A new computer alarm brings us not exactly calmly into the next, heated, weekend given the emergence of two new hacker conducts, carried out respectively by the Joker and Pennywise malware.
Listen to this article
In the world of cinema, there are two clowns that most of all have disturbed the sleeps of adults and children, Joker from the Batman saga, and Pennywise from It, Stephen King’s horror novel. Curiously, in this weekly queue, the new digital security alerts concern two viruses called the same way.
From the French security house Pradeo comes the alarm concerning a virus that has been around for years, easy to implement and difficult to notice since it uses a very light code footprint: it is Joker, a fleeceware that subscribes the user to services for a fee and make calls or send SMS to premium numbers, causing significant shortages to users’ current accounts. This malware was found in four new applications in the Android Play Store, consisting of Smart SMS Messages (over 50,000 downloads), Blood Pressure Monitor (over 10,000 downloads), Voice Languages Translator (over 10,000 downloads), Quick Text SMS (over 10,000 downloads). downloads), which put together over 100,000 downloads.
Most of these applications are capable of intercepting the single-use codes that authorize economic transactions by reading SMS or taking screenshots, so that very often the victim will be aware of the damage only on receipt of the account statement: another capability of the apps in question. infected with Joker is to act as a bridge for the download of other even more harmful apps. Following the report published by Pradeo, Google has removed these apps from its application store but, if you have already installed them, it is good to remove them manually, check the current account and contest any unauthorized operations. It should be noted, then, in guarding against similar threats in the future, that the Play Store profiles of the programmers of these apps (with an almost default, short privacy policy that did not explain everything those apps did) generally listed one application.
Moving on to the second threat, the American security house Cyble discovered, in a YouTube channel that was then closed (although others were created with the same purpose), several videos that pretended to be guides to produce cryptocurrency using a particular software, of which it was encouraged the download, not surprisingly since it was the repository of the Pennywise virus.
Once in action, Pennywise targeted the “cold” cryptowallets Armory, Electrum, Guarda, Bytecoin, Jaxx, Coinomi, Exodus, Atomic Wallet, as well as those who managed Ethereum and Zcash: in doing so, it searched for files in the formats rtf, doc, docx, txt and json, weighing less than 20 KB. The same virus, then, took over the sessions of messaging apps such as Discord and Telegram, and stole info (eg. Login data and extensions) from Firefox and Chromium browsers (eg. Chrome, Edge), depositing everything in the “grabber” folder ”And sending a copy of what was stolen from the hackers. Curiously, Pennywise, in taking action, tended to suspend his activities in case the target was found to reside in Belarus, Ukraine, Russia, and Kazakhstan, and in sending the files to the attackers, he tended to convert the target’s time zone to Russian. Standard Time.