What is Scareware?

Scareware is a scam that plays on fears of inexperienced users. Although computer viruses are an obsolete type of malware, and you will hardly catch one nowadays even if you try, they remain a horror story for people. And the least you know about a threat, the easier it can scare you.

Both trustworthy and scam security products are promoted via advertising. An advertisement of a good solution will respect the customer and make stress on qualities and features of the promoted program. In the worst case – it will explain that there are many threats out there on the Web, and each endpoint needs protection. The scareware, on the contrary, will try convincing you that your computer is already infected with malware. Moreover, pushy ads will insist on immediate installation of the program they represent, as if it were a last chance to cure your pc.

The profitability of the scheme is understandable. People get scared, buy the program and feel like the defenders of their computer system. Perhaps later, the apprehension will come that they just threw away their money, but they will no longer be able to get it back. There are usually many victims of such deception, and that is the very thing on which the scam relies.

Sadly, losing money is not the worst thing that can happen. Sometimes such malvertising used as a filter: whoever bought into this definitely does not have an actual antivirus. Accordingly, those agents who do business on the distribution of adware and malware can safely install a bunch of harmful programs on the victim’s device.

How Scareware Works

It all starts with a person suddenly seeing an advertising banner on some website. The banner itself looks like an automatic notification. Novice users may not even understand that they are dealing with an advertisement.

The message usually says that a scan of the user’s computer was carried out, which found infection with dangerous malware. Already here, a knowledgeable person could have laughed because not only is it impossible to scan the device so quickly, but it would also be problematic to do it remotely without preliminary procedures.

But charlatans deal with inexperienced people and therefore continue their psychological attack. The banners usually include very serious-looking malware names, tables, codes, etc. The more serious the picture looks, the stronger the effect. In all its appearance, the message tries to appear automatic. You can see, for example, this caption: “threat level: high“, as if the same plate could give out a reassuring “low“.

Such schemes are generally built on a series of psychological techniques. Intimidation is only the first of them. The use of colors plays with the victim’s emotions. Red stands for anything related to threats. As soon as the “rescue” program enters the scene, a soothing blue or green color appears. This feeling of possible safety encourages the user to make a purchase. In addition, the price is low. Most scareware schemes rely on the possibility of quick payments combined with a vast number of buyers.

Alternative Scams

There may be more time-consuming schemes for the crooks. For example, they might launch a massive campaign offering free device scans. To take one, the user must first download the software, the functionality of which will be limited until the program is purchased. So that this payment is still made, the scan will produce frightening results. This approach counts on more educated users.

By the way, the scope of scareware is not limited to the security sector. You can imagine other types of scareware, such as cleaners, that will scare users by saying: “look, a little more, and your system will get so clogged with the garbage that the device will start freezing.” The advertised program will be able to delete unused applications, temporary files, etc.

The programs in question can remain completely fake without an iota of the promised functionality. All “treatment” of the device, just like the initial intimidation, can be just a visual effect.

What are The Threats?

Theoretically, the victim of scareware could get lucky, and the only problem would be the wasted money. But more often than not, a deceptive program will leave an unpleasant payload behind. Its severity may vary. In fact, it corresponds to the degree of danger from the unwanted or overtly malicious software that scareware can fetch onto the victim’s computer. In most cases, installing a scareware application will decrease the PC’s running speed. We’ll be coming from the guess that scareware developers want understandable profit from their victims, not reduced to the price of the application.

This goal implies infecting the device with either of the malware types:

• Adware is a class of relatively harmless unwanted applications. They flood users with ad banners, modify browsers’ settings, add ad links on webpages, etc.
• Spyware is a more significant threat. Hidden software collects information about the system and the user’s activity to send it to people who can commercially benefit from having it. o
• Miners are the programs that steal computing resources of the victim’s machine and throw them at mining cryptocurrency (for somebody else, of course.) The injured side will also be surprised by the electricity consumption rate.
• Cybercriminals can add the infected device to the botnet, a controlled network, to perform certain activities on the web unbeknownst to the user.
• Ransomware is probably the worst case. This malware encodes all data files on the victim’s computer, and the only chance to get them back is to buy a key from the racketeers.

Criminals can drop many other types of malware into the unaware victim’s system. However, those are more suitable for targeted attacks and require hackers’ special attention. The malware mentioned above can work and bring profit automatically.

How not to be fooled by scareware?

• Install an modern antivirus software. GridinSoft Anti-Malware is one of the best solutions on the market due to the combination of technical efficiency and cost-effectiveness. Its virus libraries are regularly updated so that whichever malware becomes recognized in the world, Anti-Malware will know how to deal with it. The program can perform a deep scanning, work in on-run protection mode, and be a security measure for safe Internet browsing.
• Know right before you get scammed. The scareware schemes work only because of people’s ignorance. You don’t need to be a hacker or even an advanced user. Just take a simple course on Internet surfing from someone more experienced in it.
• Don’t visit dubious websites and avoid clicking on ad banners whatsoever. You can hardly encounter malicious advertising, which scareware surely is, on trustworthy websites like Google, Youtube or Facebook. It’s not that you should limit your surfing to these three sites, but they can serve as an example of a trustworthy website appearance. As soon as you see ad banners popping up all around you, flashing and glaring, proceed with great caution if you need to.
• Install ad-blocking software. It goes as an extension to your browser that blocks advertising banners from rendering. It might save you a lot of nerve cells.
• If you happen to buy a scareware product, make sure you remove it as you usually remove an application. In Windows, press Start > Settings > Apps > Apps & Features Choose the app you want to remove, and then select Uninstall. After removing the scareware, carry out an antivirus scan to get rid of any accompanying malware.

The post Scareware: How to Identify, Prevent and Remove It appeared first on Gridinsoft Blog.

But how can they do it with a single banner? That article will show you the whole mechanism and will also explain why this notification appears so obsessively.

Pornographic virus alert from Microsoft: How it works and why is it malicious?

Once upon a time, after opening the browser, you may see the banner which says that your PC is infected with awful viruses. As you can suppose by the name of this alert, it also states that this virus got on your PC from pornographic websites. To eliminate this malware, “Microsoft” offers you to contact their support by the number they specified in the text. As they assure you, you cannot fix your computer without calling support. And here is the first suspicious element – times when the viruses may get into the PC exactly after opening the website are gone.

It was possible at the beginning of the ’00s when the browsers were raw and had a huge amount of vulnerabilities. One of these security breaches allowed to start of file downloads and installations without the user allowance. But hold on, here are more interesting moments.

Calling the support as a sign of the malevolency of this banner

First thing is the number this banner offers as an official Microsoft helpline to reactivate your Windows. It is completely different from the one which is published on the Microsoft website. When you call this number, you will hear a “support” that will offer you to grant him remote access to your PC. Sometimes, such action is needed – when some of the program components are working wrong on the specific PC configuration. But when we are talking about the viruses, which are already detected (as the banner says), the need for a remote connection to your PC is very questionable.

Finally, things are getting really ridiculous. The support checks your PC and then says that you really have a lot of viruses. To remove them, you need to install a perfect solution they can offer you only today – an unknown (or low-trusted) antivirus. They can send you a link or even install it themselves, using the remote control. Installing the unknown software was never a pleasant experience. And all these strange moments surely show that this thing is not one you can trust. Usually, the program this “support” offers you is an example of typical scareware. This sort of program mimics the antivirus app and shows you tons of false detections.

The total possible danger of pornographic virus alert from Microsoft

Let’s count. The first danger the user carries is remote access. The user who gets the ability to manage your PC can do everything literally – delete your files, modify your settings, install any programs from any sources – he is a king now. Granting remote access must always be well-weighted because of the dangers it carries. Nonetheless, a lot of users ignore that security rule and give access to anyone who offers help.

Moving on. Scareware may look like a considerably non-dangerous but annoying app. But let this app stay active in your system for about 30 minutes, and you will not be able to use the PC as usual. Because of its malevolent nature, this unwanted program randomly blocks the elements of important applications. Hence, you can’t use the program as usual. To remove these “malicious and vulnerable items”, you need to purchase the full version of this pseudo-antivirus. Moreover, you can’t uninstall a program as usual – through the application list. Manual removal or antimalware software usage is the only option.

Danger #0. Source malware.

And the last one, which must be the first. I have missed mentioning the initiator of that event – adware. The pornographic virus alert from Microsoft cannot appear independently on your PC. Access to this page will just be blocked by the web browser you use. So, it is quite easy to conclude that something changed your browser configuration and networking settings to show you this banner every time you open your web browser. Adware is a kind of virus that usually does the same, that’s why I supposed it’s present. The way you get this virus on your PC may be different, and you can read the removal guide in that post. Fortunately, the adware can easily be removed with anti-malware software.

The thing you can do to get rid of the banner at the moment is to close the browser window or reboot the PC. Radical ways, but pretty effective against this sort of scam. Usually, that banner does not have any “close” buttons at the top right corner. Don’t worry – the notifications that “Microsoft Locked This Computer” are 100% lies. Still, neither viruses nor companies can block the computer through the Chrome browser. To prevent the browser appearance it is better to avoid using dubious sites. Things like torrent trackers or sites for YouTube videos downloading may redirect you to other pages, and this nasty thing is just among them.

The post Pornographic Virus Alert From Microsoft appeared first on Gridinsoft Blog.

Belgium and the Netherlands have conducted a Europol-supported operation to neutralize a group of cybercriminals. Malefactors made millions of euros with phishing and other fraudulent schemes.

The operation was carried out by Belgium and Netherlands police with the support of Europol. The Dutch police have arrested nine people aged between 25 and 36, eight men and a woman. The authorities have also searched 24 houses throughout the country.

The police have confiscated firearms, electronic devices, jewelry, and cryptocurrency from the suspects. The Belgian authorities initially started the investigation, so the individuals arrested in the Netherlands will be extradited to Belgium.

According to the police evidence, the suspects did phishing and other Internet scams that allowed them to make millions of euros. Cybercriminals sent emails, text messages, and WhatsApp messages to their victims. The SMS and letters contained a link to a spoofed bank website made for collecting users’ credentials. After getting these data, the crooks gained access to their victims’ bank accounts.

Europol report states that the frauds used mules to transfer and cash out funds from the victim’s accounts. The gang members have also turned out to be connected to illegal firearms and drug trafficking.

The post Nine Web Scammers Arrested by Dutch Police in a Europol Operation appeared first on Gridinsoft Blog.

The war on cybercrime goes on. As its next round unwinds in 2022, Interpol arrests hundreds of Internet-fraud-related suspects within two months.

The operation in question got dubbed First Light and concentrated on raiding illegal call centers in different countries, with the seized funds amounting to $50 million in assets. These offices were bases and control centers for a series of socially engineered fraudulent activities on the Internet via email and phone, including date scams.

Police of Singapore have raided money launderers and scammers performing flagrant staged kidnappings. The most bizarre case was an interrupted fraud involving a minor victim already lured into playing kidnapped and fake being beaten. The €1.5 million ransom was ready to be paid, but luckily law enforcement agents were there on time. They managed not only to prevent this transaction but also to arrest about 4,000 bank accounts used to service fraudulent operations.

Another suspect was a Chinese citizen captured in Papua New Guinea. He is believed to be a leader of a gang that fished up to €34 million out of 24 thousand victims of their Ponzi scheme. The suspect is repatriated for trial.

The scams like these are conducted in vast numbers and are highly difficult to track because their authors and victims reside in different countries and the schemes of the crooks are ever-changing. The First Light operation lasted two months and involved police activities in 76 countries.

Rory Corcoran, the head of Interpol’s financial crime division, has noted that the nature of such crimes requires cooperation among many nations’ law enforcement agencies. The First Light operation has proved the effectiveness of such an approach as authorities from all the countries that took part in the procedure shared information on questionable financial transactions, phone numbers, scam websites, IP addresses, etc. The juxtaposition of the gathered materials eventually allowed to carry out a coordinated across-the-world operation.

The post Around 2000 People Arrested by Interpol for Internet Scams appeared first on Gridinsoft Blog.

Scammers again use SpaceX as a bait in fraudulent schemes. The statements of Elon Musk, CEO of the company, have been watched for a long time, and as soon as he says something about cryptocurrency, this immediately gives rise to a lot of food for fraudulent schemes. Some scammers make expensive fakes, while others make do with little. Before the story of DeepFake Elon telling how to invest in the BitVex cryptocurrency platform had died down, a low-end legend of the same type had already appeared.

This time we are talking about the fake site spacex-btc[.]org. This site pretends to be SpaceX’s dedicated platform for some kind of cryptocurrency giveaway that should help people make money by trading on cryptocurrency price fluctuations. This website may be redirected to by banner ads from apparently not the most reliable websites.

So, first of all, let’s say it: it’s a FAKE.

And don’t be fooled by the fact that this website has an SSL certificate. Do not look at HTTPS in the line, but the very name of the site: spacex-btc. Yes, and with TLD org. This site is a pure spoof because this cowboy office has no connection with the authentic SpaceX website or company.

The site has a decent design, but it’s still not stylish enough for a company like SpaceX. If you look for flaws, you can immediately notice grammatical errors in the fake quote of Musk himself and the terrible layout of the page.

There is a chat button in the corner of the window. Of course, everything connected to luring money is performed perfectly in such offices. You can probably talk to them, and they probably have a call center. But don’t let that fool you. It may seem that no one will find it profitable to create an entire call center to ensure the credibility of a single fake page. But we must remember that the companies behind such scams work with many schemes at once, giving rise to deception on an industrial scale.

These websites have only one purpose – to get money from you. In 99.99% of cases, Forex-like deals in cryptocurrency that these companies advertise are done through the mediator, so you don’t even see your purchased cryptocurrency. Then a psychological game starts: the trading can be random at best. However, in the worst cases, scammers totally control the process. They can make their victims feel lucky and lure more and more money out of them.

Don’t buy into famous faces in advertising campaigns. If you are told that Elon Musk is launching his cryptocurrency or something like that, first check in the news if this is true.

The post Beware: New SpaceX Bitcoin Giveaway Scam appeared first on Gridinsoft Blog.

Interpol arrested three citizens of Nigeria in the country’s capital city Lagos as a part of an international operation dubbed Killer Bee. The men were suspected of using Agent Tesla remote administration tools (RAT) to redirect financial operations and corporate classified data theft. The search showed that the suspects had fake documents, including invoices and official letters.

Agent Tesla showed up for the first time in 2014. It is an extremely popular RAT-Trojan used for credential stealing, keylogging, clipboard data obtaining, and collecting other information from the victims. Cybercriminal syndicates and stand-alone hackers use Agent Tesla widely because of its stability, flexibility, and broad functionality.

The headquarters of the General Secretariat and the National central bureau of Interpol, together with law-enforcement agencies in 11 South Asian countries, took part in the Killer Bee operation.

Hendrix Omorume – one of the three suspects has already been charged and convicted for three episodes of financial fraud, and he faces a year in jail. The two other Nigerians are now under trial.

“Through its global police network and constant monitoring of cyberspace, Interpol had the globally sourced intelligence needed to alert Nigeria to a serious security threat where millions could have been lost without swift police action,” – Craig Jones, the Interpol’s Director of Cybercrime stated. He added: “Further arrests and prosecutions are foreseen worldwide as intelligence continues to come in and investigations unfold.”

The post Three Online Scammers Arrested in Nigeria in an Interpol’s Operation appeared first on Gridinsoft Blog.

Despite the fact that the process of downloading and installing Windows 11 from the official Microsoft website is very simple and straightforward, the researchers say that many are still trying to download the new OS from third-party sources, and cybercriminals are happy to offer such people their “services”.

Hiding behind Windows 11, cybercriminals most often distribute malware downloaders designed to deliver other malware to victims’ computers.

For example, scammers distribute a certain executable file called 86307_windows 11 build 21996.1 x64 + activator.exe, which weighs as much as 1.75 GB, so that it seems to the user that the operating system can really have such a volume. In fact, the bulk of this volume is occupied by a certain file with the extension .dll, which contains a lot of useless information that is not used in any way during the installation.

If you open such an executable file, the installer will start, which looks like a normal installation wizard for Windows. Its main purpose is to download and run a second, more interesting file. It is also an installer, and it even has a license agreement, which says that along with the “download manager for 86307_windows 11 build 21996.1 x64 + activator”, a number of “sponsored programs” will be installed on the computer.

Researchers remind that currently Windows 11 is available only to members of the Windows Insider program, that is, to install it, you first need to register in this program.

You will also need a device with Windows 10 already installed. On that device, go to Settings, click on Updates and Security, and then select Windows Insider and activate the Dev Channel there to get an update to Windows 11.

Let me remind you that I also recently talked about the fact that Vulnerability in Windows 10 could allow gaining administrator privileges.

The post Scammers distribute fake Windows 11 installers appeared first on Gridinsoft Blog.

In particular, criminals are very fond of conducting fake distributions of cryptocurrencies on social networks on behalf of Mask, promising users huge profits, if they first send them some bitcoins.

For example, in 2018, such Twitter action brought scammers over $180,000 in just one day.

This statement is confirmed by their fresh material in Bleeping Computer, in which journalists report that such activity has become more frequent again, and the scammers have already managed to make good money.

The spike in fraudulent activity on Twitter was highlighted by a MalwareHunterTeam researcher. He said that more and more verified accounts are hacked, and then hackers use them to promote another fake distribution of cryptocurrency on behalf of Elon Musk.

Examples of such scams can be seen on the screenshots below.

Typically, these tweets contain links that redirect victims to Medium, where the article advertises a fake bitcoin giveaway. The scheme is still simple: users are asked to send a certain amount of cryptocurrency, promising to return the already doubled amount back.

MalwareHunterTeam and BleepingComputer report that most of the accounts compromised during this scam have been inactive for a long time.

Investigators also remind that last year, after a large-scale attack, Twitter abandoned the versioning of accounts, and now such accounts are in even greater demand among cybercriminals, and a real hunt for inactive accounts is under way.

According to BleepingComputer and MetaMask, the scammers receive more than $580,000 in Bitcoin per week. At the same time, the fraud with the distribution of Etherium did not bring such success, and the criminals “earned” only $2,700 on it.

Let me remind you that Elon Musk confirmed that the Russian offered a Tesla employee a million dollars for hacking the company.

The post Fake cryptocurrency giveaways on behalf of Elon Musk brought scammers $580,000 appeared first on Gridinsoft Blog.

So, who initiates cyber-attacks? Cybercriminals, alternatively known as, cyber hackers, are responsible for hacking into your computer systems for the purpose of stealing or destroying information, which could benefit them. They latch onto vulnerable web applications, which makes it easy for them to install a malware virus to your computer system. Committing a cyber-crime is a federal offense, which warrants the arrest of the cyber-criminal by the authorities.

The occurrence of cyber-attacks has provoked the data security professionals to take initiatives to trace the location of the cyber-attacker, and they work with a team of security to warrant the arrest of the cyber-criminal. A cyber-attacker could be responsible for navigating high-classified or regular data; however, a number of proactive measurements should be taken against the cyber-attacker to reduce the probability of a cybercrime. We have compiled a list of the top five types of attackers, who are responsible for hacking your computer’s systems and database for stealing data and classified information:

Scammers:

Scammers are the most common type of cybercriminals. They are responsible for sending discount codes and lucrative offers to your email box, which sets as a trap to hack your network system. You will often find a banner claiming to earn you a million dollars overnight, and a number of people are naïve enough to click on, which alleviates the strength of their security networks to help the hacker maneuver into your computer systems.

Script Kiddie:

As depicted by its name, script kiddies are juvenile cyber-criminals, and they use an alternative approach to hack your computer systems. They generally copy a code, which is later converted into a SQL virus. In other terms, a script kiddie is not vastly familiar with using malware to hack into your computer system; instead, they resort to using existing codes to hack into your computers. If a script kiddie hacker was familiar with the tools to hack into computer systems, it would categorize him as a ‘Green Hat’ hacker.

White Hat

The white hat hackers are alternatively known as ethical hackers, and they are more focused on benefiting the user of a networking system. They play a contributing role in helping you remove viruses and perform pen tests to help people understand the vulnerabilities in their computer systems. A majority of the white hat hackers are responsible for asking security-related questions, and they are required to pursue a qualification in CREST Certified Infrastructure Tester, CREST Certified Application Security Tester, and Offensive Security Certified Professional (OSCP) to become white hat hackers.

Pishers:

Pishers are more likely to trick you into submitting your personal information to hack your computer systems. They often send you a link to fraudulent websites, which makes it easier for them to hack into your computer and networking systems. You should refrain from opening such scam links, and you should instantly report the incident to a cyber-security authority to avoid the occurrence of any illicit activity.

Insiders:

Insiders are considered to be the most dangerous types of hackers as they are responsible for facilitating 20% of the threat, which results in nearly 80% of the damage. As suggested by their name, they often work within an organization, and they use their expertise in hacking to hack the systems of the organization to acquire classified and financial information about the business. The insiders are also responsible for hacking into the classified information of a business’s competitors.

The post Who stands behind cyberattacks? Top 5 types of attackers appeared first on Gridinsoft Blog.

Responding to numerous claims from our users about these cyber attacks, we have conducted a detailed investigation into this fraudulent scheme. In this post, we will answer the most frequently asked questions about Microsoft Tech Support scammers. Being forewarned is being forearmed! We encourage you to stay vigilant to the signs and protect your safety while browsing. Do not allow scammers to exploit your fears!

How Do Scammers Intimidate People?

Hackers employ various tactics to intimidate their victims, aiming primarily to profit. Fraudulent landing pages can switch to full-screen mode, disable main keys, and prevent the context menu from opening. Scammers can easily execute these actions using the following JavaScript code:

Interestingly, fraudsters even integrate Google Analytics into their malicious web pages!

The horrible text messages are not the only thing which scammers are using to terrify their victims. There are also threatening voice notifications played. Usually, they are stored here:

However, terrifying text messages are not the only tool scammers use to intimidate their victims. They also employ threatening voice notifications. Typically, these audio files, such as alert messages, are hosted at URLs like this:

MALICIOUS_URL/chrm/alert2.mp3

If you ever come across these scare tactics, remain calm and recognize that there is no real danger as long as you avoid calling the “free” phone number provided by the fake technical support team.

Microsoft Tech Support Scam: Scam-as-a-Service

The landing pages that our users unfortunately encountered are just the tip of the iceberg. In the world of cybercrime, Malware-as-a-Service has flourished for a long time. These newer scam techniques can aptly be termed Scam-as-a-Service.

On a recently discovered semi-private Russian underground forum, exploit.in, we came across a description of an affiliate program:

English translation:

As you can see from the description, the scheme is quite straightforward: the creators of the affiliate program provide publishers with domains, admin panels with statistics, and payments through BTC, which has become the standard currency in the cyber underworld. Publishers simply need to direct traffic to these affiliate domains and then wait for their profits.

Could Google Eliminate Microsoft Tech Support Scam Fraud?

Google can effectively mitigate such aggressive scams by adding fraudulent landing pages to its Google Safe Browsing filters. However, scammers are relentless. They frequently register a large number of similar domains with names that subtly reference Microsoft to perpetuate their schemes:

It is important to remember that the lifespan of individual scam pages is usually very short. They should not cause undue alarm.

What Happens to Those Who Made the Call?

All scam pages involved in this scheme share the same phone number: +1-844-713-3460. We have collected typical user complaints about this number:

A message popped up on my computer: “Microsoft-error4113.xyz says: *** YOUR COMPUTER HAS BEEN BLOCKED ***” and it warned that personal information was being stolen, including my photos. It threatened to disable my computer within five minutes and provided this number to call. This is a SCAM! The signs include Microsoft spelled in lowercase, an error code that doesn’t align with legitimate ones, and the overt threat. When I researched this number on another reporting site, I found a person who mentioned that his mother had made the mistake of calling and allowing them remote access to her computer—they changed her passwords and hijacked it, demanding money to release it! BAD MOJO!!!

While using my computer, this number appeared with a message saying, “Critical Alert from Microsoft.” I called the number back, and the person on the line wanted access to my computer to ‘fix’ the problem, threatening to shut down my computer if I did not comply. We denied access. The error message linked to this number was Microsoft error 3111.xyz.

As the complaints suggest, the scammers’ objective is to coerce victims into granting them full access to their computers for further intimidation. You should never allow access to your system to anyone you don’t know, especially if they are performing these questionable activities independently.

Conclusion

The Microsoft Tech Support Scam is a new, widespread scheme in the cybercrime world. Scammers capitalize on users’ fears by employing simple scare tactics, typically involving disabled keys, full-screen modes, and alarming audio messages. We hope this information convinces you to not give in to such threats. Such deceptive and rudimentary schemes do not deserve your attention or financial support!

The post Microsoft Tech Support Scam Affiliate Program appeared first on Gridinsoft Blog.