OnePlus denies accusation of sending Clipboard data to China

OnePlus had been accused of sending Clipboard data taken from OnePlus phones in the latest OxygenOS Beta version to China and has now denied the accusations, saying that the file is inactive and created for Chinese phones only.

The information was first revealed by Elliot Alderson on Twitter, where he explained how the application works.

He posted that a strange file called badword.txt existed in the clipboard application, along with 6 others, for the OxygenOS Beta update which could identify what kind of data the user copied to their clipboard and send sensitive data such as bank information and passwords to a Chinese server, allegedly pointing to a Chinese company called Teddy Mobile.

OnePlus has since denied this accusation and released a statement saying that "there’s been a false claim that the Clipboard app has been sending user data to a server. The code is entirely inactive in the open beta for OxygenOS, our global operating system. No user data is being sent to any server without consent in OxygenOS."

They added that the identified folder exists in the open beta for HydrogenOS, their operating system for China exclusively, in order to filter out what data to not upload and that local data in this folder is skipped over and not sent to any server.

Lebanese Hackers leave data stolen from thousands of victims on open server

Last week, Electronic Frontier Foundation (EFF) and Lookout had released a report on a malware dubbed “Dark Caracal” that had stolen a huge amount of data from thousands of victims, such as journalists, military personnel, lawyers, activists, financial institutions, and other such organisations or individuals.

It seems that these hackers — who were deemed to be Lebanese and related to the nation-state as the signal was traced back to Lebanon's General Directorate of General Security (GDGS) — had left all the stolen data online on an unprotected server.

"It's almost like thieves robbed the bank and forgot to lock the door where they stashed the money," said Mike Murray, Lookout's head of intelligence.

According to EFF Director of Cybersecurity Eva Galperin, they were only able to pinpoint the hacking campaign to such a precise location as the government building because of their “extraordinarily poor operational security."

The stolen data included passwords, documents, call records, texts, contact information, photos, and other sensitive data. In Lookout security researcher Michael Flossman’s words, it was “literally everything.”

The report said that based on available evidence, it is likely that GDGS is either associated with or directly supporting the attackers behind Dark Caracal.

Lebanon Spyware Uncovered, Steals Data through Fake Messaging Apps

Researchers from non-profit campaign group Electronic Frontier Foundation (EFF) and mobile security group Lookout have together uncovered malware that targets individuals such as military personnel, journalists, lawyers, and activists, using fake apps that look like popular messaging apps like WhatsApp and Signal.

The malware, dubbed “Dark Caracal” by the researchers, targets known Android weaknesses and iOS has not been affected by it.

According to their report on Dark Caracal, the malware was traced back to a server in a Lebanese government building — a building belonging to the Lebanese General Security Directorate in Beirut, Lebanon — and seems like the threat could be coming from a nation-state.

“We have identified hundreds of gigabytes of data exfiltrated from thousands of victims, spanning 21+ countries in North America, Europe, the Middle East, and Asia,” the report read.

“This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying because phones are full of so much data about a person’s day-to-day life,” said EFF Director of Cybersecurity Eva Galperin.

Data stolen through the spyware includes documents, call records, audio recordings, secure messaging client content, contact information, text messages, photos, and account data.

According to EFF, WhatsApp or Signal have not been compromised, and Google has confirmed that the infected apps were not downloaded from its Play Store. Instead, the attackers use “spearphishing” to get these fake apps on targets’ phones, which is a phishing attack that specifically targets an individual using information the attacker has on the victim.

“All Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware,” said EFF Staff Technologist Cooper Quintin.

Dark Caracal has reportedly been operating since 2012 but has been unable to track down because of the number of similar attacks happening all over the world that have repeatedly been misattributed to other cybercrime groups.

This research has shed light on how governments and people are able to spy on individuals all over the world.

Germany's biggest data theft, 18 million emails and passwords stolen

18 Million email addresses and passwords have been stolen in what is being called the biggest data theft in Germany's history.

The compromised accounts are reportedly being misused for criminal purposes such as spreading spam emails.

The authorities have determined that at least three million of compromised accounts belong to German citizens(accounts ending with '.de').  The rest had international domain extensions such as '.com'.

It is still unknown exactly how many German and people from other countries have been affected by this massive data theft. 

A spokesperson for the states prosecutor's office in Verden, Lower Saxony, Germany, told The Local that they are currently in the process of determining how hackers accessed 18 million accounts.

It is second major data theft in Germany this year.  In January, German authorities announced that hackers accessed 16 million email addresses and passwords.