malware – Page 13 – Scriptingthewhy.com

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

What is it now, fam? Can we not get anything right?
Photo by Ketut Subiyanto, please support by following @pexel.com

We’re back in the Google Play Store and things haven’t gotten any better. It has been long-standing knowledge that if you want anything to work or see if it has any value, people need to test your product other than yourself.

By doing this, you can get all the good and bad feedback to create what seems to be your contribution to the world for the betterment of humanity.

All the great minds throughout history have gone through this, and you clearly see this being done today with us doing launches into space and claiming it’s for humanity just in case the Earth goes bad but in reality, they’re displaying their getaway plan which none of us will be able to afford. We’re looking at you Elon.

Being done with pointing fun at venture capitalism, back to the growing concern which is beta testing. Are you curious as to know how this is a problem when everyone is simply trying things out?

Let us explain. We’re going to go over what kind of attack this is, who is using it, the functionality, and effects upon release, and what are some ways you can keep yourself from being on the receiving end of testing a product that may be testing you.

Fun fact: having elder people play video games helps ward off mental conditions and improve memory.
Photo by Tima Miroshnichenko, please support by following @pexel.com

The Attack

If you’re not into computers or have very little knowledge of how software and games are developed, then you may be wondering what in the world is “beta testing”. It’s not what you think, there isn’t a group of people in a room sitting across from each other staring trying to establish who is alpha and who is beta.

Beta testing is the testing of a product that is almost ready to hit the market. This is done to get feedback as to what should stay in or be removed or what could be added to improve interactions.

How is this a problem we hear you ask? At its core, it isn’t but as of late threat actors have been releasing apps on the Google Play Store as betas to lure people into downloading onto their devices. Threat actors are testing the waters with this one.

Yes, all you have do is download the app and enter your bank information. It’s that simple.
Photo by cottonbro studio, please support by following @pexel.com

Who Can It Be Now

No one group or individual has been named for using this tactic, but rest assured the attackers are out there. Many incidents have involved phishing emails and romancing scams. No, this doesn’t involve the good old catfishing mail-order bride or husband.

In this kind of attack, the threat actor is building a false relationship with the victim in order to get the victim to perform a step-by-step process of downloading or jailbreaking their device.

Phishing emails and others of the like are sent with the promise of big returns on investment for trying the beta app. However, this is a bogus claim because the payment method is in cryptocurrency. Why do scammers like requesting gift cards, money orders, and cryptocurrency you ask?

If you think about it, obtaining these items requires no personal interaction, they’re difficult to trail back to the scammer, and you can gain access to them from anywhere. Also, the government and banks can’t monitor Bitcoin and other cryptocurrency platforms so that makes it even more alluring.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

I downloaded the beta version, but some weird stuff started happening after I entered my banking information.
Photo by Andrea Piacquadio, please support by following @pexel.com

That Sinking Feeling

Why not use real apps instead of beta? Well, real apps must undergo a rigorous code and review process where beta apps can somewhat fly under the radar because they’re not complete, it just has to look good surface level.

After making it pass review, threat actors change the URL by pointing the app to a malicious server, then the real fun begins.

Malicious code can perform a number of tasks ranging from collecting data from devices, gaining access and depleting online financial accounts, or seizing control of handheld devices.

Yes, tell Scriptingthewhy that I’m interested in protecting my personal information.
Photo by Antoni Shkraba, please support by following @pexel.com

The Prevention

Are you interested in beta testing the ability to keep money in your bank account, and prevent your life from ending up in disarray? If you had said yes, then you have taken the first step into cybersecurity and if you didn’t then we’re going to tell you how to anyway.

When dealing with emails, especially from people who you may know and have a link attached, cross-check with them on another platform to verify if they indeed sent the email.

Carefully examine the email for misspellings and grammar errors as this could be a big tip-off that something is in the air. Exercise extreme caution when installing a new app and carefully examine the requested permissions for anything that may have you scratching your head.

The biggest clues suggesting that something is on your system are that your battery is draining faster than normal, higher data consumption, experiencing a sudden pop-up ads nightmare, the device running slower, and overheating.

Always remember when beta testing, the app should have developing issues, not your finances.

I’m in cybersecurity and I read Scriptingthewhy, so yeah. Trying to scam me is pretty hard.
Photo by Viktoria Slowikowska, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on beta testing scammers? Script a comment below.

Programming, Security, Tech

You won’t believe what this snake does…

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

I need to make some money and fast. I could get into the world of IT. Where to start?
Photo by Chinmay Singh, please support by following @pexel.com

There comes a time in one’s life where they may think to themselves and say “The big ole Information Technology world huh, meh, let me give it a shot. What could go wrong?” Foolish child, we’re here to tell you that a lot could go wrong. One’s reasons for choosing a path in Information Technology or IT for short, could range from making a butt load of money, being the next person to create the next big thing, or simply adding a new skill to their already growing list.

Or maybe it’s a combination of all three. It should be the last one primarily because you’re awesome and striving to better a version of yourself every day is on your to-do list, so go you. However, typically, it’s the first reason since we’re all driven by our finances.

If you’re not making money, then you’re not making sense. A narrow and closed-minded way of thinking but hey, people aren’t usually open-minded so, whatever. For one to get into the world of IT, or jailbreak into IT at this point, a process needs to occur aside from simply learning code, linking resources together, and understanding how packets are sent through a network. When in an interview or at some point in a professional setting, one could be asked if they have ever contributed to what is called “Open source”.

Open source, in a nutshell, let’s say you make an application or a small program, once you feel your program or application is complete, it can then be uploaded to a platform like GitHub where others can either add onto or make corrections to your code. This can also be done vice versa. All in all, whoever is asking about contributing to open source wants to gauge your depth in IT. So, say yes, yes you have contributed to open source.

We checked if you have ever contributed to open source, and you didn’t. Printing “Hello World” doesn’t count as a contribution.
Photo by cottonbro studio, please support by following @pexel.com

The Attack

While there is a chance to get your program to an audience for good intentions other than to make money, others have used that same platform for malicious means. Are you interested in knowing what could be on your computer and getting up all in your network’s guts? Look no further than SSH-Snake. For those who may not know what SSH stands for, again, this is an all-inclusive platform, so we’re just being mindful of the audience.

SSH is “Secure Shell Protocol”, it’s a network protocol for operating network services securely over what is mostly an unsecured network. If you have ever worked with the command line, you’re more likely to be aware of SSH. Just know; common people mess with the Graphical User Interface (GUI), nerds, geeks, and hackers mess with the command line interface (CLI). Don’t know why they called “SSH” and not “SSP”, don’t know where the “H” came from but hey, we don’t make the script, we just read them.

I’m not lonely but I could stand to use some company. Fine, you drive a hard bargain, I’ll click your link.
Photo by Andrea Piacquadio, please support by following @pexel.com