If you’re adamant about not paying the ransom, you can access your computer through Safe Mode to run your scan. Though running a scan won’t decrypt your files, it will at least make sure that the virus doesn’t further infect your computer
  • Bring your computer to a technician: Decrypting your files is no easy task, so it’s in your best interest to bring your computer into a professional to see if there’s any way to save your files. 

About Coronavirus’ Android malware app locks users’ screens

SLocker, a form of ransomware geared towards Android phones, has recently received a makeover to keep it relevant in the age of COVID-19 – masking itself under the name “About Coronavirus” to trick users into installing the application. 

Once installed, the virus will freeze the victim’s screen, prohibiting access and demanding a ransom payment to restore proper functionality. This is an empty threat however, and can typically be removed with a reboot and by using Android Debug Bridge or Safe Mode.

In times of crisis, many scammers will try to take advantage of fear in order to trick victims into downloading malware and exposing vital information. It’s especially important to take extra caution when making an downloads, as more and more malicious software is being released each day.

3 May 2020 Update

Sextortion Scam Targets Individuals Using Old Passwords

Over the past few weeks individuals have been hit with emails indicating that their personal accounts have been hacked and that their computer has been infected with malware. The supposed hackers then ask the individual to pay a large sum, or else explicit videos will be sent to friends and family.

Like most email scams, your best bet is to ignore it. Most scammers are bluffing and are banking on people falling for their tactics. The best thing you can do in this situation is:

  • Change your passwords: changing your passwords ensures that no hackers or scammers are able to access your accounts. If you need a way to manage your passwords we always recommend Google’s sync feature so your unique, complex passwords are saved across devices for you.
  • Run a FixMeStick scan to make sure you don’t have any lingering malware.

Android Scams Threatens to Contact FBI Unless Credit Card Details are Handed Over

Recently, researchers have caught wind of the resurgence of malware called Black Rose Lucy, which initially had been a virus for Android phones, but now has developed into a form of ransomware. Victims of the ransomware have reported that their files were encrypted and that the attackers had taken snapshots of the victims accessing illegal pornography – if the payment isn’t met, the hackers will contact the FBI.

While it isn’t likely that the hackers will contact the FBI, or even have any incriminating information to begin with, it’s still concerning that they’re able to infect your phone. When it comes to downloading apps on your Android, you can never be too careful: 

  • Check out the permissions that are being requested the first time you launch an app. If the app begins leading you to other unfamiliar sources and enabling accessibility features, you should stop immediately.
  • Check the reviews of an app before downloading. The reviews will often reveal more than just customer satisfaction, and can let you know if the app leads to any further malicious activity.
  • If you suspect that something is up, uninstall the app right away.

6 comments

  1. Jerry woolf - Reply

    Can I use fix me stick on a NEW HP COMPURTER running latest windows 10

  2. Henry Coennen - Reply

    My son was hacked and unfortunately recorded doing some unseemly things with a strange ‘girl’. I’m trying to be nice. He came to me and told me about his escapade and we called the police, his girlfriend, and some other friends about the video. they said ignore it but he did not feel good about it. We took the advice of the fix me stick people and did the things you just talked about . By the way it was an i phone account and an x-box . He learned a good lesson and no money was ever taken from his account but they messed up the x-box account bad enough that he could not use the account. The x-box officials were kind enough to give him his games on a new account and we did a clean wipe of his phone. He straightened up his life. He went to a counselor and got advice for his problems and he has never been hacked again. now we need fix me stick for the i phone, is there such a thing? I have been using fix me stick since this began and all the junk on my computer is gone. It works fine and his life is better. Thank you for what you do and i will keep using it forever.

    • Keegan Anfield - Reply

      Unfortunately we do not have a FixMeStick for phones/tablets at this time. But it’s definitely something we want to work on!

      Best,
      Keegan

  3. Darcy - Reply

    Could you not plug your device into the computer and do a scan, will fixme stick check everything connected during the scan

    • Linda - Reply

      Hi Darcy, thanks for your interest! FixMeStick should scan everything that’s plugged into your computer during the duration of the scan, this includes any external hard drives.

Leave Comment

Your email address will not be published.