Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Android. Show all posts
Security Flaws
Amnesty International Android Android Flaw Cyber Security Google Account Google Exploit Google security Security Flaws

Google Patches Android Zero-Day Flaws Used to Unlock Phones

 

Google recently addressed critical security flaws in Android that allowed authorities to unlock phones using forensic tools, according to a report by Amnesty International. The report, released on Friday, detailed three previously unknown vulnerabilities exploited by phone-unlocking company Cellebrite. Amnesty’s researchers discovered these flaws while investigating the hacking of a student protester’s phone in Serbia. Since the vulnerabilities were found in the core Linux USB kernel, they could have potentially affected over a billion Android devices. 

Zero-day vulnerabilities, which remain unknown to software and hardware makers until discovered, are particularly dangerous as they can be exploited without any existing patches. Amnesty first noticed traces of one such flaw in mid-2024. Later, while examining the phone of an activist in Serbia, the organization shared its findings with Google’s Threat Analysis Group. This led Google to identify and fix the three security loopholes. During its investigation, Amnesty found that Serbian authorities had used Cellebrite’s forensic tools to exploit a USB vulnerability, allowing them to bypass security measures and unlock the activist’s device. 

Amnesty had previously reported in December that Serbian officials had used similar tools to access the phones of both an activist and a journalist, later installing the Android spyware NoviSpy. Following these allegations, Cellebrite stated earlier this week that it had discontinued its services for its Serbian customers. A Cellebrite spokesperson, Victor Cooper, pointed to a company statement that acknowledged the Amnesty report. The statement emphasized that Cellebrite had reviewed the allegations from Amnesty’s December 2024 report and conducted an internal investigation. As a result, the company decided to halt the use of its products by the Serbian authorities. 

In January, Amnesty was contacted to analyze another case involving a youth activist who was arrested by Serbia’s Security Information Agency (BIA) late last year. According to the report, the circumstances of his arrest and the actions of BIA officers closely resembled previous incidents documented in Amnesty’s December findings. A forensic analysis of the activist’s device confirmed that Cellebrite’s tools had been used to unlock his Samsung A32 without consent or legal authorization.  

Amnesty condemned the use of Cellebrite’s technology against individuals engaging in peaceful protests and exercising their right to free expression, stating that such actions violate human rights laws. Bill Marczak, a senior researcher at Citizen Lab, advised activists, journalists, and civil society members to consider switching to iPhones, which may offer stronger protection against these types of exploits. Amnesty’s Security Lab head, Donncha Ó Cearbhaill, warned thatCellebrite’s widespread availability raises serious concerns, suggesting that the full extent of its misuse may still be unknown. 

Google has not yet responded to requests for comment regarding the issue.
Read more »
SparkCat
Android app removal Apple Breach Cyber Security Cybersecurity Data Google iOS malware SparkCat

Apple and Google Remove 20 Apps Infected with Data-Stealing Malware


Apple and Google have removed 20 apps from their respective app stores after cybersecurity researchers discovered that they had been infected with data-stealing malware for nearly a year.

According to Kaspersky, the malware, named SparkCat, has been active since March 2024. Researchers first detected it in a food delivery app used in the United Arab Emirates and Indonesia before uncovering its presence in 19 additional apps. Collectively, these infected apps had been downloaded over 242,000 times from Google Play Store.

The malware uses optical character recognition (OCR) technology to scan text displayed on a device’s screen. Researchers found that it targeted image galleries to identify keywords associated with cryptocurrency wallet recovery phrases in multiple languages, including English, Chinese, Japanese, and Korean. 

By capturing these recovery phrases, attackers could gain complete control over victims' wallets and steal their funds. Additionally, the malware could extract sensitive data from screenshots, such as messages and passwords.

Following Kaspersky’s report, Apple removed the infected apps from the App Store last week, and Google followed soon after.

Google spokesperson Ed Fernandez confirmed to TechCrunch: "All of the identified apps have been removed from Google Play, and the developers have been banned."

Google also assured that Android users were protected from known versions of this malware through its built-in Google Play Protect security system. Apple has not responded to requests for comment.

Despite the apps being taken down from official stores, Kaspersky spokesperson Rosemarie Gonzales revealed that the malware is still accessible through third-party websites and unauthorized app stores, posing a continued threat to users.
Read more »
Spyware
Amazon App Store Android BMI Calculator malware Spyware

Hackers are Employing Amazon Appstore to Propagate Malware

 

'BMI CalculationVsn' is a malicious Android spyware app that was identified on the Amazon Appstore. It poses as a simple health tool while covertly harvesting data from compromised devices. 

Cybersecurity researchers from McAfee Labs discovered the app and notified Amazon, which resulted in the app being taken down from the app store. To get rid of any remaining traces, those who installed the app must manually uninstall it and run an extensive scan.

Amazon Appstore is a third-party Android software store that is pre-installed on Amazon Fire tablets and Fire TV devices. It also serves as a substitute to Google Play for Android device owners who can't or don't want to use Google's platform, and it even includes exclusive Amazon Prime games and entertainment. The BMI CalculationVsn spyware program, released by 'PT Visionet Data Internasional,' is marketed as a simple body mass index (BMI) calculator. 

Modus operandi

The user is greeted by an easy-to-use interface when they launch the compromised app, which offers the advertised features, such as calculating their BMI. However, there are other malicious activities going on in the background.

When the user taps the 'Calculate' button, the app first starts a screen recording service that asks for the required approval. This can be misleading and mislead users into giving their permission without thinking. 

McAfee claims that although the footage is locally stored in an MP4 file, it was not uploaded to the command and control (C2) server. This is probably because the app is still in the early stages of testing. 

The researchers' further investigation into the app's release history revealed that it was originally made available in the wild on October 8. By the end of the month, it changed the certificate information, added new malicious functions, and modified its icon. 

In order to help the attackers plan their next move, the app's second malicious operation is to scan the device and retrieve all installed applications. Finally, the spyware intercepts and gathers SMS messages, including verification codes and one-time passwords (OTPs), that are received and stored on the device.

Given that malicious apps can still escape through code review cracks in respectable and generally trustworthy stores like the Amazon Appstore, Android users should only install apps from reputable publishers. 

It is also advisable to review requested permissions and revoke problematic ones after installation. Google Play Protect can detect and block known malware detected by App Security Alliance partners such as McAfee, thus having it enabled on Android devices is critical.
Read more »
Salt Typhoon
Android Apple FBI iMessage Privacy RCS Salt Typhoon

FBI Warns of Security Risks in RCS Messaging

 

The FBI has issued a warning to Apple and Android device users regarding potential vulnerabilities in Rich Communication Services (RCS). While RCS was designed to replace traditional SMS with enhanced features, a critical security flaw has made it a risky option for messaging. Currently, RCS messages exchanged between Apple and Android devices lack end-to-end encryption, exposing users to potential cyber threats.

Why RCS Messaging is Problematic

Apple introduced RCS support to its iMessage app with iOS 18 to facilitate seamless communication between iPhone and Android users. However, unlike secure messaging apps like Signal or WhatsApp, RCS lacks end-to-end encryption for messages exchanged across these platforms. This absence of encryption leaves sensitive information vulnerable to interception by unauthorized individuals, including hackers and rogue actors.

The FBI’s warning follows a significant breach known as the Salt Typhoon attack, which targeted major U.S. telecommunications carriers. This breach highlighted the vulnerabilities in unencrypted messaging systems. In response, both the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have recommended using secure messaging platforms to mitigate such risks.

The GSMA, which oversees RCS technology, is actively working to implement end-to-end encryption for RCS messages. While progress has been made through industry collaboration, no specific timeline has been provided for the rollout of these crucial security updates.

Secure Alternatives for Messaging

Until RCS achieves full encryption, users are advised to switch to secure messaging apps that offer robust end-to-end encryption. Popular options include:

  • WhatsApp: Provides end-to-end encryption for text, voice, and video communications.
  • Signal: Known for its focus on privacy and strong encryption standards.
  • Telegram: Offers encrypted messaging with additional privacy features like Secret Chats.

In related news, Apple users are urged to update their devices to iOS 18.2 to address a critical vulnerability in the Apple Password app. This flaw could potentially expose sensitive user information, making the update essential for enhanced security.

While the integration of RCS messaging aims to enhance cross-platform communication, the current lack of encryption poses significant risks. As the industry works toward resolving these vulnerabilities, users are encouraged to rely on secure messaging apps and keep their devices updated with the latest security patches. Taking proactive steps and making informed decisions remain vital for ensuring safety in the digital landscape.

Read more »
Technology
Android Cyberattacks CyberCrime Cyberhackers Cybersecurity Cyberthreats Google GPS Technology

Improving GPS Technology with Insights from Android Phones

 


The effect of navigation apps drifting off course may be caused by a region 50-200 miles overhead called the ionosphere, which is a region of the Earth’s atmosphere that is responsible for such drifts. There are various levels of free electrons in this layer that, under certain conditions, can be extremely concentrated, thereby slowing down the processing of GPS signals when they are travelling between satellites and devices. 

A delay, like a delay that would occur from navigating through a crowded city street without being able to get to your place of work on time, is a major contributor to navigation system errors. As reported in Nature this week, a team of Google researchers demonstrated they had been able to use GPS signal measurements collected from millions of anonymous Android mobile devices to map the ionosphere by using GPS data from those devices. 

There are several reasons why a single mobile device signal cannot tell researchers so much about the ionosphere with only one device, but this problem is minimized when there are many other devices to compare with. Finally, the researchers have been able to use the vast network of Android phones to map out the ionosphere in an extremely precise way, matching or exceeding the accuracy of monitoring stations, using the huge network of Android phones. This technique was far more accurate in areas like India and Central Africa, compared to the accuracy of listening stations alone, where the Android technique was used. 

The total electron content (TEC) referred to as ionospheric traffic is a measure of the number of electrons in the ionosphere used within a cellular telephone network. Satellites and ground stations are used to measure this amount of electrons in the ionosphere. These detection tools are indeed effective, but they are also relatively expensive and difficult to build and maintain, which means that they are not used as commonly in developing regions of the world. 

The fact that monitoring stations are not accessible equally leads to disparities in the accuracy of the global ionospheric maps. However, Google researchers did not address one issue. They chose to use something that more than half of the world's population already possessed: mobile phones. In an interview with Popular Science, Google researcher Brian Williams discussed how changes in the ionosphere have been hindering GPS capabilities when working on Android products.

If the ionosphere were to change shortly, this may undermine GPS capabilities. Aside from contributing to scientific advances, he sees this project as an opportunity to improve accuracy and provide a more useful service to mobile device users regularly.  Rather than considering ionosphere interference with GPS positioning as an obstacle, the right thing to do is to flip the idea and imagine that GPS receiver is an instrument to measure the ionosphere, not as an obstacle," Williams commented.

The ionosphere can be seen in a completely different light by combining the measurements made by millions of phones, as compared to what would otherwise be possible." Thousands of Android phones, already known as 'distributed sensor networks', have become a part of the internet. GPS receivers are integrated into most smartphones to measure radio signals beamed from satellites orbiting approximately 1,200 miles above us in medium Earth orbit (MEO).

A receiver determines your location by calculating the distance from yourself to the satellite and then using the distance to locate you, with an accuracy of approximately 15 feet. The ionosphere acts as a barrier that prevents these signals from travelling normally through space until they reach the Earth. In terms of GPS accuracy errors, many factors contribute to the GPS measurement error, including variables like the season, time of day, and distance from the equator, all of which can affect the quality of the GPS measurement. 

There is usually a correctional model built into most phone receivers that can be used to reduce the estimated error by around half, usually because these receivers provide a correctional model.  Google researchers wanted to see if measurements taken from receivers that are built into Android smartphones could replicate the ionosphere mapping process that takes place in more advanced monitoring stations by combining measurements taken directly from the phone. 

There is no doubt that monitoring stations have a clear advantage over mobile phones in terms of value per pound. The first difference between mobile phones and cellular phones is that cellular phones have much larger antennas. Also, the fact that they sit under clear open skies makes them a much better choice than mobile phones, which are often obscured by urban buildings or the pockets of the user's jeans.

In addition, every single phone has a customized measurement bias that can be off by several microseconds depending on the phone. Even so, there is no denying the fact that the sheer number of phones makes up for what they are lacking in individual complexity.  As well as these very immediate benefits, the Android ionosphere maps are also able to provide other less immediate benefits. According to the researchers, analyzing Android receiving measurements revealed that they could detect a signal of electromagnetic activity that matched a pair of powerful solar storms that had occurred earlier this year. 

According to the researchers, one storm occurred in North America between May 10 and 11, 2024. During the time of the peak activity, the ionosphere of that area was measured by smartphones and it showed a clear spike in activity followed by a quick depletion once again. The study highlights that while monitoring stations detected the storm, phone-based measurements of the ionosphere in regions lacking such stations could provide critical insights into solar storms and geomagnetic activity that might otherwise go unnoticed. This additional data offers a valuable opportunity for scientists to enhance their understanding of these atmospheric phenomena and improve preparation and response strategies for potentially hazardous events.

According to Williams, the ionosphere maps generated using phone-based measurements reveal dynamics in certain locations with a level of detail previously unattainable. This advanced perspective could significantly aid scientific efforts to understand the impact of geomagnetic storms on the ionosphere. By integrating data from mobile devices, researchers can bridge gaps left by traditional monitoring methods, offering a more comprehensive understanding of the ionosphere’s behaviour. This approach not only paves the way for advancements in atmospheric science but also strengthens humanity’s ability to anticipate and mitigate the effects of geomagnetic disturbances, fostering greater resilience against these natural occurrences.
Read more »
SpyNote
Android Crypto Fraud malware phishing SpyNote

Fake Antivirus App Hides SpyNote Malware on Android

 


SpyNote, a dangerous malware targeting Android users, has been discovered posing as a legitimate antivirus app. Disguised as "Avast Mobile Security," it deceives users into downloading it under the guise of device protection, according to a report by cybersecurity firm Cyfirma.  


Once installed, SpyNote requests permissions typical for antivirus applications, such as Accessibility Services. With these permissions, it secretly grants itself further access without notifying the user. Additionally, it excludes itself from battery optimization, allowing it to run uninterrupted in the background.  


How SpyNote Tricks Users  


SpyNote employs deceptive tactics to maintain its presence on infected devices. It mimics user gestures to stay active and displays fake system update notifications. When users interact with these alerts, they are redirected back to the malicious app, effectively trapping them in a loop. This method ensures the malware remains undetected and difficult to uninstall.  


Focus on Cryptocurrency Theft  


SpyNote is specifically designed to steal sensitive information, with a strong focus on cryptocurrency accounts. It extracts private keys and balance details for digital currencies such as Bitcoin, Ethereum, and Tether. The malware also monitors network activity to maintain a constant connection with its command-and-control servers, ensuring seamless data transmission.  


Stolen credentials are stored on the device’s SD card. Once sufficient data is collected, SpyNote erases the evidence by overwriting the card, leaving no trace of its malicious activities.  


Advanced Evasion Tactics  


SpyNote is highly skilled at avoiding detection. It uses techniques like code obfuscation and custom packaging to hide its true nature, making it difficult for security experts to analyze. The malware also identifies virtual environments, such as emulators, to evade research and detection.  


If users attempt to uninstall it, SpyNote blocks their efforts by simulating actions that prevent deactivation. For instance, it forces the device to return to the home screen whenever users try to access the app’s settings.  


Distributed Through Fake Antivirus Sites  


SpyNote spreads through phishing websites designed to look like Avast’s official download page. The malicious file, named "Avastavv.apk," is specifically targeted at Android devices. However, the phishing sites also redirect iOS users to the legitimate App Store download page for AnyDesk. Similarly, they offer AnyDesk downloads for Windows and Mac users, broadening their attack range.  


How to Stay Safe  


To avoid falling victim to SpyNote, only download apps from trusted sources like the Google Play Store. Be cautious of apps asking for unnecessary permissions, and verify download links before proceeding. Regularly updating your antivirus software and monitoring your device for unusual activity can also help protect against threats.  


SpyNote highlights the increasing complexity of malware targeting mobile users, emphasizing the importance of vigilance and proactive cybersecurity measures.

Read more »
Technology
Android interface iOS links Signal Technology

Join Group Calls Easily on Signal with New Custom Link Feature





Signal, the encrypted messaging service, has included new features to make it easier to join group calls, through personalised links. A blog post recently announced the update on the messaging app, setting out to simplify the way of conducting and administering a group call on its service.


Group Calls via Custom Link Easily Accessible


In the past, a group call on Signal began by first making a group chat. Signal recently added features that included automatically creating and sharing a direct link for group calls. Users no longer have to go through that annoying group chat setup just to make the call. To create a call link, one has to open the app and go to the links tab to tap to start a new call link. All links can be given a user-friendly name and include the ability to require approval of any new invitees prior to them joining, adding yet another layer of control.


The call links are also reusable, which is very useful for those who meet regularly, such as weekly team calls. Signal group calling has now been expanded to 50 participants, expanding its utilisation for larger groups.


More Call Control


This update also introduces better management tools for group calls. Users can remove participants if needed and even block them from rejoining if it is needed. That gives hosts more power when it comes to who should have access to the call, which would improve safety and participant management.


New Interactive Features for Group Calls


Besides call links, Signal has also integrated some interactive tools for consumers during group calls. Signal has included a "raise hand" button to enable participants to indicate whether they would want to speak, which makes further efforts to organise group discussions. It also allows support through emoji reactions in calls. The user can continue participating and not interrupt another caller.


Signal has also improved the call control interface so that more manoeuvres are available to mute or unmute a microphone, or turn cameras on or off. This is to ensure more fluidity and efficiency in its use.


Rollout Across Multiple Platforms


The new features are now rolled out gradually across Signal's desktop, iOS, and Android versions. The updated app is available on the App Store for iPhone and iPad users free of charge. In order to enjoy the new features regarding group calling functions, users should update their devices with the latest version of Signal.


Signal has recently added new features to make group calling easier, more organised, and intuitive. It has given the user more freedom to control the calls for both personal use and professional calls.

Read more »
TrickMo
Android Banking Trojan lockscreen malware Pin TrickMo

New TrickMo Variants Exploit Fake Lock Screens to Steal Android PINs

 



A perilous new variant of the Android banking malware TrickMo has been discovered, capable of mimicking the Android lock screen and stealing users' PINs. This comes according to the data compiled by the security firm Zimperium, who made a deep analysis of the malware. The firm said that some 40 new variants of TrickMo have been found in the wild. These are associated with 16 dropper applications and 22 different command and control (C2) servers.

The new report follows earlier research by Cleafy, which had already managed to detect some of these, but not all, variants. TrickMo had been observed used in cyberattacks since September 2019, although it wasn't documented until last year by the IBM X-Force group.


How TrickMo Works to Deceive

One such feature in this new version of TrickMo is the fake Android lock screen designed to further dupe the users into handing over their PIN or unlock pattern. The screen seems like a real one. It actually renders in full-screen mode to mimic the prompt from an original Android. Once the user inputs his credentials, malware will capture that and transmit over to a remote server along with its unique identifier. This will provide thieves with access to the device later, often when it is not actively monitored, allowing them to go on and carry out whatever fraudulent activities they want.

In addition, TrickMo has other malicious abilities-the intercepting of one-time passwords, screen recording, exfiltration of data, and even the remote control of the infected device. Thus, TrickMo is another banking trojan, which mainly operates relying on the stealing of login credentials with the presentation of phishing pages of various banks.


The New Generation of Adaptation Malware

New variants of TrickMo malware attempt to exploit the Accessibility Service permission in Android. As a result, the malware would be able to grab greater control over the device and the possibility of automating different actions without even letting the actual user know about such actions. This is an abuse of accessibility features that grants the malware easier ways for interacting with system prompts, such as giving itself further permissions or making phishing pages appear.

Cyber security experts consider the mature and dynamic capabilities to make TrickMo a most dangerous threat. The phishing screens will be more likely to capture the users, and once the credentials are captured, then hackers can carry out unauthorised transactions using their banking apps or log in to other sensitive accounts.


Large-scale Impact on Victims

Zimperium's research showed that at least 13,000 victims from several countries, such as Canada, United Arab Emirates, Turkey, and Germany, have been affected by the TrickMo malware. The real number of attached devices, however, may be much higher as the malware operates through multiple C2 servers.

It targeted most of the banking applications but has since grown to target many more applications such as VPN services, streaming services, online e-commerce websites, and even social media and enterprise-based platforms. More alarming, it threatens because it can compromise user accounts associated with different kinds of services, not just financial services.


Staying Safe from TrickMo

This spreads through misleading the users into downloading the malicious APK files from unknown sources. To avoid infection, users are not encouraged to click on any links whatsoever-those coming through SMS or direct messages from unknown contacts in particular. Enablement of Google Play Protect is likely to prevent known variants of TrickMo from being installed on Android devices.

The sophistication level of malware like TrickMo tends to keep reminding everyone of the importance of maintaining their software up to date and not to interact with any unfamiliar apps or websites. As it continues to morph into even dangerous forms, cybersecurity experts have kept alerting Android users to be on high alert and ensure that such security features like Google Play Protect are turned on in order to provide a first line of defence against such threats.

Zimperium has taken the noble step in releasing TrickMo's C2 infrastructure details on GitHub, thus being in a better position to help cybersecurity experts and organisations ward off the trojan. It is important to note that while saying so, users are advised to be vigilant and take proper measures to ensure their sensitive information will not be compromised by malicious software such as TrickMo.


Read more »
Subscribe to: Posts (Atom)