Reading Time: ~2 min.

Malicious Apps Get Millions of Installs

Google recently removed 85 apps from the Play Store after
they were found to contain predatory
. With over nine million combined downloads, the apps were
mostly fake games or utility apps that began pushing a constant stream of full-screen
ads to users until the app itself crashed. More worrisome, while nearly all the
apps shared similar code, they were mostly uploaded from different developer
accounts and used different digital certificates to minimize detection.

Tuition Scam Targets UK College

Several parents of students attending St.
Lawrence College
in the UK fell victim to an email scam over the
holidays that requested early tuition payment at a discounted rate for the
upcoming terms. While security measures surrounding parental information have
since been improved, at least two separate families confirmed they sent
undisclosed amounts of money to the scammers. Though these types of attacks target
large audiences, it takes only a small number of successful attempts to make
the campaign profitable.

Australian EWN System Hacked

With the help of a strong detection
, a brief hack of the Australian Early Warning Network (EWN)
was quickly shutdown. Some of the messages contained warnings about the
security of the EWN and listed several links that the user could navigate
through. Fortunately, staff were quick to notice the severity of what was
occurring and acted to prevent additional customers from being spammed.

Ransomware Uses Children’s Charity as Cover

When CryptoMix
first came to light, it included a ransom note masquerading as a request for a
“donation” to a children’s charity. It has since returned, but now includes
actual information from crowdfunding sites attempting to help sick children and
using their stories to guilt victims into paying a ransom. Even worse, as
victims navigate the payment process, the ransomware continues to urge them on
with promises that the sick child will know their name for the aid they

Exploit Broker Raises Bounties for New Year

Following the New Year, a known exploit
, Zerodium, announced they would be effectively doubling all
bounty payouts for zero-day exploits. While lower-end Windows exploits will net
a researcher $80,000, some Android and iOS zero-days will pay out up to $2
million. Unfortunately for many working on the lawful side, nearly all the
exploits obtained by Zerodium will be privately sold, rather than used for
patching or improving security.

The post Cyber News Rundown: Bad Apps Infect Google Play appeared first on Webroot Blog.