Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Android devices. Show all posts
Unauthorized access
Android devices Data Breach Google Phishing Attacks UK Police Unauthorized access

Android Users Beware: Glitch in 999 Call Feature Raises Concerns

 

Users of Android phones have been alerted by the UK police about a potentially hazardous bug in the 999 emergency call feature. Authorities are worried that some Android devices could unintentionally mute emergency calls, endangering lives. Law enforcement organizations and technological businesses are both taking immediate measures to solve the issue.

According to reports, the glitch occurs when users accidentally press the power button on their Android devices multiple times while attempting to call emergency services. This action activates the phone's silent or vibrate mode, preventing the user from alerting emergency responders effectively. It is crucial to note that in emergency situations, every second counts, and any delay or impediment in making a distress call can have dire consequences.

The UK police have reached out to Google, the company behind the Android operating system, to address this critical issue. Authorities have requested that Google investigate the glitch and implement necessary measures to prevent accidental activation of the silent mode during emergency calls. The timely response and cooperation from Google are vital to rectifying this flaw and ensuring the safety of Android users.

Law enforcement agencies are urging Android phone owners to be cautious while dialing emergency services. It is recommended to double-check the phone's volume settings before making a call to 999. Additionally, users should avoid repeatedly pressing the power button, as this action may trigger the silent mode inadvertently.

The glitch has raised concerns among emergency service providers, who rely on quick and accurate information to respond effectively to emergencies. Any delay or disruption in receiving distress calls can significantly impact the response time and potentially jeopardize lives. It is therefore imperative for both technology companies and smartphone users to remain vigilant and prioritize the reliability and functionality of emergency services.

In response to these concerns, Google has acknowledged the issue and assured the public that they are actively investigating the matter. The company is working to identify the root cause of the glitch and develop a solution to mitigate its impact. Users are advised to install software updates promptly, as these updates often include bug fixes and security patches that address such issues.

While the glitch affects a specific group of Android users, it serves as a reminder of the importance of thorough testing and quality assurance in technology development. Issues like this highlight the need for continuous monitoring and improvement to ensure the safety and reliability of devices and services.
Read more »
Eavesdropping Scam
Android devices Caller Identity Cyber Attacks EarSpy Attack Eavesdropping Scam

EarSpy Attack: Motion Data Sensors Used to Pry on Android Devices


A team of researchers has created an eavesdropping attack for Android devices that, to varying degrees, can identify the gender and identity of the caller and even decipher private speech. 

EarSpy Attack 

The side-channel attack, EarSpy, opens up new possibilities of eavesdropping via motion sensor data readings produced by reverberations from ear speakers in mobile devices. The attack was initially established in smartphone loudspeakers, since ear speakers were comparatively weak, to produce adequate vibrations for eavesdropping. 

However, today's smartphones include stereo speakers that are more potent, providing far higher sound quality and stronger vibrations. 

The Experiment 

EarSpy is an experiment conducted by a team of researchers from universities like Rutgers University, Texas A&M University, Temple University, New Jersey Institute of Technology, and the University of Dayton. 

  • The researchers utilized the OnePlus 7T and OnePlus 9 devices along with varying sets of pre-recorded audio that was exclusive via the ear speakers of the two devices.  
  • During a simulated call, a third-party app named Physics Toolbox Sensor Suite was used in order to capture accelerometer data. 
  • They then analyzed the audio stream using MATLAB to extract characteristics. 

The research team discovered that caller gender identification on OnePlus 7T device ranged between 77.7% and 98.75%, speech recognition between 51.85% and 56.4%, and caller ID classification between 63.0% and 91.2%. 

This demonstrated the existence of speech feature differentiation in the accelerometer data that attackers can use for eavesdropping. The gender of the user could be ascertained by attackers utilizing a lower sampling rate, as demonstrated by EarSpy's focus on gender recognition using data gathered at 20 Hz. 

How to Prevent Eavesdropping? 

To prevent eavesdropping using sensor data, researchers suggested limiting permissions so that third-party programmes cannot capture sensor data without the user's permission. To avoid unintentional data breaches, Android 13 prohibits the collecting of sensor data at 200 Hz, without the user's consent. 

Mobile device manufacturers shall remain cautious while designing more potent speakers and instead concentrate on keeping a similar sound pressure during audio conversations as was maintained by old-generation phones' ear speakers. 

Moreover, it is recommended to position motion sensors as far from the ear speaker as possible, to minimize the phone speaker’s vibrations and alleviate the likelihood of spying.

Read more »
Spyware
Android devices Command and Control(C2) Data Breach f Italy Lookout Pegasus SMS Attack Spyware

'Hermit' Spyware Deployed in Syria, Kazakhstan, and Italy



Lookout Inc. discovered an enterprise-grade Android surveillanceware being used by the authorities operating within Kazakhstan's borders. Lookout researchers identified evidence of the spyware, called "Hermit," being used in Italy and northern Syria. 

Researchers got a sample of "Hermit" in April 2022, four months after a series of violently suppressed nationwide rallies against government policies. The Hermit spyware was most likely built by RCS Lab S.p.A, an Italian surveillance firm, and Tykelab Srl. 

The Hermit spyware was most likely produced by Italian surveillance vendor RCS Lab S.p.A and Tykelab Srl, a telecommunications solutions company accused of acting as a front company, according to Lookout. 

In the same market as Pegasus creator NSO Group Technologies and Gamma Group, which invented FinFisher, is a well-known developer with previous interactions with governments such as Syria. This appears to be the first time that a modern RCS Lab mobile spyware client has been publicly disclosed. 

The spyware is said to be spread by SMS messages that spoof users into installing what appear to be harmless apps from Samsung, Vivo, and Oppo, which, when launched, load a website from the impersonated company while silently initiating the kill chain. 

Spyware has been seen to infect Android smartphones in the past. The threat actor APT-C-23 (aka Arid Viper) was linked to a series of attacks targeting Middle Eastern users with new FrozenCell versions in November 2021. Last month, Google's Threat Analysis Group (TAG) revealed that government-backed actors in Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, and Indonesia are purchasing Android zero-day exploits for covert surveillance efforts. 

As per Lookout, the samples studied used a Kazakh language website as a decoy, and the main Command-and-control (C2) server used by this app was a proxy, with the true C2 being located on an IP from Kazakhstan. "They call themselves 'lawful intercept' organizations since they claim to only sell to customers with legitimate surveillance purposes, such as intelligence and law enforcement agencies. Under the pretext of national security, similar technologies have been used to phish on corporate executives, human rights activists, journalists, academics, and government officials "as per the researchers. 

The revelations came as the Israel-based NSO Group is rumored to be in talks to sell its Pegasus technology to US defense contractor L3Harris, which makes StingRay cellular phone trackers, raising concerns it could allow law enforcement to deploy the controversial hacking tool.
Read more »
WiFi
Android devices Bluetooth Bugs Fingerprints Flaws Research Vulnerabilities and Exploits WiFi

Hardware Bugs Provide Bluetooth Chipsets Unique Traceable Fingerprints

 

A recent study from the University of California, San Diego, has proven for the first time that Bluetooth signals may be fingerprinted to track devices (and therefore, individuals). At its root, the identification is based on flaws in the Bluetooth chipset hardware established during the manufacturing process, leading to a "unique physical-layer fingerprint."

The researchers said in a new paper titled "Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices, "To perform a physical-layer fingerprinting attack, the attacker must be equipped with a Software Defined Radio sniffer: a radio receiver capable of recording raw IQ radio signals." 

The assault is made feasible by the pervasiveness of Bluetooth Low Energy (BLE) beacons, which are constantly delivered by current smartphones to allow critical tasks such as contact tracking during public health situations. 

The hardware flaws come from the fact that both Wi-Fi and BLE components are frequently incorporated into a specialised "combo chip," effectively subjecting Bluetooth to the same set of metrics that may be utilized to uniquely fingerprint Wi-Fi devices: carrier frequency offset and IQ imbalance. 

Fingerprinting and monitoring a device, therefore, includes calculating the Mahalanobis distance for each packet to ascertain how similar the characteristics of the new packet are to its previously registered hardware defect fingerprint. 

"Also, since BLE devices have temporarily stable identifiers in their packets [i.e., MAC address], we can identify a device based on the average over multiple packets, increasing identification accuracy," the researchers stated. 

However, carrying out such an attack in an adversarial situation has numerous obstacles, the most significant of which is that the ability to uniquely identify a device is dependent on the BLE chipset employed as well as the chipsets of other devices in close physical distance to the target. Other key aspects that may influence the readings include device temperature, variations in BLE transmit power between iPhone and Android devices, and the quality of the sniffer radio utilised by the malicious actor to carry out the fingerprinting assaults. 

The researchers concluded, "By evaluating the practicality of this attack in the field, particularly in busy settings such as coffee shops, we found that certain devices have unique fingerprints, and therefore are particularly vulnerable to tracking attacks, others have common fingerprints, they will often be misidentified. BLE does present a location tracking threat for mobile devices. However, an attacker's ability to track a particular target is essentially a matter of luck."
Read more »
Infected Devices
Android Android devices Botnet Cyber Attacks DDOS Attack Infected Devices

Turkish National Charged for DDoS Attack on U.S. Company

 

Authorities in the United States charged a Turkish national for launching distributed denial-of-service (DDoS) assaults against a Chicago-based multinational hospitality company using a now-defunct malware botnet. 

Izzet Mert Ozek, 32, is accused of launching attacks against the Chicago multinational in August 2017 using WireX, a botnet developed using Android malware. 

According to authorities, Ozek's attacks caused infected Android devices to transmit massive volumes of online traffic to the company's public website and online booking service, leading servers to crash. As per the news release from the US Department of Justice, the charges were announced on September 29 in the Northern District of Illinois. 

The press release stated, “In August 2017, IZZET MERT OZEK used the WireX botnet, which consisted of compromised Google Android devices, to direct large amounts of network traffic to the hospitality company’s website, preventing legitimate users from completing hotel bookings, according to an indictment returned Tuesday in U.S. District Court in Chicago. The hospitality company, which managed luxury hotels and resorts, was headquartered in Chicago and the servers for its website were located in northern Illinois.” 

“The indictment charges Ozek, 32, with one count of intentionally causing damage to a protected computer. Ozek is believed to be residing in Turkey, and a warrant for his arrest will be issued.” 

The official statement and indictment do not specify whether Ozek developed the WireX botnet himself or bought it from a third party. The botnet, which was created just a month before in July 2017, soon grew to gigantic size of more than 120,000 bots after its creator attacked Android smartphones with fraudulent Android apps. 

Months after the disastrous Mirai malware attacks at the end of 2016, the cyber-security industry responded quickly to eliminate the emerging danger while it was still in its early phases. 

A coalition of security firms, including Akamai, Cloudflare, Flashpoint, Google, Dyn, RiskIQ, and Team Cymr, launched an investigation weeks after the attack on the Chicago multinational company to track WireX’s bots and backend infrastructure and then seize and take down its command and control systems.
Read more »
Third Party Apps
Android devices Google Play Malicious Campaign malware Third Party Apps

GriftHorse Malware has Infected More than 10 Million Android Devices

 

A new malware named GriftHorse is said to have infected over 10 million Android cell phones. According to the research at mobile security firm Zimperium, the threat group has been executing the campaign since November 2020. The GriftHorse malware was propagated through both Google Play and third-party application stores, according to the research group, and it stole "hundreds of millions of Euros" from victims. 

GriftHorse will produce a significant number of notifications and popups when a user downloads any of the malicious programmes, luring consumers in with exceptional discounts or prizes. People who click these are taken to a web page where they must authenticate their phone number in order to gain access to the promotion. 

In actuality, GriftHorse's victims are paying for premium SMS services that cost more than $35 per month. GriftHorse operators are thought to have made anywhere from $1.5 million to $4 million per month with this fraud, and their initial victims are thought to have lost more than $230 if they didn't stop the scam. 

GriftHorse malware has been tracked by Zimperium researchers Aazim Yaswant and Nipun Gupta for months, and they describe it as "one of the most widespread campaigns the zLabs threat research team has encountered in 2021." But, according to the two Zimperium researchers, the GriftHorse developers put a lot of effort into the quality of their malware, using a wide range of websites, malicious apps, and developer personas to infect victims and evade detection as much as possible.

“The level of sophistication, use of novel techniques, and determination displayed by the threat actors allowed them to stay undetected for several months,” Yaswant and Gupta explained. “In addition to a large number of applications, the distribution of the applications was extremely well-planned, spreading their apps across multiple, varied categories, widening the range of potential victims.” 

Handy Translator Pro, Heart Rate and Pulse Tracker, Geospot: GPS Location Tracker, iCare – Find Location, and My Chat Translator are among the popular apps infested with GriftHorse malware. Users in India are also affected, according to the firm. Zimperium, a member of the App Defense Alliance, claimed it alerted Google about all GriftHorse-infected apps, which have since been withdrawn from the Play Store. These apps may, however, still be available in third-party app stores.
Read more »
malware
Android devices Google Play Store Joker malware malware

Joker Virus is Back, Targeting Android Devices

 

The notorious Joker has made a comeback, according to Belgian police, who cautioned about the Joker Virus that only targets Android smartphones and lurks in numerous apps available on the Google marketplace known as Play Store. 

The Joker malware is among the most tenacious and annoying viruses for Android, and it is even capable of infecting people through the use of the Google Play Store since it is disguised within defenseless apps. This Joker software can completely deplete victims' bank account of all funds. The 'Joker' Trojan infection is part of the Bread malware family, whose primary goal is to hijack cell phone bills and allow activities without the user's knowledge. 

As per experts at cybersecurity firm Quick Heal Security Lab, the Joker virus could access user smartphone's text messages, contact information, and a variety of other data, enabling it to enroll in websites providing premium services. Due to this users face the danger of receiving a large bill from their bank or credit card at the end of the month. 

"This malicious program has been detected in eight Play Store applications that Google has suppressed," stated the Belgian authorities in a statement published on Friday 20th August on their website. 

The 'Joker' malware made headlines in 2017 for attacking and stealing data from its victims while masquerading in several applications. Since that day, Google Play Store defense systems have deleted approximately 1,700 apps containing the 'Joker' malware before they could be installed by users. The 'Joker' virus was discovered in 24 Android applications in September 2020, with over 500 thousand downloads before even being deactivated. It is suspected that more than 30 countries were impacted at the time, along with the United States, Brazil, and Spain. Hackers might take up to $7 (approximately 140 Mexican pesos) per subscription weekly via illicit memberships, an amount that has most certainly escalated in recent months. 

According to La Razón, the cybersecurity firm Zscaler has publicly revealed the names of 16 other apps that, according to its investigation, also include this dangerous code: Private SMS, Hummingbird PDF Converter - Photo to PDF, Style Photo Collage, Talent Photo Editor - Blur focus, Paper Doc Scanner, All Good PDF Scanner, Care Message, Part Message, Blue Scanner, Direct Messenger, One Sentence Translator - Multifunctional Translator, Mint Leaf Message-Your Private Message, Unique Keyboard - Fancy Fonts & Free Emoticons, Tangram App Lock, Desire Translate and Meticulous Scanner. 

Initially, apps infected with 'Joker' or another Malware from any of this family committed SMS fraud but soon began to target electronic payments. These two strategies make use of telephone operators' interaction with suppliers to permit service payment via the mobile bill. Both necessitate device authentication but not human verification, allowing them to automate transactions without requiring any user participation. 

In addition, it is typical for all those impacted by 'Joker' to be unaware of the theft unless they thoroughly study their bank statements. It's because the bank does not detect an evidently 'regular' membership and, in general, the charges are so little that they are not noticed as odd movements, therefore the account holder does not even send a traffic notification. 

Furthermore, the malicious applications that the Google Play Store removed upon discovering that they carried the 'Joker' virus are as follows: Auxiliary Message, Element Scanner, Fast Magic SMS, Free Cam Scanner, Go Messages, Super Message, Super SMS, and Travel Wallpapers.
Read more »
Trojan
Android devices APKPure Kaspersky malware Trojan

APKPure Compromised to Deliver Malware

 

APKPure, one of the biggest alternative application stores outside of the Google Play Store, was tainted with malware this week, permitting threat actors to disseminate Trojans to Android gadgets. In an incident that is like that of German telecommunications equipment manufacturer Gigaset, the APKPure customer variant 3.17.18 is said to have been altered trying to trick unsuspecting clients into downloading and installing noxious applications linked to the malevolent code incorporated into the APKpure application. The development was reported by researchers from Doctor Web and Kaspersky. 

“Doctor Web specialists have discovered a malicious functionality in APKPure—an official client application of popular third-party Android app store. The trojan built into it downloads and installs various apps, including other malware, without users’ permission.” reads a post published by Doctor Web. "This trojan belongs to the dangerous Android.Triada malware family capable of downloading, installing, and uninstalling software without users' permission," Doctor Web researchers added.

Triada was designed with the particular purpose to carry out financial frauds, typically hijacking financial SMS transactions. The most intriguing trait of the Triada Trojan is its modular architecture, which gives it theoretically a wide range of abilities. 

As per Kaspersky, the APKPure rendition 3.17.18 was altered to incorporate an advertisement SDK that goes about as a Trojan dropper intended to convey other malware to a victim's gadget. "This component can do several things: show ads on the lock screen; open browser tabs; collect information about the device; and, most unpleasant of all, download other malware," Kaspersky's Igor Golovin said. In light of the discoveries, APKPure has released another rendition of the application (form 3.17.19) on April 9 that eliminates the malevolent part. "Fixed a potential security problem, making APKPure safer to use," the developers behind the app distribution platform said in the release notes.

“If the user has a relatively recent version of the operating system, meaning Android 8 or higher, which doesn’t hand out root permissions willy-nilly, then it loads additional modules for the Triada Trojan. These modules, among other things, can buy premium subscriptions and download other malware. If the device is older, running Android 6 or 7, and without security updates installed (or in some cases not even released by the vendor), and thus more easily rootable, it could be the xHelper Trojan.” states Kaspersky.
Read more »
Windows
Android devices Cyber Attacks Google iOS Windows

Hackers used 11 Zero-Days to Attack Windows, iOS, Android Users

 

Malware trackers at Google keep on pointing out a complex APT group that burned through at least 11 zero-days exploits in less than a year to conduct mass spying across a range of platforms and gadgets. The group has effectively utilized "watering hole" assaults to divert explicit targets to a couple of exploit servers conveying malware on Windows, iOS, and Android gadgets. 

The cross-platform capacities and the readiness to utilize almost a dozen zero-days in under a year signals a well-resourced threat actor with the ability to access hacking tools and exploits from related groups. In another blog post, Google Project Zero researcher Maddie Stone released additional details on the exploit chains found in the wild last October and cautioned that the most recent disclosure is attached to a February 2020 campaign that incorporated the utilization of multiple zero-days. As per Stone, the threat actor from the February 2020 campaign went dark for a couple of months but returned in October with dozens of websites redirecting to an exploit server. 

“Once our analysis began, we discovered links to a second exploit server on the same website. After initial fingerprinting (appearing to be based on the origin of the IP address and the user-agent), an iframe was injected into the website pointing to one of the two exploit servers. In our testing, both of the exploit servers existed on all of the discovered domains,” Stone explained. 

The first exploit server at first reacted distinctly to Apple iOS and Microsoft Windows user-agents and was active for at least a week after Google's researchers began recovering the hacking devices. This server included exploits for a distant code execution bug in the Google Chrome rendering engine and a v8 zero-day after the underlying bug was fixed. Stone said the first server momentarily reacted to Android user-agents, proposing exploits existed for every one of the significant platforms.

Stone noticed that the assailants utilized a special obfuscation and anti-analysis check on iOS gadgets where those exploits were encrypted with ephemeral keys, “meaning that the exploits couldn't be recovered from the packet dump alone, instead of requiring an active MITM on our side to rewrite the exploit on-the-fly.”
Read more »
User Security
Android devices data security Privacy User Data User Security

Here's how to Ensure Data Security Using FShred App


Users are well aware of the fact that while deleting photos, videos, files, or any other form of data on their Android, it doesn't get deleted in an irrecoverable manner and can be recovered in a number of ways using recovery tools. Although regaining access to a deleted file might be rewarding in many scenarios, the rest of the time users would prefer a once and for all deletion of the same to ensure data safety.

In the sphere of Data security, continually rising unwanted activities of unauthorized users call for the creation of something that can protect users against data breaches and cyberattacks destroying their sensitive data. Users need their data to be erased in a manner that no recovery tool can undo it.

How can it be done?

When users have no intention to retrieve their deleted data by any means, data eraser apps come into play. These apps help users delete their sensitive data in ways that make it irrevocable from their Android devices. It proves to be of significant service when users plan to sell their smartphone or just share it with someone as it could mean a serious threat to their important data.

FShred is a user-friendly app that makes use of data sanitization methods that overwrite data on both, internal and external storage of Android phone to permanently delete the deleted files from the internal storage, it does so by overwriting all available space with random data. What does that mean? It's a process that replaces all the deleted files (Photos, videos, etc) with purposeless bytes sent by a random generator; by overwriting the occupied space, it effectively ensures the deletion of that data beyond recovery.

Developed by Emile Gee, FShred is one amazing tool that would allow you easily wipe all your sensitive data using advanced shredder algorithms, it shreds your data and recovers valuable storage space on your Android device.

The app has undergone various tests with file recovery tools such as GT File Recovery and none of the applications were successful in recovering the deleted data. Additionally, the app contains no in-app purchases or advertisements and is completely free and handy for users.
Read more »
Smartphone Hacks
Android Android devices Android Hacks Phone hacking Smartphone Smartphone Hacks

Android phones vulnerable to Qualcomm bugs

Security researchers from Tencent’s Blade Team are warning Android smartphone and tablet users of flaws in Qualcomm chipsets, called QualPwn. The bugs collectively allow hackers to compromise Android devices remotely simply by sending malicious packets over-the-air – no user interaction required.

Three bugs make up QualPwn (CVE-2019-10539, CVE-2019-10540 and CVE-2019-10538). The prerequisite for the attack is that both the attacker and targeted Android device must be active on the same shared Wi-Fi network.

“One of the vulnerabilities allows attackers to compromise the WLAN and modem, over-the-air. The other allows attackers to compromise the Android kernel from the WLAN chip. The full exploit chain allows attackers to compromise the Android kernel over-the-air in some circumstances,” wrote researchers.

All three vulnerabilities have been reported to Qualcomm and Google’s Android security team and patches are available for handsets. “We have not found this vulnerability to have a public full exploit code,” according to a brief public disclosure of the flaws by the Tencent Blade Team.

Researchers said their focus was on Google Pixel2 and Pixel3 handsets and that its tests indicated that unpatched phones running on Qualcomm Snapdragon 835 and Snapdragon 845 chips may be vulnerable.

A Qualcomm spokesperson told Threatpost in a statement: “Providing technologies that support robust security and privacy is a priority for Qualcomm. We commend the security researchers from Tencent for using industry-standard coordinated disclosure practices through our Vulnerability Rewards Program. Qualcomm Technologies has already issued fixes to OEMs, and we encourage end users to update their devices as patches become available from OEMs.”

The first critical bug (CVE-2019-10539) is identified by researchers as a “buffer copy without checking size of input in WLAN.” Qualcomm describes it as a “possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length.”
Read more »
Google
Android Android devices Backdoors Banking Trojans Forbes Google

Many Android devices had pre-installed backdoor: Google

Earlier this year, Forbes reported how a banking Trojan called Triada had been found on a bunch of brand new budget Android smartphones. Google has now confirmed that threat actors did, indeed, manage to compromise Android smartphones with the installation of a backdoor as part of a supply chain attack.

Two years later, on Thursday, Google has now admitted that criminals in 2017 indeed managed to get an advanced backdoor preinstalled on Android devices, even before these left the factories of manufacturers.

The list of affected devices includes Leagoo M5 Plus, Leagoo M8, Nomu S10 and Nomu S20.

To understand what has happened here, we need to go back to 2016 when Kaspersky Lab researchers first uncovered what they called one of the most advanced mobile Trojans Kaspersky malware analysts had ever seen. They named that Trojan "Triada" and explained how it existed mainly in the smartphone's random access memory (RAM) using root privileges to replace system files with malicious ones. Android phones were spotted to have Triada as a preloaded backdoor in 2017.

The firm, Dr. Web’s, researchers had found Triada embedded into one of the OS libraries and located in the system section. Not just that, the Trojan couldn’t be detected or deleted using standard methods.

Triada had, the researchers found, used a call in the Android framework log function instead. In other words, the infected devices had a backdoor installed. This meant that every time an app, any app, attempted to log something the function was called and that backdoor code executed. The Triada Trojan could now execute code in pretty much any app context courtesy of this backdoor; a backdoor that came factory-fitted.

The Mountain View, California-headquartered company initially removed Triada samples from all Android devices using Google Play Protect. But in 2017, it was found that Triada evolved and ultimately became a preloaded backdoor on Android devices. Notably, the latest phones aren't likely to be affected by what has been discovered by Google. The vulnerability did have an impact on various models in the past, though.
Read more »
Web browser
Android devices Apple Devices Firefox Mozilla Foundation Operating system Web browser

New OS takes on Apple, Android

Firefox, a web browser made by the non-profit Mozilla Foundation, was born as “Phoenix”. It rose from the ashes of Netscape Navigator, slain by Microsoft’s Internet Explorer. In 2012 Mozilla created Firefox os, to rival Apple’s ios and Google’s Android mobile operating systems. Unable to compete with the duopoly, Mozilla killed the project.

Another phoenix has arisen from it. Kaios, an operating system conjured from the defunct software, powered 30m devices in 2017 and another 50m in 2018. Most were simple flip-phones sold in the West for about $80 apiece, or even simpler ones which Indians and Indonesians can have for as little as $20 or $7, respectively. Smartphones start at about $100. The company behind the software, also called Kaios and based in Hong Kong, designed it for smart-ish phones—with an old-fashioned number pad and long battery life, plus 4g connectivity, popular apps such as Facebook and modern features like contactless payments, but not snazzy touchscreens.

With millions of Indians still using feature phones, it’s no surprise that this brainchild of San Diego startup KaiOS Technologies is already the second most popular mobile operating system in Indiaafter Android, capturing over 16% market share. iOS is second with 10%share, as per an August 2018 analysis by tech consulting firm Device Atlas.

The new category of handsets powered by KaiOS, which has partnered with Reliance Jio, require limited memory while still offering a rich user experience through services like Google Assistant, Google Maps, YouTube, and Facebook, among others.

Faisal Kawoosa, founder, techARC, credits KaiOS with bringing about a paradigm shift in infotainment in India. “This (the feature phone platform) becomes the first exposure of mobile users to a digital platform. It is also helping the ecosystem and new users to digital services without much increase to the cost of the device,” he said.
Read more »
Google Play Store
Adware Android devices Google Play Store

Malicious Android Adware Infects Approximately 200 Apps on Play Store



 A monstrous adware campaign nicknamed "SimBad" was found to be in around 206 applications on Google Play Store, known to have been downloaded roughly 150 million times. Since most of them are simulation type games, thus the term 'SimBad' has been coined.

The designers of the applications may not be entitled totally to the blame as they also may have been baited by false promises. They may have not understood that they were utilizing a promotion related software development kit or SDK whose reason for existing is to install adware on devices.

Once an application infected by SimBad gets downloaded, the adware registers itself on the system with the goal that it can keep running on boot and from that point onwards, it can perform activities like opening a browser page to phish user information, open an application store including Google Play Store (to be specific) potentially malicious application, or even download and install an application in the background.

As per Security outfit Check Point, the applications perform different malicious behavior that the user's need to be wary of, including:
  1. Showing ads outside of the application, for when the user unlocks their phone or uses other apps.
  2. Constantly opening Google Play or 9Apps Store and redirecting to another particular application, so the developer can profit from additional installations.
  3. Hiding its icon from the launcher in order to prevent uninstallation.
  4. Opening a web browser with links provided by the app developer.
  5. Downloading APK files and asking the user to install it.
  6. Searching a word provided by the app in Google Play.

As a matter of fact, SimBad is less appalling than other malware that got away from Google's notice however it does as of now can possibly accomplish more harm as, according to Checkpoint, "SimBad' has abilities that can be divided into three groups namely - Show Ads, Phishing, and Exposure to other applications.

Keeping in mind the user privacy, Google has officially brought down the infected applications and will doubtlessly add the adware strain to Google Protect’s AI.

Read more »
IoT
Android Debug Bridge Android devices DDOS Attacks IoT

Hide and Seek Iot Botnet Increasing Infection Capabilities with New Vectors



The Hide and Seek IoT botnet has been updated to act against the Android devices and the criminal group behind its advancement and development has been seen to include a new functionality in recurring incremental optimizations to the fundamental engine.

The Android infections appear to be caused not by focusing on specific vulnerabilities, rather concentrating on maltreatment of the Android Debug Bridge (ADB) option. As a matter of course this is turned-off however at times users might need to turn it on.

The IoT botnet has been spotted to have added around 40 000 gadgets to its stockpile, the infected devices are for the most part from China, Korea and Taiwan. Numerous Android devices are currently part of the home infrastructure — phones, tablets, televisions and various peripherals. This is the motivation behind why attacks utilizing it are exceptionally viewed as critical.

Its samples concentrate on the devices that have set the ADB option on either as a matter of course or by the users themselves. At the point when this capacity is empowered the devices are uncovered as this opens a network port accessing remote connections. Malignant administrators have been spotted to perform unauthenticated login endeavors — utilizing either default passwords or 'brute forcing the devices'.

The attacks likewise prompt the conclusion that the criminal collective behind the botnet is always attempting to update its features. The tremendously expanded number of infected devices is apparent that the botnet is gaining more energy. Botnets are known to be quite efficient when it comes to launching conveyed denial-of-service attacks (DDoS) which can render sites and PC systems non-working.

Chief Security Researcher at Bitdefender Alex Balan said that the botnet's purpose for the time being gives off an impression of being to increase its size and nothing more.
Despite the fact that it bolsters directions for data exfiltration and code execution the researchers have not seen them to be utilized by the botnet and additionally, there is no module for propelling dispersed denial-of-service attacks, an essential technique for botnet monetization.

Read more »
Google Chrome
Android devices Google Chrome

Android Users To Surf The Web Without A Constant Internet Connection.




On the 21st of June Google presented a new feature for its Android devices that would give users the access in India and a few different nations to surf the web without the need of a steady Web connection.

Started for Chrome on Android clients in India alongside 100 other nations including Nigeria, Indonesia, and Brazil, the feature will enable the users to surf web in areas with no or spotty web connections.

“When you’re connected to free, unmetered Wi-Fi, Chrome will automatically download relevant articles, based on what content is most popular in your location,” said Amanda Boss, Product Manager, and Offline Chrome for Android. 

For users who are already signed in, Chrome will likewise reserve important and relevant articles in view of the perusing history with the goal that the user can read them when there is no web connection in the phone. This feature is now accessible in the most recent version of Chrome.

The feature case to set aside 70 per cent of the user’s data and with the data saver mode on, Chrome downloads the content that it assumes to be generally applicable.

At the point when the Data Saver is on, the most part of the web traffic goes through Google servers before being downloaded to that specific device and Google servers compress it so less data gets downloaded to the user's device.

Aside from this, Google likewise has a data saving application also that goes by the name of - Datally- it provides the user with a few different ways to control the data usage in their smartphones. The application accompanies highlights like: ability to set daily data usage limit, set a guest mode to see how much data a friend uses, highlighting the unused apps that may be eating up your data, data usage history, WiFi finder on map and many more.


Read more »
DNS Hijacking
Android devices Android Malware DNS Hijacking

Multilingual Malware Targets Android Devices for Phishing Attacks


A blog post titled 'Roaming Mantis uses DNS hijacking to infect Android smartphones' was published in April 2018, by the Kaspersky Lab, which spoke particularly about this Malware.

The malware i.e. Roaming Mantis utilizes Android malware which is intended to spread by means of DNS hijacking and targets Android gadgets specifically. This activity is said to be found for the most parts in Asia (South Korea, Bangladesh and Japan) in view of the telemetry data by the Kaspersky Lab.

Potential victims were supposedly redirected by DNS hijacking to a pernicious web page that distributed a Trojanized application spoofed Facebook or Chrome that is then installed by the users manually. The application in reality contained an Android Trojan-Banker.

Not long after their publication it was drawn out into the open that various other researchers were also additionally concentrated on this malware family. In May though, while the Roaming Mantis also known as MoqHao and XLoader, was being monitored, the scientists at the Kaspersky Lab observed some very significant changes in their M.O.

“The group’s activity expanded geographically and they broadened their attack/evasion methods. Their landing pages and malicious apk files now support 27 languages covering Europe and the Middle East. In addition to that, the criminals also added a phishing option for iOS devices, and crypto-mining capabilities for the PC.”

According to Kaspersky Lab's researcher Suguru Ishimaru, the last crusade including Roaming Mantis was likewise dissected by the Kaspersky Lab and the discoveries were point by point in its blog post "The Roaming Mantis campaign evolved significantly in a short period of time."

The attacks have been extended to around 27 different languages including English, Hindi, Russian, Chinese, and Hebrew. Initially the malware was dispersed in five dialects only however now the range has been extended by utilizing an automatic translator. The full rundown of dialects is available here : 


Roaming Mantis is likewise said to be well-equipped for stealing private and sensitive data and necessary related  information from Apple and Android phones while cryptocurrency mining is performed by the accretion of a special script present  in the malware's HTML source code, which gets executed at whatever point the browser is opened.

Read more »
Subscribe to: Posts (Atom)