latest
Google’s Threat Analysis Group reminds us all why clicking suspicious links is a very bad idea
The group has two case studies to prove its point
To this day, phishing remains a favorite hacker technique to gain access to a victim’s device. Although best practices to identify and avoid phishing are common knowledge today, several government-backed bad actors leverage phishing tricks in combination with browser and OS vulnerabilities to steal valuable data. Google’s Threat Analysis Group (TAG) is a dedicated team tracking these bad actors, patching vulnerabilities in their wake. It has recently uncovered the full scope of two different attacks exploiting zero-day vulnerabilities.
Beware of dangerous spyware masquerading as VPN apps
Infected VPN apps can steal your data and spy on your chats
Malware on Android has been a recurring, almost omnipresent, problem despite Google’s best efforts to counter the spread. New research from cybersecurity firm ESET reveals that the infamous cyber-mercenary group Bahamut APT has found a new carrier for dangerous malware targeting Android phones — VPN apps.
Here's how you might get suckered into installing government spyware
Your mobile internet shuts off, you're told to install an app, and now you've got spyware
Governments will spy. The matter of how they do it is up to them. Enter the commercial spyware market where law enforcement agencies have shopped around looking to get around smartphone encryption and incriminate more suspects. People are right to be worried, though, if they expect that their government is looking to crush dissent by maintaining a regime of comprehensive surveillance. This week, research groups have seemed to pick up on a particularly insidious piece of spyware that's made its way across several countries and can even utilize a sanctioned ISP kill-switch that essentially forces you to install it.
Creepy-sounding Facestealer spyware found inside cartoon app with 100,000 Play Store downloads
It doesn't literally steal your face — but it's still bad
Kids and apps can be a dangerous combination, as any parent who's discovered a mountain of IAP charges on their account can attest to. And while new tools and safeguards are always becoming available, so too do threats constantly evolve. The innocent-sounding Craftsart Cartoon Photo Tools app was listed on the Play Store for all ages, and while it may have promised harmless fun, it turns out to have been hiding a Facebook credential-stealing Android trojan with a creeptastic name: Facestealer.
Software that covertly pulls info off your phone is a danger none of us want to face, and the fact that there are companies out there selling these tools to anyone who may want to spy on us is outright chilling. If that threat weren't bad enough already, it turns out that a number of these "stalkerware" apps are themselves woefully insecure, and end up leaving your data potentially exposed to even more prying eyes.
10 apps with millions of Play Store downloads found stealing Facebook login info
If you've downloaded one of the following, you might want to check your account
Google has a lot of moving parts behind the scenes, trying to keep malware off of the Play Store. But with seven figures of apps posting and updating constantly, even it doesn't have a perfect record. Such is the claim from a security researcher last week, which said they found ten apps with variations on a trojan horse program. The apps are fairly innocuous based on their title and description, but each is designed to scrape a user's phone for Facebook login credentials.
New spyware on Android pretends to be a system update for your phone
But you probably don't need to worry
Google's monthly patches help keep Android safe from malicious attacks (assuming your phone's manufacturer is willing to ship updates on time). So long as you're careful when downloading apps from outside the Play Store, keeping your device secure is pretty easy these days, even as new attackers try to distribute dangerous viruses. This week, mobile security researchers have discovered spyware that pretends to be a system update, only to take total control of the smartphone after being installed.
Google Chrome extensions found spying on users once again
Widespread campaign sees 70 malicious extensions downloaded 32 million times
Read update
According to a report by Reuters, researchers at Awake Security uncovered a new spyware campaign that threatened the security of Chrome users. Google removed the more than 70 offending extensions from the Chrome Web Store last month after being alerted to the malicious activity, but not before they were downloaded 32 million times by unsuspecting users.
If you've been using ToTok on any of your devices, you should consider uninstalling it immediately. The new messaging platform that was one of the most downloaded apps last week was swiftly removed from the Google Play Store (and Apple's App Store) before the end of Friday. The abrupt decision came after American officials declared the service was actually spyware backed by the United Arab Emirates government.
Like most Chinese manufacturers, Xiaomi's Android phones come with heavy UI customizations and many pre-installed apps featuring advertisements no one asked for — in fact, this release model is part of the reason why Xiaomi is routinely able to undercut its competition in price. However, the company might be too thirsty about collecting personal data to show individualized ads, as its Quick apps application has been blocked by Google Play Protect because of potential tracking issues.
WhatsApp is scrambling to determine the impact of a now-patched vulnerability in its iPhone and Android apps that allowed hackers to inject spyware into users' devices. The security hole is at the center of at least one known recent hacking attempt against a lawyer representing a group suing the surveillance software vendor that made the spyware.
Many of you are visiting family for the holidays, which means you're sharing meals, telling stories, and exchanging gifts. In fact, quite a few of you may be giving phones or tablets to family members this year. If you're a regular around here, you're probably also known as the resident gadget expert, an honor that is both a compliment and a curse — you know what I'm talking about. While you might be trying to avoid impromptu tech support work, we would like to encourage taking a few minutes to do something for the greater good: Clean the trash apps from your family members' devices.
Earlier this week Amazon took some of the low-budget manufacturer BLU's phones off the retailer's digital shelves, following allegations that BLU had included spyware in its products. It seems to have been a false alarm, though, as today BLU has announced in a tweet that Amazon is back to stocking its phones. Customers looking to pick up a cheap and capable phone can again purchase them at the US' biggest online merchant. [EMBED_TWITTER]https://twitter.com/BLU_Products/status/893596903048347650[/EMBED_TWITTER]Regardless of the original allegations, there's certainly more to the story, as BLU claims to have disabled the offending features in its phones. In a press release pushed out earlier this week, BLU argued that, after being notified by security firm Kryptowire of the data collection problem in 2016, the functionality was disabled from the offending Adups OTA application. Furthermore, it promises that all future BLU products will use Google's GOTA instead of Adups OTA.Amazon's knee-jerk reaction was likely a result of Kryptowire's announcement at the recent Black Hat security conference, in which the researchers alleged BLU only replaced the offending software with "nicer versions" that continued to infringe user privacy. At its worst, the data being collected included "Browser history, call log, text message metadata (phone number with timestamp), IMEI, IMSI, Wi-Fi MAC Address, list of installed applications, and the list of applications used with timestamps.” BLU's recent changes may have trimmed that list down a bit, though.It could be that the devices examined were running older versions of the Adups OTA software. But either way, Amazon seems to have determined that they'd like to continue selling the BLU phones again. Interested parties looking to pick up an inexpensive phone at Amazon can again scratch their budget-phone itch with BLU's products.Source: Twitter
Every once in a while, you might wake up and see everyone playing the same new smartphone game/app, much like in The Next Generation. Meitu is a bizarre Chinese photo app, that applies various filters and 'enhancements' to pictures of yourself and others. In just the past few hours, it has received massive coverage online. While the app is certainly fun to mess around with, several users have pointed out that the application is sending a massive amount of user details to external IP addresses.
Read update
Mobile security is a huge issue, but most consumers tend to think that at least a brand new phone is safe. That assumption may be in error, according to security research firm Kryptowire. In a new report Kryptowire documents the inclusion of software tools collectively called Adups, which allegedly shipped on phones like the Blu R1 HD and other devices sold internationally, including the US market via Amazon and Best Buy.
Have you seen Mr. Robot? The show is only three episodes in, but it's already shaping up to be a surprisingly awesome hacking drama. And I don't mean "hacking" in the CSI/NCIS/Scorpion "120WPM and 60 flashing windows" kind of hacking - the protagonist and his Anonymous-style compatriots use real methods and technology, mostly relying on a combination of known vulnerabilities, social engineering, and brute force attacks to play at being cyber-vigilantes. You should check it out - USA has the first three episodes available for free on its website.
Over the last week there have been a rash of reports that folder with labels mentioning the Chinese search engine Baidu have been appearing on phones. The most obvious and prominent examples have been Sony's new Xperia Z3 series of phones and others running KitKat. Many users (and media outlets) jumped to the conclusion that these files were evidence of spyware, perhaps bolstered by recent and more credible reports of digital spying and hacking linked to the Chinese government.
According to Google, less than one hundredth of a percent of apps out there are both malicious and capable of evading the built-in defenses in both Android and the Google Play Store. But if you really feel like you need a defense from that one-in-100,000 app, a trusted name in software protection has just entered the fray. Malwarebytes, makers of the popular eponymous Windows software, is now offering its services on Android.