Avira takes stock of cyber threats: beware of stalkerware

Source: HW Upgrade added 16th Jan 2021

  • avira-takes-stock-of-cyber-threats:-beware-of-stalkerware

The 2020 was one of the most prolific years for hackers, who used media attention on Covid to spread malware. The use of stalkerware is growing, a sub-category of spyware

by Alberto Falchi published , at 09: 31 in the Security channel

Avira

Avira , the well-known solution manufacturer antivirus, published its report on the status of threats that characterized the 2020. A year that, as we have already specified in other articles on Edge9, has seen the intensification of cyber attacks. The reasons are mainly two: on the one hand the powerful use of smart working , often implemented quickly to ensure business continuity, which has taken employees outside the company perimeter, making them more vulnerable. On the other, the psychosis related to Covid, which attackers exploited to spread malware through phishing or other means.

Hackers target checking accounts: Android banking trojans increased by 35%

Cybercriminals during the pandemic targeted especially bank accounts, especially on Android: Avira’s sensors recorded an increase of 35% of this type of threats. Among the most widespread, the antivirus manufacturer indicates Cerberus , which is spread through phishing campaigns centered around the word “Corona” which invite users to download an apk containing the trojan, apk which in many cases is named Corona-Apps.apk . Another popular banking malware last year was Wroba , which steals credit card credentials ” disguised as “Chrome.”

Beware of stalkerware: according to Avira they will be more and more widespread in the 2021

You don’t hear about stalkerware , a category of cyber threats that effectively falls into the spyware category. The difference is that the latter are real viruses spread through classic methods, such as phishing, while stalkerware are “legitimate” applications, sometimes available in official stores: an example are apps to keep children under control, geolocating them. However, these applications are very often used for purposes other than those for which they are designed, installed for example on partners’ devices without their knowledge to spy on them, record calls, track the location and even capture photos and videos. These are applications that are in some cases very sophisticated, able to disguise themselves in the midst of other processes to appear legitimate and capable of blocking antivirus, thus preventing their uninstallation.

As Avira explains on her blog, since last summer Google Play removed these types of applications from the Play Store but some remained. An example is the AllTracker Family app. Parental Control . If it is still available on the store despite the ban it is probably due to the fact that this specific app always sends a notification to the phone user before sending data to the “spy” (parents are supposed, in the case of legal uses) , but Avira researchers have noted that disabling Android notifications is enough to bypass this form of “protection”. Not only that: by activating the Pro version it is possible to disable any type of notification of the app, which prompted Avira to recognize it as malware (PUA / Stalk.Catwatch.spy ) this application.

Avira also pointed out how many of these apps removed from the official store however, they are easily accessible through alternative shops, and therefore available to anyone.

The threats that will characterize the 2021 according to Avira

In addition to stalkerware, Avira offers in view of users on fileless malware, threats that install in memory without the need to download files, thus making the identification is more complex. The antivirus maker also recommends monitoring software exploits, and expects an increase in the use of bugs and other vulnerabilities of legitimate applications by malicious actors.

To complicate everything, Avira reports that more and more malware authors do not just use them, preferring to sell tools ready to be used against victims to other criminals, opening in this way the path also to attackers with a low level of computer skills.