Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Android Apps. Show all posts
Private Data
Android Apps Android Spyware Data Breach data security Data Theft Lookout Malicious Apps Private Data

Italian Spyware Firm SIO Linked to Malicious Android Apps Targeting WhatsApp Users

 

SIO, an Italian spyware company known for selling surveillance tools to government agencies, has been linked to a series of malicious Android apps designed to mimic WhatsApp and other popular services while secretly stealing private data, TechCrunch has revealed. Late last year, a security researcher provided TechCrunch with three Android apps, alleging they were government spyware used in Italy. 

Upon investigation, Google and cybersecurity firm Lookout confirmed that these apps were indeed spyware. This discovery highlights the expanding landscape of government surveillance, with numerous companies employing varied methods to target individuals. Italy is already embroiled in a separate spyware scandal involving Israeli firm Paragon, whose sophisticated surveillance tool allegedly targeted journalists and NGO founders. 

In contrast, the SIO-linked spyware campaign relied on a more straightforward approach—disguising malicious Android apps as well-known communication and customer service applications. Lookout researchers identified the malware as Spyrtacus, a spyware capable of stealing text messages, chats from WhatsApp, Signal, and Facebook Messenger, recording calls, capturing ambient audio and camera images, and extracting contact information. 

Their analysis confirmed that SIO was responsible for creating and distributing Spyrtacus, with samples dating back to 2019. Some variants impersonated apps from Italian telecom providers TIM, Vodafone, and WINDTRE. Google stated that none of the infected apps were available on the Play Store, asserting that Android security measures have protected users from this malware since 2022. 

However, a 2024 Kaspersky report suggested that earlier versions of Spyrtacus were distributed via Google Play in 2018 before shifting to fake websites mimicking major Italian internet providers. Italy has a long history of government spyware development, with companies such as Hacking Team, Cy4Gate, and RCS Lab selling surveillance tools to international law enforcement agencies. Spyrtacus is the latest example of this trend, with Lookout identifying command-and-control servers registered to ASIGINT, an SIO subsidiary specializing in wiretapping software. 

The SIO, Italian government and the Ministry of Justice have reportedly declined to comment. Lookout has also discovered references to Naples in the malware’s source code, suggesting a possible connection to developers from the region. 
Read more »
Security Flaws
Android Android App Android App Safety Android Applications Android Apps Cyber Security Microsoft Security flaw Security Flaws

Microsoft Uncovers Major Security Flaw in Android Apps with Billions of Downloads

 

Microsoft recently made a troubling discovery regarding the security of numerous Android applications, including some of the most widely used ones, each boasting over 500 million installations. After uncovering a common security weakness, Microsoft promptly notified Google's Android security research team, prompting Google to release new guidance aimed at helping Android app developers identify and rectify the issue. 
 
Among the applications found to be vulnerable were Xiaomi Inc.'s File Manager, boasting over 1 billion installations, and WPS Office, with around 500 million downloads. Although Microsoft confirms that the vendors of these products have since addressed the issue, they caution that there may be other apps out there still susceptible to exploitation due to the same security flaw. 
 
The vulnerability in question pertains to Android applications that share files with other apps. To enable secure sharing, Android employs a feature known as "content provider," which essentially serves as an interface for managing and exposing an app's data to other installed applications on the device. 
 
However, Microsoft's research uncovered a significant oversight in many cases: when an Android app receives a file from another app, it often fails to adequately validate the content. Particularly concerning is the practice of using the filename provided by the sending application to cache the received file within the receiving application's internal data directory. This oversight creates an opportunity for attackers to exploit the system by sending a file with a malicious filename directly to a receiving app, without the user's knowledge or consent. 
 
Typical targets for such file sharing include email clients, messaging apps, networking apps, browsers, and file editors. If a malicious filename is received, the receiving app may unwittingly initialize the file, triggering processes that could lead to compromise. 
 
The potential consequences vary depending on the specific implementation of the Android application. In some scenarios, attackers could exploit the vulnerability to overwrite an app's settings, leading to unauthorized communication with attacker-controlled servers or the theft of user authentication tokens and other sensitive data. In more severe cases, attackers could inject malicious code into a receiving app's native library, enabling arbitrary code execution. 
 
Microsoft and Google have both offered guidance to developers on how to address this issue, emphasizing the importance of validating file content and ensuring the secure handling of shared files. Meanwhile, end users can mitigate the risk by keeping their Android apps up to date and exercising caution when installing apps from sources they trust.
Read more »
User Data
Android Apps Cyber Security Data collection Google Playstore Kaspersky User Data

Unused Apps Could Still be Tracking and Collecting User’s Data


While almost everyone in this era is glued to their smartphones for long hours, there still remain several mysteries about the device that are not actively being deduced by the users. So how does one begin to know their phones?

Most of the users are still unaware that even when the apps are not in use, the phone can still track and collect data without them being aware. Fortunately, there is a solution to prevent this from happening.

One may have ten, twenty or even thirty apps on their phones, and there is a possibility that many of these apps remain unused. 

In regards to this, the cybersecurity giant – Kaspersky – warned that apps on a user’s phone that are not being used could still be collecting data about the device owner even if they are not using it.

A recently published memo from the company urged users to delete their old apps, stating: "You probably have apps on your smartphone that you haven't used in over a year. Or maybe even ones you've never opened at all. Not only do they take up your device's memory, but they can also slowly consume internet traffic and battery power."

The security memo continued: "And, most importantly, they clog up your interface and may continue to collect data about your smartphone - and you."

While spring cleaning the phones might not be on the priority list of people, it does not take away its significance. In case a user is concerned about ‘over-sharing’ their data, Kaspersky has shared a ‘one-day rule’ to ease the task of removing unused apps on phones. 

According to the experts, following the practice of merely uninstalling one useless app each day will greatly increase phone performance and free up storage space. By doing this, users will be able to control how their data is used and prevent data harvesting.

To delete an app on the iPhone, users need to find the app on the home screen, touch and hold down the icon and tap “Remove app.” Android users, they need to go to the Google Play store, tap the profile icon in the top right, followed by Manage Apps and Devices > Manage. Tap the name of the app they want to delete and click to uninstall.

Users can still disable pre-installed apps on their phones to prevent them from operating in the background and taking up unnecessary space on the screen, even if they cannot be fully removed from the device.  

Read more »
Youtube
Android Android Apps Android OS CyberCrime Cybersecurity Data Usage Restricting app data usage Technology Youtube

Taming Your Android: A Step-Step Guide to Restricting Background App Data

 


It is no secret that Android smartphones are the most popular devices among the young generation because of their ability to give you unlimited possibilities. It is unfortunate that beneath the chic surface of this device lurks an elusive piece of software that is capable of devouring tons of data. As they sneakily gnaw away at user's valuable data, leaving them in the dark as to where it all goes, they stealthily nibble and eat until they disappear. 

Certainly, smartphone users can enjoy a delightful experience with their mobile apps as a result of their rich variety of features. In addition, there are hundreds of types of software, ranging from games to photo editors to video editors to messengers on social media, to educational apps, to music players, to gaming apps, and many others. 

Users will need an Internet connection for most of these apps to give them the best experience, so they must use that data wisely. There is no doubt that data costs can add up quickly when users have several such apps on their devices since the software consumes a large amount of internet data as it runs. 

The best method for solving this problem is to limit how much data can be used by a specific app to make a difference. A method of resolving this problem is to set a restriction on the amount of data that is used by certain apps to prevent data overload. 

Despite Android devices being incredibly versatile and capable of handling a wide variety of tasks, they have the potential to drain user's data plans quite quickly, which is a big problem. The best way to minimize the amount of data they are using is to limit their background data consumption. Even when users are not actively using the app, some apps tend to snare up lots of data regularly. 

The good news is that Android provides a means of stopping any app from using data in the background, so you should not be concerned. It may well be possible to simplify the process and increase your options through the use of third-party apps. 

Depending on the app, some settings are also available that allow you to limit how much data is used, including those that exchange media. By deactivating data-consuming actions like media auto-downloads on WhatsApp, for example, users can reduce the use of their data on the app.

To prevent apps from using user's data in the background when their cell phone is turned off, they should turn off their wireless connection completely. Although this comes with some caveats, such as stopping all their apps from using data and not allowing them to be notified of background updates for the duration of the change, it does negate the cost of data. 

Limiting Background Data for All Applications There is a way users can extend the battery life of their Android devices by restricting background data on their devices. It should be noted that, when users prevent their device from downloading updates for apps, syncing with accounts, checking for new emails, and syncing with accounts, when backgrounds are set to off, the device will not update apps. 

In the end, perhaps one of the most important aspects of restricting background data is that it helps to control the amount of cellular data that is being used. A general rule of thumb is that limiting background data can help ensure that they do not exceed their monthly data allotment if they have a limited data plan. 

Using these steps, users can prevent other apps from accessing data on their Samsung, Google, OnePlus, or any other Android phone by blocking apps from accessing data. While the basic steps tend to be the same no matter which manufacturer your phone belongs to, be aware that the menus may differ based on the manufacturer. 

By swiping down from the top of the screen, users can access the settings of their devices. Once the settings icon is selected, tap it. 

To view data usage on the device, either go to Network & Internet > Data usage or Connections > Data usage, depending on how the user accesses the device. The top of that menu can be seen to display the amount of data the user has used during that session.

To find out how much data each app has been consuming recently, select the App or Mobile data usage option. On the list of most downloaded apps, there is often a preference for the apps that consume the most data. 

Choose the app that consumes the most data from the list. Users will be able to view data usage statistics for that application, including usage statistics for background apps. 

The amount of data that YouTube consumes alone may surprise them. To turn off cellular data consumption for a specific app, tap on the app and turn off the Allow background data usage option. 

Moreover, if allowing data usage is already disabled, then users should turn it off as well if they have not already done so. 

Whenever users' device's data saver is active, the app is not enabled and does not consume mobile data at the same time. Data Usage Warnings and Limits Setting a data warning and usage limit on their Android device can help users avoid costly overage fees. 

When they reach the data warning limit, their device will notify them that they are close to exceeding their data plan. If users continue to use data after reaching the limit, their device will automatically restrict their data usage. 

This means that they may not be able to access certain features, such as streaming video or music, until their next billing cycle.
Read more »
User Data
Android Apps Cyber Security Cyberattacks CyberCrime CyberThreat Google Play Store Pradeo User Data

Users' Data is Stolen Through 1.5 million Android Apps


As part of an effort to help users gain a better understanding of what data an app collects before downloading it, Google Play introduced "nutrition labels" with a privacy-focused focus last year. However, researchers have found a way to work around the system and steal user data. This is done by inserting a way to avoid the system. In an article released by Pradeo, a mobile cybersecurity company, cybersecurity analysts discovered two apps on Google Play. 

These apps threatened to send data from users' Android devices to malicious servers based in China as a result of spyware According to the firm, more than ten lakh users globally are affected by spyware-laden applications. According to it, the app's download pages claim it will not collect data about you. 

According to a report released by Google Play Store security analysts, two apps that appear to be file management apps but are spyware have been discovered. 1.5 million Android users risk compromised privacy and security due to this vulnerability. Hence, you must remove these apps as quickly as possible from the latest Android phones that boast some of the most impressive features. 

A leading mobile cybersecurity company, Pradeo, which offers mobile security products, announced this week that its smartphone security app, File Recovery & Data Recovery, has been flagged as malicious. As both apps are produced by the same developer, they are programmed to launch without requiring the user to do anything. Their servers in China quietly store sensitive user information securely sent to them.  

More than one million downloads of File Recovery & Data Recovery have occurred. In Pradeo's report, screenshots of their respective Play Store pages showed that about 500,000 people installed File Manager, based on screenshots taken from the PANDEO website. 

As outlined in their blog post, after analyzing both spyware apps, the researchers determined that both collected personal data from their targets. They sent it to many servers located mainly in China. These apps are considered malicious by the majority of users and are said to threaten their privacy and security, which is an essential point to note. 

Data that has been stolen includes the following:

  1. Contact information is collected by the apps via the device itself and connected accounts, such as email and social media accounts. 
  2. Aside from pictures and audio files, the apps also collect videos and pictures saved on your device. 
  3. By tracking the user's location, spyware can retrieve his or her current position. 
  4. The system collects the mobile country code, network provider name, and SIM code of the SIM provider. This is among other variables. 
  5. There is a capture of the operating system version number. This could potentially be exploited by vulnerabilities similar to those in the Pegasus spyware incident, if one exploited them. 
  6. Spyware can record the model and brand of the device it targets. 

Even though the apps may have a legitimate reason for gathering some of the information above to ensure smooth performance and compatibility with any updated devices. However, most of the information gathered is not required to manage files or recover data. Unfortunately, this company collects data secretly without the user's consent. 

Moreover, Pradeo has added that the home screen icons of the two apps are hidden, so it will be harder to find them and remove them from your device. It is also possible for them to misuse the permissions the user approved during installation. They can restart the device and launch it in the background without the user's knowledge. 

Pradeo speculates that the company used emulators or install farms to create a false impression of trustworthiness to increase its popularity within the game industry. This hypothesis is supported by the fact that there are few user reviews on the Play Store. This is compared to the reported number of users who wrote reviews about the application on the Play Store. 

There is always a recommendation to check user reviews before installing an application. This is done by paying attention to the permissions requested when installing the application, and only trusting applications created by reputable firms.

This whole incident serves as a stern reminder of the persistent cyber tug-of-war waged, with malicious actors constantly advancing their methods. Every user must exercise caution in this digital minefield, especially when downloading apps and navigating them. 

Do not forget to read the permissions of all apps before granting them access to the device as they will always ask for your permission. Further, your security software must be updated, and you should use a secure and complex password. Lastly, it is imperative to remain vigilant against phishing attempts and never click on suspicious links.

Read more »
Technology
Account deletion Android App Safety Android Apps Google New Policies Technology

Google Mandates Easy Account Deletion for Android Apps


Google is implementing a new data policy for Android apps that also includes a setting for account deletion to provide customers with more transparency and control over the data. 

The measure would compel app developers to provide users with in-app deletion options while also allowing them to manage app data online. 

"For apps that enable app account creation, developers will soon need to provide an option to initiate account and data deletion from within the app and online," says Bethel Otuteye, senior director of product management for Android App Safety. "This web requirement, which you will link in your Data safety form, is especially important so that a user can request account and data deletion without having to reinstall an app." 

The goal, for the developers, is to provide users with an in-app path and web link resource requesting app account deletion and associated data. App developers must delete any data related to a particular account whenever users submit such a request. 

In addition to this, users will be provided with certain alternatives to selectively delete only portions of the data, such as activity history, images, or videos, instead of completely deleting their accounts. 

The decision was made as lawmakers and privacy groups intensified their scrutiny of Apple, Google, and mobile app developers due to concerns that they were profiling, gathering personal user data, and tracking mobile phone users without consent. 

On June 30, 2022, Apple imposed a similar policy for app makers on its App Store. Apple, unlike Google, does not enforce a web-based alternative for users to remove their accounts; instead, it merely needs developers to provide an in-app path for account deletion. 

The announcement by Google on Thursday of related measures to prevent financial loan application apps from accessing mobile phone images, videos, contacts, geolocation information, and call logs aligns with Otuteye's tweet. On May 31, 2023, that regulation came into force. 

Changes May Take Time 

The policy will be enforced globally with a new set of rules from early 2024, Otuteye said. The first step, she says, will require developers to fill out a data deletion form provided by Google by December 7. The developer appeals for more time and can extend the deadline to May 31, 2024. As for now, Google only requires app developers to provide users with the option to request their data deletion.   

Read more »
Privacy
Android Apps Data Privacy Section Data Safety Form Google Google Play Google Play Store Mozilla Mozilla Research Privacy

Mozilla Research Lashes Out Google Over ‘Misleading’ Privacy Labels on Leading Android Apps


An investigation, conducted by the Mozilla Foundation, into the data safety labels and privacy policy on the Google Play Store has exposed some severe loopholes that enable apps like Twitter, TikTok, and Facebook to give inaccurate or misleading information about how user data is shared. 

The study was conducted between the 40 most downloaded Android apps, out of which 20 were free apps and 20 were paid, on Google Play and found that nearly 80% of these apps disclose misleading or false information. 

The following findings were made by the Mozilla researchers: 

  • 16 of these 40 apps including Facebook and Minecraft, had significant discrepancies in their data safety forms and privacy policies. 
  • 15 apps received the intermediate rating, i.e. “Need Improvement” indicating some inconsistencies between the privacy policies and the Data Safety Form. YouTube, Google Maps, Gmail, Twitter, WhatsApp Messenger, and Instagram are some of these applications. 
  • Only six of these 40 apps were granted the “OK” grade. These apps included Candy Crush Saga, Google Play Games, Subway Surfers, Stickman Legends Offline Games, Power Amp Full Version Unlocker, and League of Stickman: 2020 Ninja. 

Google’s Data Privacy Section 

Google apparently launched its data privacy section for the Play Store last year. This section was introduced in an attempt to provide a “complete and accurate declaration” for information gathered by their apps by filling out the Google Data Safety Form. 

Due to certain vulnerabilities in the safety form's honor-based system, such as ambiguous definitions for "collection" and "sharing," and the failure to require apps to report data shared with "service providers," Mozilla claims that these self-reported privacy labels may not accurately reflect what user data is actually being collected. 

In regards to Google’s Data Safety labels, Jen Caltrider, project lead at Mozilla says “Consumers care about privacy and want to make smart decisions when they download apps. Google’s Data Safety labels are supposed to help them do that[…]Unfortunately, they don’t. Instead, I’m worried they do more harm than good.” 

In one instance in the report, Mozilla notes that TikTok and Twitter both confirm that they do not share any user data with the third parties in their Data Safety Forms, despite stating that the data is shared with the third parties in their respective privacy policies. “When I see Data Safety labels stating that apps like Twitter or TikTok don’t share data with third parties it makes me angry because it is completely untrue. Of course, Twitter and TikTok share data with third parties[…]Consumers deserve better. Google must do better,” says Caltrider. 

In response to the claim, Google has been dismissing Mozilla’s study by deeming its grading system inefficient. “This report conflates company-wide privacy policies that are meant to cover a variety of products and services with individual Data safety labels, which inform users about the data that a specific app collects[…]The arbitrary grades Mozilla Foundation assigned to apps are not a helpful measure of the safety or accuracy of labels given the flawed methodology and lack of substantiating information,” says a Google spokesperson. 

Apple, on the other hand, has also been criticized for its developer-submitted privacy labels. The 2021 report from The Washington Post indicates that several iOS apps similarly disclose misleading information, along with several other apps falsely claiming that they did not collect, share, or track user data. 

To address these issues, Mozilla suggests that both Apple and Google adopt an overall, standardized data privacy system across all of their platforms. Mozilla also urges that major tech firms shoulder more responsibility and take enforcement action against apps that fail to give accurate information about data sharing. “Google Play Store’s misleading Data Safety labels give users a false sense of security[…]It’s time we have honest data safety labels to help us better protect our privacy,” says Caltrider.  

Read more »
Spyware
Android Android Apps Apps Banking Malware malware SpyNote Spyware

SpyNote Strikes: Android Spyware Targets Financial Establishments

 

Since at least October 2022, financial institutions have been targeted by a new version of Android malware called SpyNote, which combines spyware and banking trojan characteristics. 

"The reason behind this increase is that the developer of the spyware, who was previously selling it to other actors, made the source code public," ThreatFabric said in a report shared with The Hacker News. "This has helped other actors [in] developing and distributing the spyware, often also targeting banking institutions."

Deutsche Bank, HSBC U.K., Kotak Mahindra Bank, and Nubank are among the notable institutions impersonated by the malware. SpyNote (aka SpyMax) is feature-rich and comes with a slew of capabilities, including the ability to instal arbitrary apps, collect SMS messages, calls, videos, and audio recordings, track GPS locations, and even thwart attempts to uninstall the app. 

It also mimics the behaviour of other banking malware by requesting access to services to extract two-factor authentication (2FA) codes from Google Authenticator and record keystrokes to steal banking credentials.

SpyNote also includes features for stealing Facebook and Gmail passwords and capturing screen content via Android's MediaProjection API.

According to the Dutch security firm, the most recent SpyNote variant (dubbed SpyNote.C) is the first to target banking apps as well as other well-known apps such as Facebook and WhatsApp.

It's also known to pose as the official Google Play Store service and other generic applications ranging from wallpapers to productivity and gaming. The following is a list of some of the SpyNote artefacts, which are mostly delivered via smishing attacks:
  • Bank of America Confirmation (yps.eton.application)
  • BurlaNubank (com.appser.verapp)
  • Conversations_ (com.appser.verapp )
  • Current Activity (com.willme.topactivity)
  • Deutsche Bank Mobile (com.reporting.efficiency)
  • HSBC UK Mobile Banking (com.employ.mb)
  • Kotak Bank (splash.app.main)
  • Virtual SimCard (cobi0jbpm.apvy8vjjvpser.verapchvvhbjbjq)
SpyNote.C is approximated to have been bought by 87 different customers between August 2021 and October 2022 after its developer advertised it through a Telegram channel under the name CypherRat.

Nevertheless, the open-source availability of CypherRat in October 2022 has resulted in a significant rise in the number of samples detected in the wild, implying that several criminal groups are using the malware in their own campaigns.

ThreatFabric also stated that the original author has since begun work on a new spyware project codenamed CraxsRat, which will be available as a paid application with similar features.

"This development is not as common within the Android spyware ecosystem, but is extremely dangerous and shows the potential start of a new trend, which will see a gradual disappearance of the distinction between spyware and banking malware, due to the power that the abuse of accessibility services gives to criminals," the company said.

The revelations resulted after a group of researchers demonstrated EarSpy, a unique attack against Android devices that allows access to audio conversations, indoor locations, and touchscreen inputs by using the smartphones' built-in motion sensors and ear speakers as a side channel.

Read more »
Subscribe to: Posts (Atom)