Google Gives Refund to Thousands of Buyers Who Bought Bogus Android AntiVirus App

Google Gives Refund to Thousands of Buyers Who Bought Bogus Android AntiVirus App

Sunday, June 29, 2014 / No Comments

About a week back we reported about a popular paid Antivirus application on the Google Play Store which was actually a scam, dubbed as ‘Virus Shield’.

This First paid fake app managed to become one of the most popular anti-virus app in less than a week, and apparently more than 10,000 Smartphones users purchased it in $3.99 from Google Play Store and hence scammed more than $40,000.

The Virus Shield Android App claimed to protect users’ personal information from harmful viruses, malware and spyware, but in actual app doesn't scan anything and was removed from the store once the fraud had been uncovered.

If you were one that had downloaded the Virus Shield Antivirus app, then don't worry, just check your email inbox, because Google cares about you and reaching out all those affected android users who purchased the app, in order to refund their money in full.

 REFUND WITH $5 BONUS CREDIT
According to Android Police, Google has decided to refund $3.99 back to users and apart from the full refund, to maintain its reputation among users, Google offering an extra $5 Google Play Store credit to each, which can be used to purchase digital content on Google Play store such as apps, games, books, music and movies.

“Google Play’s policies strictly prohibit false claims like these, and in light of this, we’re refunding you for your “Virus Shield” purchase. You should see funds returned to your account within the next 14 days. Additionally, we'd like to offer you $5 promotional credit1, which can be used to purchase digital content on Google Play such as apps, games, books, music and movies.” Google Play Support said.

The developer of Virus Shield app approached The Guardian newspaper to claims that the app without the virus protection was uploaded to the Play Store by mistake and he removed the app from the Play Store himself before his developer account was suspended.

"One of our developers simply made a foolish mistake. The app version that was decompiled by AndroidPolice was not intended to be released. It was an early placeholder that our ui designer created. There was a mix-up between the version that contained the antivirus code for our app." app developer Jesse Carter of Deviant Solutions said.

GOOGLE APOLOGY LETTER

Hello,

We're reaching out to you because you recently purchased the “Virus Shield” app on Google Play. This app made the false claim that it provided one-click virus protection; in reality, it did not.

Google Play’s policies strictly prohibit false claims like these, and in light of this, we’re refunding you for your “Virus Shield” purchase. You should see funds returned to your account within the next 14 days.

Additionally we'd like to offer you $5 promotional credit1, which can be used to purchase digital content on Google Play such as apps, games, books, music and movies.

Your credit redemption code is XXXXXXXXXXXXXXX. Click or tap here to redeem. For help redeeming, please visit our Help Center.

We're sorry for any inconvenience this may have caused; rest assured that we're always working to make Google Play better for our users.

Thank you,

Google Play Support

Google learned from their mistake and promised that such apps will never get top position, even if allowed to be listed in the Play Store.

If you ever suspect any malicious or Fake application at Google Play Store, then scroll down to bottom of the page, and then flag an app as inappropriate.

Google Play Store Update Allows Apps to Silently Gain Control of Your Device

Google Play Store Update Allows Apps to Silently Gain Control of Your Device

/ No Comments

 

Google just made a huge change to the way application permissions work on Android devices which has left a potential door open to malicious app developers and hackers.

Google narrows down Android's 145 permissions into 13 broad categories and groups app permissions into 'groups of related permissions', likely for Android users to have an easier time dealing with app permissions.

Unfortunately, the new update has introduced a few potential security and privacy issues, as listed below:

• hiding permissions behind the group names
• auto-updating app with no warning for new permissions

According to new update, once a user approves an app’s permissions, he actually approves the whole respective permission groups. For example, if an app want to read your incoming SMS messages, then it requires the “Read SMS messages” permission. But now installing an app, you are actually giving it access to all SMS-related permissions.

 

The app developer can then include additional permissions from ‘SMS-related permissions Group’, in a future update, which will not trigger any warning before installation.

Google explains, “If you have automatic updates enabled, you won't need to review or accept these permissions as long as they are included in a permissions group you already accepted for that app.”

If your Android apps update automatically, then malicious developers can gain access to new dangerous permissions without your knowledge by abusing this mechanism, though a smart user could manually view all permissions in a dropdown before installation, but one out of thousands does that.

For example, as you can see in the above screenshots - I am installing FIFA's android app from Google Play Store and before installation the app is asking for group permissions in left image and actual group permissions are expanded in the right-side image.

Similarly, if you install any app with group permissions to read contacts, later that app can secretly gain permission to add or even change calendar entries too.

Below I have listed some most abused Android app permissions that cyber criminals are exploiting for their personal gain:

• GPS Location and Network-based Location
• Read Phone State and Identity
• Automatically Start at Boot
• Modify/Delete SD Card Contents
• Read/Send SMS Messages
• Read/Modify Contacts

I strongly recommend users to disable automatic updates and verify app permissions manually every time an app wants to update.

 

Hackers lock iPhones remotely and demanding $100 to unlock it

Hackers lock iPhones remotely and demanding $100 to unlock it

/ No Comments

In recent hours, a number of users from Australia had a nightmare as cyber criminals locked their devices and demanding payment of a ransom.

The locked devices show the following message "Device Hacked by Oleg Pliss" and instructs victims to send $100 dollars to lock404@hotmail.com to unlock their devices.

The cyber attack came to light, after one user from Melbourne shared his experience in Apple support forum and asked help to fix the problem.  Following his post, several users have reported of being affected by this attack.

It appears hackers used stolen Apple IDs and passwords to access iCloud account that allowed them to lock victim's devices and display a message.

What you should do? Don't pay the Ransom !
Affected users are advised to contact Apple directly to regain access to their account.  

Once you have access to your account, change the password immediately and enable two step authentication feature for your account.

Dominos Pizza hacked, details of 650k customers stolen

Dominos Pizza hacked, details of 650k customers stolen

/ No Comments

Hackers who claimed to have compromised the database server of Domino's Pizza have demanded a ransom of €30,000 to prevent the public disclosure of customer's data.

The hacker group going by the name of Rex Mundi said they hacked into the servers of Domino's Pizza France and Belgium.

The hackers have managed to download more than 592,000 customer records from Dominos France and 58,000 records from Belgian website.

They claim the compromised database contained sensitive information such as customer's full names, addresses, phone numbers, delivery instructions, email IDs and passwords.

The group gave a deadline of 8PM CET for Dominos to pay them.

"If they do not do so, we will post the entirety of the data in our possession on the Internet." The group said.

Domino's France posted a series of tweets in which it acknowledged the hack and recommended users to change their passwords.

FIFA World Cup Security Team Accidentally Reveals their Wi-Fi Password

FIFA World Cup Security Team Accidentally Reveals their Wi-Fi Password

/ No Comments

This FIFA World Cup, the security has been really going well and yet no calamitous incident reported so far, other than the security company who is responsible to keep an eye on the event’s security, itself tweeted a photograph of their state-of-the-art monitoring centre that exposed the World Cup security centre's internal Wi-Fi password to the whole world.

 

 

Israel-based security firm RISCO is providing security management at the soccer stadium and very proud of their incredible work in securing this year’s World Cup, which includes monitoring and maintaining hundreds of CCTV security cameras all over the 41,000-seat Arena Pantanal football stadium in Cuiaba, Brazil.

 

 

The image was originally published by news outlet Correio Braziliense, that showed the Federal Police's head of international co-operation Luiz Cravo Dorea, standing in the mulch-million-dollar security center overseen by Israeli company RISCO and was watching Live video feeds from surveillance cameras.

The image was posted on Twitter and has been re-tweeted almost 3,000 times.

The World Cup security centre allows security personnel to view live feeds from various cameras around the World Cup stadiums. But, inadvertently it exposed Wi-Fi SSID and password in the background of the pic on the big screen that anyone can read with a squint of the eye. It reads :

Wifi Network: WORLDCUP
Password: b5a2112014

The password appears to be "brazil2014" in leet speak. I think it’s completely unguessable and the most secure one for this highly considered World Cup event. Haaa!

This accidentally leaked Wi-Fi Credentials from the Security Centre of the biggest game on the Earth could have given cybercriminals opportunity to carry out man-in-the-middle attacks to break into their network and compromise the systems.

But, definitely after media updates, they would have realized their mistake and updated the WiFi SSID and password for the football World Cup's security center secretly.