Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Android App. Show all posts
Security Flaws
Android Android App Android App Safety Android Applications Android Apps Cyber Security Microsoft Security flaw Security Flaws

Microsoft Uncovers Major Security Flaw in Android Apps with Billions of Downloads

 

Microsoft recently made a troubling discovery regarding the security of numerous Android applications, including some of the most widely used ones, each boasting over 500 million installations. After uncovering a common security weakness, Microsoft promptly notified Google's Android security research team, prompting Google to release new guidance aimed at helping Android app developers identify and rectify the issue. 
 
Among the applications found to be vulnerable were Xiaomi Inc.'s File Manager, boasting over 1 billion installations, and WPS Office, with around 500 million downloads. Although Microsoft confirms that the vendors of these products have since addressed the issue, they caution that there may be other apps out there still susceptible to exploitation due to the same security flaw. 
 
The vulnerability in question pertains to Android applications that share files with other apps. To enable secure sharing, Android employs a feature known as "content provider," which essentially serves as an interface for managing and exposing an app's data to other installed applications on the device. 
 
However, Microsoft's research uncovered a significant oversight in many cases: when an Android app receives a file from another app, it often fails to adequately validate the content. Particularly concerning is the practice of using the filename provided by the sending application to cache the received file within the receiving application's internal data directory. This oversight creates an opportunity for attackers to exploit the system by sending a file with a malicious filename directly to a receiving app, without the user's knowledge or consent. 
 
Typical targets for such file sharing include email clients, messaging apps, networking apps, browsers, and file editors. If a malicious filename is received, the receiving app may unwittingly initialize the file, triggering processes that could lead to compromise. 
 
The potential consequences vary depending on the specific implementation of the Android application. In some scenarios, attackers could exploit the vulnerability to overwrite an app's settings, leading to unauthorized communication with attacker-controlled servers or the theft of user authentication tokens and other sensitive data. In more severe cases, attackers could inject malicious code into a receiving app's native library, enabling arbitrary code execution. 
 
Microsoft and Google have both offered guidance to developers on how to address this issue, emphasizing the importance of validating file content and ensuring the secure handling of shared files. Meanwhile, end users can mitigate the risk by keeping their Android apps up to date and exercising caution when installing apps from sources they trust.
Read more »
VPN Apps
Android App Data Safety Mobile Security Security Badge User Privacy VPN Apps

Google to Label Android VPNs Clearing a Security Audit

 

Google hopes that better badging alerting to independent audits will help Android users in finding more trustworthy VPN apps.

The ad giant and cloud provider has given independently audited apps in its Play store a more visible display of their security credentials, particularly a banner atop their Google Play page. 

According to Nataliya Stanetsky of Google's Android Security and Privacy Team, in an announcement, VPN apps are the first to receive this special treatment since they manage a sizable quantity of classified data. Therefore, miscreants frequently target them for subversion.

"When a user searches for VPN apps, they will now see a banner at the top of Google Play that educates them about the 'Independent security review' badge in the Data Safety Section," explained Stanetsky.

Google and the App Defence Alliance (ADA) expanded their partnership last year to incorporate the Mobile App Security Assessment (MASA), which verifies the Android apps comply with OWASP-defined security standards. The ADA was founded in 2019. 

The audit isn't very comprehensive. As the ADA's website states, "MASA is intended to provide more transparency into the app's security architecture, however the limited nature of testing does not guarantee complete safety of the application."

Additionally, MASA does not always verify the safety claims made by app developers, according to the ADA. The alliance's MASA endorsement is significant, even though it is understandable that it doesn't want to be held accountable if it overlooks something and an information-stealing app gets through. 

Among its many checks, MASA looks for apparent bad practices, such as whether sensitive data is written to application log files and whether the application reuses cryptographic keys for multiple purposes. Even though it's not safe to say that apps are guaranteed to be secure, it's safe to say that you're better off with those that avoid such mistakes. 

If MASA fails, there are backup security measures available in the Android ecosystem. As Google proudly declares, when your gibberish translator is offline, it attempts to defend against PHAs and MUwS, or potentially malicious applications and unwanted software. It accomplishes this by collecting information about malicious apps, using machine learning and other techniques, performing static and dynamic risk analyses, and more.
Read more »
Private Data
Android App Android games Cyber Security Data Privacy Google Google Play Store Malicious Android Apps McAfee Phishing Attacks Private Data

Google Removes 22 Malicious Android Apps Exposed by McAfee

Google recently took action against 22 apps that are available on the Google Play Store, which has alarmed Android users. These apps, which have been downloaded over 2.5 million times in total, have been discovered to engage in harmful behavior that compromises users' privacy and severely drains their phone's battery. This disclosure, made by cybersecurity company McAfee, sheds light on the hidden threats that might be present in otherwise innocent programs.

These apps allegedly consumed an inordinate amount of battery life and decreased device performance while secretly running in the background. Users were enticed to install the programs by the way they disguised themselves as various utilities, photo editors, and games. Their genuine intentions, however, were anything but harmless.

Several well-known programs, like 'Photo Blur Studio,' 'Super Smart Cleaner,' and 'Magic Cut Out,' are on the list of prohibited applications. These applications took use of background processes to carry out tasks including sending unwanted adverts, following users without their permission, and even possibly stealing private data. This instance emphasizes the need for caution while downloading apps, especially from sites that might seem reliable, like the Google Play Store.

Google's swift response to remove these malicious apps demonstrates its commitment to ensuring the security and privacy of its users. However, this incident also emphasizes the ongoing challenges faced by app marketplaces in identifying and preventing such threats. While Google employs various security measures to vet apps before they are listed, some malicious software can still evade detection, slipping through the cracks.

As a precautionary measure, users are strongly advised to review the apps currently installed on their Android devices and uninstall any that match the names on the list provided by McAfee. Regularly checking app permissions and reviews can also provide insights into potential privacy concerns.

The convenience of app stores shouldn't take precedence over the necessity of cautious and educated downloading, as this instance offers as a sharp reminder. Users must actively participate in securing their digital life as fraudsters become more skilled. A secure and reliable digital environment will depend on public understanding of cybersecurity issues as well as ongoing efforts from internet behemoths like Google.

Read more »
WhatsApp
2FA Android App Bogus Apps Data Breach Pre-installed apps Signal User Data Leak User Privacy WhatsApp

Fake Android App Enables Hackers to Steal Signal and WhatsApp User Data

Cybercriminals have recently developed a highly sophisticated approach to breach the security of both WhatsApp and Signal users, which is concerning. By using a phony Android conversation app, cybercriminals have been able to obtain user information from gullible individuals. There are significant worries regarding the vulnerability of widely used messaging services in light of this new threat.

Cybersecurity experts have reported that hackers have been exploiting a spoof Android messaging software to obtain users' personal information without authorization, specifically from Signal and WhatsApp users. With its slick layout and promises of improved functionality, the malicious app lures users in, only to stealthily collect their personal information.

Using a traditional bait-and-switch technique, the phony software fools users into thinking they are utilizing a reliable chat service while secretly collecting their personal data. According to reports, the software misuses the required rights that users are requested to provide during installation, giving it access to media files, contacts, messages, and other app-related data.

Professionals in cybersecurity have remarked that this technique highlights the growing cunning of cybercriminals in taking advantage of consumers' trust and the weaknesses in mobile app ecosystems. It is emphasized that consumers should exercise caution even when they download programs from official app stores because harmful apps can occasionally evade detection due to evolving evasion strategies.

Researchers studying security issues advise consumers to protect their data right away by taking preventative measures. It is advised to carefully examine user reviews and ratings, confirm the app's permissions before installing, and exercise caution when dealing with unapproved sources. Moreover, setting two-factor authentication (2FA) on messaging apps can provide an additional degree of security against unwanted access.

Signal and WhatsApp have reaffirmed their commitment to user privacy and security in response to this new threat. Users are encouraged to report any suspicious behavior and to remain alert. The event serves as a reminder that users and platform providers alike share responsibility for cybersecurity.

Dr. Emily Carter, a cybersecurity specialist, has stressed that a proactive approach to digital security is crucial in light of the hackers' increasing strategies. Users must be aware of potential risks and exercise caution when interacting with third-party apps, particularly those that request an excessive amount of permissions."

The necessity for ongoing caution in the digital sphere is highlighted by the recent usage of a phony Android chat app to steal user data from Signal and WhatsApp. To avoid becoming a victim of these nefarious actions, consumers need to stay informed and take precautions as hackers continue to improve their techniques. People can contribute to the creation of a safer online environment by keeping up with the most recent cybersecurity trends and best practices.

Read more »
Windows 11
Android App App vulnerability Authentication Keys Malicious actor Privacy USB User Privacy Windows 11

Microsoft Launches New Privacy Features for Windows 11

 

Microsoft is developing a new privacy dashboard to patch its vulnerabilities for Windows 11 that will allow users to view which apps and tools have access to sensitive hardware components such as the camera, microphone, location, phone calls, messages, and screenshots. It's included in one of June Windows 11 Preview Builds and now is ready for testing in the Dev Channel for Windows Insiders.

Users will be able to view the newly implemented tool in the Privacy & Security > App Permissions section, where a "Recent activity" option will be available, as per Microsoft. Users will be able to locate the monitored category of information in this section. "Once clicked, it will show every instance of one of the programs installed on a user's machine that has recently accessed sensitive devices and information," says the next step. Even though the list contains information about the most recent time the program accessed the service, clicking on any of the entries yields no additional information.

Several users would be able to proactively protect themselves from ransomware and phishing attacks that are unwittingly deployed by malicious actors due to this additional layer of privacy. Malware or malicious software may obtain access to a user's privacy in some cases via spying on its camera or microphone, or by reading file paths, process IDs, or process names.

If Windows Hello is turned off, your PC will be unable to access your camera. Some apps use the Camera app to capture pictures, by the Camera app's camera access setting. No images will be taken and sent to the app that accessed them unless you manually select the capture button in the Camera app.

Desktop apps can be downloaded from the internet, stored on a USB drive, or installed by your IT administrator. Microsoft has not yet officially launched this new privacy option, according to its Windows Insider Blog. This information comes from Microsoft's Vice President of Enterprise and OS Security, David Weston, in a tweet on Thursday. 

Windows has never had a privacy feature as useful as this, but it appears that Microsoft is working to strengthen the operating system's privacy controls. With Android version 12, Google provided a similar capability, although its execution is far from satisfactory.
Read more »
User Data
Android App Android Users Huawei Mallicious Apps Mobile Security Spyware User Data

Huawei's App Gallery Hosted Malicious Apps Installed by 9M+ Android Users

 

Around 9.3 million Android devices have been infected with a new type of malware that masquerades as dozens of arcade, shooter, and strategy games on Huawei's AppGallery marketplace in order to gather device information and victims' phone numbers. 

Researchers from Doctor Web discovered the mobile campaign and categorized the trojan as "Android.Cynos.7.origin," simply because it is a modified variant of the Cynos malware. Some of the 190 rogue games discovered were made for Russian-speaking players, while others were made for Chinese or worldwide audiences. 

The applications requested the victims for permission to make and control phone calls once they were installed and then utilized to access and capture their phone numbers as well as other device data including geolocation, mobile network characteristics, and system metadata. 

All of these harmful games are primarily geared at children, who are easy targets for having all of their permissions activated. Huawei has currently uninstalled all of the vulnerable games from its AppGallery app store. If users have a Huawei smartphone and aren't sure if they're infected or not, some of the malicious apps are mentioned below: 
  • “[Команда должна убить боеголовку]” with more than 8000 installs. 
  • “Cat game room” with more than 427000 installs. 
  • “Drive school simulator” with more than 142000 installs. 
  • “[快点躲起来]” with more than 2000000 installs 
Furthermore, the Doctor Web malware analysts have previously warned Huawei about these harmful apps. Doctor Web researchers stated, "At first glance, a mobile phone number leak may seem like an insignificant problem. Yet in reality, it can seriously harm users, especially given the fact that children are the games' main target audience." 

"Even if the mobile phone number is registered to an adult, downloading a child's game may highly likely indicate that the child is the one who actually uses the mobile phone. It is very doubtful that parents would want the above data about the phone to be transferred not only to unknown foreign servers, but to anyone else in general."
Read more »
Tax refunds
Android App Financial Credentials malware Sensitive data Tax refunds

Drinik Malware is Fooling Users to Give in their Mobile Banking Details

 

There's a new malware, and it's wreaking havoc on Android users. Drinik is a malware that steals vital data and financial credentials from a smartphone user. CERT-In, the Indian Computer Emergency Response Team, has issued a warning to many banks. Customers of 27 public and private banks in the country have been hit by the malware so far. 

The Drinik malware is presently imitating an Income Tax Department application, and after a user has been duped into downloading it, it collects all sensitive data. Not only that, but the malware also forces the user to complete a transaction, after which it crashes and displays a bogus warning. In the meantime, it gathers all of the essential information from the user.

In 2016, the Drinik malware was apparently utilised as a primitive SMS hacker. CERT-In, on the other hand, speculated that it had lately morphed into a banking Trojan aimed at Indian customers. Victims receive an SMS message with a link to the phishing site, according to the details mentioned in the CERT-In advisory. It then requests some personal information before downloading the application. 

The malicious Android application imitates a legitimate version of the Income Tax Department's solution for generating tax refunds. According to the advisory, it asks for authorization to view SMS messages, phone records, and contacts, as well as a refund application form that requests information like as full name, PAN, Aadhaar number, address, and date of birth. 

Following that, all sensitive banking information such as account number, IFSC code, CIF number, debit card number, expiration date, CVV, and PIN is requested. According to the attackers, these details will be utilised to help generate tax refunds that will be transferred directly to the user's account. In actuality, the agency observes that when a user touches the app's "Transfer" button, it displays an error and displays a bogus update screen. This aids the attacker in running a Trojan in the background that shares user information such as SMS messages and call logs. 

The attackers are able to construct a bank-specific mobile banking screen using the quietly obtained details in order to persuade the victim to input their mobile banking credentials. According to the CERT-In, these are then exploited to commit financial fraud. 

Banking consumers are advised to download apps directly from official app stores such as Google Play. Furthermore, the government agency advises people not to visit untrustworthy websites or click on untrustworthy links.
Read more »
Zero-Day Bug
Android App Signal Vulnerabilities and Exploits Zero-Day Bug

Signal Patches Zero-Day Bug in its Android App

 

Signal has patched a critical flaw in its Android app that, in some circumstances, sent random unintended images to contacts without an obvious explanation. 

The flaw was first reported in December 2020 by Rob Connolly on the app's GitHub page. Despite being known for months, Signal has fixed the bug only recently. While the team faced a backlash over this delay, Greyson Parrelli, Signal’s Android developer confirmed fixing the bug recently. As per his response on the same GitHub thread, Signal has patched the flaw with the release of the Signal Android app version 5.17. 

When a user sends an image via the Signal Android app to one of his contacts, the contact would occasionally receive not just the selected image, but additionally a few random, unintended images, that the sender had never sent out, Connolly explained. 

“Standard conversation between two users (let’s call them party A and party B). Party A shares a gif (from built-in gif search). Party B receives the gif, but also some other images, which appear to be from another user (party A has searched their phone and does not remember the images in question). Best case the images are from another contact of B and messages got crossed, worst case they are from an unknown party, who's [sic] data has now been leaked,” Connolly told while describing the flaw. 

At this time, the flaw seems to have only impacted the Android version of the app. Signal Android app users should update to the latest version of the app, available on the Google Play store, researchers advised.

Last year in May 2020, cybersecurity researchers at Tenable discovered a flaw in the secure messaging app Signal which allowed threat actors to track user’s locations. Threat actors can track user’s movements just by calling their Signal number — whether or not the user had his contact information. This could be a big problem for victims of stalking, or for activists and journalists who are trying to avoid government or law enforcement detection to leak information or act in a whistleblower capacity, researcher David Wells wrote.

“That feature is not well advertised, and it’s interesting that someone could disclose your location if they’re your contact. Let’s say I have a burner phone and I just ring your phone, and I do it so quickly that all you see is a missed call from some number. Usually, it’ll be somewhat near you. So, I can force that DNS server [near you] to talk to me. By getting that information, I know what DNS server you’re using and I can determine your general location,” Wells explained.
Read more »
Subscribe to: Posts (Atom)