Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Apple. Show all posts
X
Apple lazarus Linkedin macOS malware Microsoft X

Lazarus Gang Targets Job Seekers to Install Malware

Lazarus Gang Targets Job Seekers to Install Malware

North Korean hackers responsible for Contagious Interview are trapping job seekers in the cryptocurrency sector by using the popular ClickFix social-engineering attack strategy. They aimed to deploy a Go-based backdoor— earlier undocumented— known as GolangGhost on Windows and macOS systems. 

Hackers lure job seekers

The latest attack, potentially a part of a larger campaign, goes by the codename ClickFake Interview, according to French cybersecurity company Sekoia. Aka DeceptiveDeployment, DEV#POPPER, and Famoys Chollima; Contagious Interview has been active since December 2022, however, it was publicly reported only after late 2023. 

The attack uses legitimate job interview sites to promote the ClickFix tactic and deploy Windows and MacOS backdoors, said Sekoia experts Amaury G., Coline Chavane, and Felix Aimé, attributing the attack to the notorious Lazarus Group. 

Lazarus involved

One major highlight of the campaign is that it mainly attacks centralized finance businesses by mimicking firms like Kraken, Circle BlockFi, Coinbase, KuCoin, Robinhood, Tether, and Bybit. Traditionally, Lazarus targeted decentralized finance (DeFi) entities. 

Attack tactic explained

Like Operation Dream Job, Contagious Interview also uses fake job offers as traps to lure potential victims and trick them into downloading malware to steal sensitive data and cryptocurrency. The victims are approached via LinkedIn or X to schedule a video interview and asked to download malware-laced video conference software that triggers the infection process. 

Finding of Lazarus ClickFix attack

Security expert Tayloar Monahan first reported the Lazarus Group’s use of ClickFix in late 2022, saying the attack chains led to the installment of a malware strain called FERRET that delivered the Golang backdoor. In this malware campaign, the victims are prompted to use a video interview, ‘Willow,’ and do a sell video assessment. 

The whole process is carefully built to gain users and “proceeds smoothly until the user is asked to enable their camera,” Sekoia said. At this stage, an “error message appears, indicating that the user needs to download a driver to fix the issue. This is where the operator employs the ClickFix technique," adds Sekoia. 

Different attack tactics for Windows and MacOS users

The prompts given to victims may vary depending on the OS. For Windows, victims are asked to open the Command Prompt and run a curl command to perform a Visual Basic Script (VBS) file to launch a basic script to run GolanGhost. MacOS victims are prompted to open the Terminal app and perform a curl command to run a malicious shell script, which then runs another shell script that runs a stealer module called FROSTYFERRET—aka ChromwUpdateAlert— and the backdoor. 

Read more »
VPN
Apple Data Privacy Data Regulation Google Internet Privacy VPN

Apple and Google App Stores Host VPN Apps Linked to China, Face Outrage

Apple and Google App Stores Host VPN Apps Linked to China, Face Outrage

Google (GOOGL) and Apple (AAPL) are under harsh scrutiny after a recent report disclosed that their app stores host VPN applications associated with a Chinese cybersecurity firm, Qihoo 360. The U.S government has blacklisted the firm. The Financial Times reports that 5 VPNs still available to U.S users, such as VPN Proxy master and Turbo VPN, are linked to Qihoo. It was sanctioned in 2020 on the charges of alleged military ties. 

Ilusion of Privacy: VPNs collecting data 

In 2025 alone, three VPN apps have had over a million downloads on Google Play and  Apple’s App Store, suggesting these aren’t small-time apps, Sensor Tower reports. They are advertised as “private browsing” tools, but the VPNs provide the companies with complete user data of their online activity. This is alarming because China’s national security laws mandate that companies give user data if the government demands it. 

Concerns around ownership structures

The intricate web of ownership structures raises important questions; the apps are run by Singapore-based Innovative Connecting, owned by Lemon Seed, a Cayman Islands firm. Qihoo acquired Lemon Seed for $69.9 million in 2020. The company claimed to sell the business months late, but FT reports the China-based team making the applications were still under Qihoo’s umbrella for years. According to FT, a developer said, “You could say that we’re part of them, and you could say we’re not. It’s complicated.”

Amid outrage, Google and Apple respond 

Google said it strives to follow sanctions and remove violators when found. Apple has removed two apps- Snap VPN and Thunder VPN- after FT contacted the business, claiming it follows strict rules on VPN data-sharing.

Privacy scare can damage stock valuations

What Google and Apple face is more than public outage. Investors prioritise data privacy, and regulatory threat has increased, mainly with growing concerns around U.S tech firms’ links to China. If the U.S government gets involved, it can result in stricter rules, fines, and even more app removals. If this happens, shareholders won’t be happy. 

According to FT, “Innovative Connecting said the content of the article was not accurate and declined to comment further. Guangzhou Lianchuang declined to comment. Qihoo and Chen Ningyi did not respond to requests for comment.”

Read more »
Privacy
Apple Artificial Intelligence Cyberattacks Cybersecurity CyberThreat DPA Google Military Privacy

Apps Illegally Sold Location Data of US Military and Intelligence Personnel

 


Earlier this year, news reports revealed that a Florida-based data brokerage company had engaged in the sale of location data belonging to US military and intelligence personnel stationed overseas in the course of its operations. While at the time, it remained unclear to us as to how this sensitive information came into existence. 
 
However, recent investigations indicate that the data was collected in part through various mobile applications operating under revenue-sharing agreements with an advertising technology company. An American company later resold this data, which was then resold by that firm. Location data collection is one of the most common practices among mobile applications. It is an essential component of navigation and mapping, but it also enhances the functionality of various other applications. 
 
There are concerns that many applications collect location data without a clear or justified reason. Apple’s iOS operating system mandates that apps request permission before accessing location data. Regulations ensure privacy by providing transparency and control over the collection and use of location-related sensitive information. 
 
After revelations about the unauthorized sale of location data, Senator Ron Wyden (D-WA) requested clarification from Datastream regarding the source of the data. Wyden’s office also reached out to an ad-tech company but did not receive a response. Consequently, the senator escalated the matter to Lithuania’s Data Protection Authority (DPA) due to national security concerns. 
 
The Lithuanian DPA launched an official investigation into the incident. However, the results remain pending. This case highlights the complexities of the location data industry, where information is often exchanged between multiple organizations with limited regulation. 
 
Cybersecurity expert Zach Edwards pointed out during a conference that "advertising companies often function as surveillance companies with better business models." This growing concern over data collection, sharing, and monetization in the digital advertising industry underscores the need for stricter regulations and accountability. 
 
Security experts recommend that users disable location services when unnecessary and use VPNs for added protection. Given the vast amount of location data transmitted through mobile applications, these precautions are crucial in mitigating potential security risks.
Read more »
SparkCat
Android app removal Apple Breach Cyber Security Cybersecurity Data Google iOS malware SparkCat

Apple and Google Remove 20 Apps Infected with Data-Stealing Malware


Apple and Google have removed 20 apps from their respective app stores after cybersecurity researchers discovered that they had been infected with data-stealing malware for nearly a year.

According to Kaspersky, the malware, named SparkCat, has been active since March 2024. Researchers first detected it in a food delivery app used in the United Arab Emirates and Indonesia before uncovering its presence in 19 additional apps. Collectively, these infected apps had been downloaded over 242,000 times from Google Play Store.

The malware uses optical character recognition (OCR) technology to scan text displayed on a device’s screen. Researchers found that it targeted image galleries to identify keywords associated with cryptocurrency wallet recovery phrases in multiple languages, including English, Chinese, Japanese, and Korean. 

By capturing these recovery phrases, attackers could gain complete control over victims' wallets and steal their funds. Additionally, the malware could extract sensitive data from screenshots, such as messages and passwords.

Following Kaspersky’s report, Apple removed the infected apps from the App Store last week, and Google followed soon after.

Google spokesperson Ed Fernandez confirmed to TechCrunch: "All of the identified apps have been removed from Google Play, and the developers have been banned."

Google also assured that Android users were protected from known versions of this malware through its built-in Google Play Protect security system. Apple has not responded to requests for comment.

Despite the apps being taken down from official stores, Kaspersky spokesperson Rosemarie Gonzales revealed that the malware is still accessible through third-party websites and unauthorized app stores, posing a continued threat to users.
Read more »
Security Vulnerabilities
Apple Apple security vulnerability CPU Cyber Security data security Security Issues Security Vulnerabilities

New Apple Processor Vulnerabilities: FLOP and SLAP Exploit Speculative Execution

 

Security researchers have uncovered two new vulnerabilities in modern Apple processors, named FLOP and SLAP, which could allow attackers to remotely steal sensitive data through web browsers. Discovered by researchers from the Georgia Institute of Technology and Ruhr University Bochum, these flaws exploit speculative execution, a performance optimization feature in Apple’s processors, to extract private user data from browsers like Safari and Chrome.

How FLOP and SLAP Exploit Speculative Execution

Speculative execution is a technique used by modern processors to predict and execute instructions in advance, improving performance. However, flaws in its implementation have led to significant security issues in the past, such as the Spectre and Meltdown attacks. FLOP and SLAP build on these exploits, demonstrating how Apple’s latest chips can be manipulated to leak private information.

FLOP (False Load Output Prediction) affects Apple’s M3, M4, and A17 processors. These chips attempt to predict not only which memory addresses will be accessed but also the actual data values stored in memory. If a misprediction occurs, the CPU may use incorrect data in temporary computations. Attackers can exploit this by measuring cache timing differences, allowing them to extract sensitive information before the system corrects itself. Researchers demonstrated FLOP by stealing private user data, including email details from Proton Mail, Google Maps location history, and iCloud Calendar events.

SLAP (Speculative Load Address Prediction) impacts Apple’s M2 and A15 processors, along with later models. Unlike FLOP, which predicts data values, SLAP manipulates the processor’s ability to anticipate which memory address will be accessed next. By training the CPU to follow a specific pattern and then suddenly altering it, attackers can force the processor to read sensitive data. The CPU processes this information before realizing the mistake, leaving traces that hackers can analyze. Researchers used SLAP to extract Gmail inbox content, Amazon order history, and Reddit activity.

Implications and Mitigation Efforts

Both FLOP and SLAP are particularly concerning because they can be executed remotely. A victim only needs to visit a malicious website running JavaScript or WebAssembly code designed to exploit these vulnerabilities. The attack does not require malware installation or direct access to the device, making it difficult to detect or prevent.

The researchers disclosed the flaws to Apple in early 2024. While Apple has acknowledged the issues, security patches have not yet been released. Apple has stated that it does not consider the vulnerabilities an immediate risk but has not provided a timeline for fixes. In the meantime, users concerned about potential data exposure can disable JavaScript in their browsers, though this may break many websites.

These findings highlight the growing sophistication of web-based attacks and the need for stronger security measures in modern processors. As Apple works on mitigating these vulnerabilities, users should stay informed about security updates and exercise caution when browsing unfamiliar websites.

The discovery of FLOP and SLAP underscores the ongoing challenges in securing modern processors against advanced exploits. While speculative execution enhances performance, its vulnerabilities continue to pose significant risks. As cyber threats evolve, both hardware manufacturers and users must remain vigilant, adopting proactive measures to safeguard sensitive data and maintain digital security.

Read more »
Threat Landscape
Apple Artificial Intelligence Cyber Security Fake News Alert Threat Landscape

Apple Faces Backlash Over Misinformation from Apple Intelligence Tool

 



Apple made headlines with the launch of its Apple Intelligence tool, which quickly gained global attention. However, the tech giant now faces mounting criticism after reports emerged that the AI feature has been generating false news notifications, raising concerns about misinformation.

The British Broadcasting Corporation (BBC) was the first to report the problem, directly complaining to Apple that the AI summaries were misrepresenting their journalism. Apple responded belatedly, clarifying that its staff are working to ensure users understand these summaries are AI-generated and not official news reports.

Alan Rusbridger, former editor of The Guardian, criticized Apple, suggesting the company should withdraw the product if it is not yet ready. He warned that Apple’s technology poses a significant risk of spreading misinformation globally, potentially causing unnecessary panic among readers.

Rusbridger further emphasized that public trust in journalism is already fragile. He expressed concern that major American tech companies like Apple should not use the media industry as a testing ground for experimental features.

Pressure from Journalist Organizations

The National Union of Journalists (NUJ), a leading global body representing journalists, joined the criticism, urging Apple to take swift action to curb the spread of misinformation. The NUJ's statement echoes previous concerns raised by Reporters Without Borders (RSF).

Laura Davison, NUJ’s general secretary, stressed the urgency of the matter, stating,

"At a time when access to accurate reporting has never been more important, the public must not be placed in a position of second-guessing the accuracy of news they receive."

Apple is now under increasing pressure from media organizations and watchdog groups to resolve the issue. If the company fails to address these concerns promptly, it may be forced to remove the Apple Intelligence feature altogether.

With legal and regulatory scrutiny intensifying, Apple’s next steps will be closely watched. Prolonging the issue could invite further criticism and potential legal consequences.

This situation highlights the growing responsibility of tech companies to prevent the spread of misinformation, especially when deploying advanced AI tools. Apple must act decisively to regain public trust and ensure its technologies do not compromise the integrity of reliable journalism.
Read more »
Salt Typhoon
Android Apple FBI iMessage Privacy RCS Salt Typhoon

FBI Warns of Security Risks in RCS Messaging

 

The FBI has issued a warning to Apple and Android device users regarding potential vulnerabilities in Rich Communication Services (RCS). While RCS was designed to replace traditional SMS with enhanced features, a critical security flaw has made it a risky option for messaging. Currently, RCS messages exchanged between Apple and Android devices lack end-to-end encryption, exposing users to potential cyber threats.

Why RCS Messaging is Problematic

Apple introduced RCS support to its iMessage app with iOS 18 to facilitate seamless communication between iPhone and Android users. However, unlike secure messaging apps like Signal or WhatsApp, RCS lacks end-to-end encryption for messages exchanged across these platforms. This absence of encryption leaves sensitive information vulnerable to interception by unauthorized individuals, including hackers and rogue actors.

The FBI’s warning follows a significant breach known as the Salt Typhoon attack, which targeted major U.S. telecommunications carriers. This breach highlighted the vulnerabilities in unencrypted messaging systems. In response, both the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have recommended using secure messaging platforms to mitigate such risks.

The GSMA, which oversees RCS technology, is actively working to implement end-to-end encryption for RCS messages. While progress has been made through industry collaboration, no specific timeline has been provided for the rollout of these crucial security updates.

Secure Alternatives for Messaging

Until RCS achieves full encryption, users are advised to switch to secure messaging apps that offer robust end-to-end encryption. Popular options include:

  • WhatsApp: Provides end-to-end encryption for text, voice, and video communications.
  • Signal: Known for its focus on privacy and strong encryption standards.
  • Telegram: Offers encrypted messaging with additional privacy features like Secret Chats.

In related news, Apple users are urged to update their devices to iOS 18.2 to address a critical vulnerability in the Apple Password app. This flaw could potentially expose sensitive user information, making the update essential for enhanced security.

While the integration of RCS messaging aims to enhance cross-platform communication, the current lack of encryption poses significant risks. As the industry works toward resolving these vulnerabilities, users are encouraged to rely on secure messaging apps and keep their devices updated with the latest security patches. Taking proactive steps and making informed decisions remain vital for ensuring safety in the digital landscape.

Read more »
UMI
AI technology Apple CyberCrime Cyberhackers Cybermedia Cybersecurity CyberThreat iOS iPhone Users Privacy reboot Software Updates UMI

Reboot Revolution Protecting iPhone Users

 


Researchers at the University of Michigan (UMI) believe that Apple's new iPhone software has a novel security feature. It presents that the feature may automatically reboot the phone if it has been unlocked for 72 hours without being unlocked. 

As 404 Media reported later, a new technology called "inactivity reboot" was introduced in iOS 18.1, which forces devices to restart if their inactivity continues for more than a given period.  Aside from the Inactivity Reboot feature, Apple continues to enhance its security framework with additional features as part of its ongoing security enhancements. Stolen Data Protection is one of the features introduced in iOS 17.3. It allows the device to be protected against theft by requiring biometric authentication (Face ID or Touch ID) before allowing it to change key settings. 

There are various methods to ensure that a stolen device is unable to be reconfigured easily, including this extra layer of security. With the upcoming iOS 18.2 update, Apple intends to take advantage of a feature called Stolen Data Protection, which is set to be turned off by default to avoid confusing users. However, Apple plans to encourage users to enable it when setting up their devices or after a factory reset to maintain an optimal user experience. 

As a result, users will be able to have more control over the way their personal information is protected. Apple has quietly introduced a new feature to its latest iPhone update that makes it even harder for anyone to unlock a device without consent—whether they are thieves or law enforcement officers. With this inactivity reboot feature, Apple has made unlocking even more difficult for anyone. When an iPhone has been asleep or in lock mode for an extended period, a new feature is introduced with iOS 18.1 will automatically reboot it in addition to turning it off. 

A common problem with iPhones is that once they have been rebooted, they become more difficult to crack since either a passcode or biometric signature is required to unlock them. According to the terms of the agreement, the primary objective of this measure is to prevent thieves (or police officers) from hacking into smartphones and potentially accessing data on them. There is a new "inactivity reboot" feature included in iOS 18 that, according to experts who spoke to 404 Media, will restart the device after approximately four days of dormancy if no activity is made.

A confirmation of this statement was provided by Magnet Forensics' Christopher Vance in a law enforcement group chat as described in Magnet Forensics' Christopher Vance, who wrote that iOS 18.1 has a timer which runs out after a set amount of time, and the device then reboots, moving from an AFU (After First Unlock) state to a BFU (Before First Unlock) state at the end of this timer. According to 404 Media, it seems that the issue was discovered after officers from the Detroit Police Department found the feature while investigating a crime scene in Detroit, Michigan.

When officers were working on iPhones for forensic purposes in the course of their investigation, they noticed that they automatically rebooted themselves frequently, which made it more difficult for them to unlock and access the devices. As soon as the devices were disconnected from a cellular network for some time, the working theory was that the phones would reboot when they were no longer connected to the network.  

However, there are actually much simpler explanations that can be provided for this situation. The feature, which AppleInsider refers to as an inactivity reboot, is not based on the current network connection or the state of the battery on the phone, which are factors that may affect the reboot timer. The reboot typically occurs after a certain amount of time has elapsed -- somewhere around 96 hours in most cases.  Essentially, the function of this timer is identical to the Mac's hibernation mode, which is intended to put the computer to sleep as a precaution in case there is a power outage or the battery is suddenly discharged. 

During the BFU state of the iPhone, all data on the iPhone belongs to the user and is fully encrypted, and is nearly impossible for anyone to access, except a person who knows the user's passcode to be able to get into the device. However, when the phone is in a state known as "AFU", certain data can be extracted by some device forensic tools, even if the phone is locked, since it is unencrypted and is thus easier to access and extract.  

According to Tihmstar, an iPhone security researcher on TechCrunch, the iPhones in these two states are also known as "hot" devices or "cold" devices depending on their temperature.  As a result, Tihmstar was making a point to emphasize that the majority of forensic firms are focusing on "hot" devices in an AFU state as they can verify that the user entered the correct passcode in the iPhone's secure enclave at some point. A "cold" device, on the other hand, is considerably more difficult to compromise because its memory can not be easily accessed once the device restarts, so there is no easy way to compromise it.

The law enforcement community has consistently opposed and argued against new technology that Apple has implemented to enhance security, arguing that this is making their job more difficult. According to reports, in 2016, the FBI filed a lawsuit against Apple in an attempt to force the company to install a backdoor that would enable it to open a phone owned by a mass shooter. Azimuth Security, an Australian startup, ultimately assisted the FBI in gaining access to the phone through hacking. 

These developments highlight Apple’s ongoing commitment to prioritizing user privacy and data security, even as such measures draw criticism from law enforcement agencies. By introducing features like Inactivity Reboot and Stolen Data Protection, Apple continues to establish itself as a leader in safeguarding personal information against unauthorized access. 

These innovations underscore the broader debate between privacy advocates and authorities over the balance between individual rights and security imperatives in an increasingly digitized world.
Read more »
Subscribe to: Posts (Atom)