Archive for Bitdefender

Bitdefender Anomaly Detection Finds 60k Apps Secretly Installing Adware

Posted in Commentary with tags on June 7, 2023 by itnerd

Using an anomaly detection feature that was added to its Mobile Security software, Bitdefender detected over 60,000 malicious Android apps disguised as legitimate applications that have been installing adware for the last 6 months.
The global campaign that predominantly targets US users is believed to have started in October 2022 and is being distributed as fake security software, game cracks, cheats, VPN software, Netflix, and utility apps on third-party sites, where malware inspection isn’t as strong.
When the app is installed and launched, it will display an error message stating that the “Application is unavailable in your region. Tap OK to uninstall,” but actually, the app is not uninstalled and instead sleeps for two hours before registering two ‘intents’ that cause the app to launch when the device is booted or unlocked. Bitdefender says the latter intent is disabled for the first 2 days, which helps evade detection.
The app then reaches out to the attackers’ servers and retrieves advertisement URLs to be displayed in the mobile browser or as a full-screen WebView ad.
“However, the threat actors involved can easily switch tactics to redirect users to other types of malware, such as banking Trojans to steal credentials and financial information or ransomware,” warns Bitdefender.

Ted Miracco, CEO, Approov Mobile Security had this to same:

   “The discovery of these malicious Android apps raises concerns about how easy it is to distribute malware and the fact that this campaign predominantly targets users in the United States is concerning, as it suggests that a large number of individuals may be at risk. This highlights the need for robust security measures, like app attestation to protect users from such threats. It also serves as a reminder for users to exercise caution when downloading and installing applications, particularly from unofficial sources.”

Dave Ratner, CEO, HYAS follows up with this:

   “The identification of beaconing behavior to adversary infrastructure via Protective DNS is not only for laptops and servers; the explosion of mobile-based malware highlights just how important it is to extend Protective DNS across all connected devices. Bad actors will continue to find innovative ways to trick users but having the visibility to see the anomalous communication reaching out to the adversary’s servers, and the ability to block it, provides a key layer of defense that is critical in today’s world.”

The fact that these Android apps are out there should send a chill down the spine of every Android user. Thus it means to me that Google as well as users of Android phones really need to have their heads on a swivel to make sure that this doesn’t become an extremely popular attack vector.

A FREE Decryption Tool For The REVil Ransomware Now Available

Posted in Commentary with tags on September 17, 2021 by itnerd

If you got pwned by the REvil criminal group, I have good news for you. A free master decryptor for the REvil ransomware has been released, allowing all victims encrypted before the gang disappeared to recover their files for free:

The REvil master decryptor was created by cybersecurity firm Bitdefender in collaboration with a trusted law enforcement partner. While Bitdefender could not share details about how they obtained the master decryption key or the law enforcement agency involved, they told BleepingComputer that it works for all REvil victims encrypted before July 13th. “As per our blog post, we received the keys from a trusted law enforcement partner, and unfortunately, this is the only information we are at liberty to disclose right now,” Bitdefender’s Bogdan Botezatu, Director of Threat Research and Reporting, told BleepingComputer. “Once the investigation progresses and will come to an end, further details will be offered upon approval.” REvil ransomware victims can download the master decryptor from Bitdefender (instructions) and decrypt entire computers at once or specify specific folders to decrypt.

Some of this does sound a bit sketchy, but it is still good news. You should have a look if you’ve been pwned by this criminal organization. Hopefully more tools like this get released as this will allow people to not pay the scumbags behind these ransomware attacks.

Review: Bitdefender Antivirus for Mac

Posted in Products with tags on November 21, 2013 by itnerd

The days of not having some sort of anti-virus product on your Mac are over. There are not only Mac specific threats out there that are on the dangerous side, but there are cross platform threats as well. Not to mention that you don’t want to pass along PC specific viruses to your Windows loving friends. Thus you have to run something on your Mac to protect yourself and others. One such product that will keep you safe is Bitdefender Antivirus for Mac brought to you by Bitdefender. Now this is a product that has a fair amount going for it as you’ll see.

First, the install is pretty simple. A few clicks and the requisite entering of your password and you’re done. It doesn’t get any easier than that. Now once it’s installed, I suggest you do one other thing. You should also install an add on called TrafficLight which works with Safari and Firefox. TrafficLight intercepts, processes, and filters all Web traffic, blocking any malicious content. When you search for stuff using your favorite search engine, it lets you know what’s safe. It also lets you know what’s tracking you. For example, I went to the webpage of the Toronto Star and found that everybody from Google to Facebook is keeping an eye on my activities. Charming. When it comes to the main anti-virus product, there are two ways to run it. It has a continuous scanner that is constantly looking for threats without you needing to do anything. Or you can do on demand scanning for either the full system, critical locations, or a specific location. The interface is easy to navigate and you should have no reason to crack open the digital manual included with the product. Another item I noted, when it updated successfully, it popped a notification in the Notification Center. That’s a nice touch as it ensures that you know that you are fully protected at all times.

Now for the key points. How well does it work and how much does it slow down your Mac? In terms of how it works, I tested it by going to places that were known to be infested with marware and other evil. Bitdefender For Mac came to my rescue each time. Not only that, when I tested it by copying a ZIP file with a copy of the EICAR test virus on it and attempting to open it, it very quickly stepped in to save me. And I do mean very quickly. It reacted instantly. That’s nice. As for the speed, I cannot find any evidence that it slowed my system down in any way that I can tell. That’s also nice.

So, what’s this protection going to cost you? It’s $49.95 CAD for three Macs or $10 less for a single Mac. Is it worth it? Yes. You need protection for your Mac. Bitdefender Antivirus is a great choice to keep you safe while using your Mac.

Have Some Fun On Valentines Day With The Relationship Scanner From BitDefender

Posted in Commentary with tags , on February 13, 2012 by itnerd

Here’s an app that is fun to use on Valentines Day. It’s called the Relationship Scanner. Here’s a quick overview of how it works:

  • One of the partners enters his/her name, email address and the “viruses” he found in the relationship.
  • After providing his partner’s details, the application contacts the better half asking for the “viruses” he/she discovered in the relationship.
  • Both partners are then asked to “disinfect” the relationship from the “viruses”.
  • They live happily ever after.

Now this is an app that is brought to you by anti-virus maker Bitdefender and clearly they want to use this move some anti-virus apps (In fact, a free 90 day license of Bitdefender Total Security 2012 is up for grabs for anyone who uses the app). Despite that, I’m still posting this as I find this cute and clever. Give it a try and let us know what you think.