Mobile Spyware Detection Tips

Cell phone spyware

How to Check Your Phone for Spyware

Would you know how to check your phone for spyware if you suspected you were being spied on? Smartphones are essential to our daily lives, serving as our wallets, calendars, communication hubs and vaults for personal information – but they’re often overlooked when it comes to understanding the risks of spyware and other malicious software. Our phones’ convenience is also what makes them prime targets for cybercriminals, and spyware – malicious software designed to spy on your activities – can easily turn your phone into a surveillance device, if given the chance.

In this blog we’ll cover how to detect spyware, how to remove spyware from smartphones, and other mobile security tips that can keep your phone (and everything you use it for) safe and secure.

Understanding spyware on mobile devices

It’s a common misconception that spyware only infects PCs and other desktop devices. While the built-in security in smartphones has gotten better and better over time, cybercriminals have also continued to develop more sophisticated ways of countering those defenses. 

What Is spyware?

Spyware is a type of malicious software that secretly collects information from your device. It can monitor your calls, texts, browsing history, location, and even capture sensitive credentials such as your banking details and other passwords. Unlike some forms of malware, spyware is designed to operate discreetly, so that it can run in the background, unnoticed by the user, for as long as possible. This is one of the reasons why it’s so hard to detect spyware on phones and other devices.

There are various types of spyware, ranging from keyloggers to GPS tracking software. Some are tailored to target specific individuals, whereas others are used by organizations and governments for surveillance purposes. 

How does spyware infect smartphones?

Spyware can infiltrate smartphones in several ways:

  • Malicious apps, disguised as (or piggybacking on) legitimate apps or games, that infect your phone once installed.
  • Phishing links designed to lead the user to accidentally installing the malicious software.
  • Taking advantage of software vulnerabilities in outdated operating systems or apps.
  • Infecting devices through unsecured or public Wi-Fi networks.
  • Physical installation.

Understanding how spyware spreads is the first step to defending yourself from it. But how can you tell if your phone has already been compromised?

Signs that your phone may be infected with spyware

Spyware may be designed to operate covertly, but even the best spies have tells. Here are some of the ways to detect spyware on phones.

Unusual battery drain

Spyware constantly runs in the background, consuming your device’s resources such as CPU or GPS. This increased activity can sap your phone’s battery, and create a noticeable decrease in battery life. If you’ve noticed a change in the longevity of your phone’s battery life, it might be worth investigating further.

Increased data usage

Another red flag is unexplained spikes in your data usage. Spyware can transmit the data it steals back to its creator, but this requires significant bandwidth. Review your data usage regularly to spot any anomalies.

Slow performance and overheating

If your phone develops a habit of overheating, or is suddenly more sluggish than usual, spyware could be the cause. The constant background activity of malicious software puts a strain on hardware, leading to performance issues for your phone and frustration for you.

Strange behavior and notifications

Apps you don’t remember downloading, unexpected pop-ups, or texts from unknown sources could also indicate the presence of spyware. Similarly, if your phone makes unexplained calls, sends texts without your input, or experiences frequent crashes, it’s worth investigating further.

How to Check Your Phone for Spyware

If you suspect your phone might be compromised, follow these steps:

Review installed apps

Carefully examine your list of installed apps and their various permissions. Look for apps you don’t recognize or recall installing. Pay attention to apps with generic names, such as “System Update” or “Device Manager”. Research any suspicious apps you find online to see if they’ve been flagged by other users or cybersecurity experts.

Use safe mode

Booting your phone in safe mode disables third-party apps, making it easier to identify if a malicious app is causing the issue. For Android users, you can press and hold the power button until the Power Off option appears. Tap and hold Power Off, and the option for Safe Mode will appear.

Install security software

Comprehensive security software can detect and remove spyware, often identifying threats that are difficult to spot manually. Look for a reputable app from a trusted provider to scan your device – but avoid downloading free, unverified security apps that might be spyware in disguise.

Steps to remove spyware from smartphones

If you’ve managed to confirm the presence of spyware, taking action as soon as possible is crucial. 

Uninstall suspicious apps

Remove any and all apps you’ve identified as being potential threats. Make sure that you’re fully uninstalling these apps, not just removing them from your homepage. After uninstalling, monitor your phone for signs of improvement in performance and behavior.

Perform a factory reset

If the spyware persists, or you haven’t been able to identify its origins, a factory reset is the most effective solution. This will restore your phone to its original settings, erasing all apps, data and malware. Back up any files you want to save, such as pictures and contact details, before proceeding

Install security software

After removing suspicious apps or resetting your phone, install a trusted security app to safeguard it against future threats. Choose software with real-time threat detection, regular updates, and robust privacy protections. And, for good measure, carry out a scan on your phone as soon as it’s installed to make sure you haven’t missed any potential threats.

Don’t let spies crack your smartphone safe

Your smartphone is a treasure trove of personal information, and keeping it secure should always be a top priority. Spyware is a hidden threat that can compromise your privacy, steal sensitive data, and disrupt your device’s performance. By understanding the risks, learning how to recognize the warning signs, and taking proactive steps, you can protect yourself from spyware and other cyber threats. 

While you’re busy protecting your phone, you can trust SUPERAntiSpyware to protect your PC. For more PC and mobile security tips take a look at our resources.

Computer Virus Protection – Essential Tips

Scan your computer to protect yourself from viruses

How to Prevent Viruses on Your Computer

The internet is full of malware-laden pitfalls – as fast as cybersecurity can evolve, hackers are continuing to create new threats to challenge them. While this battle will likely be ongoing for as long as the internet exists, it’s the role of antivirus software providers such as ourselves to keep users up to date with the latest virus protection tips. While antivirus software is a critical part of your defense, keeping your computer virus-free requires a proactive, comprehensive approach. In this guide, we’ll cover essential tips for preventing viruses from infecting your computer, and ways to maintain a secure, efficient and virus-free system when using your computer for work, personal projects or day to day browsing.

Installing antivirus software

A reliable antivirus software should be your first line of defense against viruses and malware. These programs are designed to recognize, alert you to, and deal with any suspicious activity on your computer. Installing a reputable antivirus program will ensure that any suspicious files, unusual activity or dangerous downloads are flagged and reported to you, keeping you on top of potential threats, sometimes before they even have a chance to occur.

Keeping your antivirus up to date

It’s essential that you keep your antivirus software up to date. In the same way that new malware is created every day, antivirus companies will frequently release updates to address these new threats. Missing an update might not feel like a big deal, but it could leave you exposed and vulnerable – simply having the software installed is not enough.

To ensure your software stays current, you can:

  • Enable automatic updates to make sure you always have the latest version of your antivirus software live and running.
  • Check for manual updates, particularly when you hear of any new viruses or if your computer appears to be acting strangely.

Regular software and OS updates

Beyond your antivirus defenses, staying on top of your operating system updates will also help to patch any holes in your security. Each update will address any new vulnerabilities discovered by developers and security updates – ignoring these updates, even in the name of saving time or storage, can leave you with weaknesses that hackers won’t hesitate to exploit.

Patching security flaws

Patching is the process of updating software to fix security vulnerabilities, address bugs, and tackle any other issues that could impact software performance or user safety. A patch is a small piece of code released by the developer that repairs these weaknesses, like patching a leak in a boat.

Your operating system, browser, and other apps should alert you when there are updates and patches that need to be addressed, but it doesn’t hurt to check for these manually to stay on top of things.

Enabling automatic updates

Similarly to your antivirus software, it is often possible to enable automatic updates, ensuring that your computer is always equipped with the latest defenses.

Safe browsing practices

Good browsing habits are also a key element of virus prevention. Compromised websites, pop-ups, phishing emails and deceptive ads are some of the main ways in which malware spreads, luring unsuspecting users in and convincing them to download harmful files. By practicing safe browsing, you reduce your chance of falling foul of viruses.

Avoid suspicious websites

There are thought to be roughly 2 billion websites online in 2024. That’s a lot of potential places to pick up a virus. Sites offering pirated software, movies, and other downloads are some of the most common culprits. To avoid picking up a virus while browsing online, you should follow these tips:

  • Use a reputable search engine, as these will often flag harmful sites for you.
  • Check the URL of every site that you visit – if the URL begins with “https://” it means that the site is encrypted and secure.
  • Don’t let your curiosity get the better of you and avoid clicking on any suspicious links.

Use pop-up blockers

Most browsers have some form of pop-up blocker you can activate to stop these annoying and potentially dangerous ads from gracing your screen, and we would highly recommend activating one if you can. Malicious pop-ups are often designed to look as though they come from a reputable source, tricking the unsuspecting users into clicking on them and exposing themselves to malware.

Email and download safety

Many aspects of email safety may sound like simple common sense, but you would be surprised by how many users are caught out by the sophistication of the emails that hackers now use to spread viruses. Exercising caution with emails and downloads is essential to keeping your computer safe.

Be wary of email attachments

Cybercriminals use phishing emails to trick users into downloading malware. These emails may appear to come from legitimate, familiar organizations, or even family and friends. To stay safe, don’t open any unexpected email attachments, even if it appears to be from an entity you know and trust – try to verify what has been sent with the sender where possible.

Many of these phishing attempts fall down in their spelling and grammar, and the unusual nature of their requests. They will also likely try to create a sense of urgency, wanting you to open whatever attachment they have sent before you’ve had a chance to thoroughly vet their email. This is why it’s important to read all online correspondence carefully.

Download only from trusted sources

Downloading files from unofficial sources is a common way for viruses to spread. To avoid accidentally downloading malware, you should:

  • Stick to official websites and app stores where possible.
  • Read reviews and ratings before downloading anything.
  • Look for some kind of verification that what you’re downloading is legit.
  • Don’t accept unusual downloads – for example, if your bank usually corresponds through the mail, be suspicious of any emails suddenly offering you downloads.

Stay vigilant and virus-free

There’s no single answer for how to prevent viruses on your computer – it requires a multi-faceted approach. Installing a good antivirus software and keeping it updated is essential, but it’s only one part of a well-rounded defense. Regular updates for your operating system and other software, coupled with safe browsing and cautious email practices will help to shield your system from threats.

If you’re looking for the right antivirus scanner and software to support your online activities, consider SUPERAntiSpyware.

What is a Browser Hijacker and How to Remove it

With more and more of our daily lives moving online, staying safe when browsing is now more important than ever. Browser hijackers are an increasingly common threat, aiming to disrupt your browsing experience and compromise your privacy. This article will discuss exactly how browser hijackers work, the issues that they cause, how you can spot these and how you can remove them across various devices and browsers.

What is a browser hijacker?

A browser hijacker is a form of malicious software that has been designed to modify the internet browser settings of the infected device without the knowledge, or consent, of the user.

The most common changes are browser hijacker will make is the changing of your homepage, default search engine and new tab settings, often employed to redirect the user to unwanted websites. This allows the hacking group to generate revenue through advertising and traffic redirection.

On some occasions, certain browser hijackers may also stealthily collate browsing data and sensitive personal information in the background that can later be used for malicious purposes such as demanding ransom payments to avoid release.

Browser hijackers can enter your device in a number of different ways, including bundled software download, malicious websites or phishing email attachments. Once they are at large within your system, they can overwhelm your browser with pop up ads, redirect you to unfamiliar search engines and download additional malware.

What do browser hijackers do?

Is chrome acting funny? Are you being redirected for no apparent reason? You might be compromised by a browser hijacker.

As touched upon already, there are many ways in which browser hijackers are able to significantly disrupt your browsing experience. Here are a few of the major symptoms to keep an eye on:

Unwanted homepage changes

Perhaps the most common symptom of a browser hijacker is your browser’s homepage changing without any user input. This is typically replaced, or the user is redirected to, a suspicious looking website that is often filled with ads and little else.

Slow browser performance

If you notice that your browser has markedly slowed down in terms of loading speeds and reactivity, or perhaps it frequently crashes despite not doing so before, it could be a sign that you have been targeted by a browser hijacker. This is generally a result of the consumption of resources from what are typically weighty and demanding malicious programs.

Excessive pop-up ads

While pop-up ads are natural from time to time, a sudden increase in these to the point where it becomes overwhelming probably means that a browser hijacker has infected your device. These will commonly appear on websites that don’t typically use ads and may lead to you to more harmful websites.

Browser settings changes

Browser hijackers regularly modify different types of browser settings such as the default search engine, new tab landing page and browser extensions. These changes will be made without your consent and are designed to control your browsing experience.

Reduced storage space

As previously touched upon, browser hijackers take up large chunks of storage space on your device with the additional unwanted programs and data that accompany them. This should be fairly obvious when you check your available storage space – if it unexpectedly and substantially reduced, that is a telling sign.

Redirected to unknown websites

The final symptom of browser hijackers is the unexpected redirection to unfamiliar, or suspicious looking websites. They have the capability to alter your search engine results pages (SERPs) so that you are unknowingly redirected to websites that will generate money for the hacker or further compromise your security.

How to prevent browser hijacking

As has been discussed throughout the article, browser hijackers can cause a great deal of frustration to the victims. Here are a series of tips put together by the team at SUPERAntiSpyware to help you avoid any potential browser hijacking attack:

Disable JavaScript

JavaScript can be exploited by hackers, who use it to execute malicious scripts on your browser. By disabling your JavaScript you are essentially preventing a large number of these attacks from formulating. This said, you should be made aware that disabling JavaScript can cause certain website features to break. Thankfully it is easy to switch on and off, so you can flip between the two where necessary.

Keep your system and software up to date

This is best practice for cybersecurity in general and will help to prevent all manner of malicious attacks, particularly those that involve browser hijacking.

Browser hijackers will often seek out unpatched vulnerabilities within operating systems or software that allow them an entry point into your device. By ensuring that you are frequently updating your operating system, browser extensions and software, you are minimizing the risk of infection.

Avoid suspicious links

It is always recommended to avoid clicking on suspicious links wherever they may arise, be it in emails, text messages or pop-up notifications and ads. These links have the potential to download browser hijackers or any other means of malicious software. It is important to use secondary communication channels to verify the source of any link that you may hold suspicions over.

Avoid pirated or free software

Another common way that browser hijackers may enter your system is when bundled together with other free, or pirated software. Once you initiate the execution of this bundle, you may be unwittingly inviting a browser hijacker to wreak havoc within your device. Software should only be downloaded from trusted and reputable sources and even then you should still review the contents of what you have downloaded. Further to this, opting for custom installation settings during the installation process gives you finer control over what you are introducing to your device.

Use robust antivirus software

One of the best steps you can take towards protecting your device from browser hijackers and all manner of malicious software is the installation of reliable antivirus software. SUPERAntiSpyware’s Professional X Edition offers protection against over a billion different threats, employing real-time AI powered detection to keep you and your device safe from attacks.

How to remove a browser hijacker

Detecting and removing a browser hijacker can be challenging due to the deceptive nature of this particular type of malicious software. This section will talk you through the steps required to get rid of a browser hijacker across a range of browsers and operating systems including Windows, macOS, Chrome, Safari, iPhone, iOS and Android.

Removing browser hijackers using antivirus software

The most reliable method for removing browser hijackers, as well as any additional malicious software that may have accompanied it, is to use dependable antivirus software such as SUPERAntiSpyware.

  1. Download and install SUPERAntiSpyware by following the onscreen instructions.
  2. Launch SUPERAntiSpyware application from your desktop.
  3. Perform a full system scan from the main interface. SUPERAntiSpyware will then begin scanning your device for browser hijackers and any other malware.
  4. Quarantine and remove infected files once the scan has completed.
  5. Restart your device after you have removed the infected files. This ensures that all changes will take effect and the browser hijacker will be completely removed from your device.

How to remove browser hijackers on Windows

Manually removing browser hijackers from Windows is an incredibly swift process and requires very little technical proficiency.

  1. Select Apps & features from the Start menu.
  2. Carefully browse the list of apps and identify those that are suspicious and not installed by you. Once you have identified this app, or apps, then simply click uninstall and follow the onscreen instructions.

How to remove browser hijackers on macOS

To carry out this same action and remove your browser hijacker from your Mac, you also need to stop the app from running before you uninstall it. Here is how to remove a browser hijacker on macOS:

  1. Open Utilities from the Go dropdown of the Apple menu.
  2. Open the Activity Monitor from the Utilities folder.
  3. Locate the hijacker from the list and use the X button to stop the application from running. This will pop up a new menu, from which you should select Force Quit.
  4. Now that the browser hijacker is no longer running, the next step is to remove it from the device. First, open the Finder from the dock. Then, locate the application in question, hold ctrl and click on this before selecting Move to Trash/Bin.
  5. Finally, clear your trash bin to ensure that all traces of the harmful app have been removed from the device.

How to remove browser hijackers from Chrome

  1. Click the three dots on the top right-hand corner of the Chrome window and select Settings from the drop down menu.
  2. Select Reset settings from the menu on the left hand side of the screen and click Restore settings to their original defaults. Confirm this by clicking Reset settings.

How to remove browser hijackers from Safari

  1. Select Preferences from the Safari dropdown menu.
  2. Navigate to the General window and double check that the homepage is as you desire.
  3. Move across to the Extensions window and uninstall any extensions that you have not installed yourself.
  4. Go to the Websites window, select Notifications from the left hand menu and then deselect the option Allow Websites to ask for permission to send notifications.
  5. Select the Privacy window and click Manage Website Data….
  6. Next, select Remove All from the pop-up menu.
  7. Finally, click the Empty Caches option from the Develop dropdown menu on the Safari home screen.

How to remove browser hijackers from your Android phone

  1. Select Manage Apps from the Android Settings
  2. Locate the suspicious software from this list
  3. Open App info by clicking on the software in question and click Uninstall.
  4. Navigate back to the Manage Apps page and select the browser.
  5. Click Force Stop and then Clear data when prompted.

How to remove browser Hijackers from your iPhone on iOS

  1. Open the App Library and locate the suspicious app
  2. Tap and hold on the app itself and choose Delete App when prompted.
  3. Go to iPhone settings and choose your browser.
  4. Click Clear History and Website Data.

Conclusion

Having read this article, you should feel in a much better place when it comes to both understanding and dealing with the threat of browser hijackers. You should now understand the difficulties that they can cause, the symptoms to look out for in the interest of identification and practical tips for removing them from a range of devices, operating systems and browsers.

As stated in this article, the most reliable action that you can take to protect yourself from browser hijackers and the myriad dangers of the digital world, is to download SUPERAntiSpyware to ensure that your first line of defense is as robust as possible.

FAQs

What is a browser hijacker?

A browser hijacker is a type of malicious software that alters your browser settings without consent. These settings are changed to redirect you to unwanted websites through excessive pop-up ads which drive revenue for the hacker.

How do I know if my browser is hijacked?

The common symptoms of a browser hijacker include change of homepage, change of default search engine, slow performance, excessive pop-up ads, reduced storage space and altered browser settings.

Is there a tool that can remove browser hijackers from my device?

SUPERAntiSpyware is strongly recommended to remove browser hijackers from your device as it also deals with over a billion other threats and is powered by real-time AI threat detection, constantly evolving.

Can a browser hijacker infect my mobile device?

Yes, browser hijackers are able to infect any device that uses a web browser.

Qulab, The information stealer

Info stealers are nothing new, and Qulab is no exception.  Designed to get in quick and get as much data as they can, these malicious programs steal all personal information about you from your computer. In particular, Qulab is know in its current iterations to steal information from browsers, including:

  • login credentials and history
  • file transfer protocol credentials
  • Discord and telegram logs
  • Steam information and accounts

It can copy any file that ends in .txt, .maFile, and wallet.dat—in case you have anything important lying around.

How it works

Qulab is built in a scripting language called AutoIT. Generally used to automate monotonous tasks done with a keyboard and mouse, AutoIT gives the hacker the same power as a programming language, while making it easier (in most cases) to program due to it being written in a simpler language.  Once executed on your computer, Qulab sets up a few important settings, namely no tray icon, which prevents you from seeing it running. Then, Qulab starts to replace things like windows function calls and database queries with slightly modified code. By modifying these common functions to use custom versions, the malwares reduces its reliance on the computer it is infecting and allows it to cause more damage.

After running on the you computer, the malware quickly sets up persistence on the computer through well-know methods—such as running the program on computer startup—and a less well-known method that reruns the malware on any major computer change, such as:

  • changing any computer settings
  • network status changes
  • connecting to or disconnecting from charger on a laptop
  • being idle for a set period of time

The “clipper” functionality of Qulab revolves around watching what is in your clipboard (the place that stores data you copy) and changing it if it matches certain parameters. One of the most notable is that it will replace wallet IDs for cryptomining account so that the earned money proceeds to go into the hacker’s account rather than yours. If you do not have cryptomining on your computer then it won’t do anything but slow down your computer.

The “browser stealer” function checks to see which browsers you have installed and then immediately attempts to steal files with any important information. The most notable are wallet.dat, login data that is stored on the browser, and history.

Discord , a online chat service, saves messages and chat history on its local computer when installed. Qulab looks for these files and if it finds them it decrypts them and sends them off to the hacker.

Qulab also attempts to hijack steam sessions, and if the computer uses the Steam Desktop Authenticator, Qulab also attempts to steal a file that provides authentication details. This is becoming common for most information stealers.

After all this data as been extracted, Qulab sends it to the hacker and then continues to scan every couple of seconds to see if any new information has arrived.

Who is affected?

One of the scary things about Qulab is that it is very affordable on the dark web. Coming in at only $30 with support optional, it no longer takes a master hacker to obtain a powerful, flexible information stealer. It could be slipped into downloads from illegitimate sources or used in malspam campaigns.

Indicators of Compromise

  • %APPDATA%/%RANDOM_FOLDER%/
  • %APPDATA%/%RANDOM_FOLDER%/1/
  • %PAYLOAD_NAME%.module.exe (7zip)
  • %PAYLOAD_NAME%.sqlite.module.exe (sqlite3.dll)
  • IP 185.142.97.228

What you can do


If you or someone you know is infected with Qulab malware, download SUPERAntiSpyware Professional right now and get a 14-day free trial, no credit card required.  SUPERAntiSpyware is easy to install and will detect and remove Qulab from any Windows computer. If you are a Computer Technician, you may like to try our SUPERAntiSpyware Tech Edition solution, now free for the next 30 days. Use Tech04 as the Tech ID.  Click here: https://www.superantispyware.com/technician-download.html

How to remove Emotet

You may have heard of the Trojan Emotet before. Since first appearing back in 2014 stealing banking information, it has evolved into a multi-faceted threat that targets everyone. It uses social engineering through emails to attempt to convince the user to open a Microsoft Word document and run its malicious macros. Even more worrisome is that once Emotet has infected a target, it attempts to take over the victim’s Microsoft Outlook desktop application. If successful, Emotet goes through all sent emails and contacts and send out a new wave of spam emails. Only this time, the potential victims are receiving the message from a trusted email.

A campaign from Emotet over the Christmas season read like a friend sending a friendly season greeting.

Dear <name>,

You make the stars shine brighter and the winter days warmer just by being in my life. Merry Christmas to my favorite person in the world.

Merry Christmas and a wonderful New Year!

Greeting Card is attached

A lovely thing about Christmas is that it’s compulsory, like a thunderstorm, and we all go through it together. Garrison Keillor

While not limited to invoices or Christmas cards, these emails attempt to get the user to click the download link and then to open the document. In the email mentioned above the target may be fooled into thinking that the attached greeting card is legitimate.  The document actually contains a malicious macro, an embedded script. While macros were initially designed to help automate keystrokes and mouse movements, they were quickly abused by nefarious virus creators. The infection cannot run on its own as Microsoft has automatically disabled macros more than a decade ago to help stop these malicious scripts. Instead, Emotet uses a few techniques to get the user to re-enable macros. Examples can be seen below.



The picture urges the user to click the Enable Content button, implying that they cannot view the Word document until they do so. You may have already noticed that the bar itself says that macros have been disabled, and the Enable Content button will, in fact, allow them. The moment that Enable Content button is clicked, the macros will start, and in seconds you will be infected. Even worse, in most cases you will have no indication from this point forward that anything is wrong. In one test case we briefly had a command window appear:



This window lasted less than two seconds before disappearing. This attack vector is not unique to Emotet though. In fact, it has been used by a number of ransomware attacks in the past. If you ever see a document you didn’t expect to receive, you should always be extremely cautious with it and you should never enable macros without a very good reason.

How it works

Emotet is an evolving malware that has been known to primarily spread itself through email spam campaigns.  Emotet itself does not attempt to do much harm; instead, it opens the door for other malware who pay the doorman on the way in. It achieves this by using what is known as a Command and Control server (C&C): Emotet requests instructions from its C&C server, which  issues a new command. This command could be anything from “grab this malware sample and run it” to “tell me what passwords are stored in the user’s browser.” Emotet can receive updates and new capabilities in this way as well, showing that if Emotet has infected your computer or network, it should be removed as quickly as possible.

Emotet doesn’t stop at the first computer infected though. Once it’s on a network, it will attempt to get to all computers it’s connected to through a brute-force attack. Unless strong passwords are enforced on machines and all known vulnerabilities are patched, a single installation of Emotet can cause every computer in the network to become infected. Emotet is often updated with new exploits as they are found, meaning that while it may not be successful at first, it will keep trying until it finds something that does work.

Code

We won’t go into too much depth on the actual code itself, but a brief step-by-step walkthrough can be useful to get a better understanding on how this malware works.

1. In the Word document there is a VBA script that is obfuscated so that you cannot read it at a glance. All this code does is launch a command shell, which then launches PowerShell, a more powerful version of the Windows command shell.

2. Using PowerShell, the script attempts to download the core Emotet payload from a large variety of distribution websites.

3. The randomly named payload will then reach out to the main server and request a command. The command will change based on the campaign that is running —it could go grab new malware or it could attempt to use your own email address as a way to spread itself.

Who is affected

Many people assume that they will not be targets of malware campaigns. Emotet, though, targets everyone equally: it has the simple goal of getting on every machine it can and then getting paid to let other, more targeted malware come in behind it. If your email address has ever been sold, disclosed in a breach, or was on a friend’s email list when they got infected, then it’s possible you will receive a malicious email from them.

Indicators of infection

The main location for the executable is in C:\Users\<name>\AppData\Local\ and then whatever new name Emotet decides to use. One we have seen often is archivessymbol, but this will change. If you see something in this folder you don’t know about, it’s important to run a scan.

Versions of Emotet can also drop files onto your computer in C:\Users\Public or C:\Users\<username>:

These files generally have 5-6 randomly generated numbers in the file name, followed by .exe. These are not actually executable files, but HTML documents that are used to generate revenue for the Blackhat’s by simulating clicks on web advertisements.

What you can do


If you or someone you know is infected with the Emotet malware, download SUPERAntiSpyware Professional right now and get a 14-day free trial, no credit card required.  SUPERAntiSpyware is easy to install and will detect and remove Emotet from any Windows computer.

If you are a Computer Technician, you may like to try our SUPERAntiSpyware Tech Edition solution, now free for the next 30 days. Use Tech01 as the Tech ID.  Click here: https://www.superantispyware.com/technician-download.html

Emotet has also been known to exploit a vulnerability in Windows called EternalBlue. Microsoft has issued a patch for this, and applying this patch can help protect you from Emotet as well as other malware who utilize this exploit.

HOW TO REMOVE EMOTET

  1. Restart the infected computer in safe mode without networking
  2. Search through the Indicators of infection and investigate any files/folders you do not recognize. You can run the file through SUPERAntiSpyware or online through VirusTotal.com to confirm that it is malware.
  3. Delete files and folders that have been confirmed as malware.
  4. Repeat steps 1-3 on all other machines in the network.
  5. Restore all infected computers to normal mode only after confirming the infection is removed.

Layerin’ Ain’t Just for Winter! Bolster Your Security With Layers of Protection

Virus infection

I thought Spyware and Viruses are the same thing?

A virus is malicious code that copies itself over and over in order to do damage to your computers data while Spyware is an umbrella term used to describe a variety of threats such as Trojans, Ransomware, Keyloggers, Cookies, Worms, etc that may do damage to your PC and/or privacy but do not have the intention of totally destroying your computers data and system unlike a virus.

So your telling me I need an Anti-Virus AND an Anti-Spyware?

Strictly speaking, SUPERAntiSpyware© is not designed to be Anti-Virus software. We target Spyware, a focus that allows us to respond quickly to the ever-growing groups of hostile software we address, with new definitions released multiple times a day, and concentrate on the technology that targets the most common threats in the wild. There are a lot of things that are often called viruses (many trojans, worms, and so on) that SUPERAntiSpyware© will remove, but it won’t remove true viruses such as boot-sector viruses.

Security With Layers of Protection

No one security tool can catch everything out there and protect you, which is why we recommend a layered approach. We recommend if you use an Anti-Virus, you supplement it with SUPERAntiSpyware© and if you only use SUPERAntiSpyware© alone, consider getting an Anti-Virus. SUPERAntiSpyware© has been designed to be compatible with popular Anti-Virus applications such as McAfee, Symantec(Norton), Kaspersky, Bitdefender, ESET NOD32, AVG, Avast, Panda, Avira, and so on.

 

What Are Cookies?

What Are Cookies and How do they work?

Cookies are files, typically text files which are stored on a user’s device. They are made to contain data specific to the user or website, and can be accessed either by a web server or the users device. Cookies cannot themselves harm your computer in any way. Cookie allow the web server to deliver a web page “suited” to the user, or the web page itself can contain a script which is reading the data in the cookie and so is able to carry information from one visit to the website to the next website.

Typically what this means is that cookies are used to remember logins and keep track of user settings on websites, this information might include the name of the site, particular products being viewed, pages visited, etc. Cookie can be used to track your movement on the Internet ONLY if a site is aware of the cookie and is designed to use the specific cookies. Because of their use in tracking online activity, many feel that this constitutes spyware. Most antispyware applications, including SUPERAntiSpyware, detect tracking cookie in one form or another.

Cookie are not blocked by SUPERAntiSpyware because they are required for most web functionality.  Cookie will come back every time you surf the web, and can be cleaned by running a Quick or Complete Scan.

Watch out for fake USPS delivery emails!

usps

Fake USPS Delivery Emails?

We at SUPERAntiSpyware have been alerted to scam emails hitting users claiming to be from the US Postal Service (USPS) that contains a link that will infect them with malware. One of the emails being used by this scam is notice@ussp(DOT)com

The subject line of the email will typically be titled “Delivery notification – Parcel delivery *NUMBER* failed” containing a message that the user please call the number on the shipping notice we left at your doorstep (which there will be none!) to arrange a new delivery, and a link which you can view the delivery notice online, on the USPS website.

This is a fake link to a malware infested website.

If you see a link in a suspicious email such as this do not click the links or open the attachments no matter how innocent they sound. If it claims to be from an official organization, call them and ask if the email is legit. Better safe than sorry!

“The HoeflerText Font Wasn’t Found” Google Chrome Malware Scam – What it is and how to avoid it!

HoeflerText Font Wasn’t Found ?

You are browsing the web and accidentally land on a website with nonsensical characters instead of letters and you receive a prompt to download a missing font in order to read the website. You are told in order to fix the error and display the text, you have to update the “Chrome Font Pack”. Whatever you do, please do not click that blue Update button!

HoeflerText
Fake Google Chrome Prompt asking you to install the malware

It is a scam designed to trick users into installing malware onto their systems. This malware is ranging from Ransomware, to Trojans, to various adware bundles.

How to avoid it

The fake dialogue box informing you that the “The HoeflerText Font Wasn’t Found” will claim you are using Chrome version 53 even if you are not using that version, which tells you something isn’t right and that the prompt you are seeing is fake.

Make sure you are using the latest version of Google Chrome which you can download by clicking here

Make sure you are also using the latest version of SUPERAntiSpyware with Real-Time Protection enabled, a feature only available for SUPERAntiSpyware Professional users.

Tax Season is here – Watch out for Identity Stealing Spyware!

Taxes The Season is Here !

Keep your personal information safe this tax season by doing a Free scan with SUPERAntiSpyware Free Edition

We want to remind everyone that tax season is the time of increased attacks in the forms of spyware, various methods of phishing , and scams. Spyware and Malware authors significantly increase their activity during the tax season in order to try to steal data and withdraw money from bank accounts, steal credit cards, passwords, and other malicious acts.

Watch out for Identity Stealing Spyware!

During this tax season its important to do a few things to help protect yourself online:

1) Make sure your Operating System and software applications such as web browsers and email clients are up to date.

2) Run a Complete Scan with SUPERAntiSpyware regularly with the latest updates, at least twice a week during this period of increased activity.

3) Be cautious before visiting strange websites, or opening strange email attachments. Think before you click!

4) Manually erase, or use privacy software, to delete sensitive data from you PC. Spyware cannot steal what isn’t there!

5) Lookout for spam phishing email impersonating government, bank, or tax company officials asking for sensitive information.

Do you have any security recommendations that help you stay safe during the tax season? Feel free to leave a comment below!

SUPERAntiSpyware Team