Windows 1.0 Ships

Windows 1.0 AdNovember 20, 1985

Two years after initially being announced, Microsoft finally ships the first version of Windows. Originally slated to be shipped in April of 1984, the long delay caused skeptics to began to accuse Windows of being “vaporware”. Due to the relatively high demands of then-current PC technology, Windows 1.0 was generally considered too slow to be usable. It wasn’t until Windows 3 that the operating system began to generate significant sales.

Smart shopping season checklists: Mobile and desktop, content and SEO

Constantly changing consumer behaviors and the demand for more personalized, meaningful experiences have retailers facing huge challenges this year.

Competition in the SERPs is stiff, but winning the click is still no guarantee that the consumer is invested in your shopping experience.

More than half of retailers (source: Soasta.com) have a bounce rate greater than 40%, and just one second in increased page load time can have a 50% impact on your mobile bounce rate. Today’s consumer has zero patience for a poor online experience and will pull the trigger instantly if your brand can’t deliver.

The holidays provide plenty of opportunities to create more personalized content and provide smart content and intelligent experiences both in-store and online. How can you best get in position this holiday season to not only be found, but to engage and delight consumers all the way through, from search to checkout?

Below, I share some tips to help marketers in the coming weeks to get their SEO and content in shape for the holidays (and beyond).

Smart holiday shopping

The holiday shopping season provides a great opportunity for marketers to get smarter about the way they develop and promote content. As SEO and content marketing disciplines converge, the need for smart content has become mission critical. Smart content is discoverable, optimized from the point of creation, and ready to be activated across channels and devices, making it both profitable and measurable.

New research (disclosure – carried out by my company, BrightEdge) shows that ecommerce behavior changes dramatically on major shopping days Black Friday and Cyber Monday. On these days, conversion spikes. Interestingly, online conversion rates increase across desktop, tablet and mobile increase from Thanksgiving to Black Friday and into Cyber Monday. Going into the holiday season, it is good to know that:

  • On Black Friday and Cyber Monday, conversion is double what it normally is
  • Cyber Monday conversion is higher than Black Friday conversion by 10%
  • Desktop takes 67% of overall conversions during the holiday season, with desktop traffic converting at a significantly higher rate than mobile visits.

When it comes down to making that final decision, consumers still like to see what they’re buying, and all of the information surrounding it, on a larger screen.

It is important to note though that our data suggests an earlier holiday shopping season, too, and that consumers were making their big purchase on Thanksgiving and then using discounts to buy things they would have purchased already but with big discounts. Hence the higher conversion rates for Black Friday and Cyber Monday. Read the full report (ungated) for more findings from our research.

As you get ready for the holiday shopping season, make sure that you:

  • Create content that meets your customers’ needs at various points in their journey
  • Develop SMART content and engage audiences with plenty of content about upcoming deals and specials, holiday wish list must-haves and similar content published on your website or blog
  • Ensure that your mobile configuration is correct
  • Add images, icons, buttons and specific (seasonal offerings) calls-to-action as part of the experience
  • Set up your mobile analytics so it reports key metrics separately from desktop data
  • Maintain rank for your high value keywords by creating helpful, consultative evergreen content
  • Double-check your SEO strategy to make sure your content is optimized for organic discovery. Start with these 5 aspects of technical SEO you can’t neglect
  • Ensure that optimize desktop, mobile and tablet strategies and connect them along the buyers journey – from discover and engagement through to final purchase.

Maximize your organic presence throughout the holiday season

Schema markup helps you structure your on-page data in a way that it can be better understood by search engines. As we all know, Google’s #1 goal is to provide searchers the best answers to their needs. Schema helps you show Google all of the ways in which your site content is the best answer for relevant queries.

Schema can help you win extra visibility in the SERPs, too, with expanded results and extra features like Google’s Quick Answers box. It can help you add compelling content like ratings and other rich information that convince searchers to convert to site visitors. At the very least, check these off your list in your pre-holidays marketing prep:

  • Optimize key pages for Quick Answers and mark up accordingly
  • Mark up events you’re hosting in-store and online for inclusion in the Google Events SERP feature
  • Use structured data markup to define business attributes including your NAP (name, address, phone), business type, hours, latitude and longitude, and more
  • Make sure your product pages are marked up so reviews show in the SERPs. This is critical, as 61% of customers read online reviews before making a purchase decision, and 63% of shoppers are more likely to buy if there are product reviews (iPerceptions)
  • Put the most important ecommerce attributes to work for you. Add pricing and availability to your rich snippets, to help consumers make a decision quickly and avoid in-store or online store disappointment after the click
  • Check for common schema errors like typos or incorrect capitalization, and use Google’s Structured Data Testing Tool to make sure you’ve implemented your markup correctly.

Supplement your SEO strategy and deliver a relevant holiday shopping experience

Your PPC and SEO budgets shouldn’t be pitted against one another during holiday season, each fighting it out for their share of the pie. Organic search drives 51 percent of all visits to B2B and B2C websites, and it is important to use PPC to support your SEO efforts; to fill in the gaps in organic coverage and further your conversion opportunities for specific time sensitive promotions.

Ad extensions can give your ads greater functionality and more visibility, while targeting options like dayparting and device targeting reduce waste and get you in front of your ideal audiences when it matters most. And remember, when it comes to site visits, desktop dominates on Cyber Monday, mobile on Black Friday, and tablets on Thanksgiving Day.

These insights can help you tailor your ads and bids to the most receptive audiences on each major shopping day this season. How else can you improve your PPC game in time for the holidays?

  • Accelerate conversions and sales with targeted campaigns aligned with your content strategy or featured products
  • Focus your organic search efforts on aligning with consumer intent, and use PPC to tap into queries that indicate imminent purchase behavior
  • Take advantage of the second holiday shopping rush by advertising post-holiday sales over the holiday week, when many people are off work and traveling
  • Use social PPC (Facebook and Twitter Ads) to get your ads in front of super granular, targeted audiences in the moments that matter most
  • Make best use of each of the Bing Ads and Google AdWords features available to you, including targeting options and various ad formats that can help you stand out in the SERPs
  • Deliver an optimal experience after the click by following through on the promise of ads with a seamless shopping experience.

Optimize for experience to improve conversion

Your number one priority in conversion optimization this holiday season has to be mapping your content to the customer journey, then aligning this to the days that matter most for revenue. It’s not all about Black Friday vs. Cyber Monday; Thanksgiving Day might actually be your best day for revenue generation.

Run through this checklist in the holidays lead-up to turn more of your lookers into buyers:

  • Test and analyze your shopping cart and checkout experience via a mobile device
  • Use your category pages to guide users, who are often undecided about the exact product they’ll purchase, towards your product pages and ultimately, a decision
  • Address user uncertainty on-page by answering frequently asked questions where it actually matters: on category and product pages. Consumers won’t go digging for information on shipping, return policies, etc.
  • Provide social proof by way of embedded reviews on product pages. Consumers want to see what types of experiences others are having with your brand and products before they’ll commit to purchase
  • Examine conversion rates by page speed, and optimize for a more efficient shopping experience. Load only your best converting image on page load and use interaction triggers to add other items as needed.

The holiday shopping season provides great opportunities to create more personalized content and provide intelligent experiences both at the store and online.

To maximize performance, marketers need to focus on understanding and creating smart content and shopping experiences to attract, engage and convert customers at the right time and on the right device.

Related reading

Image of a person typing on a laptop with paper and pens by the side, and a variety of different analytics icons sketched above it, such as graphs, charts and a clipboard.

Mobile banking Trojan sneaks into Google Play targeting Wells Fargo, Chase and Citibank customers

Nikolaos Chrysaidos, 20 November 2017

Malicious mobile BankBot Trojan injected into everyday apps, taking advantage of unknowing users whose banking apps could be compromised


Co-authored with Niels Croese (SfyLabs) and Lukas Stefanko (ESET)

Recently, the mobile threat intelligence team at Avast collaborated with researchers at ESET and SfyLabs to examine a new version of BankBot, a piece of mobile banking malware that has snuck into Google Play on numerous occasions this year, targeting apps of large banks including WellsFargo, Chase, DiBa and Citibank and their users in the U.S., Australia, Germany, Netherlands, France, Poland, Spain, Portugal, Turkey, Greece, Russia, Dominican Republic, Singapore and Philippines.

The new version of BankBot has been hiding in apps that pose as supposedly trustworthy flashlight apps, tricking users into downloading them, in a first campaign. In a second campaign,  the solitaire games and a cleaner app have been dropping additional kinds of malware besides BankBot, called Mazar and Red Alert (Mazar was recently described by ESET and we won’t dive into the details here). However, instead of bringing light, joy and convenience into their users’ lives, the dark intention of these apps has been to spy on users, collect their bank login details and steal their money.

Google previously removed older versions of BankBot-carrying apps from the Play Store within days. However, several versions remained active until November 17th. This was long enough for the apps to infect thousands of users.

Google has scanning and vetting measures in place for all apps submitted to the Play Store to ensure no malicious programs enter. But in their latest campaigns, authors of mobile banking trojans have started to use special techniques to circumvent Google’s automated detections, commencing malicious activities two hours after the user gave device administrator rights to the app. Also, they published the apps under different developer names which is a common technique used to circumvent Google’s checks.

The malicious activities include the installation of a fake user interface that’s laid over the clean banking app when it’s opened by the user. As soon as the user’s bank details are entered they are collected by the criminal. In some countries, banks use transaction authentication numbers (TANs), a form of two-factor authentication required to conduct online transfers often used by European banks. The authors of BankBot intercept their victims’ text message that includes the mobile TAN, allowing them to carry out bank transfers on the user’s behalf.

This malware shows similarities with the kind Trend Micro blogged about in September.

BankBot – Technical description

We spotted the first sample of the new BankBot malware version in Google Play on October 13, 2017. It was hidden in the “Tornado FlashLight” (com.andrtorn.app) and later appeared in the “Lamp For DarkNess” and “Sea FlashLight” apps.

Bankbot-1.jpg

The sample runs undetected without altering the performance or functionality of the flash lights.

Bankbot-2.jpg

The flashlight apps including the BankBot malware
really did have flashlight functionalities

In late October and November, a smartphone cleaning app and multiple Solitaire gaming apps appeared with the malware embedded, for the aforementioned second campaign. 

Bankbot-3-4.jpg

Infected Solitaire gaming app from the second wave

As soon as these apps are downloaded, the malware activates. It checks what applications are installed on the infected device against a hard coded, pre-computed SHA1 list of 160 mobile apps. The package names are hashed, and therefore we’ve only been able to identify 132 of them. This list includes apps from Wells Fargo and Chase in the U.S., Credit Agricole in France, Santander in Spain, Commerzbank in Germany and many others from around the world. You can find a full list of targeted apps at the end of this post.

If the malware is able to identify one or more apps from the SHA1 list installed on the phone, it initiates a ‘service’ – an expression used for an Android application component that can perform long-running operations in the background. The service includes a dropper functionality that allows it to download another application from a webserver in order to install it on the device.

Bankbot-5.jpg

Comparison of the old and new BankBot version: The new variant first downloads/drops the payload from an external source

The malware communicates with its Command and Control (C&C) server through Google’s Firebase service in order to hide and use encrypted communication:

Bankbot-6.png

The malware also runs the same check when the device is booted. If it discovers one of the apps on the device, the service will launch.

Once launched, the service will try to trick the victim into giving the app admin rights by pretending to be a Play Store (or system) update using a similar icon and package name:

Bankbot-7.png

Dropped app imitating the Google design

Two hours after obtaining admin rights the malware will start downloading its payload, the BankBot APK (com.vdn.market.plugin.upd). We believe the cyber criminals use this two hour window to evade Google’s checks. This is the same for all dropper samples and each time the BankBot APK is downloaded from hxxp://138.201.166.31/kjsdf.tmp:

Bankbot-8.png

Once the payload is downloaded from the C&C server, the malware tries to install the APK using the standard Android installation mechanism for applications hosted outside the Google Play store. This requires the smartphone to be set up to accept installations from unknown sources. If this is not enabled, Android will display an error and the installation will terminate.

Bankbot-9.png

Otherwise, the user is asked to accept in order to continue the installation.

Unlike this newer version of BankBot, droppers from previous campaigns were far more sophisticated. They applied techniques such as performing clicks in the background via an Accessibility Service to enable the installation from unknown sources. Google blocked this service for all applications this fall, except those designed to provide services for the blind. Therefore, the new BankBot version cannot utilize this mechanism any more.

Bankbot-10-1.png

The name and icon of the package to install the malware tries to make the user think it is a Google Play update. Once the installation has finished, the new APK will also request device admin rights.

The dropped APK checks for different indicators on whether it’s running inside an emulator or directly on the device. These anti-sandbox checks can help the malware bypass or delay detections from different antivirus engines:

Bankbot-11.png

When the user opens one of the aforementioned banking apps, the dropped app is activated and creates an overlay on top of the genuine banking app. The Avast Threat Labs tested this mechanism with the app of the local Czech Airbank. In the video below, you can see how an overlay is created within milliseconds. When the user enters their bank details, they are sent to the cyber criminal.   


Text message stealing function

Many banks use two-factor-authentication methods to ensure a transaction is secure and initiated only by the bank’s customer. BankBot includes a functionality that allows it to steal text messages, so if the mobile transaction number (mTAN) is sent to the customer’s phone, the cyber criminals behind BankBot can access it and use it to transfer money to their own accounts.

The malware is not active in the Ukraine, Belarus and Russia. This is most likely to protect the cyber criminals from receiving unwanted attention from law enforcement authorities in these countries.

Bankbot-12.png

Interestingly enough, even though the dropper apps that appeared in early October have been removed from Google Play, they were not detected by Play Protect which allowed them to enter the Play store in the first place. The same applies for the malware that is dropped by the dropper.

Bankbot-13.png

 Infected Solitaire gaming app from the second waveFrom the second wave

How you can protect yourself from mobile banking Trojans:

We recommend users take the following steps to protect themselves from mobile banking Trojans:

  • Confirm that the app you are using is a verified banking app. If the interface looks unfamiliar or odd, double-check with the bank’s customer service team
  • Use two-factor authentication if your bank offers it as an option.
  • Only rely on trusted app stores, such as Google Play or Apple’s App Store. Even though the malware slipped into Google Play, its payload was downloaded from an external source. If you deactivate the option to download apps from other sources, you will be safe from this type of banking trojan activating on your phone
  • Before downloading a new app, check its user ratings. If other users are complaining about a bad user experience, it might be an app to avoid
  • Pay attention to the permissions an app requests. If a flashlight app requests access to your contacts, photos and media files, treat this as a red flag.
  • Often, malware will ask to become device administrator to get control over your device. Don’t give this permission to an app unless you know this really is necessary for an app to work.Use a security app like Avast Mobile Security or AVG Antivirus for Android that detects and protects you from BankBot

IOC 

(click here for all IOC tables shown below)

Samples in Play Store

First Campaign

Section1Chart1.jpg

Payload Downloaded

Section1Chart2.jpg

Second Campaign

Section2Chart1.jpgSection2Chart2.jpg

Payload Downloaded

Section3.jpg

Hosts

Section4Hosts.jpg

Control Panel

Section4ControlPanel.jpg

Targeted Apps

ar.nbad.emobile.android.mobilebank

at.bawag.mbanking

at.spardat.bcrmobile

at.spardat.netbanking

au.com.bankwest.mobile

au.com.cua.mb

au.com.ingdirect.android

au.com.nab.mobile

au.com.newcastlepermanent

au.com.suncorp.SuncorpBank

ch.raiffeisen.android

com.EurobankEFG

com.adcb.bank

com.adib.mbs

com.advantage.RaiffeisenBank

com.akbank.android.apps.akbank_direkt

com.anz.SingaporeDigitalBanking

com.bankaustria.android.olb

com.bankofqueensland.boq

com.barclays.ke.mobile.android.ui

com.bbva.bbvacontigo

com.bbva.netcash

com.bendigobank.mobile

com.bmo.mobile

com.caisseepargne.android.mobilebanking

com.cajamar.Cajamar

com.cbd.mobile

com.chase.sig.android

com.cibc.android.mobi

com.citibank.mobile.au

com.clairmail.fth

com.cm_prod.bad

com.comarch.mobile

com.comarch.mobile.banking.bnpparibas

com.commbank.netbank

com.csam.icici.bank.imobile

com.csg.cs.dnmb

com.db.mm.deutschebank

com.db.mm.norisbank

com.dib.app

com.finansbank.mobile.cepsube

com.finanteq.finance.ca

com.garanti.cepsubesi

com.getingroup.mobilebanking

com.htsu.hsbcpersonalbanking

com.imb.banking2

com.infonow.bofa

com.ing.diba.mbbr2

com.ing.mobile

com.isis_papyrus.raiffeisen_pay_eyewdg

com.konylabs.capitalone

com.mobileloft.alpha.droid

com.moneybookers.skrillpayments

com.moneybookers.skrillpayments.neteller

com.palatine.android.mobilebanking.prod

com.pozitron.iscep

com.rak

com.rsi

com.sbi.SBIFreedomPlus

com.scb.breezebanking.hk

com.snapwork.hdfc

com.starfinanz.smob.android.sfinanzstatus

com.suntrust.mobilebanking

com.targo_prod.bad

com.tmobtech.halkbank

com.ubs.swidKXJ.android

com.unicredit

com.unionbank.ecommerce.mobile.android

com.usaa.mobile.android.usaa

com.usbank.mobilebanking

com.vakifbank.mobile

com.vipera.ts.starter.FGB

com.vipera.ts.starter.MashreqAE

com.wf.wellsfargomobile

com.ykb.android

com.ziraat.ziraatmobil

cz.airbank.android

cz.csob.smartbanking

cz.sberbankcz

de.comdirect.android

de.commerzbanking.mobil

de.direkt1822.banking

de.dkb.portalapp

de.fiducia.smartphone.android.banking.vr

de.postbank.finanzassistent

de.sdvrz.ihb.mobile.app

enbd.mobilebanking

es.bancosantander.apps

es.cm.android

es.ibercaja.ibercajaapp

es.lacaixa.mobile.android.newwapicon

es.univia.unicajamovil

eu.eleader.mobilebanking.pekao

eu.eleader.mobilebanking.pekao.firm

eu.inmite.prj.kb.mobilbank

eu.unicreditgroup.hvbapptan

fr.banquepopulaire.cyberplus

fr.creditagricole.androidapp

fr.laposte.lapostemobile

fr.lcl.android.customerarea

gr.winbank.mobile

hr.asseco.android.jimba.mUCI.ro

in.co.bankofbaroda.mpassbook

may.maybank.android

mbanking.NBG

mobi.societegenerale.mobile.lappli

mobile.santander.de

net.bnpparibas.mescomptes

net.inverline.bancosabadell.officelocator.android

nz.co.anz.android.mobilebanking

nz.co.asb.asbmobile

nz.co.bnz.droidbanking

nz.co.kiwibank.mobile

nz.co.westpac

org.banksa.bank

org.bom.bank

org.stgeorge.bank

org.westpac.bank

pl.bzwbk.bzwbk24

pl.bzwbk.ibiznes24

pl.ipko.mobile

pl.mbank

pt.bancobpi.mobile.fiabilizacao

pt.cgd.caixadirecta

pt.novobanco.nbapp

ro.btrl.mobile

src.com.idbi

wit.android.bcpBankingApp.activoBank

wit.android.bcpBankingApp.millennium

wit.android.bcpBankingApp.millenniumPL

www.ingdirect.nativeframe 

1 2 3 4 5 6
           
           
%d bloggers like this: