By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

An Android malware strain camouflaged as a system app is used by threat actors to disable the Google Play Protect service, generate fake reviews, install malicious apps, show ads, and more. The heavily obfuscated malware dubbed Trojan-Dropper.AndroidOS.Shopper.a uses a system icon and the ConfigAPKs name which closely resembles the name of a legitimate Android service responsible for app configuration the first time a device is booted. "Trojan-Dropper.AndroidOS.Shopper.a was most widespread in Russia, where the largest share of infected users (28.46%) was recorded in October – November 2019," Kaspersky Lab researcher Igor Golovin said. "Second place went to Brazil (18.70%) and third to India (14.23%)." Once it infects a victim's Android device, the malware downloads and decrypts the payload, then goes straight to information harvesting, collecting device info such as country, network type, vendor, smartphone model, email address, IMEI, and IMSI. All this data is then exfiltrated to the operators' servers which will send back a series of commands to be run on the infected smartphone or tablet. The attackers will utilize the Shopper.a Trojan to boost other malicious apps' ratings on the Play Store, post fake reviews on any apps' entries, install other apps from the Play Store or third-party app stores under the cover of an "invisible" window. All this is done by abusing the Accessibility Service, a known tactic used by Android malware to perform a wide range of malicious activities without needing user interaction [1, 2, 3, 4]. If it has no permissions to access the service, the Trojan will use phishing to get them from the compromised device's owner. "The lack of installation rights from third-party sources is no obstacle to the Trojan — it gives itself the requisite permissions through Accessibility Service," Kaspersky Lab researcher Igor Golovin explained. "With permission to use it, the malware has almost limitless possibilities for interacting with the system interface and apps. For instance, it can intercept data displayed on the screen, click buttons, and emulate user gestures." "Cybercriminals use Trojan-Dropper.AndroidOS.Shopper.a to boost certain app’s rating and increase the number of installations and registrations," Golovin added. "All this can be used, among other things, to dupe advertisers. What’s more, the Trojan can display advertising messages on the infected device, create shortcuts to ad sites, and perform other actions."Get the full scoop by visiting OUR Forum.

Apple scans photos to check for child sexual abuse images, an executive has said, as tech companies come under pressure to do more t. o tackle the crime. Jane Horvath, Apple’s chief privacy officer, said at a tech conference that the company uses screening technology to look for illegal images. The company says it disables accounts if Apple finds evidence of child exploitation material, although it does not specify how it discovers it. Apple has often clashed with security forces and authorities, refusing to break into criminals’ phones and applying encryption to its messaging app in the name of protecting its users’ privacy. Speaking at the Consumer Electronics Show in Las Vegas, Ms. Horvath said removing encryption was “not the way we’re solving these issues” but added: “We have started, we are, utilizing some technologies to help screen for child sexual abuse material.” An Apple spokesman pointed to a disclaimer on the company’s website, saying: “Apple is dedicated to protecting children throughout our ecosystem wherever our products are used, and we continue to support innovation in this space. “As part of this commitment, Apple uses image-matching technology to help find and report child exploitation. Much like spam filters in email, our systems use electronic signatures to find suspected child exploitation. “Accounts with child exploitation content violate our terms and conditions of service, and any accounts we find with this material will be disabled.” The company did not elaborate on how it checks for child abuse images, but many tech companies use a filtering system called PhotoDNA, in which images are checked against a database of previously identified images using a technology known as “hashing”. The technology is also used by Facebook, Twitter, and Google. Apple made a change to its privacy policy last year that said it may scan images for child abuse material. Ms. Horvath defended Apple’s decision to encrypt iPhones in a way that makes it difficult for security services to unlock them after the FBI raised the prospect of another clash with the company by asking it to unlock an iPhone allegedly owned by a dead gunman who killed three people at a naval base in Florida last month. “End to end encryption is critically important to the services we come to rely on…. health data, payment data. Phones are relatively small they get lost and stolen. More posted on OUR FORUM.

In the days after the US government said it would bar Huawei Technologies Co from buying vital American components, the Chinese company’s founder, Ren Zhengfei, pulled together an emergency meeting of his top lieutenants at headquarters in Shenzhen. In a large conference room, the billionaire asked for a report from the head of each business unit on how they would be affected by the Trump administration’s ban, which blocks US companies from supplying everything from semiconductors to the software. Their assessments were dire. "We thought we had lost the world,” said Will Zhang, who attended as president of corporate strategy. It turns out they were far too pessimistic. Huawei recorded an 18% rise in sales to a new high of 850bil yuan (RM500.52bil) last year, although that was down from about 23% in the first half and missed its own internal targets. Company projections for 2020 are similar. Huawei holds the enviable position of being the world’s largest supplier of communications equipment to telecom operators and the largest smartphone maker globally after Samsung Electronics Co. Huawei isn’t just surviving; it’s actually thriving in some areas. The question is for how long. Last week, executives warned in a New Year’s memo that survival itself is a priority, urging employees to brace for a difficult 2020. Inventories stockpiled months in advance of the May blacklisting are drying up. The company can no longer count on momentum alone to drive the business, Rotating Chairman Eric Xu warned. How Huawei survived the US blacklisting could prove a case study in unintended consequences and a vast shift underway in global IT production. Huawei is a big customer for all of its suppliers, and a few actually cut ties after the blacklisting. Others lost out to rivals in Japan and South Korea. But American companies with extensive global operations, including Microsoft Corp and chipmaker Micron Technology Inc, found legal ways around the ban, leaning on the production outside the US so Huawei-destined products wouldn’t be hit. Huawei itself put armies of engineers to work redesigning products to reduce its reliance on American parts. Trump’s attack also had surprising implications for Huawei’s brand. A few countries, like Australia, agreed with the US president’s assessment and barred its equipment from their networks. But in the rest of the world, Huawei’s name recognition soared. After laboring in obscurity for decades, the maker of digital piping was suddenly front-page news everywhere. Beyond the US and its close allies, telecom operators wanted to find out what all the fuss was about. In China, consumers and carriers rallied to Huawei’s side in response to what they saw as unfair persecution, driving a sales boom. The Trump sanctions in some ways validated Huawei’s ability to develop cutting-edge technology, from fifth-generation networking gear to AI chips. Follow this in-depth on OUR FORUM.

Several major Microsoft products will reach their end of support during 2020, with Office 2010, Visual Studio 2010, Windows 7, Windows Server 2008 (including 2008R2), and multiple Windows 10 versions including 1803 and 1903 being some of the most important ones. For products that have reached their end of support, Microsoft stops providing bug fixes for issues that are discovered, security fixes for newly found vulnerabilities, or technical support. Customers who still use end of service software are advised by Redmond to upgrade as soon as possible to the latest on-premise or cloud version to keep their systems secure and bug-free. However, as Microsoft says on its support website, "For customers requiring more time to move to the latest product, the Extended Security Update (ESU) program is available for certain legacy products as a last resort option. The ESU program provides security updates only for up to 3 years, after the End of Support date. Contact your account manager, partner or device manufacturer for more information." "Modern Lifecycle Policy covers products and services that are serviced and supported continuously" according to Redmond's support site with the company providing a minimum of 12 months' notification before ending support if no replacement product or service is available. According to Microsoft, a very long list of products governed by the company's Fixed Policy will also reach their end of support in 2020. "Fixed Lifecycle Policy applies to many products currently available through retail purchase or volume licensing," says Microsoft. This policy provides customers with at least 10 years of support (a minimum of 5 years of Mainstream Support followed by 5 years of Extended Support), with some exceptions. Besides the long list of products being retired, there are also many of them that will move to Extended Support from Mainstream Support in 2020. "Extended Support lasts for a minimum of 5 years and includes security updates at no cost, and paid non-security updates and support," says Microsoft. "Additionally, Microsoft will not accept requests for design changes or new features during the Extended Support phase." More in-depth details along with links, and detailed lists can be found on OUR FORUM.

Microsoft has been warning us that this day would come. And now, it’s almost here. Windows 7 end of life lands on January 14, 2020. After that deadline, Windows users running older versions of the desktop operating system will face a difficult choice – cough-up for a hefty bill to upgrade to Windows 10 or brace themselves for some dangerous risks on their home PC. By ending support for the aging Windows 7 operating system, which was first launched back in July 2009, Microsoft will stop rolling-out updates with new features, security updates or protections against malware. That means any issues with the software – or any new vulnerabilities discovered by cybercriminals – can be leveraged from indefinitely. Less serious, perhaps – but this also means any annoying bugs or glitches that crop-up will also be immortalized in the operating system. If you’d like to benefit from the latest security protections and anti-virus solutions from Microsoft, you’ll have to update your machine to an operating system the Redmond-based company does support – namely, Windows 10. Although Microsoft has offered free upgrades to users running official versions of its operating systems in the past, that’s not possible at the moment. We’ve heard from a number of loyal readers who swear there are still ways to upgrade to Windows 10 from Windows 7 for free using tools provided by Microsoft, however representatives from Microsoft tell us that its no-cost upgrade offer expired on July 29, 2016, and there is no officially sanctioned way to update your machine without paying. The firm also says that for the vast majority of Windows 7 users, moving to a new device with Windows 10 preinstalled is the recommended path – not upgrading the operating system on the older hardware. "Today’s PCs are faster, lightweight yet powerful, and more secure, with an average price that’s considerably less than that of the average PC over nine years ago," Microsoft said in an email sent to us. If you’re still pretty fond of your old computer and don’t like the idea of upgrading the hardware simply to ensure that Microsoft supports the operating system that you’re using – it could be a costly update. Further details are posted on OUR FORUM.

Microsoft sued a cyber-espionage group with North Korean links tracked as Thallium for breaking into its customers' accounts and networks via spear-phishing attacks with the end goal of stealing sensitive information, as shown by a complaint unsealed on December 27. "To manage and direct Thallium, Defendants have established and operate a network of websites, domains, and computers on the Internet, which they use to target their victims, compromise their online accounts, infect their computing devices, compromise the security of their networks, and steal sensitive information from them," Microsoft's complaint says]. The lawsuit was filed by Microsoft on December 18 in the U.S. District Court for the Eastern District of Virginia, as first reported by Bloomberg Law's Blake Brittain. According to Microsoft, Thallium targets both public and private industry targets and it has been observed while previously attacking "government employees, organizations and individuals that work on Nuclear Proliferation issues, think tanks, university staff members, members of organizations that attempt to maintain world peace, human rights organizations, as well as many other organizations and individuals." The North Korean hackers are also believed to have been active since at least 2010 according to Redmond's complaint, and it is known for being behind spear-phishing attacks they operate via legitimate services such as Gmail, Yahoo, and Hotmail. A list of 50 domains used by Thallium in their attacks is available in Appendix A of Microsoft's complaint against the hacking group. Netscout's ATLAS Security Engineering & Response Team (ASERT) also tracks one of the North Korean hacking group's campaigns as STOLEN PENCIL. According to Netscout, the hackers' STOLEN PENCIL APT campaign has been targeting academic institutions since at least May 2018 in spear-phishing attacks with the end goal of stealing credentials. Based on several shared resources, Palo Alto Networks' Unit42 also linked Thallium's STOLEN PENCIL campaign with a malware dubbed BabyShark and delivered as part of a spear-phishing campaign focused "on gathering intelligence related to Northeast Asia’s national security issues," starting with November 2018. "Well-crafted spear-phishing emails and decoys suggest that the threat actor is well aware of the targets, and also closely monitors related community events to gather the latest intelligence," Unit42 said. Follow the link to OUR FORUM for more.

 

Translate