Connect with us

Biz & IT

Google brings Chrome OS Instant Tethering to more Chromebooks and phones

Published

on

Tethering your laptop and phone can be a bit of a hassle. Google’s Chrome OS has long offered a solution called Instant Tethering that makes the process automatic, but so far, this only worked for a small set of Google’s own Chromebooks and phones, starting with the Nexus 6. Now Google is officially bringing this feature to a wider range of devices after testing it behind a Chrome OS flag for a few weeks. With this, Instant Tethering is now available on an additional 15 Chromebooks and more than 30 phones.

The promise of Instant Tether is pretty straightforward. Instead of having to turn on the hotspot feature on your phone and then manually connecting to the hotspot from your device (and hopefully remembering to turn it off when you are done), this feature lets you do this once during the setup process and then, when the Chromebook doesn’t have access to a Wi-Fi network, it’ll simply create a connection to your phone with a single click. If you’re not using the connection for more than 10 minutes, it’ll also automatically turn off the hotspot feature on the phone, too.

Tethering, of course, counts against your cell plan’s monthly data allotment (and even most “unlimited” plans only feature a limited number of GB for tethering), so keep that in mind if you decide to turn on this feature.

You can find the full list of newly supported devices, which include many of today’s most popular Android phones and Chromebooks, below.

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

Android malware can factory-reset phones after draining bank accounts

Published

on

Getty Images

A banking-fraud trojan that has been targeting Android users for three years has been updated to create even more grief. Besides draining bank accounts, the trojan can now activate a kill switch that performs a factory reset and wipes infected devices clean.

Brata was first documented in a post from security firm Kaspersky, which reported that the Android malware had been circulating since at least January 2019. The malware spread primarily through Google Play but also through third-party marketplaces, push notifications on compromised websites, sponsored links on Google, and messages delivered by WhatsApp or SMS. At the time, Brata targeted people with accounts from Brazil-based banks.

Covering its malicious tracks

Now Brata is back with a host of new capabilities, the most significant of which is the ability to perform a factory reset on infected devices to erase any trace of the malware after an unauthorized wire transfer has been attempted. Security firm Cleafy Labs, which first reported the kill switch, said other features recently added to Brata include GPS tracking, improved communication with control servers, the ability to continuously monitor victims’ bank apps, and the ability to target the accounts of banks located in additional countries. The trojan now works with banks located in Europe, the US, and Latin America.

“First discovered targeting Brazilian Android users in 2019 by Kaspersky, the remote access trojan (RAT) has been updated, targeting more potential victims and adding a kill switch to the mix to cover its malicious tracks,” researchers from security firm Zimperium said in a post confirming Cleafy’s findings. “After the malware has infected and successfully conducted a wire transfer from the victim’s banking app, it will force a factory reset on the victim’s device.”

This time around, there’s no evidence that the malware is being spread through Google Play or other official third-party Android stores. Instead, Brata propagates through phishing text messages disguised as banking alerts. The new capabilities are circulating in at least three variants, all of which went almost completely undetected until Cleafy first discovered them. The stealth is at least partly the result of a new downloader used to distribute the apps.

Besides the kill switch, Brata now seeks permission to access the locations of infected devices. While Cleafy researchers said they didn’t find any evidence in the code that Brata is using location tracking, they speculated that future versions of the malware may start availing itself of the feature.

The malware also has been updated to maintain a persistent connection with the attacker’s command and control server (or C2) in real time using a websocket.

“As shown in Figure 17 [below], the webSocket protocol is used by the C2 that sends specific commands that need to be executed on the phone (e.g, whoami, byebye_format, screen_capture, etc.),” Cleafy researchers wrote. “As far as we know, the malware (on connection perspective) is in a waiting state most of the time, until the C2 issues commands instructing the app for the next step.”

Cleafy Labs

The new capabilities underscore the ever-evolving behavior of crimeware apps and other kinds of malware as their authors strive to increase the apps’ reach and the revenues they generate. Android phone users should remain wary of malicious malware by limiting the number of apps they install, ensuring apps come only from trustworthy sources, and installing security updates quickly.

Continue Reading

Biz & IT

A bug lurking for 12 years gives attackers root on every major Linux distro

Published

on

Linux users on Tuesday got a major dose of bad news—a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running any major distribution of the open source operating system.

Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes. It provides a mechanism for nonprivileged processes to safely interact with privileged processes. It also allows users to execute commands with high privileges by using a component called pkexec, followed by the command.

Trivial to exploit and 100 percent reliable

Like most OSes, Linux provides a hierarchy of permission levels that controls when and what apps or users can interact with sensitive system resources. The design is intended to limit the damage that can happen if the app is hacked or malicious or if a user isn’t trusted to have administrative control of a network.

Since 2009, pkexec has contained a memory-corruption vulnerability that people with limited control of a vulnerable machine can exploit to escalate privileges all the way to root. Exploiting the flaw is trivial and, by some accounts, 100 percent reliable. Attackers who already have a toehold on a vulnerable machine can abuse the vulnerability to ensure a malicious payload or command runs with the highest system rights available. PwnKit, as researchers are calling the vulnerability, is also exploitable even if the Polkit daemon itself isn’t running.

PwnKit was discovered by researchers from security firm Qualys in November and was disclosed on Tuesday after being patched in most Linux distributions.

In an email, Qualys Director of Vulnerability Threat Research Bharat Jogi wrote:

The most likely attack scenario is from an internal threat where a malicious user can escalate from no privileges whatsoever to full root privileges. From an external threat perspective, if an attacker has been able to gain foothold on a system via another vulnerability or a password breach, that attacker can then escalate to full root privileges through this vulnerability.

Jogi said exploits require local authenticated access to the vulnerable machine and isn’t exploitable remotely without such authentication. Here’s a video of the exploit in action.

PwnKit Vulnerability.

For now, Qualys isn’t releasing proof-of-concept exploit code out of concern the code will prove more of a boon to black hats than to defenders. Researchers said that it’s only a matter of time until PwnKit is exploited in the wild.

“We expect that the exploit will become public soon and that attackers will start exploiting it—this is especially dangerous for any multi-user system that allows shell access to users,” Bojan Zdrnja, a penetration tester and a handler at SANS, wrote. The researcher said he successfully recreated an exploit that worked on a machine running Ubuntu 20.04.

SANS

Major Linux distributors have released patches for the vulnerability, and security professionals are strongly urging administrators to prioritize installing the patch. Those who can’t patch immediately should perform the following mitigation: remove the read/write rights of pkexec with the chmod 0755 /usr/bin/pkexec command.

Those who want to know if the vulnerability has been exploited on their systems can check for log entries that say either “The value for the SHELL variable was not found the /etc/shells file” or “The value for environment variable […] contains suspicious content.” Qualys, however, cautioned people that PwnKit is also exploitable without leaving any traces.

Continue Reading

Biz & IT

Booby-trapped sites delivered potent new backdoor trojan to macOS users

Published

on

Getty Images

Researchers have uncovered advanced, never-before-seen macOS malware that was installed using exploits that were almost impossible for most users to detect or stop once the users landed on a malicious website.

The malware was a full-featured backdoor that was written from scratch, an indication that the developers behind it have significant resources and expertise. DazzleSpy, as researchers from security firm Eset have named it, provides an array of advanced capabilities that give the attackers the ability to fully monitor and control infected Macs. Features include:

  • victim device fingerprinting
  • screen capture
  • file download/upload
  • execute terminal commands
  • audio recording
  • keylogging

Deep pockets, top-notch talent

Mac malware has become more common over the years, but the universe of advanced macOS backdoors remains considerably smaller than that of advanced backdoors for Windows. The sophistication of the DazzleSpy—as well as the exploit chain used to install it—is impressive. It also doesn’t appear to have any corresponding counterpart for Windows. This has led Eset to say that the people who developed DazzleSpy are unusual.

“First, they seem to be targeting Macs only,” Eset researcher Marc-Etienne M.Léveillé wrote in an email. “We haven’t seen payloads for Windows nor clues that it would exist. Secondly, they have the resources to develop complex exploits and their own spying malware, which is quite significant.”

Indeed, researchers from Google’s threat analysis group who first uncovered the exploits said that based on their analysis of the malware they “believe this threat actor to be a well-resourced group, likely state backed, with access to their own software engineering team based on the quality of the payload code.”

As the Google researchers first noted, the malware was spread in wateringhole attacks that used both fake and hacked sites appealing to pro-democracy activist in Hong Kong to exploit vulnerabilities that, when combined, gave the attackers the ability to remotely execute code of their choice within seconds of visiting the booby-trapped Web page. All that was required for the exploit to work was visiting the malicious site. No other user action was required, making this a 1-click attack.

“That’s kind of the scary part: on an unpatched system the malware would start to run with administrative privileges without the victim noticing,” he said. “Traffic to the C&C server is also encrypted using TLS.”

Apple has since patched the vulnerabilities exploited in this attack.

The exploit chain consisted of a code-execution vulnerability in Webkit, the browser engine for Apple Safari as well as Google’s Chrome and Chromium. Eset researchers analyzed one of the wateringhole sites, which was taken down but remains cached in the Internet Archives. It contained a simple iframe tag that connected to a page at amnestyhk[.]org.

Continue Reading

Trending