‘System Update’ apps with spyware

Watch out for...

‘System Update’ apps with spyware

What’s the threat?

Protect Your Tech - watch outAndroid apps that claim to provide access to updates for the operating system, but actually send your location to hackers. Researchers at US security company Zscaler discovered that an app called System Update installed the SMSVova spyware on to phones and tablets. Worryingly, the app had lurked unnoticed in Google’s Play store since 2014, being downloaded between 1 and 5 million times. Google has now removed it, but hasn’t commented on why it wasn’t detected earlier. 

After being downloaded the app showed the message “Unfortunately, Update Service has stopped”, and hid its icon from the screen. But this disguised its real intention, which was to find the last known location of the user, and read text messages sent by hackers. 

What should you do?

While this particular app is no longer a threat, it serves as a reminder to be careful when browsing the Play store. Read Zscaler’s blog (www.snipca.com/ 24152) for advice on identifying the tell-tale signs that an app is dangerous. 

Researchers became suspicious after reading reviews for the app, most of which gave it one star. Many said it didn’t do what it promised, and instead slowed their device. They also noticed that the app’s page on the Play store was very amateurish, with no proper description and blank screenshots (see image). The fact that the app hadn’t been updated since 2014 was the clinching proof. 

Of all the clues that all is not well, user reviews are the most important. One-star ratings by themselves aren’t enough of a reason to ignore an app, because users may simply be rejecting it through personal taste. More revealing are reviews that lambast the app for failing to do what it claims to. These often indicate that the app is malicious, and should be avoided. 

New tools

Protect Your Tech - new toolsAs recently as the late 1980s coal miners were taking canaries down pits to warn them about carbon-monoxide poisoning. The modern computing equivalent are Canary ‘tokens’, which are PC files that detect when someone has opened a Word document or folder on your PC, and tell you by email. It might be vital sign that a hacker has infiltrated your PC.

To set this up visit the URL above, then click the ‘Select your token’ dropdown menu. To be alerted when a Word document is opened, you first need to create it. Click ‘Microsoft Word Document’ in the menu, add your email address and a reminder note, then click ‘Create my Canarytoken’. Download the document, write in it, then save when finished. It’s a similar process for folders, except that you have to download a ZIP file, then extract its contents and place them in the folder you want to protect.

If you receive an email warning (see screenshot), click the ‘More info on this token’ link at the bottom for further details, including the location of the trespasser.

Canarytokens: http://canarytokens.org

Scam Watch!ScamWatch

Readers warn readers

Ignore speeding-fine email

I’ve always considered myself careful driver, and I’m certainly no ‘boy racer’. So I was shocked to receive an email from ‘West Yorkshire Police’ about a speeding offence. The scam is quite clever because it doesn’t say that you’ve been speeding, but that someone driving your old car has been. The scammers want to exploit your fear of being considered guilty of a crime you didn’t commit. I could tell it was a scam, and ignored the link asking me to download the ‘Notice of Intended Prosecution’. I saw online that it had been reported locally: www.snipca.com/24068.
Warren Matthews 

For more ways to protect your tech, try Computeractive magazine.
Subscribe today and get 3 issues for £1, plus a FREE welcome gift.