Falske FaceApp Challenge Apps installerer skadelig software. Her er hvad du behøver at vide!

Posted by Mike hurley on

Mens debatten raser om privatlivets konsekvenser af at deltage i den virale FaceApp Challenge, har sikkerhedsforskere nu udsendt advarsler om falske FaceApp Challenge-apps, der er spottet i naturen og installeret malware.

FaceApp selv er ikke noget nyt, it went back first in 2017, but this latest FaceApp Challenge has taken the Internet by storm. Som rapporteret af Thomas Brewster hende i Forbes, er der blevet diskuteret meget om privatlivets konsekvenser ved at bruge appen. "This tweet made a little internet panic this week," writes Brewster, "as a developer warned that the app could take all photos from your phone and upload them to its servers without any obvious permission from the user."

Fortrolighedspolitikken vil sandsynligvis løbe og løbe. There is no doubt, at privacy, data and security risks, due to a FaceApp-fake, which has been seen in the nature of researchers at Kaspersky. The challenge for those who are unfortunate enough to install this app, which tricks users to believe that it is a certified version of FaceApp, will not be infected with malware. It may prove much harder than dealing with what you might look like in a few years.


Applikationen for falsk FaceApp Challenge installerer malware

"Kaspersky has identified a fake application designed to fool users to believe that it's a certified version of FaceApp," says Igor Golovin, security researcher at Kaspersky, "men continues to infect devices with an adware module called MobiDash."

The first discoveries of FaceApp Falsk were for a week ago, but according to Kaspersky data there have been 500 unique users infected within the last 48 hours. "When the application is retrieved from unofficial sources and installed," continues Golovin "it simulates an error and then removes. Then a malicious module restricts the application discreetly on the user's device and displays ads."

Because the threat actors behind MobiDash often hide their malware behind the illusion of popular applications, and they don't come much more so than the FaceApp Challenge right now, Golovin warned that "the activities of the fake version of FaceApp could intensify, especially if we are talking about hundreds of targets in just a few days."

Beware FaceApp Challenge fakes in official stores

The usual advice, of not downloading applications from unofficial sources, applies. However, a quick search of the Google Play store reveals dozens of apps that are associated in some way or other with the FaceApp Challenge. Tom Lysemose Hansen, CTO at Promon, has commented that "users must be aware in the coming weeks, plenty of malicious copycats, which masquerade as the original FaceApp, will be available to download for free on App Store and Google Play."

Promon has found that FaceApp lacks protection against what it calls "repackaging attacks" where a cybercriminal adds malicious functionality to a legitimate app and then re-distributes it through the app stores. "We have seen this previously with apps pretending to be Pokémon Go," Hansen explained, "forcing users to restart their phones. On reboot, they click on adverts and even porn websites."

Hansen advised users to be vigilant and to search the name of the app developer online to check credentials before installing anything.

Malicious FaceApp Challenge websites also discovered

If all that wasn't bad enough, researchers at ESET have also uncovered an active FaceApp Challenge scam. Lukas Stefanko, an ESET malware researcher, has posted a warning about a website that claims to offer a premium version of FaceApp. "In reality," Stefanko explained, "the scammers trick their victims into clicking through countless offers for installing other paid apps and subscriptions, ads, surveys and so on." The victim will also receive requests from other websites to allow the display of notifications which, in turn, lead to more fraudulent offers.

ESET advises that people keep calm amid the FaceApp Challenge viral frenzy and "remember to stick with basic security principles." In addition to not downloading from unofficial sources, ESET recommends checking developer, ratings and reviews before downloading any app. "As insurance in cases where the user falls victim to a scam," Stefanko concluded, "having a reputable security app installed on a mobile device can help prevent some negative consequences."

Ref.


dele denne post



← gamle post nyeste post →