Search This Blog

Showing posts with label WeChat. Show all posts

Chinese WeChat Users Targeted by Attackers Using Recent Chromium Bug

 

According to a local security firm, a Chrome exploit published online last week has been weaponized and exploited to target WeChat users in China. 

The malicious links were sent to WeChat users in the attacks. When users clicked the connection via a link, a piece of JavaScript code was launched, which loaded and executed shellcode on their operating systems. 

Threat actors used the recently revealed Chrome exploit to attack WeChat users in China, according to China-based firm Qingteng Cloud Security. The attacks, according to the researchers, were limited to users of the WeChat Windows app. The security firm didn't reveal which of the two proof-of-concept codes released last week were used in the attacks. 

This is because the attackers repurposed proof-of-concept code for two different bugs in the Chromium browser engine, which the WeChat Windows client uses to open and preview links without having to open a separate browser, which was published on Twitter and GitHub last week. The proof of concept code published last week —both of them— allowed attackers to run malicious code inside any Chromium-based browser. 

However, since most web browsers run Chromium in a "hardened mode" where the "sandbox" security protection function helps to prevent malicious code from escaping to the underlying operating system, due to which the exploit code was deemed useless on its own. 

As the security researchers informed The Record in interviews last week, their proof-of-concept code would work fine against apps that used the Chromium project as a foundation but forgot to allow sandbox defense. 

The WeChat client patched last week but Qingteng did not reveal that which of the two Chromium exploits revealed online last week was used in the wild in China; however, the security firm said it alerted Tencent, the creator of the WeChat app, and that Tencent had incorporated the latest Chromium security updates to patch the attack vector. 

Both vulnerabilities have been fixed by the Chromium team, but the patches are still finding their way downstream to all applications that use the browser engine. Only Microsoft Edge has patches for both exploits right now whereas the first bug has been fixed in Chrome.

China Launches An App Which Works Like A Debtor Radar!






















Giving apps an absolutely new dimension, China recently launched an app which works like a radar for people who are in debt.


Reportedly this application was developed on the instructions of the Chinese police. The app was created in the Chinese province of Hebei.



The application tends to display the locations of people in debt, whenever the person using the app is within 500 yards of them.



The major inspiration behind the application is the need to report the citizens who spend more than they should.



The application which goes by the name of “Map of Deadbeat Debtors” could be accessed via ‘WeChat’. (A social media app)



It's being claimed that the users are instantly alerted via a flash when they stand within 500 meters of a debtor.



The exact location of the debtor is displayed, if there's any appearance of personal information hasn't been confirmed yet.


It's an initiative which works towards citizens keeping a lookout for potential debtors, regardless of the seriousness of the debt.


  
Apparently, owing a debt is considered inappropriate in the culturally rich country of China.



The new reforms in the social credit system of the country are to be held responsible for the idea of the application.




The latest system is just the thing which the country needs and will judge the citizens on the basis of their social behavior.