Latest news with #SarangTrap
Scottish Sun
5 days ago
- Scottish Sun
Over 250 dodgy apps uncovered that steal private photos and threaten to leak them to family unless victims pay up
Click to share on X/Twitter (Opens in new window) Click to share on Facebook (Opens in new window) RESEARCHERS have uncovered an 'emotionally manipulative' extortion campaign putting users at risk. Over 250 dodgy apps have been uncovered, which are forcing victims of the scam to pay up. Sign up for Scottish Sun newsletter Sign up 4 More than 250 dodgy apps have been uncovered, making people pay scammers Credit: Alamy Dodgy apps uncovered Security researchers Zimperium zLabs claimed to have found more than 250 Android apps, all pretending to be dating and romance apps. Zimperium calls the campaign SarangTrap, as it has mostly targeted people living in South Korea. On the surface, the apps look slick and well-designed, hiding the usual telltale signs of scam pages. 4 There are simple ways to protect yourself from scams Credit: Alamy However, behind the scenes, the apps work as info-stealers, taking user contact information, photos and data from their devices. READ MORE TECH SCAM FEARS Brits face losing £100m in ticket scams this summer, experts warn Due to the nature of the apps, the victims were lured in with 'emotionally charged interactions'. If the threat actors find any incriminating information on the compromised devices, they reach out to the victim and threaten to share it with their family, friends, and partners, unless a payment is made. Ways to stay safe Out of the 80 domains used in this campaign, many were allegedly indexed by popular search engines. This means that for victims who tend to be scam-savvy, they appear legitimate. The zLabs research team said: 'This is more than just a malware outbreak; it's a digital weaponisation of trust and emotion. 'Users seeking connection are being manipulated into granting access to some of their most personal data.' 4 Threat actors find any incriminating information on the compromised devices. Credit: Alamy The zLabs team have provided advice on how to avoid falling victim to the scam. Users should avoid downloading apps from unfamiliar links or unofficial app stores. This is because the more than 250 apps, a part of SarangTrap could not be found on Playstore or App Store. Malware can sometimes find its way onto these well now app stores, but Google and Apple are diligent with protecting their users. As a result, it is a lot harder to pick up malware on the official store rather than a third-party system. The zLabs researchers also recommended that users should be careful of apps requiring unusual permissions or an invitation code. Other advice to users includes regularly reviewing the permissions they granted and installed profiles they operate, and they should install on-device mobile security solutions that can help detect and block malware. Advice for dating app users While this particular scam came from users downloading malware from third-party app stores, there are always ways for users to protect themselves on dating apps. Advice service Brook tell users to always check the person you are speaking to is who they say they are. 4 Users need to be careful not to fall victims to scams on dating apps Credit: AFP This may involve taking time with a person, and don't feel pressured to do anything before the user feels ready. For more common apps which are trusted, ensure to stay in the app rather than giving the person the user's number. They also recommend not sharing any private information or imagery.
The Irish Sun
5 days ago
- The Irish Sun
Over 250 dodgy apps uncovered that steal private photos and threaten to leak them to family unless victims pay up
RESEARCHERS have uncovered an 'emotionally manipulative' extortion campaign putting users at risk. Over 250 dodgy apps have been uncovered, which are forcing victims of the scam to pay up. Advertisement 4 More than 250 dodgy apps have been uncovered, making people pay scammers Credit: Alamy Dodgy apps uncovered Security researchers Zimperium zLabs claimed to have found more than 250 Android apps, all pretending to be dating and romance apps. Zimperium calls the campaign SarangTrap, as it has mostly targeted people living in South Korea. On the surface, the apps look slick and well-designed, hiding the usual telltale signs of scam pages. 4 There are simple ways to protect yourself from scams Credit: Alamy However, behind the scenes, the apps work as info-stealers, taking user contact information, photos and data from their devices. Advertisement READ MORE TECH Due to the nature of the apps, the victims were lured in with 'emotionally charged interactions'. If the threat actors find any incriminating information on the Ways to stay safe Out of the 80 domains used in this campaign, many were allegedly indexed by popular search engines. This means that for victims who tend to be scam-savvy, they appear legitimate. Advertisement Most read in Tech The zLabs research team said: 'This is more than just a malware outbreak; it's a digital weaponisation of trust and emotion. 'Users seeking connection are being manipulated into granting access to some of their most personal data.' 4 Threat actors find any incriminating information on the compromised devices. Credit: Alamy The zLabs team have provided advice on how to avoid falling victim to the scam. Advertisement Users should avoid downloading apps from unfamiliar links or unofficial app stores. This is because the more than 250 apps, a part of SarangTrap could not be found on Playstore or App Store. Malware can sometimes find its way onto these well now app stores, but Google and Apple are diligent with protecting their users. As a result, it is a lot harder to pick up malware on the official store rather than a third-party system. Advertisement The zLabs researchers also recommended that users should be careful of apps requiring unusual permissions or an invitation code. Other advice to users includes regularly reviewing the permissions they granted and installed profiles they operate, and they should install on-device mobile security solutions that can help detect and block malware. Advice for dating app users While this particular scam came from users downloading malware from third-party app stores, there are always ways for users to protect themselves on Advice service Advertisement 4 Users need to be careful not to fall victims to scams on dating apps Credit: AFP This may involve taking time with a person, and don't feel pressured to do anything before the user feels ready. For more common apps which are trusted, ensure to stay in the app rather than giving the person the user's number. They also recommend not sharing any private information or imagery. Advertisement
The Sun
5 days ago
- The Sun
Over 250 dodgy apps uncovered that steal private photos and threaten to leak them to family unless victims pay up
RESEARCHERS have uncovered an 'emotionally manipulative' extortion campaign putting users at risk. Over 250 dodgy apps have been uncovered, which are forcing victims of the scam to pay up. 4 Dodgy apps uncovered Security researchers Zimperium zLabs claimed to have found more than 250 Android apps, all pretending to be dating and romance apps. Zimperium calls the campaign SarangTrap, as it has mostly targeted people living in South Korea. On the surface, the apps look slick and well-designed, hiding the usual telltale signs of scam pages. 4 However, behind the scenes, the apps work as info-stealers, taking user contact information, photos and data from their devices. Due to the nature of the apps, the victims were lured in with 'emotionally charged interactions'. If the threat actors find any incriminating information on the compromised devices, they reach out to the victim and threaten to share it with their family, friends, and partners, unless a payment is made. Ways to stay safe Out of the 80 domains used in this campaign, many were allegedly indexed by popular search engines. This means that for victims who tend to be scam-savvy, they appear legitimate. The zLabs research team said: 'This is more than just a malware outbreak; it's a digital weaponisation of trust and emotion. 'Users seeking connection are being manipulated into granting access to some of their most personal data.' 4 The zLabs team have provided advice on how to avoid falling victim to the scam. Users should avoid downloading apps from unfamiliar links or unofficial app stores. This is because the more than 250 apps, a part of SarangTrap could not be found on Playstore or App Store. Malware can sometimes find its way onto these well now app stores, but Google and Apple are diligent with protecting their users. As a result, it is a lot harder to pick up malware on the official store rather than a third-party system. The zLabs researchers also recommended that users should be careful of apps requiring unusual permissions or an invitation code. Other advice to users includes regularly reviewing the permissions they granted and installed profiles they operate, and they should install on-device mobile security solutions that can help detect and block malware. Advice for dating app users While this particular scam came from users downloading malware from third-party app stores, there are always ways for users to protect themselves on dating apps. Advice service Brook tell users to always check the person you are speaking to is who they say they are. 4 This may involve taking time with a person, and don't feel pressured to do anything before the user feels ready. For more common apps which are trusted, ensure to stay in the app rather than giving the person the user's number. They also recommend not sharing any private information or imagery.
Tom's Guide
7 days ago
- Tom's Guide
More than 250 malicious apps are spreading info-stealing malware on Android and iOS — delete these right now
You can never be too careful when downloading a new app to your iPhone or Android phone as what may look harmless on the surface could actually be a malicious app designed to infect your device with malware. Case in point, the mobile security firm Zimperium has discovered a new malware campaign which targets users of the best iPhones and best Android phones with over 250 malicious apps spread via 80+ malicious domains. What sets this particular campaign apart is that in addition to posing as utility apps, many of the malicious apps used in it also posed as dating apps along with file sharing ones and car service platforms. Once installed on a vulnerable smartphone, the apps were then used to download a dangerous info-stealing malware capable of stealing all sorts of sensitive personal data including a victim's contacts and even their photos. The hackers behind this campaign then took things a step further, threatening to extort victims by leaking their private info and photos to their contacts or online if their demands weren't met. Here's everything you need to know about this new malware campaign along with some tips and tricks to help you stay safe from malicious apps and the dangers they pose to both your data and your devices. Before we go into the campaign itself and how it worked, you should first check your phone to make sure that you haven't installed any of the apps below. If you have, you're going to want to manually delete them from your devices: I've highlighted just a few of them above but you can see the full list here (Google Sheet). If you take a closer look at the names of these malicious apps, you'll notice that many of them are in Korean which makes sense given that this campaign mainly targeted users in South Korea. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Given that anyone could have shared a link to one of the malicious domains hosting these fake apps, iPhone and Android users worldwide could be impacted. Either way, it's always a good idea to take a closer look at all of the apps you have installed and to delete any you don't recognize or haven't used in a while. In a blog post detailing the inner workings of this new campaign dubbed SarangTrap, Zimperium's security researchers explain that potential victims are first tricked into visiting carefully crafted phishing sites. These are designed to impersonate popular brands and app stores which not only adds legitimacy to the campaign but may also entice users to download these bad apps. Once installed, these fake apps lure users in with slick user interfaces while requesting access to loads of unnecessary permissions with the caveat that they won't work without them. To make these apps seem more exclusive, especially the ones posing as dating apps, users are also prompted to enter a valid invitation code. After being entered, this invitation code is sent to a hacker-controlled server for validation after which, these malicious apps then request access to the sensitive permissions they'll use to infect a device with malware and steal personal info from it. Besides acting as a lure, this process allows the malware to remain undetected by the best antivirus software and other security solutions designed to stop malicious activity from bad apps. With the necessary permissions in hand, these fake apps reveal their true nature. While they look slick and polished at first, they contain no dating features or other functionality at all. Instead, they're just a facade used by the hackers behind this campaign to gain a foothold on vulnerable devices from which they can then steal all sorts of valuable sensitive data. When it comes to the types of data the malware spread by these fake apps is able to steal, it can download a victim's phone number and device identifiers along with all their photos and text messages. With all this info, the hackers behind this campaign can easily extort victims, though they could also bundle it altogether and sell this data to other cybercriminals to use in their own attacks. Surprisingly, in addition to malicious Android apps, this campaign also uses a deceptive mobile configuration profile to go after iPhone users. By installing this profile on an iPhone, the hackers are able to steal much of the same sensitive data on iOS including a victim's contacts and photos. Just like with new software on your computer, you always need to be careful when installing new apps on your phone, especially as we now have so much personal and even financial info on our mobile devices. For starters, you want to avoid sideloading apps or installing apps from unknown sources or websites. If you're taken to a site trying to get you to install an app instead of to an official app store like the Google Play Store or Apple's App Store, this is a major red flag and a great indication that you should avoid this particular app altogether. When you install a new app on your devices, you want to pay close attention to the types of permissions it requests the first time that you open it. While it makes sense for a messaging app to request access to your text messages, it definitely doesn't when a dating app does so. If any permissions seem odd or unnecessary, this is another red flag that something could be off with a particular app. Besides being extra careful when installing new apps, I highly recommend that you limit the number of apps on your phone overall. Having a lot of apps installed makes it difficult to find malicious ones and even good apps can go bad when injected with malicious code. The fewer apps you have, the less likely it is that one of them will be malicious or turn malicious later. If you're using an Android phone, you want to make sure that Google Play Protect is enabled as this pre-installed security solution scans all of the new apps you download as well as all of your existing apps for malware. For extra protection though, you may also want to consider running one of the best Android antivirus apps alongside it. While there isn't an iPhone equivalent of these apps due to Apple's own restrictions, the best Mac antivirus software from Intego can scan your iPhone or iPad for malware when plugged into your Mac via a USB cable. Given that downloading and installing a malicious app even accidentally can have very serious consequences, you may also want to invest in one of the best identity theft protection services. They can help you get your identity back after having it stolen as well as compensate you for any funds lost to fraud or a cyberattack. Malicious apps are the easiest way for hackers to establish a foothold on your devices and gain leverage over you and your data which is why they aren't going anywhere anytime soon. This is why it's up to you to be proactive as well as careful when it comes to which apps you download and where you download them from. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
