Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Apple. Show all posts
Technology
AI Apple Data Google Internet Microsoft Techno Technology

Experts Find Malicious Browser Extensions, Chrome, Safari, and Edge Affected


Threat actors exploit extensions

Cybersecurity experts found 17 extensions for Chrome, Edge, and Firefox browsers which track user's internet activity and install backdoors for access. The extensions were downloaded over 840,000 times. 

The campaign is not new. LayerX claimed that the campaign is part of GhostPoster, another campaign first found by Koi Security last year in December. Last year, researchers discovered 17 different extensions that were downloaded over 50,000 times and showed the same monitoring behaviour and deploying backdoors. 

Few extensions from the new batch were uploaded in 2020, exposing users to malware for years. The extensions appeared in places like the Edge store and later expanded to Firefox and Chrome. 

Few extensions stored malicious JavaScript code in the PNG logo. The code is a kind of instruction on downloading the main payload from a remote server. 

The main payload does multiple things. It can hijack affiliate links on famous e-commerce websites to steal money from content creators and influencers. “The malware watches for visits to major e-commerce platforms. When you click an affiliate link on Taobao or JD.com, the extension intercepts it. The original affiliate, whoever was supposed to earn a commission from your purchase, gets nothing. The malware operators get paid instead,” said Koi researchers. 

After that, it deploys Google Analytics tracking into every page that people open, and removes security headers from HTTP responses. 

In the end, it escapes CAPTCHA via three different ways, and deploy invisible iframes that do ad frauds, click frauds, and tracking. These iframes disappear after 15 seconds.

Besides this, all extensions were deleted from the repositories, but users shoul also remove them personally. 

This staged execution flow demonstrates a clear evolution toward longer dormancy, modularity, and resilience against both static and behavioral detection mechanisms,” said LayerX. 

The PNG steganography technique is employed by some. Some people download JavaScript directly and include it into each page you visit. Others employ bespoke ciphers to encode the C&C domains and use concealed eval() calls. The same assailant. identical servers. many methods of delivery. This appears to be testing several strategies to see which one gets the most installs, avoids detection the longest, and makes the most money.

This campaign reflects a deliberate shift toward patience and precision. By embedding malicious code in images, delaying execution, and rotating delivery techniques across identical infrastructure, the attackers test which methods evade detection longest. The strategy favors longevity and profit over speed, exposing how browser ecosystems remain vulnerable to quietly persistent threats.

Read more »
Technology
AI Apple Cloud Data Location Technology

Apple's New Feature Will Help Users Restrict Location Data


Apple has introduced a new privacy feature that allows users to restrict the accuracy of location data shared with cellular networks on a few iPad models and iPhone. 

About the feature

The “Limit Precise Location” feature will start after updating to iOS26.3 or later. It restricts the information that mobile carriers use to decide locations through cell tower connections. Once turned on, cellular networks can only detect the device’s location, like neighbourhood instead of accurate street address. 

According to Apple, “The precise location setting doesn't impact the precision of the location data that is shared with emergency responders during an emergency call.” “This setting affects only the location data available to cellular networks. It doesn't impact the location data that you share with apps through Location Services. For example, it has no impact on sharing your location with friends and family with Find My.”

Users can turn on the feature by opening “Settings,” selecting “Cellular,” “Cellular Data Options,” and clicking the “Limit Precise Location” setting. After turning on limited precise location, the device may trigger a device restart to complete activation. 

The privacy enhancement feature works only on iPhone Air, iPad Pro (M5) Wi-Fi + Cellular variants running on iOS 26.3 or later. 

Where will it work?

The availability of this feature will depend on carrier support. The mobile networks compatible are:

EE and BT in the UK

Boost Mobile in the UK

Telecom in Germany 

AIS and True in Thailand 

Apple hasn't shared the reason for introducing this feature yet.

Compatibility of networks with the new feature 

Apple's new privacy feature, which is currently only supported by a small number of networks, is a significant step towards ensuring that carriers can only collect limited data on their customers' movements and habits because cellular networks can easily track device locations via tower connections for network operations.

“Cellular networks can determine your location based on which cell towers your device connects to. The limit precise location setting enhances your location privacy by reducing the precision of location data available to cellular networks,”

Read more »
zero click
Android Apple Cyber Security Google iPhone Meta Spyware zero click

What Happens When Spyware Hits a Phone and How to Stay Safe

 



Although advanced spyware attacks do not affect most smartphone users, cybersecurity researchers stress that awareness is essential as these tools continue to spread globally. Even individuals who are not public figures are advised to remain cautious.

In December, hundreds of iPhone and Android users received official threat alerts stating that their devices had been targeted by spyware. Shortly after these notifications, Apple and Google released security patches addressing vulnerabilities that experts believe were exploited to install the malware on a small number of phones.

Spyware poses an extreme risk because it allows attackers to monitor nearly every activity on a smartphone. This includes access to calls, messages, keystrokes, screenshots, notifications, and even encrypted platforms such as WhatsApp and Signal. Despite its intrusive capabilities, spyware is usually deployed in targeted operations against journalists, political figures, activists, and business leaders in sensitive industries.

High-profile cases have demonstrated the seriousness of these attacks. Former Amazon chief executive Jeff Bezos and Hanan Elatr, the wife of murdered Saudi dissident Jamal Khashoggi, were both compromised through Pegasus spyware developed by the NSO Group. These incidents illustrate how personal data can be accessed without user awareness.

Spyware activity remains concentrated within these circles, but researchers suggest its reach may be expanding. In early December, Google issued threat notifications and disclosed findings showing that an exploit chain had been used to silently install Predator spyware. Around the same time, the U.S. Cybersecurity and Infrastructure Security Agency warned that attackers were actively exploiting mobile messaging applications using commercial surveillance tools.

One of the most dangerous techniques involved is known as a zero-click attack. In such cases, a device can be infected without the user clicking a link, opening a message, or downloading a file. According to Malwarebytes researcher Pieter Arntz, once infected, attackers can read messages, track keystrokes, capture screenshots, monitor notifications, and access banking applications. Rocky Cole of iVerify adds that spyware can also extract emails and texts, steal credentials, send messages, and access cloud accounts.

Spyware may also spread through malicious links, fake applications, infected images, browser vulnerabilities, or harmful browser extensions. Recorded Future’s Richard LaTulip notes that recent research into malicious extensions shows how tools that appear harmless can function as surveillance mechanisms. These methods, often associated with nation-state actors, are designed to remain hidden and persistent.

Governments and spyware vendors frequently claim such tools are used only for law enforcement or national security. However, Amnesty International researcher Rebecca White states that journalists, activists, and others have been unlawfully targeted worldwide, using spyware as a method of repression. Thai activist Niraphorn Onnkhaow was targeted multiple times during pro-democracy protests between 2020 and 2021, eventually withdrawing from activism due to fears her data could be misused.

Detecting spyware is challenging. Devices may show subtle signs such as overheating, performance issues, or unexpected camera or microphone activation. Official threat alerts from Apple, Google, or Meta should be treated seriously. Leaked private information can also indicate compromise.

To reduce risk, Apple offers Lockdown Mode, which limits certain functions to reduce attack surfaces. Apple security executive Ivan Krstić states that widespread iPhone malware has not been observed outside mercenary spyware campaigns. Apple has also introduced Memory Integrity Enforcement, an always-on protection designed to block memory-based exploits.

Google provides Advanced Protection for Android, enhanced in Android 16 with intrusion logging, USB safeguards, and network restrictions.

Experts recommend avoiding unknown links, limiting app installations, keeping devices updated, avoiding sideloading, and restarting phones periodically. However, confirmed infections often require replacing the device entirely. Organizations such as Amnesty International, Access Now, and Reporters Without Borders offer assistance to individuals who believe they have been targeted.

Security specialists advise staying cautious without allowing fear to disrupt normal device use.

Read more »
Mobile Security
Apple Apple device security Cybersecurity Threats iOS iOS Security Update iPhone Users Mobile Security

Apple Forces iOS 26 Upgrade Amid Active iPhone Security Threats

 

Apple has taken an unusually firm stance on software updates by effectively forcing many iPhone users to move to iOS 26, citing active security threats targeting devices in the wild. The decision marks a departure from Apple’s typical approach of offering extended security updates for older operating system versions, even after a major new release becomes available.

Until recently, it was widely expected that iOS 18.7.3 would serve as a final optional update for users unwilling or unable to upgrade to iOS 26, particularly those with newer devices such as the iPhone 11 and above. Early beta releases appeared to support this assumption, with fixes initially flagged for a broad range of devices. That position has since changed. 

Apple has now restricted key security fixes to older models, including the iPhone XS, XS Max, and XR, leaving newer devices with no option other than upgrading to iOS 26 to remain protected. Apple has confirmed that the vulnerabilities addressed in the latest updates are actively being exploited. The company has acknowledged the presence of mercenary spyware operating in the wild, targeting specific individuals but carrying the potential to spread more widely over time. These threats elevate the importance of timely updates, particularly as spyware campaigns increasingly focus on mobile platforms. 

The move has surprised industry observers, as iOS 18.7.3 was reportedly compatible with newer hardware and could have been released more broadly. Making the update available would likely have accelerated patch adoption across Apple’s ecosystem. Instead, Apple has chosen to draw a firm line, prioritizing rapid migration to iOS 26 over backward compatibility.

Resistance to upgrading remains significant. Analysts estimate that at least half of eligible users have not yet moved to iOS 26, citing factors such as storage limitations, unfamiliar design changes, and general update fatigue. While only a small percentage of users are believed to be running devices incompatible with iOS 26, a far larger group remains on older versions by choice. This creates a sizable population potentially exposed to known threats. 

Security firms continue to warn about the risks of delayed updates. Zimperium has reported that more than half of mobile devices globally run outdated operating systems at any given time, a condition that attackers routinely exploit. In response, U.S. authorities have also issued update warnings, reinforcing the urgency of Apple’s message. 

Beyond vulnerability fixes, iOS 26 introduces additional security enhancements. These include improved protections in Safari against advanced tracking techniques, safeguards against malicious wired connections similar to those highlighted by transportation security agencies, and new anti-scam features integrated into calls and messages. Collectively, these changes reflect Apple’s broader push to harden iPhones against evolving threat vectors. 

With iOS 26.3 expected in the coming weeks, users who upgrade now are effectively committing to Apple’s new update cadence, which emphasizes continuous feature and security changes rather than isolated patches. Apple has also expanded its ability to deploy background security updates without user interaction, although it remains unclear when this capability will be used at scale. 

Apple’s decision underscores a clear message: remaining on older software versions is no longer considered a safe or supported option. As active exploitation continues, the company appears willing to trade user convenience for faster, more comprehensive security coverage across its device ecosystem.
Read more »
Telecom
AI Apple Data Google Internet Location Privacy Samsung Telecom

Indian Government Proposes Compulsory Location Tracking in Smartphones, Faces Backlash


Government faces backlash over location-tracking proposal

The Indian government is pushing a telecom industry proposal that will compel smartphone companies to allow satellite location tracking that will be activated 24x7 for surveillance. 

Tech giants Samsung, Google, and Apple have opposed this move due to privacy concerns. Privacy debates have stirred in India after the government was forced to repeal an order that mandated smartphone companies to pre-install a state run cyber safety application on all devices. Activists and opposition raised concerns about possible spying. 

About the proposal 

Recently, the government had been concerned that agencies didn't get accurate locations when legal requests were sent to telecom companies during investigations. Currently, the firm only uses cellular tower data that provides estimated area location, this can be sometimes inaccurate.

The Cellular Operators Association of India (COAI) representing Bharti Airtel and Reliance Jio suggested accurate user locations be provided if the government mandates smartphone firms to turn on A-GPS technology which uses cellular data and satellite signals.

Strong opposition from tech giants 

If this is implemented, location services will be activated in smartphones with no disable option. Samsung, Google, and Apple strongly oppose this proposal. A proposal to track user location is not present anywhere else in the world, according to lobbying group India Cellular & Electronics Association (ICEA), representing Google and Apple. 

Reuters reached out to the India's IT and home ministries for clarity on the telecom industry's proposal but have received no replies. According to digital forensics expert Junade Ali, the "proposal would see phones operate as a dedicated surveillance device." 

According to technology experts, utilizing A-GPS technology, which is normally only activated when specific apps are operating or emergency calls are being made, might give authorities location data accurate enough to follow a person to within a meter.  

Telecom vs government 

Globally, governments are constantly looking for new ways to improve in tracking the movements or data of mobile users. All Russian mobile phones are mandated to have a state-sponsored communications app installed. With 735 million smartphones as of mid-2025, India is the second-largest mobile market in the world. 

According to Counterpoint Research, more than 95% of these gadgets are running Google's Android operating system, while the remaining phones are running Apple's iOS. 

Apple and Google cautioned that their user base will include members of the armed forces, judges, business executives, and journalists, and that the proposed location tracking would jeopardize their security because they store sensitive data.

According to the telecom industry, even the outdated method of location tracking is becoming troublesome because smartphone manufacturers notify users via pop-up messages that their "carrier is trying to access your location."



Read more »
monitoring
Apple Apple ID Cyber Privacy Cyber Security Data Safety data security Digital Privacy enhanced user privacy monitoring

Apple’s Digital ID Tool Sparks Privacy Debate Despite Promised Security

 

Apple’s newly introduced Digital ID feature has quickly ignited a divide among users and cybersecurity professionals, with reactions ranging from excitement to deep skepticism. Announced earlier this week, the feature gives U.S. iPhone owners a way to present their passport directly from Apple Wallet at Transportation Security Administration checkpoints across more than 250 airports nationwide. Designed to replace the need for physical identity documents at select travel touchpoints, the rollout marks a major step in Apple’s broader effort to make digital credentials mainstream. But the move has sparked conversations about how willing society should be to entrust critical identity information to smartphones. 

On one side are supporters who welcome the convenience of leaving physical IDs at home, believing Apple’s security infrastructure offers a safer and more streamlined travel experience. On the other side are privacy advocates who fear that such technology could pave the way for increased surveillance and data misuse, especially if government agencies gain new avenues to track citizens. These concerns mirror wider debates already unfolding in regions like the United Kingdom and the European Union, where national and bloc-wide digital identity programs have faced opposition from civil liberties organizations. 

Apple states that its Digital ID system relies on advanced encryption and on-device storage to protect sensitive information from unauthorized access. Unlike cloud-based sharing models, Apple notes that passport data will remain confined to the user’s iPhone, and only the minimal information necessary for verification will be transmitted during identification checks. Authentication through Face ID or Touch ID is required to access the ID, aiming to ensure that no one else can view or alter the data. Apple has emphasized that it does not gain access to passport details and claims its design prioritizes privacy at every stage. 

Despite these assurances, cybersecurity experts and digital rights advocates are unconvinced. Jason Bassler, co-founder of The Free Thought Project, argued publicly that increasing reliance on smartphone-based identity tools could normalize a culture of compromised privacy dressed up as convenience. He warned that once the public becomes comfortable with digital credentials, resistance to broader forms of monitoring may fade. Other specialists, such as Swiss security researcher Jean-Paul Donner, note that iPhone security is not impenetrable, and both hackers and law enforcement have previously circumvented device protections. 

Major organizations like the ACLU, EFF, and CDT have also called for strict safeguards, insisting that identity systems must be designed to prevent authorities from tracking when or where identification is used. They argue that without explicit structural barriers to surveillance, the technology could be exploited in ways that undermine civil liberties. 

Whether Apple can fully guarantee the safety and independence of digital identity data remains an open question. As adoption expands and security is tested in practice, the debate over convenience versus privacy is unlikely to go away anytime soon. TechRadar is continuing to consult industry experts and will provide updates as more insights emerge.
Read more »
Vulnerabilities
Apple Apple vulnerabilities Cybersecurity Vulnerabilities

iOS 26 Update Erases Key Forensic Log, Hindering Spyware Detection on iPhones

 

Researchers have raised concerns that Apple’s latest software release, iOS 26, quietly removes a crucial forensic tool used to detect infections from sophisticated spyware such as Pegasus and Predator. The change affects a system file known as shutdown.log, a part of Apple’s Sysdiagnose tool that for years has helped security experts trace evidence of digital compromise. 

Investigators at cybersecurity firm iVerify discovered that the log, which previously recorded every instance of an iPhone being powered off and on, is now automatically overwritten each time the device reboots. Earlier versions of iOS appended new entries to the file, preserving a timeline of shutdown events that often contained small traces of malware activity. 

These traces had previously been key in confirming spyware attacks on devices belonging to journalists, activists, and public officials. In 2021, forensic analysts revealed that Pegasus, a surveillance tool developed by the Israeli company NSO Group, left recognizable patterns within the shutdown.log, which became instrumental in public investigations into digital espionage. 

After these findings, Pegasus operators began deleting the file to hide their activity, but even those deletions became a clue for analysts, as an abnormally clean log often pointed to tampering. 

The iOS 26 update now clears this record automatically, effectively erasing any historical evidence of infection after a single reboot. 

iVerify researchers said the change may have been introduced to improve performance or reduce unnecessary data storage, but its timing has raised alarms among those tracking spyware use, which has expanded beyond activists to include business leaders and celebrities. 

The update complicates ongoing efforts to investigate and confirm past infections, particularly on devices that may have been compromised months or years ago. Analysts studying Predator, another spyware tool linked to the surveillance firm Cytrox, have reported similar behavior within shutdown.log. 

With Apple yet to comment, experts recommend that high-risk users save a Sysdiagnose report before updating to preserve existing logs. They also advise delaying installation until the company provides clarity or releases a patch. The loss of historical shutdown data, researchers warn, could make identifying spyware on iPhones significantly harder at a time when digital surveillance threats continue to grow globally.
Read more »
Technology
Apple Data Breach dating app security Technology

Apple Removes Controversial Dating Apps After Data Leak and Privacy Violations

 

Apple has removed two dating apps, Tea and TeaOnHer, from the App Store months after a major data breach exposed users’ private information. The removal comes amid continued criticism over the apps’ privacy failures and lack of effective content moderation. 

The controversy started earlier this year when 404 Media reported that Tea, described as a dating and safety app, had leaked sensitive data, including driver’s licenses and chat histories. 

The exposed information was traced to an unsecured database and later appeared on the forum 4chan. Despite the breach, the app briefly gained popularity and reached the top of the App Store charts, driven by widespread online attention. 

TechCrunch reported that Apple confirmed the removal of both apps, citing multiple violations of its App Store Review Guidelines. The company pointed to sections 1.2, 5.1.2, and 5.6, which address objectionable content, data protection, and excessive negative user feedback. 

Apple also received a large number of complaints and low ratings, including reports that personal information belonging to minors had been shared on the platforms. According to Apple, the developers were notified of the issues and given time to make improvements, but no adequate action was taken. 

The gap between the initial reports of the data leak and the eventual removal likely reflects this period of review and attempted remediation. The incident highlights ongoing challenges around privacy and user safety in dating apps, which often collect and store large amounts of personal data. 

While Apple enforces rules intended to protect users, the case raises questions about how quickly and effectively those rules are applied when serious privacy risks come to light. The removal of Tea and TeaOnHer underscores the growing scrutiny facing apps that fail to secure user information or moderate harmful content.
Read more »
Subscribe to: Comments (Atom)