Security researchers have discovered the iOS counterpart of a dangerous Android spyware strain that was seen earlier this year on the official Google Play Store.
The good news, according to security researchers from cyber-security firm Lookout, is that the iOS version is less sophisticated than the Android variant and has not yet been distributed via the official Apple App Store.
Exodus Android variant discovered last month
The spyware is named Exodus and was developed by Italian app maker Connexxa, a known provider of surveillance tools to Italian authorities.
Exodus came to light when last month security researchers from Security Without Borders found the spyware hidden inside an app uploaded on the Play Store, targeted at the customers of a local Italian internet service provider (ISP).
They said the spyware was capable of rooting Android devices and possessed an advanced set of spying features that gave attackers full control of infected devices.
Security Without Borders said it detected nearly 25 different Exodus-infected apps that had been uploaded on the Play Store over the last two years.
Less-sophisticated Exodus iOS version also discovered
But in research published today and presented at the Kaspersky Security Analyst Summit conference, the team at Lookout said it discovered an iOS variant of this spyware during their analysis of Exodus samples they’ve found last year.
“Analysis of these Android samples led to the discovery of infrastructure that contained several samples of an iOS port,” Lookout security researcher Adam Bauer said in a report published today.
Bauer said the iOS version was being offered for download through phishing sites that imitated Italian and Turkmenistani mobile carriers.
The Exodus-infected iOS apps were signed with Apple-issued enterprise certificates, which allowed victims to install the malicious apps, even from outside the App Store. Apple eventually revoked these certificates.
Bauer said that compared to the Android version, which had been under development for at least five years, the iOS variant was far less sophisticated, suggesting it was a newer project.
It could only collect and steal contacts, photos, videos, audio recordings, GPS information, and device location. It could also perform on-demand audio recording operations, however, it was nowhere near as intrusive and did not the same level of control of infected devices as the Android variant.
The links between the two versions were also undeniable, as besides finding the iOS variant on the same server infrastructure as payloads used by the Android version, the iOS variant also uploaded stolen data to the same exiltration server, and used a similar protocol.
Related malware and cybercrime coverage:
VCs approached Facebook to fund a spinout of Workplace valued at over $1B, but Facebook declined – TechCrunch
Workplace — the app originally built as a version of Facebook for employees to communicate with each other — now has more than 7 million users, carving out a place for itself as an app help companies communicate internally using essentially the same tools that have proven sticky in their lives with friends and family. That traction, it turns out, has been giving Workplace attention of another kind.
We’ve learned that Facebook (before it was rebranded as Meta) was approached by enterprise investors offering the social network a proposition: spin off the organization, they said, and let us back it as a startup. A deal would have valued a newly independent Workplace as a “unicorn” (at least at $1 billion) according to the source.
A source tells us that conversations didn’t progress, primarily because Facebook (and now Meta) saw Workplace as a “strategic asset” — not because Workplace generates sales anywhere close to the billions Meta makes from advertising on platforms like Facebook and Instagram, but important rather for presenting a more diverse face to the market. For regulators, it shows that Facebook/Meta is more than just a too-powerful social network; and for organizations, that Facebook can do more for them than just sell ads.
“It helps make Facebook [and Meta] look like an adult,” the source said.
Spokespeople from Meta and Workplace said that they had nothing to share and declined to comment for this article.
It’s not clear which investors were involved, but a source says that they were among those focused on late-stage, growth round investments with a view to injecting capital specifically in enterprise opportunities.
Their approach to fund a spun-out Workplace last year would have come at a time when late-stage and private equity investors were (and still are) ramping up their activities to snap up big, mature tech businesses. Thoma Bravo last year was reported to be raising $35 billion to hone in on more acquisition opportunities in the space (and it’s been making a wide number of investments and acquisitions to that end). Bloomberg estimates that private equity acquisitions totaled more some $80 billion in 2021, up more than 140% compared to 2020.
That pace does not look like it is slowing down this year, and it includes PE firms approaching larger technology behemoths to spin out operations as they look to streamline and realise more capital from less core, or possibly unprofitable, or more generally lagging, assets. Just earlier today, Francisco Partners announced a deal to snap up IBM’s Watson Health business, reportedly for around $1 billion.
Building a SaaS beachhead
For Meta, an approach to spin out Workplace highlights developments on two fronts.
On the corporate side, there have been calls to break up the company — the latest development on that front from earlier this month is that the courts ruled that the U.S. Federal Trade Commission can proceed with a lawsuit mandating a sale of WhatsApp and Instagram, alongside, reportedly, a separate probe of its VR division for antitrust violations. It’s a situation that some investors and shareholders will see as an opportunity, a tension that Meta might increasingly need to weigh up as it justifies holding on to its various assets.
For Workplace, the division has found itself at a key crossroads in the last several months.
On one side, Workplace has seen a number of key departures, including no less than its top two executives, Karandeep Anand (who this month was named chief product officer at Brex) and Julien Codorniou, who left to become a partner at London VC Felix Capital. A number of others have also left the building to move on other opportunities elsewhere.
The logic behind some of that movement was described to me, charitably, not as a response to the bad PR that Meta has faced, but natural attrition: here was a group of people assembled to create and build Workplace from the ground up, and now that it’s a more mature product with a clearer focus, it’s the right time for new people to come in and work on the next stage. (My personal opinion: Workplace’s new head, Ujjwal Singh, feels like a solid choice to lead it right now.)
But even if there has been reporting contradicting that workers might feel worn down by Meta constantly being bashed in the court of public opinion, Workplace has not been immune to it, either. We understand that Workplace signed a huge deal with a major chain of restaurants, one of the biggest, but the customer asked to hold off on announcing the win last autumn because of the bad news cycle and “reputation issues.”
“That shit doesn’t happen to other SaaS companies,” one person said.
That, it seems, would have been one argument in favor of distancing Workplace further from its parent, perhaps by way of a spinout, but it seems that Meta has the opposite idea.
Workplace has actually changed a lot over the years since it was first rolled out as a product.
Founded originally as a “work” version of Facebook — expanding how Facebook employees were already using Facebook to communicate to each other in private groups — Workplace was launched as a response to the rise of Slack and other chat apps for the workplace. Workplace’s logic was that it had a natural advantage since billions were already using Facebook. And, bringing in a new service targeting a different kind of user, with a different business model — paid, not ad-supported — opened the door to new business possibilities for the company.
That’s largely remained the strategy for the company even as the focus has changed for Workplace. Originally it introduced a number of integrations with other workplace productivity tools aimed at knowledge workers, part of a bigger effort to compete more directly against the likes of Slack and Teams. But over time, almost on accident, Workplace found an audience with deskless workers who communicated with their employers mainly by mobile. So what has emerged as the sweet spot for Workplace is being a communications app for both categories of workers simultaneously.
“We realised that instead of asking our customers to choose between Teams or Slack and Workplace, you could have both,” a source said. “Others could handle real-time messaging communications for knowledge workers, while Workplace does asynchronous best for everyone.”
And that appears to be the guiding idea for Workplace’s strategy now, which has seen it recently integrate more functionality from Microsoft Teams into its platform to complement Workplace, and yesterday to announce a new integration with WhatsApp, which is already very popular with frontline teams, and will now become a more formal interface for Workplace communications. From what we understand, closer integrations and services involving Meta’s VR business and the Portal are also in the works.
While the company is not due to update on user numbers until later this year, a source told us that there are now closer to 10 million users on Workplace, with key customers including some of the world’s biggest employers like Walmart, Astra Zeneca and others.
While Workplace had in the past been sold to customers as a standalone product, “I don’t think it will be sold as a standalone application ever again,” a source said.
Instead, it will part of a suite, for example selling business messaging plus Workplace, or along with a Facebook login feature, opening up the prospects of how Meta can engage with those businesses. (The wider sales pitch to enterprises is also likely a behind its motivation to acquire Kustomer, the CRM startup, although that deal has yet to close.)
So far from being ready to part with Workplace, it seems that Meta is now positioning it as part of a beachhead comprising a bigger SaaS business. Can it mobilize as an independent company might have done to realize that opportunity? VCs might still be waiting in the wings if it doesn’t.
The first big tech antitrust bill lumbers toward reality – TechCrunch
A major Senate bill that would prevent tech companies from giving preference to their own products and services just passed a significant hurdle in Congress, bringing it one step closer to becoming law.
The Senate Judiciary Committee voted today on the American Innovation and Choice Online Act, moving the prominent antitrust bill toward a vote before the full Senate. The bill passed its committee vote 16-6 Thursday, with five Republicans joining Senate Democrats to press forward with the legislation.
The bill would prohibit tech platforms from “favoring their own products or services, disadvantaging rivals, or discriminating among businesses that use their platforms in a manner that would materially harm competition on the platform.” It would also forbid dominant platforms from preventing interoperability with other services and from leveraging another company’s data on the platform to compete against them.
To accomplish its goals, the American Innovation and Choice Online Act would empower antitrust enforcers with “strong, flexible tools,” including “civil penalties, authority to seek broad injunctions, emergency interim relief, and potential forfeiture of executive compensation.”
Sen. Amy Klobuchar (D-MN), who chairs the Senate Judiciary Subcommittee on Competition Policy, Antitrust, and Consumer Rights, hailed the legislation as the first major tech competition bill to head toward the Senate floor “since the dawn of the internet.” The bill could still see changes from a handful of amendments that didn’t impede its progress Thursday but may still impact its final language.
While it still has an uphill slog to make it into a crowded and mostly stalled out legislative agenda, the bill’s momentum was significant enough to prompt Google and Apple to both weigh in with comments earlier this week.
“Every day, millions of Americans use online services like Google Search, Maps and Gmail to find new information and get things done,” Alphabet Global Affairs President and Chief Legal Officer Kent Walker wrote in a blog post. “…Legislation being debated in the House and Senate could break these and other popular online services, making them less helpful and less secure, and damaging American competitiveness.”
Apple also sought to intervene, penning a letter to Senate Judiciary Chair Dick Durbin, the committee’s ranking Republican Chuck Grassley as well as Antitrust Subcommittee Chair Amy Klobuchar that subcommittee’s ranking member Mike Lee.
“After a tumultuous year that witnessed multiple controversies regarding social media, whistle-blower allegations of long-ignored risks to children, and ransomware attacks that hobbled critical infrastructure, it would be ironic if Congress responds by making it much harder to protect the privacy and security of Americans’ personal devices,” Apple Senior Director of Government Affairs Tim Powderly wrote. “Unfortunately, that is what these bills would do.”
Both companies argued that the bill along with another piece of legislation, the Open App Markets Act, would be a detriment to consumer security. The latter bill would force companies that control operating systems to allow third-party apps and app stores and allow developers to tell consumers where they could find the same software at better prices.
A group of tech companies that included Yelp, DuckDuckGo, Sonos, Spotify, Proton, Match Group and the startup accelerator Y Combinator along with the venture capital firm Initialized Capital spoke out in favor of the anti-self preferencing legislation earlier this week.
“Findings from the United States and governments around the world reveal the many anticompetitive self-preferencing tactics dominant technology companies use to attain and entrench their gatekeeper status in the market to the detriment of competition, consumers, and innovation,” the companies wrote. “The American Innovation and Choice Online Act… targets self-preferencing to help restore competition in the digital marketplace and remove barriers for consumers to choose the services they want.”
Regulating the tech industry is a rare issue that inspires bipartisan cooperation in Congress — another sign that the tech industry should expect new restrictions on its business, even if those proposals still progress at a crawl.
The bill was introduced by by Senators Amy Klobuchar (D-MN) and Chuck Grassley (R-IA) and is co-sponsored by Dick Durbin (D-IL), Lindsey Graham (R-SC), Richard Blumenthal (D-CT), John Kennedy (R-LA), Cory Booker (D-NJ), Cynthia Lummis (R-WY), Mark Warner (D-VA), Mazie Hirono (D-HI), Josh Hawley (R-MO), Sheldon Whitehouse (D-RI) and Steve Daines (R-MT).
The House version of the bill, led by House Antitrust Subcommittee Chairman David N. Cicilline (D-RI) and Ranking Member Ken Buck (R-CO), is already out of committee and ready for a vote.
TikTok begins testing support for paid subscriptions – TechCrunch
TikTok is testing support for paid subscriptions, the company confirmed to TechCrunch on Thursday. As first reported by The Information, the popular short-form video app is exploring the option for creators to charge subscriptions for their content. The feature is part of a limited test for the time being and is not broadly available. TikTok declined to elaborate on the feature or share additional details.
“We’re always thinking about new ways to bring value to our community and enrich the TikTok experience,” a TikTok spokesperson told TechCrunch in an email, when reached for comment.
It’s unclear how the paid subscription model will be implemented in the app. For context, TikTok’s popular algorithmic “For You” page surfaces videos from creators that users don’t follow. If a creator chooses to charge a subscription for their content, it’s likely that their videos won’t appear on users’ For You pages. However, it’s also possible that the subscription will apply to additional content that’s exclusive to paid users, as opposed to being applied to the entirety of a creator’s account.
News of the test comes a day after Instagram launched subscriptions in the U.S. The feature is now in early testing with a small group of creators who are able to offer their followers paid access to exclusive Instagram Live videos and Stories. Creators can choose their own price point for access to their exclusive content. Paid subscribers will be marked with a special badge, differentiating them from unpaid users in the sea of comments.
TikTok’s paid subscriptions test follows recent confirmation that it’s testing an in-app tipping feature on its platform that allows creators to accept money from fans outside of TikTok LIVE streams, where gifting is already supported. Creators who are part of the limited test can apply for the feature if they have at least 100,000 followers and are in good standing. Those who have been approved are given a Tips button on their profiles, which their followers are able to use to send them direct payments.
The company’s newest test is its latest push toward monetization and helping creators earn a living through its platform. Last year, the company introduced a $200 million fund aimed at helping creators in the U.S. supplement their earnings. TikTok also helps creators sign brand partnerships and sponsorship deals and also provides monetization for livestreams. Considering TikTok’s focus on monetization efforts, it’s no surprise that the company is experimenting with a way for creators to offer paid subscriptions for their content.
TikTok and Instagram’s tests follow Twitter’s launch of “Super Follows,” a paid subscription offering that launched in September 2021. The feature allows users to subscribe to accounts they like for a monthly subscription fee in exchange for exclusive content. Eligible accounts can set the price for Super Follow subscriptions, with the option of charging $2.99, $4.99 or $9.99 per month. Similar to Instagram’s model, subscribers are marked with a special Super Follower badge, differentiating them from unpaid followers.
TikTok, Instagram and Twitter’s paid subscription offerings outline the companies’ efforts to court creator communities. The offerings are also a way for the companies to compete with each other, along with other digital platforms such as YouTube, which offers lucrative ways for creators to make money.
Retired FBI agent has new theory about who betrayed Anne Frank’s family to Nazis
Enlarge / Anne Frank in 1940. A new book, The Betrayal of Anne Frank: A Cold Case Investigation, by Rosemary...
This is the real voice behind Google Assistant
When using Google Assistant, most of us don’t even consider who the voice is coming from — after all, it’s...
A white supremacist website got hacked, airing all its dirty laundry
Enlarge / Patriot Front members spray painting in Springfield, IL. Unicornriot.ninja Chat messages, images, and videos leaked from the server...
What happens if a space elevator breaks
TCD | Prod.DB | Apple TV+/ | lamy In the first episode of the Foundation series on Apple TV, we...
Judge’s order slaps Roblox player with permanent game ban
Enlarge / A court order has led to a longtime Roblox player being banned from the popular game. Aurich Lawson...
Social2 years ago
CrashPlan for Small Business Review
Gadgets3 years ago
A fictional Facebook Portal videochat with Mark Zuckerberg – TechCrunch
Mobile3 years ago
Memory raises $5M to bring AI to time tracking – TechCrunch
Cars3 years ago
What’s the best cloud storage for you?
Social3 years ago
iPhone XS priciest yet in South Korea
Security3 years ago
Google latest cloud to be Australian government certified
Social3 years ago
Apple’s new iPad Pro aims to keep enterprise momentum
Cars3 years ago
SK Telecom and Samsung to collaborate on 5G for enterprise