Hi guys,

When you thought it could not get crazier out there in the world of computer and internet security, a major new and terrifying threat is emerging. There are now malware gangs operating who use very simple and old-school malware to take control of a victim’s computer and then plant incriminating evidence to get the victim arrested. 

We have seen malware that can take complete control of your device, access your most personal data, empty your bank account, and even sign you up for primary rate services. We have seen ransomware that can remotely lock your data until you pay, but we have never seen malware that could end you up in jail or severe trouble with the law.

One of the most active malware gangs in this space is called ModifiedElephant. According to SentinelOne, which has given the gang this name, they have documented the group’s techniques since 2012 in a report that they published on Wednesday.

“The objective of ModifiedElephant is long-term surveillance that at times concludes with the delivery of ‘evidence’ – files that incriminate the target in specific crimes – prior to conveniently coordinated arrests,” said Tom Hegel, a threat researcher at SentinelOne, in a blog POST.

Here are two examples of high profile evidence planting attacks in 2021:

* A malware gang operating in Turkey, called EGoManiac, planted incriminating evidence on journalists’ devices, which led to many arrests. You can read more about it HERE

* Last year, fake evidence was planted by ModifiedElephant on the computer of activist Rona Wilson. The evidence included a purported assassination plot against Indian Prime Minister Narendra Modi. You can read more on this story at Amnesty International HERE

Currently, the attacks appear to be focused on activists, journalists, and politicians, but you can see how easy it could be to target everyday people going about their lives. 

How to protect yourself:

It is tough to protect yourself from this type of attack because the attackers can use many different types of malware to plant the evidence. All they need is malware or a RAT (Remote Access Trojan) that can do a file transfer, and these are very common and easy to find on underground forums. 

Our development team is currently working on a straightforward method to protect you from these types of attacks. Without too much detail, we will monitor your devices, keeping an eye on all new files created or transferred to your device. Each time a new file is created or saved, Incognito will ask you to approve it :-). If you did not create or save the file, it will be incinerated and scrubbed from your device using military-grade standards for file deletion, keeping you fully protected. We will also expand our offering to Windows and Mac, doing the same thing.

In the meantime, here are a few things that you can do to add extra layers of protection:

* Keep Incognito up to date.

* Make sure that your operating system and installed applications are up to date. Also, turn on Automatic updates where possible. 

* Keep your other security tools up to date on all of your devices and make sure you run an excellent anti-virus tool. If you don’t already have one, I suggest you use Avast. 

* Install an application called Little Snitch that will allow you to approve or deny every incoming and outgoing request on your device. It will be a pain at the start as there will be many connections for you to approve, but as time goes on, it will only alert you every time a new connection is attempted, which could be the malware or the RAT trying to get in or out. You can get Little Snitch HERE (https://www.obdev.at/products/littlesnitch/index.html).

* Use a good VPN such as ProtonVPN – https://protonvpn.com/

* Never download or install applications from sources you do not trust 100%. Installing an application is like inviting a stranger into your home when you are not there. Do your homework. 

* Avoid going to dodgy websites to avoid the risk of a drive-by website attack where malware download is attempted just by visiting the website. Stick to a website that you can trust. You can use Incognito Website Checker, and we will be able to tell you instantly if the website is safe or not.

* Do not open emails unless you trust the sender, and even if you do, be extra careful opening attachments or clicking on links. 

* If you open a Microsoft Office document such as word or excel, never allow Macros to be enabled. Exploiting Macros to deliver malware is still a popular attack method.

* Never connect to public or free Wifi. These places are usually loaded with malware, and as soon as you connect, you can get infected.

Note: We do not have any deals with the guys at Avast, Little Snitch, or ProtonVPN. If you buy their tools, we do not benefit in any way.

Please let me know if you need any assistance with this or anything else.

Have a great rest of your day, and talk soon.

Max Roberts

Incognito Privacy Care Team