Waiting Before Updating: How Malware Is Being Disguised As Updates

Users of the screen-shot sharing application, Puush, were shocked when they discovered the application update they downloaded was actually malware. The developers of the app announced their system had been breached, and anyone who updated their Windows-based app to version r49 had been infected. Once installed, the malware was designed to grab passwords from the infected system.

It was users of the app who initially questioned the validity of the update on Twitter, when their anti-malware software was identifying the app as unsafe. Makers of the app quickly took down the update server and released a new, clean update.

Puush suggests infected users change any vital passwords stored on their device after downloading the clean update. For those who no longer wish to use the app, they also provided a program that cleans the system and removes the app. Mark Wilson "Fake Puush update steals passwords from Windows users," betanews.com(Mar. 30, 2015).

Commentary

Updating your software and smart phone applications is a vital part of your system security, but as the above article illustrates, it can also be risky. Oracle has had issues in the past with hackers disguising malware as a Java update, and recently, Apple announced that hundreds of its apps had been infected with malware.

Application developers are fast becoming a prime target for hackers, because not only are they constantly creating new apps, but they are also continually developing updates for existing apps.

In light of this new method of infection, it is advisable to hold off on updating software and applications until checking chat boards to see if any problems with the updates have been identified. Many smartphones are set by default to automatically update apps, so you may want to consider changing this setting for optimal security.

Always be wary of requests to update that seem to pop up without reason. Do not follow a link to the update, but instead go directly to the software maker's website to download the update. Take seriously any warning from your anti-virus software that indicates an unsafe download.

 Via:  Hartford Help