Info Advantage Blog

One of the major arguments for die-hard Apple fans is that their devices are nearly invulnerable to the attacks that work their way into other operating systems, such as malware or viruses. While it is true that Apple has a much lower rate of malware infections, this does not make it impenetrable, and hackers are constantly looking for new ways to extort data. One newly discovered malware, known as Fruitfly, takes advantage of an antiquated code that allows it to run undetected on macOS systems.

What is Fruitfly?

Fruitfly is a newly discovered type of malware recently found by the team at Malwarebytes. While relatively harmless, this malware is able to hide inside of OS X without alerting the user of its presence. The malware communicates with two command-and-control servers, which allows it to perform actions such as typing, webcam and screen capture, and even moving and clicking the mouse. It can also map other devices and try to connect with them.

Where did Fruitfly come from?

There is a bit of mystery surrounding the origins of Fruitfly. According to Malwarebytes, Fruitfly may have been hiding in a OS X for several years, as much of its code indicates that it was adapted from OS X to Yosemite, making it at least three years old. However, there are also lines of code that rely on pre-OS X systems, and some open-source ‘libjpeg’ code, which hasn’t been updated since 1998. So far, most of the discovered instances of Fruitfly have been found on machines at biomedical research institutions.

What can I do to protect my device?

Luckily, it seems that most of the Fruitfly attacks are targeted, making them a minor threat to an everyday user. However, Apple has yet to release a patch against Fruitfly, so users should take caution and keep an eye out for any updates they release in the near future. One of the best ways to ensure that your device stays infection-free is through constant monitoring of your network. Keep an eye out for any irregularities, and don’t let anything go unreported.

Worried that your network is in danger of malware infection? Not sure what to look for when monitoring your network? Contact Info Advantage today at (585) 254-8710 to talk to an IT professional about how to keep your devices safe from harmful attacks.

Malware is a term that stands for ‘malicious software,’ and are created by hackers in order to get access to things they normally should not be able to. There are thousands of different malware programs floating around the internet, waiting for someone to mistakenly download it to wreak havoc on your computers. With so many different types of malware, it can get a little difficult to recognize malicious programs before it’s too late. Here are a few of the most popular types of malware you’ll want to look out for, and how they work to steal your valuable assets.

Adware

Adware, short for advertising-supported software, is a special type of malware that is meant to deliver advertisements where they normally wouldn’t appear. These types of malware are often attached to ‘free’ software or applications, and are most often used as a way to generate revenue.

Bot

These programs are created to automatically a specific operation automatically, such as collecting information. Hackers can install bots onto a network or personal device for DDoS attacks, use them as a form of adware, hide them in sites to collect data, or even distribute other types of malware when downloaded.

Spyware

This kind of program is able to track anything a user does on their device, including anything they enter into their computer. This can include things such a passwords, personal information, or even credit card numbers. In addition, many spyware programs have other uses, such as the ability to modify security setting or interrupting internet connections.

Ransomware

Ransomware is a type of malware that will lock a user out of their device or network until a transaction is completed. This is done either by encrypting the data stored on the device, or by shutting the system down entirely. Typically, these programs will ask a user to send hundreds of dollars in order to get their data back.

Rootkit

A rootkit is designed to remotely access a device or network without being detected by either the user or any security programs. These programs often activate during a time when the device is not being used, making it one of the hardest forms of malware to detect. Once inside, a rootkit can access files, change settings, steal information, or even hide other types of malware.

Trojan

One of the most well-known forms of malware, a Trojan malware disguise itself as a normal, safe file or program to try and trick users into downloading it. Once downloaded, the Trojan gives access to the affected user, allowing them to steal data, monitor activity, or install more malware.

Virus

Much like viruses in the human body, a computer virus is able to copy itself to other computers or systems, infecting them as they continue to spread. Typically, viruses attach to a program and will activate when the infected program is launched. However, they can also be spread by documents, script files, or any other file that is shared.

Worm

Worms are similar to a virus in that they can create copies of themselves to spread from device to device, infecting every one as it goes along. The major difference is that while a virus needs to be spread via a human or host program, a worm is able to self-replicate itself and spread on its own.

If you think your computer or network is infected with malware, your data can be at a severe risk. Contact Info Advantage today at (585) 254-8710 to speak to a technology professional about how you can fight back against malicious programs!

Security is one of the most important parts of running a business, especially today when organizations rely so heavily on their technology solutions. Some of the most dangerous threats lurk on a business’s network, watching and waiting for an opportunity to do some real damage. With the right preventative measures, your business can catch these threats in the act before they can accomplish their goals.

Defining Malware
Malware, or “malicious software,” is a blanket term for malicious code that’s designed to cause trouble for the machine that it infects. Malware can inject code into applications or execute viruses and trojans. One of the most common types of malware is called ransomware (perhaps you’ve heard of it), in which the files on a system are encrypted until a ransom is paid to the developer. Malware can have far-reaching and varied effects, so it’s best to keep such unpredictable threats off of your network in the first place.

Defining Rootkits
Just like malware, a rootkit is designed to install on a system. Unlike some types of malware, however, rootkits are designed to allow a hacker to gain control of the system while remaining undetected themselves. In particular, rootkits are dangerous due to their ability to subvert the software that’s supposed to find them, making it optimal to prevent rootkits from accessing your system in the first place.

Defining Trojans
In computing, a trojan is a malicious entity that allows a hacker access to a system through misleading the user. While the purpose can vary from data destruction to theft, trojans are often used to install backdoors and allow access to a system at a later date for the purpose of surveillance or espionage.

Preventative Security Measures
Just like how there are various types of threats, there are plenty of ways to keep your organization’s network safe from them. Here are just a few.

• Firewall: Firewalls act as a bouncer for your network, keeping threats from entering or leaving your infrastructure. They work best when combined with other preventative measures, like antivirus, content filters, and spam blockers.
• Antivirus: Antivirus solutions detect and eliminate threats that have made it past your firewall solution. Prompt detection is important, as viruses or malware that are left unchecked could cause untold troubles for your infrastructure.
• Spam blocker: Threats often arrive in your email inbox as spam, and the unknowing employee could accidentally click a malicious link or reveal important credentials. A spam blocker eliminates the majority of spam so that it never even hits your inbox.
• Content filter: A content filter is helpful for keeping your employees from accessing sites known to host malware, as well as inappropriate or time-wasting sites, like social media.

All of the above solutions can be found in what’s called a Unified Threat Management (UTM) solution, which is widely considered to be one of the most comprehensive and useful preventative measures to improve network security. To learn more about UTMs and other topics concerning network security, reach out to us at (585) 254-8710.

The Petya ransomware, a particularly vicious monster of a threat, has reared its ugly head once again, only this time, it’s not alone. Petya now comes bundled together with Mischa, yet another ransomware that works well alongside Petya. The ransomware is delivered via an inconspicuous email disguised as a job application, with a resume attached. Once the user downloads the file, Petya encrypts the files located on the device.

The original version of Petya had a signature attack that struck the master boot record, restricting access to it until a ransom was paid through a dark web payment portal. Of course, there was no guarantee that paying up would resolve the problem, so it was entirely possible that the ransomware could add insult to injury and not decrypt the files at all. Thankfully, Petya had a weakness, and professionals were able to exploit it and find a fix for the ransomware.

Not this time, though. Petya comes with Mischa, which is a more traditional ransomware that can be just as dangerous as its counterpart. Mischa blocks access to files until the user pays a ransom. The ransomware will then link to a Tor payment site that allows the user to pay up and decrypt their files. Mischa encrypts executable files, while leaving the Windows and browser folders untouched, which provides access to files containing payment instructions for the user.

Now, here’s the problem with this development. Petya could be prevented by refusing administrator access upon downloading the installer. Now, selecting “yes” will download Petya, while selecting “no” will install Mischa. Either way, you get a slap in the face.

Mischa’s payment site works in largely the same way as Petya’s. Once you input the authorization code provided by the ransomware, you need to purchase enough Bitcoins to pay for the ransom. The current exchange rate is approximately $875 per Bitcoin, so you might be shelling out some heavy-duty cash for this. Once the user has purchased enough Bitcoins, the malware will then provide the Bitcoin address where it must be sent.

Though researchers managed to find a way around Petya, no such workaround has been found for Mischa. This is a recurring theme for ransomware, which is often so difficult to remove, that it forces large enterprises to either restore a backup of their data, or pay the ransom, rather than lose access to their files completely. As with all cases of malware, we urge you to do your research, and contact Info Advantage at (585) 254-8710 before caving into hackers’ demands.

As with all threats that work, Petya and Mischa have plenty of copycats out there that attempt to replicate their success. Malwarebytes has identified another two-in-one ransomware called Satana that functions in a similar way, locking the master boot record and the complete file record. In comparison to Petya and Mischa, however, Satana will run both types of ransomware, rather than just install one or the other.

Malwarebytes reports that Satana is still in development and has flaws that can be exploited, but the thought of malware continuing to develop in this sense is a bit unnerving, especially for business owners that may not devote enough time and resources to security solutions. If your business is unsure of whether you can handle a ransomware infection, reach out to us at (585) 254-8710.

While security experts tend to focus the brunt of their discussions on desktop OS vulnerabilities, there are plenty of mobile malware threats that fly under the radar. One such malware is called Hummer; a trojan that installs unwanted apps and malware on a device, and can be found on over a million phones worldwide.

About Hummer
The Hummer malware family has increased over the past year. At its peak activity, Hummer infected nearly 1.4 million devices every day. It’s thought that Hummer originated in China, and it has been known to infect over 63,000 devices daily in China alone. Granted, the spread of infections has dramatically decreased, but this hasn’t stopped Hummer from infecting about 1,190,000 devices.

As reported by TechRepublic, here are the top five countries and the number of devices that are infected by the Hummer malware:

• India: 154,248
• Indonesia: 92,889
• Turkey: 63,906
• China: 63,285
• Mexico: 59,192

What It Does
Hummer roots devices that it infects, which can unlock the operating system and allow for administrator privileges. Once it has infiltrated the device and unlocked it, Hummer will install malware, unwanted applications, games, pornographic applications, and other malicious and annoying programs. Since Hummer roots the device, your traditional antivirus and anti-malware programs aren’t going to be enough to get rid of it.

Yet, perhaps the most dangerous part of this malware is that you can’t uninstall the unwanted apps. Well… you can, but the trojan will just reinstall the apps, which is both frustrating and a terrible use of your mobile data. Cheetah Mobile ran a test on the Hummer trojan and came to some shocking results: "In several hours, the trojan accessed the network over 10,000 times and downloaded over 200 APKs, consuming 2 GB of network traffic." It’s clear that you don’t want this malware installed on your device, as it could jack up your phone bill and become an immense annoyance.

How to Fix It
To make matters worse, wiping your device won’t even be enough to get rid of the trojan. Cheetah Mobile claims that the factory reset won’t remove it. Users could also flash their device, but this can get complicated, and we don’t recommend doing so if you have no clue what you’re doing.

Hummer isn’t the first mobile malware, and it certainly won’t be the last. Users of smartphones have to be just as cautious and vigilant as desktop users. To learn more about mobile malware and other threats, reach out to us at (585) 254-8710.

Ransomware is such a popular method of attack used by hackers that new variants of it pop up every few months. Among these is Petya, a nasty new ransomware that masquerades as an unsolicited resume in an organization’s email inbox. Don’t be fooled, though; the only work these hackers are looking for is to work you out of a couple hundred dollars.

Hackers have always gone after industries that are profitable, or hold sensitive information that can be lucrative when sold under the table. As such, retailers that accumulate financial credentials are often hit by hacks. The entertainment industry is no different, and hackers continue to grow craftier in their pursuit of wealth and power. Not even Steam, the PC gamer’s most valuable software solution, is safe from the dangers of hacking attacks.