Search This Blog

Powered by Blogger.

Blog Archive

Labels

About Me

Showing posts with label Mobile Security. Show all posts

How to Spot and Avoid Malicious Spyware Apps on Your Smartphone

 

Spyware apps masquerading as legitimate software are a growing threat on app stores, particularly Google Play. These malicious apps can steal personal data, commit financial fraud, and install malware on unsuspecting users’ devices. A Zscaler report found 200 spyware apps on Google Play in a single year, with over 8 million downloads, highlighting the extent of the issue. 

These apps, often called trojans, execute attacks after installation. They can steal login credentials, inject malware, enable cryptojacking, and even deploy ransomware. While third-party app stores are known for hosting dangerous software, even official platforms like Google Play have security gaps that allow these threats to slip through. Social engineering tactics, such as phishing emails and SMS messages, also contribute to the spread of these fake apps. 

Smartphones are ideal targets for cybercriminals because users store vast amounts of personal information on them. Many people, especially those unfamiliar with app security, struggle to identify spyware. Once installed, these apps can lead to severe consequences, including data breaches, identity theft, and unauthorized financial transactions. Some spyware apps even contain rootkits, allowing hackers to control devices remotely. 

To avoid downloading malicious spyware apps, users should look for warning signs. Fake apps often have distorted logos, grammatical errors in their descriptions, and a lack of official contact information. Checking the number of downloads, reading user reviews for inconsistencies, and monitoring permission requests can also help spot fraudulent apps. If an app requests unnecessary access—such as a calculator app asking for location data—it is likely unsafe. Activating Google Play Protect and avoiding apps that promise unrealistic features can further enhance security. 

The increasing prevalence of spyware is due to rapid technological advancements that make it easier for cybercriminals to steal data. Sophisticated spyware tools like Predator and Pegasus can execute zero-click attacks, meaning users don’t even need to download an app to be compromised. Such spyware has been exploited by criminals and government agencies alike to target journalists, activists, and even businesses. 

Ultimately, online security threats are everywhere, and spyware in app stores is just one part of the problem. Practicing caution, verifying app legitimacy, and understanding the risks can help users stay protected. By staying vigilant and making informed choices, individuals can safeguard their data and minimize the risk of falling victim to spyware attacks.

Samsung Secure Folder Vulnerability Exposes Hidden Images

 

Samsung's Secure Folder, a feature designed to provide industry-grade security for sensitive data on Galaxy smartphones, has been identified to have a major flaw. Recent discoveries indicate that apps and images saved in the Secure Folder can be accessible under certain conditions, raising concerns about the privacy and security of the data stored there. 

Modus operandi

The Secure Folder acts as a "Work" profile, allowing users to keep private apps, images, and files separate from their primary profile. Normally, when an app seeks to access files from the Secure Folder, the system prevents it unless the app is specifically approved. 

However, a Reddit user named lawyerz88 revealed that this security feature is ineffective when utilising a "Work" app (with a media picker) linked to a separate work profile. In that instance, files stored in the Secure Folder become available via the app. So it is not difficult to circumvent the intended privacy protections.

“If you have the work profile enabled through something like Island or Shelter (or you know, your actual workplace), any apps in the work profile can access the entirety of files saved in a secure folder without any restrictions whatsoever.” notes the Reddit user. “It seems it’s restricted by policy only and only from the personal profile and someone forgot to restrict access via another work profile.” 

Android Authority confirmed the flaw with the Shelter app, which allows you to create a work profile on any device. This means that anyone with physical access to a Galaxy smartphone might use this flaw to view Secure Folder data. 

Samsung's claim of strong security is called into question by this defect, since private data kept in the Secure Folder can be accessed without the owner's knowledge.While accessing the Secure Folder usually requires biometric authentication or a PIN/password, the workaround via Work applications renders these safeguards ineffective. 

The tech giant reportedly acknowledged that they were aware of the user's findings after he reported them. The firm recently rectified the boot loop issue linked with the Secure Folder, and now that more people are aware of it, we hope it is resolved as quickly as possible.

Call Merging Scams and Financial Security Risks with Prevention Strategies

 


It is not uncommon for fraudsters to develop innovative tactics to deceive their targets, with one of the latest scams being the called merging scam in which the scammers attempt to gain unauthorized access to the victim's accounts to defraud them. In many cases, the victims suffer substantial financial losses due to this scheme. 

There has been a warning issued by the Indian authorities in regards to a new scam that involves individuals being manipulated into merging their calls by scammers, who then subsequently reveal One-Time Passwords (OTPs) unknowingly. Using this deceptive tactic, fraudsters can gain access to victims' financial accounts, which will enable them to carry out fraudulent activities. 

NPCI's Unified Payments Interface (UPI), an initiative that was developed by the National Payments Corporation of India (NPCI), has expressed concern about this emerging threat. As a precautionary measure, UPI cautioned users on its X account of the risks involved in call merging scams and stressed that call merging scams pose a serious threat to users. 

As part of the advisory, individuals were advised to remain vigilant, stating, Fraudsters are using call merging tactics to deceive users into giving out OTPs. As part of its role to oversee the Unified Payments Interface (UPI), NPCI has expressed significant concerns about the growing cyber fraud epidemic. 

The goal of social engineering scammers is to deceive unsuspecting victims into disclosing their sensitive banking credentials to take control of the situation. In most cases, the scam begins with the fraudster contacting the target, falsely claiming to have obtained their phone number through a mutual acquaintance. 

The fraudster will then try to convince the target to combine the call with a similar call from a different number. It is true that in this second call, the victim is being connected to an official OTP verification call from their bank. Therefore, the victim does not know they are being deceived, and unwittingly allows someone to access their banking details. 

It uses social engineering techniques to manipulate individuals to unknowingly divulge their One-Time Password (OTP), an important security feature used for financial transactions, through their manipulation techniques. 

It is quite common for victims to receive a phone call from a trusted source offering lucrative opportunities or a message from one of their trusted contacts recommending what seems a beneficial scheme to them. 

A significant security risk can be posed by engaging with such communications without due diligence as a result of the growing prevalence of such fraud activities. As a result, financial institutions and regulatory agencies are cautioning individuals to remain vigilant when receiving unexpected phone calls and to refrain from sharing OTPs or merging calls without verifying the identity of the callers before doing so. 

It has become increasingly common for these frauds to occur, and so the Unified Payments Interface (UPI) has issued an urgent advisory that warns users about the dangers of call merging scams. To avoid being victimized by such deceptive tactics, individuals need to be vigilant and take strict security measures to protect their financial information. 

There is a deceptive technique known as the Call Merging Scam, which is used by fraudsters to trick people into divulging sensitive information such as One-Time Passwords (OTPs), unknowingly. In this manner, scammers can gain unauthorized access to victims' bank accounts and other secured platforms by exploiting this technique to commit financial fraud on the victims. 

Modus Operandi of the Scam


It is quite common for fraudsters to make deceptive telephone calls, falsely stating that they have obtained the recipient's phone number from an acquaintance or source that is reliable. 

There are many scams out there that involve victims being persuaded to merge calls with another individual. This is often accomplished by presenting another individual as a friend or a bank representative, depending on the scam. 

There is an automatic OTP verification call that they will be connected to without their knowledge. The automated call will direct them to a bank site that activates a mobile OTP verification system for verification. 

As a scammer, the victim is deceitfully manipulated into believing that sharing the OTP for their financial accounts to be accessed is necessary because sharing it is required for authentication. 

Preventive Measures to Safeguard Against Fraud 


To avoid the merging of calls between unknown callers, decline the request right away. Be careful about authenticating the identity of a caller: Whenever users receive an email from someone who claims to represent a financial institution, they should contact the bank directly through their official customer support phone number. Recognize Fraudulent Requests: Banks never ask customers for an OTP over the phone. 

A request of this nature should be viewed as an indication of a potential fraud and reported promptly. Ift an unsolicited OTP or suspected fraudulent activity occurs, individuals should notify their bank immediately and call 1930 (the national cybercrime helpline), so the incident can be investigated further. 

Considering the increasing number of scams like these, it has become imperative that one remains vigilant and adopts strict security practices as a precautionary measure to avoid financial loss. Many viral videos and discussions on social media emphasize a single aspect of fraudulent transactions — receiving an OTP via a merged call as opposed to a text message. 

Despite this, they often overlook the important point: an OTP is not sufficient for authorization of a transaction by itself. A fraudster needs to obtain essential banking details such as a card number, a card verification value, or a UPI Personal Identification Number (PIN) before he or she can use an OTP as a final step in committing an unauthorized transaction. 

To mitigate such risks, the Reserve Bank of India (RBI) has implemented strict security protocols to minimize them. To complete electronic transactions, financial institutions and payment service providers must implement multi-factor authentication (MFA) as of 2021 so that user authentication can be verified by more than one factor. This level of protection is achieved by implementing multiple authentication measures in combination with a combination of vital characteristics, including OTP verification, mobile device authentication, biometric identification, and hardware security tokens, which together provide a high level of security against unauthorized access. 

Digital transactions are typically protected by multiple layers of security, each requiring a combination of authentication factors to ensure their integrity. There are three types of authentication: manual, which includes everything the user possesses, such as their credentials, card numbers, and UPI IDs; known, such as their password, CVV, or PIN; and dynamic, such as their OTP, biometric authentication, or device authentication. 

To achieve the highest level of security, all three levels are necessary for most online banking and card transactions. However, a UPI transaction with a value up to a lakh does not require an OTP and can be authorized with only a UPI ID and PIN, without the need for an OTP. As a result of this multi-layered approach, financial fraud risks are greatly reduced and the security of digital payments is greatly strengthened.

Hidden Bluetooth Security Threats and How to Protect Your Devices

 

Bluetooth technology has made wireless connectivity effortless, powering everything from headphones and smartwatches to home automation systems. However, its convenience comes with significant security risks. Many users unknowingly leave their devices vulnerable to cyber threats that can steal personal data, track their movements, or even take control of their devices. 

As Bluetooth technology continues to evolve, so do the techniques hackers use to exploit its weaknesses. One common attack is BlueJacking, where attackers send unsolicited messages to Bluetooth-enabled devices. While generally harmless, this tactic can be used to trick users into clicking malicious links or downloading harmful files. More serious is BlueSnarfing, where hackers gain access to personal data such as contacts, photos, and messages. Devices with weak security settings or outdated software are particularly at risk. 

Another major threat is MAC address spoofing, where attackers disguise their device as a trusted one by imitating its unique Bluetooth identifier. This allows them to intercept communications or gain unauthorized access. Similarly, PIN cracking exploits weak pairing codes, allowing hackers to connect to devices without permission. Once access is gained, they can steal sensitive data or install malicious software. Some attacks involve deception and manipulation. 

BlueBump is a method where an attacker tricks a victim into establishing a trusted Bluetooth connection. By convincing the user to delete a security key, the hacker maintains ongoing access to the device without needing to reauthenticate. BluePrinting is another technique where attackers gather detailed information about a device, including its manufacturer and software version, using its unique Bluetooth address. 

This data can then be used to exploit known vulnerabilities. More advanced threats include BlueBugging, which allows hackers to take full control of a device by exploiting Bluetooth communication protocols. Once inside, they can send messages, make calls, or access stored information without the owner’s knowledge. 

Even more dangerous is BlueBorne, a collection of vulnerabilities that enable attackers to hijack a device’s Bluetooth connection without the need for pairing. This means a hacker can take over a device simply by being within Bluetooth range, gaining complete control and spreading malware. Some attacks focus on overwhelming devices with excessive data requests. 

Bluetooth fuzzing is a technique where attackers send corrupted data packets to a device, causing it to crash or reveal weaknesses in its security protocols. Reflection attacks allow hackers to impersonate a trusted device by intercepting authentication data and using it to gain unauthorized access. Distributed Denial of Service (DDoS) attacks target Bluetooth-enabled devices by flooding them with requests, causing them to slow down, drain their battery, or crash entirely. 

These disruptions can serve as distractions for more severe data breaches. Protecting against Bluetooth threats requires proactive security measures. One of the simplest steps is to turn off Bluetooth when it’s not in use, reducing exposure to potential attacks. Keeping devices updated with the latest security patches is also crucial, as manufacturers frequently release fixes for known vulnerabilities. 

Setting Bluetooth to “Non-discoverable” mode prevents unauthorized devices from detecting it. Using strong, unique PINs during pairing adds another layer of security, making it harder for attackers to crack the connection. Avoiding unknown pairing requests, regularly reviewing connected devices, and removing unrecognized ones can also reduce risks. 

Additionally, security software can help detect and block Bluetooth-related threats before they cause harm. Bluetooth security is often overlooked, but the risks are real. Taking simple precautions can prevent hackers from exploiting these vulnerabilities, keeping personal data safe from cyber threats.

Android Phishing Apps: A Growing Cybersecurity Threat in 2024

 

Cybercriminals are evolving their tactics, shifting from traditional email-based phishing scams to more sophisticated Android phishing apps. According to the 2025 State of Malware report by Malwarebytes, over 22,800 phishing apps were detected on Android devices in 2024 alone. Among them, 5,200 apps exploited text messages to bypass multifactor authentication (MFA), while 4,800 leveraged Android’s notification bar to steal sensitive data.

Despite their high-tech capabilities, Android phishing apps operate on a classic phishing principle. These malicious apps disguise themselves as legitimate services like TikTok, Spotify, and WhatsApp. Once installed, they trick users into entering their real credentials on fake login screens controlled by cybercriminals. Stolen credentials are often bundled and sold on the dark web, enabling fraudsters to attempt unauthorized access to banking, email, and other critical accounts.

For years, phishing was primarily an email-based threat. Fraudsters impersonated well-known brands like Netflix, Uber, and Google, urging users to click on fraudulent links that led to counterfeit websites. These sites mimicked official platforms, deceiving users into sharing their login details.

As email providers strengthened spam filters, cybercriminals adapted by developing Android phishing apps. Some of these apps masquerade as mobile games or utilities, luring users into linking social media accounts under false pretenses. Others imitate popular apps and appear on lesser-known app stores, bypassing Google Play’s security protocols.

How Android Phishing Apps Evade Detection

Cybercriminals continue to find ways to avoid detection. Some malicious apps contain no direct code for stealing passwords but instead serve deceptive ads that redirect users to external phishing websites. These seemingly harmless apps have a better chance of being approved on app stores, increasing their reach and effectiveness.

One of the most concerning developments is the ability of these apps to compromise multifactor authentication. Malwarebytes identified thousands of apps capable of intercepting authentication codes via text messages or notification access, undermining one of the strongest security measures available today.

Protecting Against Android Phishing Apps
  1. To safeguard personal and financial information, users should adopt a multi-layered security approach:
  2. Install mobile security software that detects and prevents phishing apps from infiltrating devices.
  3. Check app reviews before downloading; a low number of reviews may indicate a fraudulent app.
  4. Stick to official app stores like Google Play to minimize the risk of installing malicious software.
  5. Use a password manager to generate and store unique passwords for each account.
  6. Enable multifactor authentication for sensitive accounts, including banking, email, and social media, despite the evolving threats.

As Android phishing scams become more sophisticated, staying informed and implementing strong cybersecurity measures are crucial in protecting personal data from cybercriminals.

Android Latest Security Feature Protects Users from Cyber Scams

 

Google is developing a new security feature for Android that prevents users from updating sensitive settings while a phone call is in process. The in-call anti-scammer measures include prohibiting users from enabling settings to install apps from unidentified sources and providing accessibility access. The development was initially reported by Android Authority. 

Users who attempt to do so during phone calls receive the following message: "Scammers frequently request this type of action during phone calls, thus it is blocked to protect you. If you are being directed to take this activity by someone you do not know, it could be a scam.” 

Furthermore, it prevents users from granting an app access to accessibility services during a phone call. The feature is now active in Android 16 Beta 2, which was released earlier this week. With this latest update, the goal is to increase friction to a technique that malicious actors frequently utilise to propagate malware. 

These tactics, known as telephone-oriented attack delivery (TOAD), entail sending SMS messages to potential targets and encouraging them to contact a number by creating a false feeling of urgency.

Last year, NCC Group and Finland's National Cyber Security Centre (NCSC-FI) revealed that fraudsters were distributing dropper programs via SMS messages and phone calls to deceive users into installing malware like Vultr. 

The development comes after Google increased restricted settings to cover more permission categories, preventing sideloaded applications from accessing sensitive data. To combat fraud, it has also enabled the automated blocking of potentially unsafe app sideloading in markets such as Brazil, Hong Kong, India, Kenya, Nigeria, the Philippines, Singapore, South Africa, Thailand, and Vietnam. 

Sideloading the safe way 

By following certain guidelines and best practices, you can sideload apps in a safer manner. To reduce the risks of sideloading, you can take the following actions. 

Verify the source: Only download apps from reliable and trustworthy sources. Avoid downloading applications from random websites, torrents, or file-sharing services. 

Check app authenticity: Ensure that the sideloading app is the original, unaltered version from the developer. Verify the app's digital signature if possible. 

Enable unknown sources selectively: On Android, you must allow "Unknown Sources." This enables you to sideload apps. This should be switched off when not in use. 

Employ a reputable APK repository: Aptoide and APKMirror are two trustworthy third-party app stores to use when sideloading Android apps. These programs select apps and examine them for malware. 

Use mobile security software: To safeguard your smartphone from possible dangers, use a trustworthy mobile security application. Malicious sideloaded apps can also be detected by many security applications.

Millions of People's 'Intimate' Location Data Compromised in Apparent Hack

 

Major apps worldwide are potentially being exploited by rogue members within the advertising sector to collect sensitive location data extensively, which subsequently is transferred to a location data firm whose subsidiary has previously sold global location data to US law enforcement agencies. 

The thousands of apps discovered in hacked files from location data firm Gravy Analytics range from games like Candy Crush to dating apps like Tinder, pregnancy tracking, and religious prayer apps for both Android and iOS. Because much of the data collection occurs through the advertising ecosystem rather than code developed by app creators themselves, it is likely that users or even app developers are unaware of it. 

After examining some of the data, Zach Edwards, senior threat analyst at cybersecurity firm Silent Push and an avid follower of the location data space, tells 404 Media, "For the first time publicly, we seem to have proof that one of the largest data brokers selling to both commercial and government clients appears to be acquiring their data from the online advertising bid stream," instead of code embedded in the apps themselves. 

The data offers a rare peek into the realm of real-time bidding. Historically, location data providers compensated app developers to incorporate bundles of code that collected their users' location data. Numerous companies have instead moved to the advertising ecosystem, where firms bid to place ads within apps, to obtain location information. However, data brokers can listen in on that procedure and gather the location of people's mobile phones.

"This is a nightmare scenario for privacy, because not only does this data breach contain data scraped from the RTB systems, but there's some company out there acting like a global honey badger, doing whatever it pleases with every piece of data that comes its way," Edwards added. 

The hacked Gravy data includes tens of millions of mobile phone coordinates from devices in the United States, Russia, and Europe. Some of those files additionally list an app next to each piece of location data. 404 Media extracted the app names and created a list of mentioned apps. 

The list includes dating sites Tinder and Grindr; massive games like Candy Crush, Temple Run, Subway Surfers, and Harry Potter: Puzzles & Spells; transit app Moovit; My Period Calendar & Tracker, a period-tracking app with over 10 million downloads; popular fitness app MyFitnessPal; social network Tumblr; Yahoo's email client; Microsoft's 365 office app; and flight tracker Flightradar24. The list also includes a number of religious-focused apps, such as Muslim prayer and Christian Bible apps, as well as numerous pregnancy trackers and VPN apps, which some users may download, ironically, in order to safeguard their privacy.

Executives Targeted by Advanced Mobile Phishing Attacks

 

Mobile phishing attacks have continued to advance, targeting corporate executives. A report from mobile security firm Zimperium describes these attacks as highly sophisticated means of exploiting mobile devices. Thus, there is an emerging need for awareness and security measures.

How the Attacks Function

One campaign uncovered by Zimperium’s research team (zLabs) impersonated Docusign, a widely trusted e-signature platform. The attackers sent fake emails designed to look like urgent communications from Docusign. These emails urged recipients to click on a link to review an important document, playing on trust and the sense of urgency.

Initial Stage: Clicking the link redirected victims to a legitimate-looking webpage, masking its malicious intent.

Second-level Credibility: Then it led to a phishing site with a compromised university website address, which gave it a third level of credibility.

Mobile Specific Ploys: The phishing site on mobile was a Google sign-in page, created to steal login credentials. Desktop users were taken to actual Google pages to avoid detection.

Using CAPTCHA: To gain user trust, attackers added CAPTCHA verification in the phishing pages, so it resembled a real one.

Why Mobile Devices Are the Target

Mobile devices are generally less secure than traditional computers, making them a preferred target. The attackers planned well and even registered domains and SSL certificates just days before sending phishing emails. This was very hard to detect, because of the time invested in preparation.

Steps to Stay Protected

Experts advise that businesses take several steps to protect themselves from these attacks:

  • Train Employees: Educate employees, especially executives, on how to detect phishing attempts and not to click on suspicious links.
  • Mobile Security: Strengthen security on mobile devices and update policies to address emerging threats.
  • Use Advanced Tools: Implement advanced detection systems that can identify these new, highly hidden attacks.

Mika Aalto, the CEO of the security company Hoxhunt, believes that organizations should think about early prevention and equip employees with the skills to identify phishing attacks. He also advocates for better technical tools to help detect and block schemes more effectively.

Therefore, with the understanding and preparation about these threats, organizations can ensure their executives and sensitive data are protected from this mobile phishing campaign danger.

Here's Why You Need A New App After Google RCS Issue

 

Google Messages has suddenly gone haywire. After years of campaigning, the "seamless messaging" dream was finally realised, but it vanished as quickly as it arrived. Currently, the question is whether it has any prospect of ever returning. 

Like a slow-motion train crash, Google quickly appreciated Apple for its long-awaited adoption of RCS, but as soon as it went live, it was criticised for its awkward security flaw. Despite iMessage's constant praise of its end-to-end encryption, those green bubbles are still without it. 

Quick to react, Google and the GSMA said that end-to-end encryption for RCS is currently being developed. China comes along to ruin the fun, even though that might have won the day. Apple, Google, and other companies insist on end-to-end encryption since it appears that state-sponsored hackers have infiltrated US telco networks. 

Cross-platform RCS has suffered severely as a result of the FBI and CISA are now both cautioning the public to utilise encrypted platforms properly. There is no security when texting from an Android phone to an iPhone, as Samsung has warned customers. 

Google and the GSMA were quick to respond, promising that end-to-end encryption for RCS is in the works. But, although that might have won the day, China arrives to spoil the fun. It appears that state-sponsored hackers have broken into US telco networks, highlighting why Apple, Google, and others advocate for end-to-end encryption in the first place. With the FBI and CISA now warning citizens to use appropriately encrypted systems, cross-platform RCS has taken a significant knock. Even Samsung has advised consumers that texting from Android to iPhone is not secure. 

Apple has never denied that iMessage is only secure within its own walled garden. Google, not Apple, pushed for cross-platform RCS. When it finally arrived with iOS 18, Google sent out public messages about non-blurry images and other new capabilities, whereas Apple said little, if anything at all. 

So now it's up to Google Messages to pick up the pieces of this security catastrophe and figure out what to do next. How quickly can RCS be beefed up to meet the "responsible encryption" standard specified by the US government officials? Given the official warnings, how do Google and Apple encourage consumers to send basic RCS/SMS texts? How quickly will network confidence get better? 

However, with timing being everything, the ultimate impediment to that RCS train could be Apple's upcoming iPhone update—iOS 18.2. To everyone's surprise, the iMaker has chosen to provide all of its users—not just those in controlled Europe—the ability to choose their default apps. For the first time, choose an over-the-top service like WhatsApp or Signal as your primary call and message provider. 

The 2024 RCS dream has suffered a setback, though whether it has been buried beneath the waters remains to be seen. What is evident is that this benefits Meta, which owns the world's largest end-to-end encrypted messaging systems, WhatsApp and Facebook Messenger, even if they are not "responsibly" encrypted, as defined by the FBI, which requires authorised access to content when necessary. 

Google Messages customers who use that platform to text friends, family, and colleagues will now require a new app. If you don't already have WhatsApp, Messenger, or Signal, you should download them right now. WhatsApp is the clear winner, striking the ideal combination between security, functionality, and scalability. Many of the people you communicate with will already have the app installed.

In keeping with the security theme, you must take two steps to guarantee the integrity of end-to-end encryption. Start by correctly configuring WhatsApp (or a substitute). This includes passkeys when they are available and two-factor authentication. Second, make sure you avoid taking any chances when installing apps, downloading files, or clicking links. It's as if you haven't secured your stuff at all if an attacker uses malware to take over your phone or lures you into installing malicious software, regardless of the messenger you use. 

The irony for Google has continued with the announcement that Samsung is discontinuing RCS for millions of Galaxy users who are still using Samsung Messages and advising they migrate to Google Messages. The Galaxy maker told Verizon customers that "Samsung Messages will no longer support RCS after 1.6.2025." Switch to Google Messages to keep the more robust messaging you're accustomed to.”

Turn Your Phone Off Daily for Five Minutes to Prevent Hacking

 


There are numerous ways in which critical data on your phone can be compromised. These range from subscription-based apps that covertly transmit private user data to social media platforms like Facebook, to fraudulent accounts that trick your friends into investing in fake cryptocurrency schemes. This issue goes beyond being a mere nuisance; it represents a significant threat to individual privacy, democratic processes, and global human rights.

Experts and advocates have called for stricter regulations and safeguards to address the growing risks posed by spyware and data exploitation. However, the implementation of such measures often lags behind the rapid pace of technological advancements. This delay leaves a critical gap in protections, exacerbating the risks for individuals and organizations alike.

Ronan Farrow, a Pulitzer Prize-winning investigative journalist, offers a surprisingly simple yet effective tip for reducing the chances of phone hacking: turn your phone off more frequently. During an appearance on The Daily Show to discuss his new documentary, Surveilled, Farrow highlighted the pressing need for more robust government regulations to curb spyware technology. He warned that unchecked use of such technology could push societies toward an "Orwellian surveillance state," affecting everyone who uses digital devices, not just political activists or dissidents.

Farrow explained that rebooting your phone daily can disrupt many forms of modern spyware, as these tools often lose their hold during a restart. This simple act not only safeguards privacy but also prevents apps from tracking user activity or gathering sensitive data. Even for individuals who are not high-profile targets, such as journalists or political figures, this practice adds a layer of protection against cyber threats. It also makes it more challenging for hackers to infiltrate devices and steal information.

Beyond cybersecurity, rebooting your phone regularly has additional benefits. It can help optimize device performance by clearing temporary files and resolving minor glitches. This maintenance step ensures smoother operation and prolongs the lifespan of your device. Essentially, the tried-and-true advice to "turn it off and on again" remains a relevant and practical solution for both privacy protection and device health.

Spyware and other forms of cyber threats pose a growing challenge in today’s interconnected world. From Pegasus-like software that targets high-profile individuals to less sophisticated malware that exploits everyday users, the spectrum of risks is wide and pervasive. Governments and technology companies are increasingly being pressured to develop and enforce regulations that prioritize user security. However, until such measures are in place, individuals can take proactive steps like regular phone reboots, minimizing app permissions, and avoiding suspicious downloads to reduce their vulnerability.

Ultimately, as technology continues to evolve, so too must our awareness and protective measures. While systemic changes are necessary to address the larger issues, small habits like rebooting your phone can offer immediate, tangible benefits. In the face of sophisticated cyber threats, a simple daily restart serves as a reminder that sometimes the most basic solutions are the most effective.

Chrome Extensions Continue to Pose a Threat, Even With Google's Manifest V3

 

Users have always found browser extensions to be a useful tool for increasing productivity and streamlining tasks. They have, however, become a prime target for malicious actors attempting to exploit flaws, impacting both individual users and companies. 

Despite efforts to boost security, several of these extensions have found ways to exploit vulnerabilities in Google's latest extension framework, Manifest V3 (MV3). SquareX's recent research explained how these rogue extensions can continue to evade crucial security protections, exposing millions of users to risks such as data theft, malware, and unauthorised access to sensitive information. 

Google has always had troubles with Chrome addons. In June 2023, the company had to manually remove 32 vulnerable extensions that had been installed 72 million times before being removed. 

Google's previous extension framework, Manifest Version 2 (MV2), was notoriously unstable. It frequently granted excessive rights to extensions and allowed scripts to be introduced without user knowledge, making it less complicated for cybercriminals to steal data, access sensitive information, and install malware.

In response, Google launched Manifest V3, which intended to improve security by limiting permissions and requiring extensions to declare their scripts in advance. While MV3 was supposed to address the vulnerabilities found in MV2, SquareX's study indicates that it falls short in important areas. 

Malicious extensions built on MV3 can still circumvent security measures and grab live video streams from collaboration services such as Google Meet and Zoom Web without requiring specific permission. They can even add unauthorised contributors to private GitHub repositories and send users to phishing pages masquerading as password managers. 

Furthermore, these malicious extensions, like their MV2 counterparts, can access browser history, cookies, bookmarks, and download history by displaying a fake software update pop-up that dupes users into downloading the malware. 

Once the malicious extension is installed, individuals and businesses are unable to notice its activity, leaving them vulnerable. Endpoint protection, Secure Access Service Edge (SASE), and Secure Web Gateways (SWG) are examples of security solutions that cannot dynamically assess potential risks in browser extensions. 

SquareX has created a number of solutions targeted at enhancing browser extension security in order to address these issues. Their strategy includes customised rules that let administrators choose which extensions to accept or ban depending on user ratings, reviews, update history, and extension permissions.

This system can prevent network requests from extensions in real time using policies, machine learning insights, and heuristic analysis. Additionally, SquareX is experimenting with dynamic analysis of Chrome extensions using a customised Chromium browser on its cloud server, which will provide greater insights into the behaviour of potentially malicious extensions.

Apple Patches VoiceOver Flaw That Could Read Passwords Aloud

 

Recently, Apple fixed a serious flaw in its VoiceOver feature that caused privacy concerns for users of iPhones and iPads. The bug, known as CVE-2024-44204, allowed the VoiceOver accessibility tool to read saved passwords aloud, a serious concern for users who rely on this ability to use their devices without visual assistance. 

The flaw was identified in Apple's native password management tool, introduced in iOS 18.0. It impacted multiple models, including iPhones from the XS series and later, as well as some iPads. This issue was especially alarming for customers who kept sensitive information in their password manager. 

Although the VoiceOver feature is turned off by default, users who enabled it for accessibility reasons were at risk. Fortunately, Apple addressed the issue in the iOS 18.0.1 update by enhancing the logic that governs how VoiceOver interacts with saved passwords. 

In addition to the VoiceOver issue, Apple addressed another issue (CVE-2024-44207) with audio messages, in which iPhone 16 series devices might begin recording audio before users were aware, providing an additional privacy concern. While neither vulnerability was remotely exploitable, they were significant enough to warrant quick patches to safeguard user data. 

Cybersecurity experts have complimented Apple for quickly fixing the issues and emphasising the significance of updating devices to the most recent software versions to avoid any misuse of these vulnerabilities. Users are recommended to apply the iOS 18.0.1 update as soon as possible to prevent any potential risks. 

These updates highlight how crucial it is for companies and individuals using iPhones for sensitive work to stay up-to-date with security upgrades, especially since accessibility capabilities can occasionally be exploited in unintended ways.

TrickMo Android Trojan Abuses Accessibility Services for On-Device Financial Scam

 

Cybersecurity experts discovered a new form of the TrickMo banking trojan, which now includes advanced evasion strategies and the ability to create fraudulent login screens and steal banking credentials. 

This sophisticated malware employs malicious ZIP files and JSONPacker to obstruct analysis and detection efforts. TrickMo, discovered by CERT-Bund in September 2019, has a history of targeting Android smartphones, with a special focus on German users, in order to acquire one-time passwords (OTPs) and other two-factor authentication (2FA) credentials for financial fraud. The trojan is believed to be the work of the now-defunct TrickBot e-crime gang, which is known for constantly enhancing its obfuscation and anti-analysis features. 

Screen recording, keystroke logging, SMS and photo harvesting, remote control for on-device fraud, and exploiting Android's accessibility services API for HTML overlay attacks and device gestures are some of the main capabilities of the TrickMo version. In addition, the malware could automatically accept permissions, handle notifications to steal or conceal login codes, and intercept SMS messages.

A malicious dropper app that mimics the Google Chrome web browser is used to spread the malware. Users are prompted to upgrade Google Play Services upon installation. In the case that the user agrees, an APK with the TrickMo payload is downloaded and set up pretending to be "Google Services." Next, the user is prompted to allow this program to use accessibility features, which gives them full control over the device. 

TrickMo can use accessibility services to disable critical security features, stop system upgrades, and hinder app uninstallation. Misconfigurations in the malware's command-and-control (C2) server made 12 GB of sensitive data, including credentials and photos, available without authentication. 

This exposed data is vulnerable to exploitation by other threat actors for identity theft, unauthorised account access, financial transfers, and fraudulent transactions. The security breakdown highlights a severe operational security failure by the threat actors, increasing the risk to victims. The exposed private data can be utilised to create convincing phishing emails, resulting in additional information disclosure or malicious acts.

Novel Android Malware Employs OCR to Steal Crypto Wallet Keys From Images

 

A novel mobile malware operation dubbed SpyAgent has surfaced targeting Android device users in South Korea. According to an investigation by McAfee Labs researcher SangRyol Ryu, the malware "targets mnemonic keys by scanning for images on your device that might contain them," and it has expanded its targeting footprint to include the UK.

The campaign uses fake Android apps to deceive users into installing them. These apps seem like real banking, government, streaming, and utility apps. As many as 280 fake apps have been uncovered since the start of the year.

It all begins with SMS messages with booby-trapped links directing users to download the apps in question in the form of APK files published on fraudulent websites. Once installed, they will request intrusive permissions to extract data from the devices. 

The most prominent feature is its ability to employ optical character recognition (OCR) to steal mnemonic keys, which are recovery or seed phrases that allow users to restore access to their bitcoin wallets. Unauthorised access to the mnemonic keys could allow attackers to gain control of the victims' wallets and drain all of the funds stored in them. 

According to McAfee Labs, the command-and-control (C2) infrastructure had major security flaws that permitted unauthorised access to the site's root directory as well as the exposure of victim data. 

The server also has an administrator panel, which serves as a one-stop shop for remotely controlling the infected devices. The appearance of an Apple iPhone running iOS 15.8.2 with the system language set to Simplified Chinese ("zh") in the panel indicates that it may also target iOS users. 

"Originally, the malware communicated with its command-and-control (C2) server via simple HTTP requests," the researchers explained. "While this method was effective, it was also relatively easy for security tools to track and block." "In a significant tactical shift, the malware has now adopted WebSocket connections for its communications. This upgrade allows for more efficient, real-time, two-way interactions with the C2 server and helps it avoid detection by traditional HTTP-based network monitoring tools.” 

The finding comes a little more than a month after Group-IB disclosed another Android remote access trojan (RAT) known as CraxsRAT, which has been targeting Malaysian banking users since at least February 2024 via phishing websites. It's worth noting that CraxsRAT campaigns have already been found to target Singapore by April 2023.

Security Analysts Observe Massive Surge in Telegram App Downloads Following Durov Arrest

 

The arrest of Telegram creator and CEO Pavel Durov in France is beginning to have an influence on the app's popularity and position.

The founder was arrested last month for allegedly allowing illicit practices to thrive on the social media platform by failing to properly monitor posts, particularly in drug trafficking, money laundering, and the spread of child sexual abuse material (CSAM). 

Despite concerns regarding the app's content, Telegram is now experiencing a spike in downloads, propelling it to the No. 2 spot on the U.S. App Store's Social Networking charts and increasing global iOS downloads by 4%. 

After Durov's arrest, Telegram took some time to rise. This might be the case because a lot of individuals found out about the news only after reading the stories they had missed over the weekend, or because third-party sources of app store intelligence take a little longer to report changes in rankings. 

According to Appfigures, an app intelligence company, Telegram didn't rise to the No. 2 spot on the Social Networking charts on the U.S. App Store until 3 a.m. EST on Monday, suggesting that the app is just now starting to gain traction. The app had already fallen to No. 3 in Social in the U.S. as of the time of publication, so it might only be a temporary boost.

However, the app shot to the top of the App Store's Social Networking category and rose to become the third most popular app overall in France, the country where Durov was arrested. After climbing ten spots since Friday, Telegram now stands at No. 8 in the top apps chart (which does not include games). Appfigures stated that this is the highest position it has held here since at least January 1, 2023. Apple often uses a combination of measures, including download velocity and app install count, to determine app store rankings.

Nevertheless, the cliché "any press is good press" appears to hold true, at least in terms of Telegram's exposure on the App Store. As consumers downloaded the app out of curiosity — or possibly to support the founder's views about "free speech" — it began to rise in the rankings.

Here's How to Safeguard Yourself Against Phone Scams

 

Sophisticated phone scams are becoming more common and more relentless. The numbers are mind-boggling. According to the FTC, impostor fraudsters cost US consumers $2.7 billion in 2023, and the figure is rising year after year. 

These are merely the listed losses; many people who have been duped are embarrassed and refuse to acknowledge they fell for such a scam. You may believe that you will not be misled, yet many of those who are duped thought this before the incident. 

Scammers have refined their strategies to sound trustworthy and legitimate, and AI is just making matters worse. When combined with the strain or situation, it only takes a few moments to fall for it. 

The best defence against phone scams is to be prepared to face them, as they are likely to occur at some point. We've compiled a list of some of the most popular phone scams in 2024 and how to prevent them.

AI-powered scams

The most obvious example of fraudsters exploiting new technology to power existing scams is artificial intelligence (AI). For instance, scammers might use AI to: 

  • Generate more convincing and genuine sounding phishing emails and text messages. 
  • Create deepfakes of celebrities to lure victims into thinking they're investing in a good company or project.
  • Impersonate an employer and ask for private information. 

Student loan forgiveness scams 

The back-and-forth adjustments in student loan forgiveness create an ideal scenario for scammers. Fraudsters know that individuals want to believe that their student loans will be forgiven, and they will use this need for personal benefit.

For example, scammers may call you or set up fake application sites to steal your Social Security number or bank account information. They may put pressure on their victims by sending bogus urgent messages encouraging them to seek debt relief "before it's too late." Then they will charge you a high application fee. In reality, this is a scam.

Zelle scams

Scammers are using Zelle, a peer-to-peer payment tool, to steal people's money. The fraudster might email, text, or contact you, claiming to work for your bank or credit union's fraud department. They'll claim that a thief intended to steal your money via Zelle and that they need to walk you through "fixing" the issue. 

Subsequently, fraudsters may advise you to pay the money to yourself, but the funds will actually go to their account. Starting in mid-2023, Zelle began refunding victims of some frauds. However, you may not always be eligible for reimbursement, so be aware of these financial frauds. 

Prevention tips 

Avoid clicking on unknown links: Whether the link arrives in your email, a text or a direct message, never click on it unless you're certain the sender has good intentions. If the message says it's from a company or government agency, call the firm using a number that you look up on your own to confirm its legitimacy. 

Be skeptical: Scammers can spoof calls and emails to appear to be from a number of sources, including government institutions, charities, banks, and major companies. Do not provide any personal information, usernames, passwords, or one-time codes that others could use to gain access to your accounts or steal your identity. 

Don't refund or forward overpayments: Beware whenever a company or person asks you to refund or forward part of a payment. Often, the original payment will be fraudulent and taken back later. Following simple safety precautions and reviewing the most recent scam alerts might help you stay safe. However, mistakes might occur, especially when you are stressed or overwhelmed.

Worried About Cash App Breach? These Three Steps Can Keep Your Financial Data Safe

 

You're not alone if the most recent Cash App data hack made you nervous. In 2022, the parent company of Block, the peer-to-peer payment platform, failed to prevent unauthorised access to Cash App customer accounts. 

Cash App agreed to a $15 million class action settlement in exchange. Even though it was an internal change, users' concerns about the app's security were not allayed, despite the fact that it was a positive step. To learn more about how to better defend themselves, users urged the cybersecurity specialists to provide some safety tips.

“One of the biggest problems with money apps like this is their popularity,” stated Neal O’Farrell, a digital security expert and CNET Money expert review board member. “Hackers follow the crowds, and the more people use these apps, the more time criminals will spend trying to exploit them.” 

Cash App actually includes an array of security safety features. The difficulty is that, while they can help you avoid fraudsters, they cannot always keep your data secure. O'Farrell observed that even the finest privacy safeguards can be undermined by an insider with access, as happened in the Cash App case. Whether you wish to avoid financial frauds on Cash App or protect your sensitive information after it has been disclosed, here are three security procedures you should take in addition to claiming any settlement money you are owed.

Secure your sign-on 

By default, Cash App makes signing in much safer by sending a code to your email address or phone number each time you log in. But there's a catch: after logging in, you must manually sign out of your account; otherwise, you can access your account from your phone without a code. I've signed out and signed back in without a code, which could be a concern if someone gains access to your phone and the app.

To be on the safe side, experts recommend logging out once you've finished completing transactions. You can add two-factor authentication as a second layer of account security, but you'll need to download a separate app, such as Google Authenticator. 

Don’t send money to strangers

From romance scams to tax scams, there are numerous ways for perpetrators to trick you into sending money using Cash App or other payment apps. Experts recommended not to send money to strangers and always double-checking their phone number or email address before sending. If you mistakenly send money to the wrong person or discover you were scammed on a Cash App, banks will often refuse to refund your money.

O'Farrell advises being wary of any messages you receive via payment apps. He frequently sees scams in which someone poses as a friend and asks for money or claims you owe them money. Others may attempt to steal access to your app and money by requesting that you verify your security code so that they can resolve a security issue with your account.

A few things can help you figure out who you're giving money to. Cash App's Incoming Requests option, available under the Security & Privacy menu, will only allow you to give money to a specific contact rather than everyone else on the app. You can also prevent people from finding your Cash App account by disabling the "$CashTag Cash.app" option in the same security page. 

Monitor your transaction activity 

Beyond data security, it's critical to monitor your account's behaviour. To receive text messages and emails about your transactions, enable push alerts under Cash App's 'Notifications' option. This allows you to track all of your payment activities and keep an eye out for anything odd.

T-Mobile Customers Alarmed by Unfamiliar Support Links, But They Are Legitimate

 

T-Mobile customers have recently raised concerns after receiving unusual-looking links from the company’s support channels, leading to fears of potential phishing scams. However, investigations have confirmed that these links are legitimate, though their appearance and unfamiliar origin have caused some confusion. The Mobile Report has revealed that T-Mobile’s support teams, including T-Force, the social media support team, are now utilizing a third-party service called Khoros to manage secure forms for customers. This change has led to the use of links with unfamiliar domain names, which naturally appear suspicious to users. 

For instance, one customer was directed to a “Handset Upgrade Form” through a link that, at first glance, seemed questionable. T-Mobile employees have assured The Mobile Report that these links are indeed authentic and part of a new procedure aimed at handling sensitive customer information more securely. In the past, T-Mobile hosted similar forms directly on its own servers using a T-Mobile domain, which customers were familiar with. The shift to an external platform, particularly one that customers do not recognize, has understandably caused some concern and confusion among users. 

Adding to the unease is the fact that Khoros, the company now hosting these forms, describes itself as a platform that uses AI and automation to analyze large amounts of data. While this approach is standard for many data-driven companies, it raises questions about the potential risks involved in sharing sensitive information with third-party services, especially when customers are not fully informed about the transition. Despite the legitimacy of these links in this instance, it is always wise for customers to exercise caution when dealing with unfamiliar links, even if they appear to originate from a trusted source. Phishing scams often rely on the use of seemingly legitimate links to deceive users into disclosing sensitive information. 

As a precaution, customers are advised to contact T-Mobile directly through official channels to verify the authenticity of any communication they receive, particularly when it involves providing personal or financial information. While T-Mobile’s new process using Khoros is legitimate, the lack of clear communication regarding the change has led to understandable concerns among customers. As always, caution and verification remain key to ensuring online safety, particularly when dealing with unexpected or unfamiliar links.

The Concerning Rise of AI “Undressing” Apps: A Violation of Privacy and Ethics

 

Today, AI can help with a variety of tasks, like making personalised food plans and offering dating advice, as well as fixing image flaws and optimising workflow.

However, AI technology has also opened the door to more controversial apps, such as AI nude generators used for AI undressing. AI undressing is becoming increasingly popular as a result of rapid technical breakthroughs and the interest it generates. These apps use deep learning algorithms to analyse and edit images, successfully removing clothing from photographs. 

Nevertheless, the usage of these apps raises serious legal and ethical concerns. Many of these apps have the potential to infringe private rights and be used maliciously, which could result in legal consequences. Responsible use of AI undressing apps is critical, but the potential for abuse and the difficulties of regulation remain significant hurdles.

In Israel, for example, there have been debates about implementing regulations similar to those governing revenge pornography, which would criminalise the unauthorised use of AI undressing apps. In addition, Israeli tech businesses and academic institutions are creating educational courses and guidelines to promote the appropriate use of AI. These initiatives aim to mitigate the negative effects of applications such as AI undressing while upholding ethical standards in technology use. 

One of the most pressing challenges concerning AI-powered undressing apps is whether they can be used properly. This is a complex subject that ultimately depends on individual notions of right and wrong, as well as the willingness to take the required measures to safeguard oneself and others from the possible harms that these apps can generate. 

The appropriate use of such technology necessitates a thorough awareness of its ramifications as well as a commitment to ethical principles. As AI evolves, it is critical for society to strike a balance between innovation and ethical responsibility. It is critical to ensure that technological breakthroughs are used to improve our lives while maintaining our values and safety. 

This includes establishing strong legal frameworks, raising awareness and educating about the risks, and cultivating an ethical AI culture. By doing so, we can maximise the benefits of AI while minimising its potential risks, resulting in a safer and more responsible technological landscape for everybody.

Here's Why You Shouldn't Use Public USB Charging Ports

 

We've all been there: stranded in a coffee shop with a dropping phone battery and no connector, only to find a free USB charging station nearby. Relieved, you plug in your device and go about your business, unaware that a potential threat lurks behind that seemingly benign USB port. 

That concern is "juice jacking," a cybersecurity vulnerability that has received enough attention in recent years to warrant an advisory from the FBI. So, what exactly is juice jacking and how risky is it? Here's all you need to know, along with some recommendations for keeping your mobile devices safe while charging on the road. 

What is juice-jacking? 

Juice-jacking is when hackers siphon your phone's data while it is charging. It achieves this using software placed in a kiosk that allows you to quickly charge your phone, or through a cable connected to a charging station. It can do this by plugging the USB charger directly into the socket. USBs, unlike two-pronged plugs, may transmit data as well as electricity. 

The methodology is similar to how a "skimmer" steals your bank or credit card information; however, juice-jacking has the potential to collect all of the data on your cell phone, including passwords, account information, contacts, emails, and so on. While this form of hacking is not yet widespread, it has the potential to become so. However, there are techniques to defend yourself from this type of hack. 

Prevention Tips 
  • Do not plug your phone directly into a USB charging port. Keep your data secure by using a 2-prong electrical charger.
  • Don't use the provided cord or someone else's 2-prong attachment since it might contain software designed to steal your information. 
  • Use a "sync stop" device to prevent attackers from accessing your phone. When charging your phone, leave it locked or switched off. 
  • Most phones cannot access your information while locked or switched off. Don't rely on others; bring your own personal power bank to charge your mobile device. 

When your phone's battery goes low in the airport, hotel, or coffee shop, be sure you're prepared to give it the power it requires without leaving you powerless.