Search This Blog

Showing posts with label Android. Show all posts

StrandHogg is Back and Stronger As a More Sophisticated Vulnerability


Android is vulnerable anew owing it to a new vulnerability which goes by the name of “StrandHogg 2.0”

That is right. StrandHogg is back and now has affected numerous Android devices putting over a Billion Android devices in jeopardy.

The vulnerability is a pretty typical way aids hackers disguise illegitimate applications as legitimate ones with the ultimate aim of making them grant permissions which could end up releasing really important information.

The posing applications then find a way to the users’ sensitive data that too in real-time. Surprisingly, the worst part about the vulnerability is that the users would have no idea at all that they have been attacked and they’d be completely unaware of the malicious applications on their device.

This vulnerability is referenced as “CVE-2020-0096” and is known by the name “StrandHogg 2.0”. This version aids the hackers to make more sophisticated attacks.

As of last year StrandHogg was already listening in on conversations and recording them, accessing login credentials, read/sending unwanted texts and with complete control of the photo album, call logs, and contacts.

Allegedly, StrandHogg 2.0 excepting the latest version of the Android 10 OS, exists on most Android devices.

As per sources, the Google website has it that from a minimum of 2 Billion Android users, just 16% of them have updated to Android 10 hence the rest are allegedly vulnerable.

To fight or prevent any mishap that could be caused by StrandHogg 2.0, steer clear off pop up notifications asking permission for sending notifications, messages, or other related things and applications asking to log in again despite being already logged in.

Due to the Coronavirus Pandemic, not as per usual, Google will be releasing its Android 11 Beta version via an online conference at the Google I/O. Reportedly this conference is scheduled for June 3, 2020.

Sources mention that this conference will be a fresh source for many new updates and news about official events. The schedule for the launching of Android 11 has been released and according to it Android 11 will undergo 3 Beta releases in the upcoming months that are June, July, and August. Word has it that the official version would finally hash out in or near October.


The UK Government Vs Apple & Google API on the New COVID-19 App That Tells Who Near You is Infected!



Reportedly, the United Kingdom declared that their coronavirus tracing application is being run via centralized British servers and that’s how they are planning to take things forward and not via the usual “Apple-Google approach” which is a preferred one for most.

Per sources, the CEO of the Tech unit of the National Health Service mentioned that their new smartphone app will have its launching in the upcoming weeks, with the hopes of helping the country return to normalcy by beating coronavirus.

According to reports, the UK government believes that the contact-tracing protocol created by Apple and Google protects user privacy “under advertisement only”. Hence the British health service supports a system that would send the data of who may have the virus to a centralized server giving all the controls in the hand of the NHS.

The way of the NHS and that of Apple and Google, work via Bluetooth by putting a cell-phone on the wireless network, having it emit an electronic ID that could be intercepted by other phones in the vicinity. If a person tests positive for COVID-19 their ID would be used to warn the others near them.

Meaning, if you were near an affected person, your phone would show flags about their being infected, you’d be notified about it and if you may have caught the novel coronavirus you’d be alerted about that too, mention sources.

Per reports, Google and Apple especially had created an opt-in pro-privacy API for Android and iOS. The feature allows the user’s phone to change its ID on other phones near them and store it across different intervals of time.

Per sources, if a person is discovered to have COVID-19 they can allow the release of their phone’s ID to a decentralized set of databases looked over by healthcare providers and the nearby users would be notified about it.

The above-mentioned approach works best to help ensure that the users aren’t tracked by exploiting the above information. Google and Apple say that their protocol would make it next to impossible for them, the governments, and mal-actors to track people. The data wouldn’t leave the user’s phone unless they want it to, that too anonymously if and when.


A person, to declare themselves infected must enter a specific code from a healthcare provider after being tested positive which is a great way to curb fraudulent announcements about being infected.

The NHS, on the other hand, thought of proposing a centralized approach that makes the government, the party that has the coronavirus related details of all the users on their database for further analysis.

Per sources, for this application to be successful 60% of a population would have to download it and opt for it. Trust plays a major role here, if the users don’t trust the app it would be of no use to others either.

Reports mention that most countries prefer the Google and Apple method better, including Switzerland, Austria, and Estonia. Germany too is in strong support of a decentralized line whereas France had to face criticism for its inclination towards the centralized approach.

Nevertheless, the NHS is hell-bent on going forward with the centralized approach and is adamant that it will safeguard the privacy of people no matter what. In the centralized way of things, the NHS would capture all the IDs of phones with the app active on them and store the details on their database. Later on, if a user is found to be infected the NHS would make the call about all the hows, whens, and ifs of the warning procedure on the other phones.

If things were to work out the way NHS wants it to, the application would advise users to take steps to help them save themselves against the virus, like self-isolating if need be. The advice notified would be customized per the situation. They would also build a better database and help people with first-hand updates. People could also voluntarily provide detailed information about themselves to make the app’s experience more comprehensive.

Moreover, the centralized system would be way easier for conducting audits and analysis of the data that has been stored in the databases for further research about users that are at most risk.

But regardless of all the superficial advantages, the NHS would still be creating a database bursting with people’s personal information like their health statuses, their movements, and that too with the government having complete control of it.

The success of the entire operation dwells on the people’s trust in the NHS, the UK government, and the governments of all the countries for that matter who have opted for the centralized system.

WhatsApp's New Feature Lets You Add More People To Group Video Calls!


Finally! The days of whining about the limited number of participants you could add to WhatsApp’s group video and audio calls are OVER! Praise digital advancement, because the limit has been increased from 4 to 8 participants.

For people stuck far away from their families and in times that strictly demand social distancing, video calling applications contribute a lot in keeping us all sane by helping us feel close to our loved ones.

People have often found the number of participants in the group video/audio calls a major limitation of the otherwise significantly efficient WhatsApp.

Hence when WhatsApp, taking into account the terrific rise in the usage of Video Calling applications, at long last has decided to increase the number of contacts you can add to a group video/audio call, we can’t help but be happy.

The new feature would be exclusively available for the users of Android and iOS beta. The installation of the 2.20.50.25 update for the iOS beta users and the 2.20.133 beta update for the Android users is a prerequisite for the accessibility of the feature.

From One Billion daily active WhatsApp users and 400 Million out of them being Indians this new feature was being expected for quite a long time, researchers mention.


For the group video call with the raised number of participants to function at all, all the participants must have the same versions of the application, meaning 2.20.133 beta for Android users and 2.20.50.25 beta update for iOS users. A new header also notifies users about the end-to-end encryption of the calls.

Per sources, in the last month alone the number of people who “video-call” and the time they spend doing it has increased sufficiently on a global level. The pandemic has brought people closer “online” while being physically distant.

Other famous video calling applications including Facebook’s Messenger and Apple’s FaceTime offer a provision to add 50 and 32 people at once, respectively.

This feature will roll out gradually so all you have to do is update your WhatsApp application, sit tight, and wait for your device to embrace it with open arms!

Google Doubling Down On Efforts to Protect Android Users


With the rise in the in-application subscription scams on Android, Google subsequently announced the introduction of new Play Store policies intended to forestall such scams in the near future.

The American multinational technology additionally pledged to provide Android users with direct assistance in the form of notifications when a trial is going to turn into a paid subscription, or a subscription is going to renew consequently.

The new policies announced that demand application developers offer clear info about the obligations associated with subscription models and free trials, and provide a simple and easy way through which users can cancel subscriptions. These latest policies are a small part of a more extensive Google campaign, aimed especially at ensuring the privacy and security of Android users.

The newly announced policies focus mostly on fleeceware, a form of application that 'manipulates' trial periods and membership models to defraud victims. This kind of application usually burdens the user with complex terms and conditions, further enshrouding unjustifiable subscription commitments.
As a component of the new prerequisites, developers must distinguish with enough clarity between features accessible free of cost and those accessible only to paying subscribers. Thus, Google will convey an admonition to users when a free trial is set to end or when a subscription longer than three months is because of turn over.

The firm will likewise give warnings if a user endeavors to uninstall an application attached to an on-going subscription.

The new policies are said to take effect on June 16, so users should take particular consideration whenever handling of in-application subscriptions on Android in the meantime.

Apart from this, the company took the initiative to remind developers that its new assessment procedure will produce results in August, which will require developers to gain approval from Google before requesting location data from the end-user.

Further Play Store 'tweaks' are likewise in the pipeline, which will reportedly address issues related to illusive content and applications.

Android users may face hacker attacks under the guise of applications about coronavirus


Cybercriminals attack users of Android mobile devices using malicious applications disguised as legitimate information software about the new COVID-19 coronavirus infection. After installing the malicious app, the hacker gained control of the victim's Android device through access to calls, SMS, calendar, files, contacts, microphone, and camera.

Hackers continue to exploit people's fear of spreading the virus: malicious applications were found by experts on sites with domains associated with the coronavirus. Researchers have not yet discovered such applications on the Google Play Store.

Experts report that the apps were created using the Metasploit tool used for penetration testing. This software allows anyone with basic computer knowledge to create malicious applications in just 15 minutes: it’s enough to configure Metasploit for your goal, select the exploit and payload.

Such applications can easily gain control of the device. After launching on a device running on the Android operating system, the application hides the icon from the screen so that it is more difficult to detect and remove it.

Vasily Diaghilev, head of Check Point Software Technologies representative office in Russia and the CIS, says that in the current situation, the most alarming thing is how quickly and easily malicious applications can be created and reminds us of the need to follow the rules of digital hygiene.

Check Point researchers previously reported that more than 30,103 new coronavirus-related domains were registered in the past few weeks, of which 0.4% (131) were malicious and 9% (2,777) were suspicious. In total, since January 2020, more than 51 thousand domains associated with the coronavirus have been registered.

Check Point: 56 apps from the Google Play Store hide a new dangerous malware


Check Point experts have identified a new family of malware in the Google Play Store. It was installed in 56 Google Play Store apps that have been downloaded almost a million times by users worldwide. 24 apps among the damaged 56 are children's games, as well as utilities such as calculators, translators, cooking apps and others. As it is specified, applications emulate the behavior of a real user.

Tekya malware uses the MotionEvent mechanism in Android that simulates a click on an ad banner (first discovered in 2019) to simulate user actions and generate clicks.

Imitating the actions of a real person does not allow the program or a third-party observer to understand the presence of fraud. This helps hackers to attack online stores, make fraudulent ads, promote advertising, promote sites in search engine results, and also serve to carry out banking operations and other illegal actions.

During the research, Tekya went unnoticed by the VirusTotal and Google Play Protect programs.
Hackers created copies of official popular apps to attract an audience, mostly children since most apps with Tekya malware are children's games.

However, the good news is that all infected apps have already been removed from the Google Play.
This case shows that malicious app features can still be found in Google Play. Users have access to almost 3 million apps in the Google Play Store, and hundreds of new ones are downloaded daily, making it difficult to check the security of each individual app.

Although Google is taking steps to ensure security and prevent malicious activity on the Google Play Store, hackers are finding ways to access users' devices through the app store. So, in February, the Haken family of malware was installed on more than 50 thousand Android devices through various applications that initially seemed safe.

Hackers Exploit Vulnerabilities in Pulse VPN and Android Devices to Launch Heavy Cyberattack


The vulnerability named CVE-2019-1150 has affected Pulse VPN's network and is regarded as highly 'severe.' Whereas vulnerability named CVE-2019-2215 targets unpatched android smartphones. As we all know, in the world of cybersecurity, it becomes highly unsafe when the hackers target unpatched devices and systems as they can have terrible consequences. Recently, it has become a trend among hackers to target unpatched Android smartphones. Attackers were also found exploiting the flaws in Pulse Secure VPN in an attempt to compromise the cybersecurity of various organizations and individuals.


The flaw in Pulse Secure VPN

According to Kevin Beaumont, who is a Uk based cybersecurity expert, the assertion that 'Revil' is big-time ransomware and at least 2 companies are affected after the hackers exploited the vulnerability in Pulse Secure's VPN flaw. Many hackers are now exploiting this flaw to launch ransomware attacks. As per the latest information, the organization that is said to be affected by this cyber attack is a currency exchange and travel insurance company 'Travelex.' According to cybersecurity experts, the attack was launched using the Revil ransomware. The consequences of this cyberattack compelled Travelex to shut down all of its online mode of operations.
As a result, the company shut down its system offline and had to manually operate its nationwide branches.

The vulnerability known as CVE-2019-1150 is regarded as highly 'hazardous' by the cybersecurity experts. CVE-2019-1150, an uncertain read data vulnerability attacks different versions of Pulse Secure VPN named Pulse Connect Secure and Pulse Policy Secure. The vulnerability allows hackers access to Https and connects the hackers to the company's network without the hackers having to enter login credentials such as id and password. By exploiting this vulnerability, hackers can view confidential files, download files, and launch various malicious codes to disrupt the company's entire network. Pulse Secure VPN had released a security patch last year in April, and the users are requested to update to the latest security patch.

The flaw in Android Devices

Hacking group 'SideWinder APT' exploited vulnerabilities via 3 apps in the Google play store named as Camera, FileCrypt, and CallCam. “These apps may be attributed to SideWinder as the C&C servers it uses are suspected to be part of SideWinder’s infrastructure. Also, a URL linking to one of the apps’ Google Play pages is found on one of the C&C servers,” says Trend Micro cybersecurity experts.

Users can now remove xHelper, the irremovable malware


Hooray! You can now remove the unremovable android malware. Yes, it is xHelper, the unremovable android malware. After 10 months of research and hard work, the cybersecurity experts have finally found a way to remove xHelper from your smartphones, which was not possible earlier. According to cybersecurity experts, the method is reliable and effective.


What is xHelper?
xHelper caused a lot of troubles across the globe to android users for a very long time, 10 months to be specific. It first appeared in March last year, when smartphone users complained about the malware came on the internet that certain apps couldn't be uninstalled from their smartphones, even though the users did a factory reset. Though the apps were not malicious or harmful, they, however, sent annoying ads or popups to the users all the time. As time passed, xHelper kept on targeting more and more devices until it was spread almost everywhere around the world. Last year, until August, xHelper infected merely 32000 smartphones, but by the end of October, the numbers climbed up to 45,000. Malwarebytes and Symantec, both a cybersecurity company, published this information in their reports.

How it spread? 
Cybersecurity experts say that the malware redirected the users to android hosting websites, and this is how the malware spread. These websites allowed users to download apps from them, without the user needing to go to the play store. However, the apps contained hidden HTML coding that released the malware in the smartphones once downloaded. Finding the source of the malware and how it spread was easy, however, the cybersecurity experts had trouble removing it through traditional methods like factory resets or uninstalling the xHelper app. Even after the factory resets, the malware would reappear by itself after some time, installing the app by itself without asking the user permissions.

How to remove xHelper?
According to Collier, users can follow these 6 steps to remove xHelper from their smartphones:

  1. Install a file manager application from the google play store. The app should be able to find directories and search files. 
  2. Disable Google play store (temporarily)
  3.  Run a scan in the Malwarebytes. Try searching for fireway, xHelper, and settings (in case 2 settings are shown) 
  4. In the file manager, search for com.mufc
  5. If the file manager shows results, sort the result by 'date found.' Delete anything with com.mufc
  6. Enable google play after doing the necessary changes.

Google Maps…Creepy or Useful?



Whether Android or iPhone there is no denying that Google is there for all of us, keeping a track log of our data in a "Timeline" that unequivocally shows wherever we've been, which while in some cases is amazingly valuable and helpful yet for the rest it’s downright creepy.

The creepy degree of details range from like precisely the time at which the user left for home, arrival at home, the exact route taken along the way, pictures taken in specific locations and then some.

It'll show them if they were driving, strolling or on a train, and any pit stops they may have made during their journey. Like here is an example including a user's stop for lunch, and a meeting they took with Snapchat on the Upper West side earlier in the day.



Zoomed in, one can see the exact course taken to arrive and where the car was parked.


And hence there's no reason as to why Google has to know this much information about any user, except if they truly care about things like Google's recommendations based on where they've been.

So there are a couple of ways the user can recover their privacy. First, here’s how the user can delete everything Google Maps currently knows about them:

  • Open Google Maps on your iPhone or Android phone.
  • Tap your profile picture on the top-right. 
  • Choose “Your data in Maps.” 
  • Choose “See & Delete activity.” 
  • Hit the menu button on the top-right of the page and select “Settings.” 
  • Choose “Delete all location history.” 


 And here’s how the user can set it up so Google automatically deletes all this location data every three months:

  • Open Google Maps on iPhone or Android. 
  • Tap the menu bar on the top-left of the app. 
  • Choose “Your Timeline.” 
  • Tap the three dots on the top-right of the screen. 
  • Choose “Settings and privacy.” 
  • Select “Automatically delete location history.” 
  • Change the setting from “Keep until I delete manually” to “Keep for 18 months” or “Keep for 3 months.” 


 Or, if the user doesn’t mind Google tracking them day to day but just want to stop it for a little while, they can simply turn on Incognito mode in Maps by doing this:


  • Open Maps on your iPhone or Android phone. 
  • Tap your profile picture on the top-right. 
  • Choose “Turn on Incognito mode.”



All Android Users Beware! All The Android Versions Vulnerable To This New Bug 'StrandHogg'


Android is vulnerable anew owing it to a new bug that goes by the name of “StrandHogg”. It is a serious issue as the bug could penetrate the entire security mechanism with a single wrong click of the user.

This bug has a special provision where it allows malicious applications and malware to pose as legitimate applications. The applications look so real that the user is unaware at all times.

The fake applications then find a way to the users’ sensitive data that too in real-time. Per reports, all the versions of Android are susceptible to this bug even the latest Android 10.

Surprisingly, the worst part about the bug is that the users would have no idea at all that they have been attacked and they’d be completely unaware of the malicious applications on their device.

Listening in on conversations and recording them, accessing login credentials, read/sending unwanted texts and even complete control of the photo album, call logs and contacts are allegedly a few of the many things the bug can do.

“StrandHogg” can let the hackers have a complete hold over the affected device’s camera which is pretty disconcerting given the hackers could turn on visuals whenever they find fit which could be a massive breach of privacy.

All of the senior police personnel have been alerted regarding the hazard. Several measures have also been scheduled to be taken along the lines of public awareness about the bug.

Things to steer clear off include pop up notifications asking permission for sending notifications, messages or other related things and applications asking to log in again despite being already logged in.

If such requests are allowed, the bug would let the hackers have almost complete access to the device from the camera to live conversations be it a cell phone or a tablet.

Other warning signs include suddenly non-functional links and permissions being asked by applications that have never needed them before.

The Home Ministry’s Cyber Crime Coordination Centre reportedly cited that over 500 Android applications are under the peril of an attack by this bug. They also released to all the states, a list of the plan of action of the bug.

Avito users were targeted by a dangerous Android Trojan


International company Group-IB, which specializes in the prevention of cyber attacks, has recorded a new Android Trojan campaign, the victims of which are customers of 70 banks, payment systems, web-wallets in the Russian Federation and the CIS. The potential damage from the Trojan, called FANTA, amounted to at least 35 million rubles ($547,000).

FANTA belongs to the Flexnet malware family, which is known to experts since 2015 and studied in detail. The Trojan and its associated infrastructure are constantly evolving: attackers are developing more effective distribution schemes, adding new functionality to more effectively steal money from infected devices and bypass security measures.

According to the company, the Trojan is aimed, in particular, at users who place purchase and sale advertisements on a Russian classified advertisements website Avito.

Attackers find contact details of sellers in a network, and after a while the victim receives personalised SMS about the transfer of full cost of goods to his account. The message contains a link where sellers can find payment details. Then the link opens a phishing page on the Avito website, which notifies the seller of the purchase and contains a description of his goods and the amount received from the sale of the goods. After clicking on the "Continue" bottom, FANTA malware disguised as the Avito application is downloaded to the phone.

The receipt of bank card data is carried out in a standard way for Android Trojans: the user opens phishing site that disguises as legitimate mobile banking application where the victim enters their bank card details", the Group-IB described the scheme of attackers.

Moreover, FANTA analyzes which apps are running on the infected device. Experts found that in addition to demonstrating pre-prepared phishing pages, FANTA also reads the notifications text about 70 banking applications, fast payment systems and e-wallets. In addition, an important feature of FANTA, which the creators paid special attention, is the bypass of anti-virus tools.

According to Group-IB, the latest attack was aimed at Russian — speaking users, most of the infected devices are located in Russia, a smaller part is in Ukraine, Kazakhstan and Belarus.
It's interesting to note that FANTA developers are able to hack the devices of users of about 30 different Internet services, such as AliExpress, Youla, Pandao, Aviasales, Booking, Trivago, as well as taxi and car sharing services.

Earlier in another Russian service of free ads Youla stated that the company plan to completely remove the display numbers, keeping all communications within the service.

ATTENTION ANDROID USERS: REMOVE THESE APPS IMMEDIATELY!




A minimum of 24 extremely popular android applications were found to be infested with malware. They were tested positively with Trojan which is known by the name of “Joker”.

Per sources, this Trojan provokes the interaction of the device with advertisement websites. It could steal SMS messages and private data.

As per the sources following are the names of the applications that are being said to be infested with the Trojan:
  • Beach Camera 4.2
  • Mini Camera 1.0.2
  • Soby Camera 1.0.1
  • Declare Message 10.02
  • Rapid Face Scanner 10.02
  • Leaf Face Scanner 1.0.3
  • Spark Wallpaper 1.1.11
  • Humour Camera 1.1.5
  • Rudy SMS Mod
  • Antivirus Security – Security Scan, App Lock 1.1.2
  • Collate Face Scanner 1.1.2
  • Ignite Clean 7.3
  • Advocate Wallpaper 1.1.9
  • Print Plan scan 1.03
  • Great VPN 2.0
  • Climate SMS 3.5
  • Dazzle Wallpaper 1.0.1
  • Cute Camera 1.04
  • Board Picture editing 1.1.2
  • Altar Message 1.5
  • Age Face 1.1.2
  • Reward Clean 1.1.6
  • Certain Wallpaper 1.02
  • Mini Camera 1.0.2

Security researchers strictly advise every user to uninstall any of these applications if found in their devices.

Android phones vulnerable to Qualcomm bugs

Security researchers from Tencent’s Blade Team are warning Android smartphone and tablet users of flaws in Qualcomm chipsets, called QualPwn. The bugs collectively allow hackers to compromise Android devices remotely simply by sending malicious packets over-the-air – no user interaction required.

Three bugs make up QualPwn (CVE-2019-10539, CVE-2019-10540 and CVE-2019-10538). The prerequisite for the attack is that both the attacker and targeted Android device must be active on the same shared Wi-Fi network.

“One of the vulnerabilities allows attackers to compromise the WLAN and modem, over-the-air. The other allows attackers to compromise the Android kernel from the WLAN chip. The full exploit chain allows attackers to compromise the Android kernel over-the-air in some circumstances,” wrote researchers.

All three vulnerabilities have been reported to Qualcomm and Google’s Android security team and patches are available for handsets. “We have not found this vulnerability to have a public full exploit code,” according to a brief public disclosure of the flaws by the Tencent Blade Team.

Researchers said their focus was on Google Pixel2 and Pixel3 handsets and that its tests indicated that unpatched phones running on Qualcomm Snapdragon 835 and Snapdragon 845 chips may be vulnerable.

A Qualcomm spokesperson told Threatpost in a statement: “Providing technologies that support robust security and privacy is a priority for Qualcomm. We commend the security researchers from Tencent for using industry-standard coordinated disclosure practices through our Vulnerability Rewards Program. Qualcomm Technologies has already issued fixes to OEMs, and we encourage end users to update their devices as patches become available from OEMs.”

The first critical bug (CVE-2019-10539) is identified by researchers as a “buffer copy without checking size of input in WLAN.” Qualcomm describes it as a “possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length.”

FaceApp has access to more than 150 Million user's faces and names








Everyone is busy posting pictures of themselves how they will look in the future, while security researchers are really worried about the data that users are giving them. 

The Cybersecurity experts at Checkpoint have said that the Russian owned app doesn't have access to your camera roll, but it 'might store' the image that you modified. 

Till now, more than 100 million people have downloaded the app from the Google Play store. While it is a top-ranked app on the iOS App Store. 

According to the terms and condition of the FaceApp, ‘You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your [username], location or profile photo) will be visible to the public.’

However, the firm addressed the privacy concerns saying that they are storing the uploaded photo in the cloud to increase their performance and deal with the traffic.

In the statement released they clarified that even though their 'core R&D team is located in Russia, none of the user data is transferred to Russia'. 



Agent Smith malware replaces apps with malicious versions










A new mobile malware dubbed as “Agent Smith” has infected more than 25 million devices by impersonating as a Google-related app, and exploited known Android vulnerabilities.

The name was given after the Matrix’s main villain, which was discovered by security firm Check Point. It has penetrated some of the major apps like WhatsApp. 

The malware extracts the list of the app that is installed on the devices, then it automatically selects its target app, replaces the original version with the malicious version without the user’s knowledge.

"The core malware extracts the device's installed app list. If it finds apps on its prey list (hard-coded or sent from C&C server), it will extract the base APK of the target innocent app on the device, patch the APK with malicious ads modules, install the APK back and replace the original one as if it is an update," Check Point's researchers explained.

"In this case, "Agent Smith" is being used for financial gain through the use of malicious advertisements. However, it could easily be used for far more intrusive and harmful purposes such as banking credential theft. Indeed, due to its ability to hide it's an icon from the launcher and impersonates any popular existing apps on a device, there are endless possibilities for this sort of malware to harm a user's device."

According to the Check Point researchers,  it was made by a Chinese company that helps immature developers to publish their apps overseas, in order to make some money. 

The company also suggests that it will take more time to protect from such attacks: "The 'Agent Smith' campaign serves as a sharp reminder that effort from system developers alone is not enough to build a secure Android eco-system. It requires attention and action from system developers, device manufacturers, app developers, and users, so that vulnerability fixes are patched, distributed, adopted and installed in time."



A New Smartphone Malware Infects 25 Million Devices Worldwide


A new smartphone malware that has infected 25 million devices around the world, including 15 million in India has been recently discovered by a team of cyber security specialists. Being dubbed as "Agent Smith”, the malware camouflages itself as a Google-related application and then replaces the installed applications with pernicious versions of them utilizing known Android vulnerabilities without the users' knowledge.

'Agent Smith' utilizes its access to Android devices in order to display fake ads for financial gain, yet given its access, it can likewise be utilized for increasingly accursed purposes.

Checkpoint research team which specializes in analysing global cyber threats , notes that the activity of Agent Smith takes after how other malware like CopyCat, Gooligan, and HummingBad have operated in the recent years and each of the three campaigns have utilized infected devices to generate fake ad revenue 'to the tune of millions of dollars'.

'Agent Smith' is said to have been originated on prevalent third-party application store 9Apps and has focused predominantly on Arabic, Hindi, Indonesian, and Russian speakers. Majority of the malware's victims were reported to be from India and neighbouring nations like Bangladesh and Pakistan yet as indicated by certain confirmations there are quite a few infected devices in nations like Australia, UK, and USA too.
 
Agent Smith infection world heat map
Some of the apps that have been utilized to infect devices by means of 9Apps store are Color Phone Flash – Call Screen Theme, Photo Projector, Rabbit Temple, and Kiss Game: Touch Her Heart, and Girl Cloth XRay Scan Simulator.

What's more is that, after the inceptive attack vector by means of 9Apps, the makers of Agent Smith shifted their focus towards Google Play Store and had the option to push at least 11 malware laden app in the store.

Android apps infected with Agent Smith in Google Play Store and 9Apps


While Google has removed all the apps from Google Play, users are cautioned against having any of these applications installed as they will be no doubt infected by the Agent Smith malware. Check Point Research adds further, saying that the Android users should only utilize trusted application stores to download applications as "third party app stores often lack the security measures required to block adware loaded apps."

The Rise of Fingerprinting and Monitoring Of Our Digital Activities




 The concept of digital privacy has evolved so much with time that regardless of whether we secure our data to ensure that we are not tracked on the web, the ad tech industry, through some way or different finds ways to monitor our digital activities.

Being alluded to as a cutting edge tracking technology by security researchers, the fingerprinting technology has for sure achieved new statures.

While it incorporates taking a look at the many characteristics of the user's mobile device or computer, like the screen resolution, operating system and model, it likewise very effectively while triangulating this data, pinpoints and follows the user as they browse the web and make use of the other apps.

Presently since the technique happens imperceptibly out of sight in applications and websites, it becomes very hard to block the particular technology at whatever point it isn't required.

In the course of the most recent couple of years, tech companies like Apple and Mozilla 'introduced aggressive privacy protections' in their internet browsers to make it harder for advertisers to follow the users around the web and serve targeted ads on promotions.

But since a large number of those technologies ended up getting blocked by default, the advertisers needed to come up with an alternate method to track more users.

That is when the fingerprinting technology becomes an integral factor, as it gathers apparently harmless attributes that are commonly shared as default to make applications and sites work appropriately, which happens when the users gives an application the consent to access their location data, their camera and microphone. Thus, many other browsers likewise require the permission before a website can access those sensors.

While some state that the fingerprint method can be dependable and reliable, others say that it is abusive on the grounds that in contrast to cookies, which the users can see and delete, one for the most part can't tell it is going on and can't opt out it.

Nonetheless the solutions for averting fingerprinting are generally new, and some are still being developed. Thus it is difficult to tell how powerful they are since fingerprinting happens undetectably. So here are a few solutions for blocking browser fingerprinting.
  1. Apple users can make use of the protections installed in the Safari browser for computers and mobile devices.
  2. Android users and Windows users can try the Firefox web browser.
  3. Furthermore, the other desktop browsers can easily install an add-on.

In case of mobile users:
Privacy Pro and Disconnect Premium can examine the application activities on the device to recognize and block trackers, including finger printers.

Since Fingerprinting is a perplexing subject since the tracking method applies to both the web and mobile applications it is thusly recommended for the users to become familiar with it and be one at least one step ahead in ensuring their privacy protection themselves.

Over 2,000 malicious apps exists on Play Store

If you thought that the quality control issues plaguing the Google Play Store for Android were finally being ironed out, it couldn't be further from the truth. A two-year-study by the University of Sydney and CSIRO’s Data61 has come to the conclusion that there are at least 2,040 counterfeit apps on Google Play Store. Over 2,000 of those apps impersonated popular games and had malware. The paper, a Multi-modal Neural Embedding Approach for Detecting Mobile Counterfeit Apps, was presented at the World Wide Web Conference in California in May documenting the results.

The study shows that there is a massive number of impersonated popular gaming apps available on Play store. They include fake versions of popular games such as Temple Run, Free Flow and Hill Climb Racing. The study investigated around 1.2 million apps on Google Play Store, available in Android, and identified a set of potential counterfeits for the top 10,000 apps.

Counterfeit apps impersonate popular apps and try to misguide users`. “Many counterfeit apps can be identified once installed. However, even a tech-savvy user may struggle to detect them before installation,” the study says.

It also points out that fake apps are often used by hackers to steal user data or infect a device with malware. “Installing counterfeit apps can lead to a hacker accessing personal data and can have serious consequences like financial losses or identity theft,” reads a blog post by the university.

The study also found that 1,565 asked for at least five dangerous permissions and 1407 had at least five embedded third-party ad libraries.

To investigate these applications on Google Play store the researchers used neural networks.

Google has acknowledged the problem of “malicious apps and developers” in a blog post by Google Play product manager Andrew Ahn on February 13, 2019.

According to Google, the company now removes malicious developers from Play store much faster when compared to previous years. The company says that in 2018 it stopped more malicious apps from entering the store than ever before.

A Google spokesperson, in response to a TOI email, said, “When we find that an app has violated our policies, we remove it from Google Play.”

Google Confirms Several Android Devices Shipped With a Malware




Google tackles yet another vulnerability dubbed as Triada, a malware in the form of a code that affected some Android devices even before they shipped.

The malware is such cunningly structured by the hackers, that it displays ads and spam on a cell phone, on endless Android smartphones and stays undetected for long.

Google, in a rather detailed blog post, clarifies "Triada infects device system images through a third-party during the production process. Sometimes OEMs want to include features that aren't part of the Android Open Source Project, such as face unlock. The OEM might partner with a third-party that can develop the desired feature and send the whole system image to that vendor for development...Based on analysis; we believe that a vendor using the name Yehuo or Blazefire infected the returned system image with Triada."

The activities of Triada were first discovered by Kaspersky Labs through the two posts which had stayed profound into the workings of the malware, first was back in March 2016 and the other in a consequent post in June 2016.

What makes this Trojan progressively perilous is simply the way that it hides itself from the list of applications running and installed on the Android smartphone, making it unimaginable for the anti-virus applications and anti-malware applications to identify it, then again it makes it hard for the framework to distinguish if a peculiar or an undesirable procedure is running in the background.

Triada is additionally known to modify the Android's Zygote process too.

Google, upon finding out about the functions and workings of Triada in 2016, had immediately removed the malware from all devices utilizing Google Play Protect. In any case, the malevolent actors amped up their endeavors and discharged a much smarter version of the Trojan in 2017.

What's more, since this more 'smarter version' was implanted in the system libraries it could furtively download and run noxious modules. The most concerning fact being that it can't be erased utilizing the standard techniques and methods.

As indicated by a well-known software suite Dr.Web, the modified version of Traida is known to be found on several mobile devices, including Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20.

Many Android devices had pre-installed backdoor: Google

Earlier this year, Forbes reported how a banking Trojan called Triada had been found on a bunch of brand new budget Android smartphones. Google has now confirmed that threat actors did, indeed, manage to compromise Android smartphones with the installation of a backdoor as part of a supply chain attack.

Two years later, on Thursday, Google has now admitted that criminals in 2017 indeed managed to get an advanced backdoor preinstalled on Android devices, even before these left the factories of manufacturers.

The list of affected devices includes Leagoo M5 Plus, Leagoo M8, Nomu S10 and Nomu S20.

To understand what has happened here, we need to go back to 2016 when Kaspersky Lab researchers first uncovered what they called one of the most advanced mobile Trojans Kaspersky malware analysts had ever seen. They named that Trojan "Triada" and explained how it existed mainly in the smartphone's random access memory (RAM) using root privileges to replace system files with malicious ones. Android phones were spotted to have Triada as a preloaded backdoor in 2017.

The firm, Dr. Web’s, researchers had found Triada embedded into one of the OS libraries and located in the system section. Not just that, the Trojan couldn’t be detected or deleted using standard methods.

Triada had, the researchers found, used a call in the Android framework log function instead. In other words, the infected devices had a backdoor installed. This meant that every time an app, any app, attempted to log something the function was called and that backdoor code executed. The Triada Trojan could now execute code in pretty much any app context courtesy of this backdoor; a backdoor that came factory-fitted.

The Mountain View, California-headquartered company initially removed Triada samples from all Android devices using Google Play Protect. But in 2017, it was found that Triada evolved and ultimately became a preloaded backdoor on Android devices. Notably, the latest phones aren't likely to be affected by what has been discovered by Google. The vulnerability did have an impact on various models in the past, though.