Connect with us

Biz & IT

New Android adware found in 200 apps on Google Play

Published

on

Security researchers have found a new kind of mobile adware hidden in hundreds of Android apps, and downloaded more than 150 million times from Google Play.

The malware masquerading as an ad-serving platform, dubbed SimBad by researchers at security firm Check Point, infected more than 200 apps which, likely unbeknownst to the app developer, would open a backdoor to install additional malware as a way to outsmart Google’s app store scanning. Once installed, the downloaded malware also removes the app icon and persists in the background, loading each time the device boots up.

Once the malware retrieves its instructions from the command and control server, the malware runs through lists of web addresses in the background, serving ads to generate fraudulent revenue.

Check Point provided a list of the apps, which Google pulled from Google Play following a disclosure by the security researchers. The list can be found here. Google’s removal from the app store does not delete the app from users’ devices.

The top 10 downloaded games amount to 55 million downloads alone:

  • Snow Heavy Excavator Simulator (10,000,000 downloads)
  • Hoverboard Racing (5,000,000 downloads)
  • Real Tractor Farming Simulator (5,000,000 downloads)
  • Ambulance Rescue Driving (5,000,000 downloads)
  • Heavy Mountain Bus Simulator 2018 (5,000,000 downloads)
  • Fire Truck Emergency Driver (5,000,000 downloads)
  • Farming Tractor Real Harvest Simulator (5,000,000 downloads)
  • Car Parking Challenge (5,000,000 downloads)
  • Speed Boat Jet Ski Racing (5,000,000 downloads)
  • Water Surfing Car Stunt (5,000,000 downloads)

Some of the games, mostly simulation games — hence the malware’s name — date back on Google Play to March 2017, said Aviran Hazum, mobile threat intelligence team leader at Check Point, in an email to TechCrunch.

Hazum said the malware might be an adware for now, but has the potential to evolve into a larger threat.

A Google spokesperson, when reached, did not provide comment. The search giant typically doesn’t discuss app removals, largely because it’s an issue that keeps occurring. It’s far from the first time Google was forced to remove apps from its supposedly vetted app store. But time and again, the company had to react to dozens of bad apps that slip through its scanning efforts.

Google’s official figures put the number of apps it removed last year at about 700,000.

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

Verizon has been leaking customers’ personal information for days (at least)

Published

on

Enlarge / A Verizon FiOS truck in Manhattan on September 15, 2017.

Verizon is struggling to fix a glitch that has been leaking customers’ addresses, phone numbers, account numbers, and other personal information through a chat system that helps prospective subscribers figure out if Fios services are available in their location.

The personal details appear when people click on a link to chat with a Verizon representative. When the chat window opens, it contains transcripts of conversations that other customers, either prospective or current, have had. The transcripts include full names, addresses, phone numbers, account numbers (in the event they already have an account), and various other information. Some of the transcripts viewed by Ars date back to June. A separate Window included customers’ addresses, although it wasn’t clear who those addresses belonged to.

“Hi—I’m looking to get the teacher discount for Fios,” one person wrote on November 29. Below are redacted screenshots of some of what has been available.

Ars learned of the leak on Monday afternoon and alerted Verizon representatives immediately. The plan was to report the leak only after it had been fixed. As this post went live, the leak was still occurring, although the number of exposed chats had lessened. Ars decided to report the leak to alert people who may use the service that this data is being exposed. It’s not clear when Verizon began leaking the data. With some of the chats dating back to June, it’s possible that the leak has been occurring for months.

In a statement issued Thursday morning, Verizon said:

We’re looking into an issue involving our online chat system that assists individuals who are checking on the availability of Fios services. We believe a small number of users may have seen a name, phone number, and/or a home or building address from an unrelated individual who had previously used this chat system to enter that information. Since the issue was brought to our attention, we’ve identified and isolated the problem and are working to have it resolved as quickly as possible.

It’s not the first time Verizon has spilled customer information. In 2016, a database of more than 1.5 million Verizon Enterprise Solutions customers was put up for sale on an online crime forum. Verizon said at the time that a “security flaw in its site [had] permitted hackers to steal customer contact information,” according to KrebsOnSecurity, which broke the news.

Verizon was also one of four US cellphone carriers caught selling customers’ real-time locations to services that catered to law enforcement. One of the services made subscriber locations available to anyone who took the time to exploit an easily spotted bug in a free trial feature.

For the time being, it makes sense to avoid using Verizon’s Fios availability chat feature. This post will be updated once Verizon says the glitch has been fully fixed.

Continue Reading

Biz & IT

Amazon to roll out tools to monitor factory workers and machines

Published

on

Amazon is rolling out cheap new tools that will allow factories everywhere to monitor their workers and machines, as the tech giant looks to boost its presence in the industrial sector.

Launched by Amazon’s cloud arm AWS, the new machine-learning-based services include hardware to monitor the health of heavy machinery and computer vision capable of detecting whether workers are complying with social distancing.

Amazon said it had created a two-inch, low-cost sensor—Monitron—that can be attached to equipment to monitor abnormal vibrations or temperatures and predict future faults.

AWS Panorama, meanwhile, is a service that uses computer vision to analyze footage gathered by cameras within facilities, automatically detecting safety and compliance issues such as workers not wearing PPE or vehicles being driven in unauthorized areas.

The new services, announced on Tuesday during the company’s annual cloud computing conference, represent a step up in the tech giant’s efforts to gather and crunch real-world data in areas it currently feels are underserved.

“If you look at manufacturing and industrial generally, it’s a space that has seen some innovations, but there’s a lot of pieces that haven’t been digitized and modernized,” said Matt Garman, AWS’s head of sales and marketing, speaking to the FT.

“Locked up in machines”

“There’s a ton of data in a factory, or manufacturing facility, or a supply chain. It’s just locked up in sensors, locked up in machines that a lot of companies could get a lot of value from.”

Amazon said it had installed 1,000 Monitron sensors at its fulfillment centers near the German city of Mönchengladbach, where they are used to monitor conveyor belts handling packages.

If successful, said analyst Brent Thill from Jefferies, the move would help Amazon cement its position as the dominant player in cloud computing, in the face of growing competition from Microsoft’s Azure and Google Cloud as well as a prolonged run of slowed segment growth.

“This idea of predictive analytics can go beyond a factory floor,” Mr. Thill said. “It can go into a car, on to a bridge, or on to an oil rig. It can cross fertilize a lot of different industries.”

A number of companies are already trialling AWS Panorama. Siemens Mobility said it would use the tech to monitor traffic flow in cities, though would not specify which. Deloitte said it was working with a major North America seaport to use the tool to monitor the movement of shipments.

“Easy for us to get worried”

However, Amazon’s own use of tools to monitor the productivity of employees has raised concerns among critics. Throughout the pandemic, the company has used computer vision to ensure employee compliance with social distancing guidelines.

Swami Sivasubramanian, AWS’s head of machine learning and AI, said none of the services announced would include “pre-packaged” facial recognition capabilities, and he said AWS would block clients who abused its terms of service on data privacy and surveillance.

“When you look at this technology, sometimes it’s very easy for us to get worried about how they can be abused,” he told the FT.

“But the same technology can be used to ensure worker safety. Are people walking in spaces where they shouldn’t be? Is there an oil spill? Are they not wearing hard hats? These are real-world problems.”

© 2020 The Financial Times Ltd. All rights reserved Not to be redistributed, copied, or modified in any way.

Continue Reading

Biz & IT

Oracle vulnerability that executes malicious code is under active attack

Published

on

Attackers are targeting a recently patched Oracle WebLogic vulnerability that allows them to execute code of their choice, including malware that makes servers part of a botnet that steals passwords and other sensitive information.

WebLogic is a Java enterprise application that supports a variety of databases. WebLogic servers are a coveted prize for hackers, who often use them to mine cryptocurrency, install ransomware, or as an inroad to access other parts of a corporate network. Shodan, a service that scans the Internet for various hardware or software platforms, found about 3,000 servers running the middleware application.

CVE-2020-14882, as the vulnerability is tracked, is a critical vulnerability that Oracle patched in October. It allows attackers to execute malicious code over the Internet with little effort or skill and no authentication. Working exploit code became publicly available eight days after Oracle issued the patch.

According to Paul Kimayong, a researcher at Juniper Networks, hackers are actively using five different attack variations to exploit servers that remain vulnerable to CVE-2020-14882. Among the variations is one that installs the DarkIRC bot. Once infected, servers become part of a botnet that can install malware of its choice, mine cryptocurrency, steal passwords, and perform denial-of-service attacks. DarkIRC malware was available for purchase in underground markets for $75 in October, and it is likely still being sold now.

Other exploit variants install the following other payloads:

  • Cobalt Strike
  • Perlbot
  • Meterpreter
  • Mirai

The attacks are only the latest to target this easy-to-exploit vulnerability. A day after the exploit code was posted online, researchers from Sans and Rapid 7 said they were seeing hackers attempting to opportunistically exploit CVE-2020-14882. At the time, however, the attackers weren’t actually trying to exploit the vulnerability to install malware but instead only to test if a server was vulnerable.

CVE-2020-14882 affects WebLogic versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. Anyone using one of these versions should immediately install the patch Oracle issued in October. People should also patch CVE-2020-14750, a separate but related vulnerability that Oracle fixed in an emergency update two weeks after issuing a patch for CVE-2020-14882.

Continue Reading

Trending