Search This Blog

Showing posts with label and Exploits. Show all posts

Fleeceware Apps Prey on Android Users

 

A fleeceware application isn't customary Android malware as it doesn't contain pernicious code. Rather, the danger comes from unnecessary subscription charges that it may not clearly specify to mobile clients. Fleeceware tricks a victim into downloading an application that intrigues them. At that point, the developer relies on the client overlooking the program as well as neglecting to see the actual subscription charge. These developers target more youthful clients who probably won't focus on the subscription details. The developer fleeces the victim by fooling them into paying cash for something they probably won't need. Chances are, they won't realize they have or they may have gotten somewhere else complimentary or free of charge.

In January 2020, SophosLabs uncovered that it had distinguished more than 20 fleeceware applications hiding out in the Android market place. These applications acquired an aggregate all out of more than 600 million installations. One of those applications charged clients $3,639.48‬ yearly, or $69.99 every week, for showing day by day horoscopes. A couple of months after the fact, Google updated its policies to guarantee that clients comprehended the full price of an application subscription when free trials and introductory offers end and how to deal with their application subscriptions. That didn't prevent a few people from endeavoring to get around Google's policies. In August 2020, Google eliminated some fleeceware applications for neglecting to incorporate a dismiss button and for showing subscription data in small, light font styles. 

Avast reported seven fleeceware applications to Google Play in mid-November. A large portion of these applications professed to offer Minecraft-related skins, maps, and additionally mods for the well-known game. Others offered skins for different games or advertised themes and wallpapers for Android devices. Utilizing those disguises, the entirety of the applications figured out how to pull in excess of 100,000 individuals before Avast found them. Five of them flaunted more than 1,000,000 downloads. 

Associations can help safeguard their clients against fleeceware applications, for example, by utilizing Mobile Device Management (MDM) to restrict the functionality of applications introduced on corporately owned cell phones. They can likewise utilize ongoing security awareness training and incorporate a list of permitted mobile applications and market places that employees can use on their cell phones.

Hackers abuse Sophos Firewall Zero Day Vulnerability


Sophos, a UK cybersecurity company famous for its anti-virus products has released an emergency security update this Saturday to combat a Zero-Day vulnerability exploited by hackers in its XG enterprise firewall product.


They became aware of the vulnerability on Wednesday after one of their customers reported "a suspicious field value visible in the management interface." And they released an update containing the patch for the vulnerability.

The Vulnerability- SQL INJECTION BUG

"The attack used a previously unknown SQL injection vulnerability to gain access to exposed XG devices," Sophos said.

The miscreant hackers attacked Sophos XG Firewall devices whose administration or user portal control panel were exposed on the internet. The hackers used the SQL Injection Vulnerability in XG firewall devices and downloaded a play-load on the device to steal data like passwords and usernames for the firewall device admin, portal admins, and user accounts for remote access, the firewall's license and serial number.

Sophos says that during its investigation, it did not find any proof that the hackers accessed anything beyond the firewall as well as no devices were accessed by the malware. They named the malware Asnarok.

 Patches already updated in user devices 

The company already pushed the patches in an automatic update in all XG Firewall devices that had the auto-update feature enabled. "This hotfix eliminated the SQL injection vulnerability which prevented further exploitation, stopped the XG Firewall from accessing any attacker infrastructure, and cleaned up any remnants from the attack," it said. The update also shows a message to the user if their device was compromised or not in their Firewall control panel.

Sophos recommends some steps to take for the companies who had their device hacked mainly focused on resetting passwords and reboots:


  1.   Reset portal and device administrator accounts.
  2.   Reboot the infected firewall device. 
  3.   Reset all passwords of user accounts.


"Sophos also recommends that companies disable the firewall's administration interfaces on the internet-facing ports if they don't need the feature", writes zdnet.