A new and highly dangerous Android malware, dubbed BingoMod, has emerged as a significant threat to mobile device security. Disguised as legitimate security applications, this malware employs sophisticated techniques to steal user data, initiate fraudulent transactions, and ultimately wipe infected devices.

The malware seeks permission to access accessibility services within the device

BingoMod is primarily distributed through SMS phishing campaigns, mimicking the appearance of well-known security apps to deceive unsuspecting victims. Once installed, the malware seeks permission to access accessibility services, granting it extensive control over the device.

By stealing login credentials, intercepting SMS messages, and taking device screenshots, BingoMod enables remote attackers to execute on-device fraud and drain victims’ bank accounts. To cover their tracks, the malware can remotely erase all device data, making recovery difficult.

Security experts urge Android users to exercise caution when clicking on links or downloading apps from unknown sources. Keeping devices and security software up-to-date is crucial in mitigating the risk of infection. As this threat continues to evolve, it is essential for users to remain vigilant and adopt best practices for mobile security.

(Via)

The post BingoMod Malware Threatens Android Users via SMS Phishing Campaigns appeared first on Gizmochina.

Millions of developers and users are on alert as the popular code-sharing platform GitHub faces a large-scale attack. Security researchers at Apiiro have identified a concerning trend where malicious actors are targeting GitHub repositories, potentially compromising over 100,000 projects.

Massive Malware Campaign Targets Over 100,000 GitHub Repositories

The attack involves a technique called “malicious repository obfuscation” where attackers clone legitimate repositories, inject harmful code, and re-upload them to the platform. These tampered repositories can then be downloaded by unsuspecting users, potentially compromising their systems or infecting them with malware.

The report by Apiiro highlights several factors making GitHub vulnerable to such attacks. The platform’s ease of use, readily available APIs, and the presence of numerous hidden repositories create an ideal environment for attackers to launch “watering hole attacks.”

In these attacks, attackers target popular and frequently downloaded repositories. They inject malicious code into these repositories and then re-upload them. To further amplify their reach, attackers create numerous fake forks of the compromised repositories using automated methods. These fake forks can then be spread through social media, online forums, and other channels, tricking users into downloading the malicious versions.

The report acknowledges that GitHub has been notified and has taken down most of the identified malicious repositories. However, the activity is ongoing, with attackers constantly attempting to inject harmful code. This ongoing struggle resembles a game of whack-a-mole, where GitHub plays catch-up, removing malicious code after it has already been uploaded, potentially putting users at risk.

The report further reveals that this attack campaign began in May 2023 and has been steadily growing. This continuous activity raises concerns that even more repositories and users could be compromised in the future. Developers and users are advised to exercise caution when downloading code from GitHub, especially from unfamiliar repositories. It’s crucial to verify the source and legitimacy of the code before integrating it into projects.

RELATED:

• Microsoft teams with Intel on 18A process chip development
• Older CPUs or PCs may lose out on future Windows 11 updates
• Best of MWC 2024: AI Phone, Transparent Laptop, 3D Tablet & More
• Big Discount: AOOSTAR R1 N100 NAS Mini PC Only For $159
• Get latest Oneplus 12 Phone for $699 on Geekwills

(Source)

The post Microsoft’s popular code-sharing platform GitHub under attack, potentially affecting millions appeared first on Gizmochina.

While Huawei has shifted away from Google’s Android platform, older smartphone models from the company still feature the operating system. But now, Some users are reporting that their Huawei phones are branding the Google app as dangerous.

Huawei phones list the Google app as a security risk

On Reddit, owners of older Huawei smartphones have begun considering the Google app as a “High” security risk. One Redditor claimed that the company’s high end P30 flagship phone warned the user about the app. They received a notification that stated “Security threat. Google appears to be affected. Immediate uninstallation is advised.” This alert prompt was paired with a pop up screen, which recommended the users to uninstall this application.

The P30 owner scanned his device but found no signs of virus infection. Similarly, another Reddit user got a similar message on the Huawei P30 Lite. The Google app is apparently being classified as malware by the Huawei smartphones. The devices consider the Google app as a TrojanSMS-PA virus. For those unaware, the Trojan program is a malware, which disguises itself as a legitimate app to trick users into installing the software. Once such dangerous apps are installed on your mobile device, the malware is tasked with stealing login information that is used to open banking and financial apps.

The goal is to get into the victim’s bank account to steal money. The Huawei phones warned that “This app was detected sending SMS privately, enticing users to pay with adult content, downloading/installing apps privately, or stealing private information, which may cause property damage and privacy leakage. We recommend uninstalling it immediately.” It is unclear if this is a bug or whether Google’s software on Huawei is performing tasks that it doesn’t have permission for.

RELATED:

• Huawei Mate 60 Pro Lezhen Edition launched in China
• Huawei Nova 11 SE launched with 90Hz OLED display, Snapdragon 680, 108MP triple cameras
• Huawei Nova 11 SE launch date confirmed, Geekbench listing spotted
• Best Smart Scales of 2023: Fitbit, Garmin, Eufy & More
• Best Smartwatches for Women in 2023: Pixel, Garmin, Fitbit & More

(Via)

The post Huawei phones label Google app as malware & dangerous, recommends uninstalling appeared first on Gizmochina.

In a recent report by Max Corbridge and Tom Ellson of JUMPSEC, a renowned security analysis company, a critical vulnerability has been uncovered in the latest version of Microsoft Teams. This vulnerability poses a serious threat as it allows hackers to bypass client security controls, infiltrate other teams, and spread malicious programs containing Trojan horse viruses.

Microsoft Teams is key in a lot of organizations’ communication structure, which adds to the risk

Microsoft Teams, a popular collaboration platform, enables users with a Microsoft account to establish a “business or organization.” This feature allows users from one organization to communicate with those from another. However, JUMPSEC’s team identified a flaw in the system’s logic, exploiting which they were able to circumvent security controls in a mere 10 minutes, subsequently sending a harmful program to users in other organizations.

While Microsoft has acknowledged this vulnerability, it has yet to inform its users regarding the process of fixing it. In the meantime, JUMPSEC recommends that Microsoft Teams users take immediate action to protect themselves. Users can disable specific options in the settings to prevent hackers from exploiting this vulnerability and sending malicious programs to their teams.

The severity of this vulnerability cannot be overstated. With the potential for unauthorized access to sensitive data, the risk to organizations and their users is significant. A lot of big (and small) organizations use Microsoft Teams for a major part of their operations, which could be a gold mine for hackers. Microsoft’s delay in addressing this issue is a cause for concern, as it leaves countless users vulnerable to cyberattacks.

In light of this development, it is crucial for Microsoft Teams users to remain vigilant and proactive in safeguarding their accounts and data. Regularly checking for software updates and following recommended security practices can help mitigate the risks associated with this vulnerability. It is expected that Microsoft will prioritize the resolution of this vulnerability, given the potential impact it could have on users and organizations alike. In the meanwhile, users should remain cautious and take proactive measures to protect themselves from potential cyber threats.

RELATED:

• Microsoft’s Latest Small Language Model Outperforms ChatGPT with a Fraction of Parameters
• Google’s Complaint Against Microsoft Could Have Far-reaching Implications for Industry
• Best Bluetooth Speaker under $100 in 2023

(Via)

The post New Vulnerability Discovered in Microsoft Teams Puts Users at Risk appeared first on Gizmochina.

Bitdefender researchers have recently uncovered a large population of apps that were infected with malware. The team found tens of thousands of apps being affected by this issue thanks to its latest anomaly detection technology.

Over 60,000 Android apps suffer from hidden malware

The researchers announced a first of its kind app with anomaly detection technology. Bitdefender’s team brought new technology into Bitdefender Mobile Security. This app was used to uncover a hidden malware campaign living undetected on devices all across the globe. The malware detection was carried out for more than six months. The researchers found that the mobile malware has been found running undiscovered for a long time on Android apps.

Bitdefender also found that the malware campaign sought to bring adware to Android enabled devices for the purpose of generating revenue. But this is just one part of the issue as the people behind this can also redirect users to other types of malware as well. This includes banking Trojans to steal the Android users sensitive credentials. Notably, this news also arrives a month after we reported on an Android trojan that was dubbed “DogeRAT”, which targeted Indian users and stole their personal and financial information

The researchers have found over 60,000 applications that carry this adware and suspects that there are plenty more apps that are affected by this issue in the app stores. The new anomaly detection technology was first deployed back in October 2022 and already found such a high number of affected apps. But without the new technology, these would’ve likely gone undiscovered for longer. Looking at some of the types of apps that are mimicked by the malware:

• Game cracks
• Free VPN
• Netflix
• Fake Tutorials
• Fake security programs
• Games with unlocked features

RELATED:

• Android trojan “DogeRAT” targets Indian users, stealing personal and financial information
• ‘Daam’ malware infects Android, exposing call records, browsing history; Govt issues advisory
• Google Play Store Is Not Safe: Popular App Secretly Recorded Users’ Voices for almost a Year
• Top 5 3D Printers of 2023: Bring Your Ideas to Life
• Top 4 Best Fancy Name Generator Tools for BGMI

(Source)

The post Bitdefender finds over 60,000 Android apps with Malware with new tech appeared first on Gizmochina.

An open-source Android virus known as DogeRAT (Remote Access Trojan) has been discovered by CloudSEK, an AI cybersecurity company. This malware primarily spreads through compromised websites and unofficial app marketplaces, posing a threat to businesses by stealing personal and financial information.

Impact and Capabilities of DogeRAT: Stealing Data and Granting Remote Access

DogeRAT is a complex Android malware that not only steals personal data but also grants remote access to the infected device. It inundates users with unwanted advertisements and can take control of the victim’s device to send spam, make unauthorized payments, modify files, access call logs, and even capture photos using both front and back cameras.

Upon activation, DogeRAT gains access to various forms of information and capabilities, such as call records, audio recordings, SMS messages, media files, and images.

Further investigation revealed the existence of thousands of counterfeit apps targeting Android users in sectors like finance, gaming, and entertainment. This discovery led to the exposure of the DogeRAT malware campaign.

The campaign also highlighted the distribution of updated Remote Access Trojans (RATs) and repurposed malicious apps, which facilitated low-cost and easily deployable scam schemes.

To protect your Android device from the DogeRAT Trojan, it is crucial to take the following precautions:

• Avoid clicking on unknown links or opening attachments from unfamiliar sources.
• Keep your device’s software up to date by promptly installing Android updates and patches released by your device vendor. These updates often include important security enhancements.
• Utilize a reliable security solution to safeguard your device against malware and other threats.
• Be cautious of urgency, fear, and greed tactics used by scammers to deceive victims. If you are unsure about a communication or offer, refrain from clicking on links or opening attachments.
• Educate yourself about malware to better detect and avoid it.
• Refrain from sideloading apps from untrusted sources, websites, or public forums.

By staying vigilant and implementing these preventive measures, users can enhance their Android device’s security and mitigate the risk posed by DogeRAT and similar threats. There is another malware called ‘Daam’ which is currently affecting Android devices and stealing browsing history, exposing call records. Indian Government has already issued an advisory on Daam malware.

(Source, Via)

The post Android trojan “DogeRAT” targets Indian users, stealing personal and financial information appeared first on Gizmochina.

In a recent advisory, India’s national cybersecurity organization, CERT-IN, has warned about a dangerous Android malware called “Daam” that poses a significant threat to user data security. This malware has the ability to bypass antivirus software, steal sensitive information, and even install ransomware on targeted devices.

The Threat of Daam Malware: Understanding the Risks and Implications

Once infiltrated, the Daam malware can access and retrieve a wide range of confidential data, including browsing history, call logs, contact information, camera contents, SMS messages, and files. It operates by circumventing security measures, making it challenging to detect and remove. The stolen data is then transmitted to the attacker’s server, and the device’s contents are encrypted using AES encryption, leaving behind “.enc” files and a ransom note named “readme_now.txt.”

For safeguarding Android devices against the Daam malware and similar risks, CERT-IN has offered crucial best practices and recommendations:

Limit Download Sources: Minimize the risk of downloading potentially harmful apps by relying on official app stores, such as the manufacturer’s or operating system’s app store.

Review App Details: Before downloading an app, even from trusted sources like the Google Play Store, thoroughly review its details, including user reviews, number of downloads, comments, and additional information.

Verify App Permissions: Pay close attention to the permissions requested by apps and grant only those that are necessary and relevant to the app’s intended functionality. Avoid granting unnecessary permissions that may compromise privacy.

Avoid Side-loaded Apps: Refrain from installing apps from untrusted or unofficial sources. Stick to reputable and trusted sources for app installations.

Keep Your Device Updated: Regularly install updates and patches provided by your device’s vendor, as they often include critical security enhancements.

Exercise Caution Online: Avoid browsing untrusted websites or clicking on suspicious links. Be especially cautious with links received through unsolicited emails or SMS messages, as they may lead to malware downloads or malicious websites.

Use Antivirus Software: Install and regularly update reliable antivirus and antispyware software on your device to detect and prevent malware infections.

Verify SMS Sender Information: Be vigilant for suspicious numbers that do not resemble genuine mobile phone numbers. Legitimate SMS messages from banks often include sender IDs rather than phone numbers.

Research Before Clicking Links: Conduct thorough research before clicking on any links, particularly in messages. Utilize websites that allow phone number searches to verify the legitimacy of numbers or identify potential scams.

Verify URLs: Only click on URLs that clearly indicate the website domain. If unsure, use search engines to directly search for the organization’s official website to ensure legitimacy.

Utilize Safe Browsing Tools: Consider using safe browsing tools and filtering services offered by antivirus, firewall, and content-based filtering software.

Exercise Caution with Shortened URLs: Approach shortened URLs, such as those using bit.ly or tinyurl, with caution. Hover over the link to view the full website domain or utilize a URL checker to verify the destination.

Check Encryption Certificates: Ensure the presence of valid encryption certificates by looking for the green lock symbol in the browser’s address bar. Verify proper security measures before sharing any sensitive information online.

Report Suspicious Activity: Promptly report any unusual account activity to the respective bank or service provider, providing relevant details for appropriate action to be taken.

By adhering to these guidelines and best practices, users can significantly reduce their vulnerability to the Daam malware and related threats. It is essential to remain vigilant and prioritize the protection of devices to safeguard personal data and maintain online security.

RELATED:

• Google Play Store Is Not Safe: Popular App Secretly Recorded Users’ Voices
• Samsung & McAfee Extend Decade-long Partnership to Enhance Mobile Security
• Google Identifies Malware in Popular Chinese E-Commerce Giant Pinduoduo’s Apps
• Best ChatGPT Extensions for Chrome

(Source, Via)

The post ‘Daam’ malware infects Android, exposing call records, browsing history; Govt issues advisory appeared first on Gizmochina.

The Google Play Store and App Store provide significant convenience for users and a great platform for developers to earn income. However, these open marketplaces can also present risks. A recent incident highlighted this concern, when a legitimate app on the Google Play Store became malicious, secretly sending microphone recordings every 15 minutes. Here are the details…

Google Play Store App iRecorder Transforms into Malicious Spyware That Records Audio from Users

ESET, a name most of us recognize from antivirus software, recently made a dangerous discovery during their tests. According to the company, an app called iRecorder Screen Recorder, available on Google Play Store, records audio every 15 minutes and sends it to the app developer. This scandalous news once again proves that even applications available in official stores cannot always be trusted.

The iRecorder Screen Recorder app, initially launched on the Google Play Store in September 2021, took a dark turn with an update in August 2022. This update incorporated AhMyth, an open-source Remote Access Trojan (RAT), turning the app into a stealthy espionage tool. The RAT gave the app the ability to remotely record audio, link to an attacker’s server, and upload recorded audio and sensitive files.

This update fundamentally shifted the trajectory of the app, turning all of its users into potential victims. The truly terrifying part lies exactly here. Many users, without realizing, have been using the app in this condition for almost nine months, and their voices have been recorded. After the incident came to light, Google removed the iRecorder Screen Recorder app from the Play Store. However, you are also advised to be careful and take the necessary precautions if you have downloaded this app even once.

Google’s Malware Problem

Despite Google’s best efforts, apps laced with malware have continuously plagued its platform. The technology behemoth usually reacts swiftly in expunging these hazardous apps upon detection. However, their preventive measures to stop these apps from making their way into the Google Play Store in the first place have been less effective. In addition, there has been a perceived lack of transparency about the reasons behind the failure of Google’s own security measures to identify these looming threats.

This most recent case underscores the issue. It involves an application that clandestinely records audio, compromising the privacy of a broad user base. ESET officials suggest that the app, iRecorder, might be part of an active espionage campaign. Yet, without additional evidence to substantiate this claim, it remains just a hypothesis. Google’s role in permitting such a dangerous application to exist on its Play Store, hence, raises questions about culpability and effective digital security measures.

RELATED:

• Best Play Store Deals – Apps and Games on Sale this…
• Google Play Store Users Warned of Malicious Guerrilla App That Can Steal Personal Information
• Google Play Store 35.5.14 now rolling out to Android devices
• Google Play System Update for January 2023 Adds Play Protect Improvements and More
• Google Launches Flood Hub in 8 Countries, Predicts Floods 7 days in Advance

(via)

The post Google Play Store Is Not Safe: Popular App Secretly Recorded Users’ Voices for almost a Year appeared first on Gizmochina.

McAfee is a cybersecurity company that provides antivirus, encryption, and other security solutions for personal computers, mobile devices, and enterprise networks. The company was founded in 1987 by John McAfee and was later acquired by Intel in 2010. McAfee is known for its antivirus and anti-malware software, which helps protect users’ devices from malware, viruses, and other cyber threats. The company first teamed up with Samsung in 2010, when the company’s security solutions were integrated into select Samsung smartphones. Since then, the partnership has continued to evolve, with McAfee’s software being pre-installed on Samsung devices and offered to Samsung users for free. The company also offers a range of other cybersecurity products and services, including identity theft protection, mobile security, and cloud security solutions. As per the latest reports, McAfee has further extended its partnership with the South Korean Tech Giant.

McAfee and Samsung aim to offer improved security solutions for Samsung’s latest smartphones, including the Galaxy S23 series and Galaxy Book3 series. The partnership, which has been ongoing for almost a decade, ensures that Samsung customers have access to McAfee’s antivirus protection, pre-installed on their devices. This partnership is part of McAfee’s mission to empower consumers to enjoy their online activities with confidence, without worrying about potential risks.

In addition to smartphones, McAfee’s security solutions will also cover Samsung’s tablets and PCs, highlighting the importance of malware protection in today’s digital age. Malware protection is essential for smartphones because these devices are vulnerable to online threats, just like computers. Malware can infect a smartphone through malicious apps, emails, and links, compromising the user’s data and potentially causing financial harm. With the rise of mobile banking and other online activities, smartphones are increasingly becoming a target for cybercriminals, making malware protection a critical aspect of device security. This announcement is a significant milestone in McAfee and Samsung’s partnership, and it’s exciting to see what new developments they will bring to the market in the years to come.

RELATED:

• Samsung Galaxy Tab S9 to launch with a major upgrade over its predecessor
• Samsung Releases Galaxy App Store Update To Fix Malware Vulnerability
• Best Standing Desks in 2023

(Via)

The post Samsung & McAfee Extend Decade-long Partnership to Enhance Mobile Security appeared first on Gizmochina.

Google has flagged several apps made by Pinduoduo, a Chinese e-commerce giant with almost 800 million active users, as malware. The apps were found to contain malicious code that could monitor users, according to multiple Chinese security researchers. The company’s official app has been suspended from the Google Play Store while Google investigates the matter further.

An anonymous security researcher analyzed the apps and found that they were exploiting several zero-day vulnerabilities to hack users. The malicious apps were not available on Google Play but were found in the custom app stores of major phone manufacturers such as Samsung, Huawei, Oppo, and Xiaomi.

Google has set Google Play Protect to block users from installing malicious apps and to warn those who have them installed to uninstall them. Ed Fernandez, a Google spokesperson, said, “off-Play versions of this app that have been found to contain malware have been enforced on via Google Play Protect.”

It is important to note that Google Play is not available in China, which is why the malicious apps were not found on the Google Play Store. However, the fact that they were present in the custom app stores of major phone manufacturers raises concerns about their security protocols and screening processes.

Pinduoduo has not responded to requests for comment on the matter. The incident highlights the ongoing threat of malware and the importance of downloading apps only from trusted sources. Users should exercise caution when downloading apps from unknown sources and should ensure that their devices have appropriate security measures in place to protect against malware and other cyber threats.

RELATED:

• Google Pixel 8 series design compared to Pixel 7 series in latest leaked renders
• Google Pixel 6 & Pixel 6 Pro receives 5G support in India
• Google Photos Develops Video Unblur Tool and Effects for Pixel 8 Series
• Alleged Google Pixel 7a prototype Selling on eBay months before Launch
• Google Rolls Out Android 13 QPR3 Beta 1 to Pixel Devices
• Best OnePlus 11 Case 2023 – Sandstone, Silicone, Hybrid & More

(Source)

The post Google Identifies Malware in Popular Chinese E-Commerce Giant Pinduoduo’s Apps appeared first on Gizmochina.

Google has taken measures to address the issue of malware infections on Android smartphones by implementing stricter guidelines for app development and distribution. The company has ensured that apps available on the Google Play Store are free from malware, but the ability to sideload apps has created a loophole for malware to spread. In response, Google plans to block the installation of outdated apps on Android 14, as seen in recent code changes. This move aims to eliminate the potential for malware to spread through sideloading and older apps.

Google also urges Android users to update their applications regularly. Since the latest version of Android, Android 13, is only available to 5.2% of all devices, Google might increase the minimum API limit to Android 6.0 to further protect users from malware spread. This is because malware attacks usually target older versions of Android with outdated security patches and loopholes. Once Google starts blocking the sideloading feature, the number of malware attacks will go down considerably. It is worth noting that this won’t affect newer smartphones with later versions of the OS, since they receive timely updates for their applications. 

Google is considering offering options for brands to turn on or off the feature that blocks the installation of outdated apps on Android 14. The company recognizes that the spread of malware among Android smartphones is a concern and is taking steps to address it. To ensure that users have complete control over their devices, Google may also provide a way for users to bypass the feature through the command shell. This can be done by introducing a specific flag in the command shell. However, it’s important to note that this process would be more complex than simply installing an APK on an Android smartphone. The goal is to make it more difficult for most users to bypass the feature, but still provide a way for those who need it. 

Users might see the feature in the developer preview of Android 14, which is set to be available in March 2023. 

RELATED:

• Google May Face Anti-competitive Lawsuit Over Its Digital Ad Market Dominance
• New Google Update Restores Pixel Live Wallpapers Compatibility To Older Devices
• Google Finally Fixes Pixel 5G bug with the Android 13 QPR2 Beta 2.1 Update

The post Android 14 May Prevent Installation of Outdated Applications for Security Reasons appeared first on Gizmochina.

On November 23rd and December 3rd, 2022, experts from the NCC Group identified two vulnerabilities in the Galaxy App Store application. These vulnerabilities could potentially allow malicious sources to install apps without a user’s consent or redirect users to harmful websites. The issue was found to stem from an exported activity within the app store that does not securely handle incoming intents, allowing other apps on the same device to automatically install any app from the Galaxy App Store. However, Samsung released a new update for the Galaxy App Store that fixes the said issue.

The NCC Group’s analysts have provided a proof-of-concept demonstration, using an “ADB” (Android Debug Bridge) command to install the popular game “Pokemon Go” via an intent submitted to the app store. It appears that there may be a vulnerability in certain Samsung devices running Android 12 or below, which allows for the potential installation of rogue applications. However, it should be noted that this issue does not affect devices running Android 13. 

Additionally, it was discovered that a webview within the Galaxy App Store had a filter that was not properly configured, which could allow local attackers to execute JavaScript on a target device. As NCC explains, this could occur by clicking on a malicious hyperlink in Chrome, or through the use of a pre-installed rogue application on a Samsung device. The proof-of-concept for this vulnerability includes a malicious hyperlink that, when clicked, opens a website with harmful JavaScript and executes it on the target device.

As mentioned previously, Samsung has since issued a fix for the vulnerability. The company has rolled out an updated version of the Galaxy App Store (version 4.5.49.8). Users should download it at the earliest to avoid the risk of another security breach.

RELATED:

• Samsung TV Plus Streaming App Maybe Soon Available on Non-Samsung TVs
• Samsung Galaxy Book 3 Pro, Book 3 Ultra Specs leak ahead of launch, pre-booking kicks off in multiple regions
• Samsung and LG Phones are at Risk of a Malware, Because of Leaked Android Certificate

The post Samsung Releases Galaxy App Store Update To Fix Malware Vulnerability appeared first on Gizmochina.

An Android certificate has been reportedly leaked online, leaving millions of devices at risk of a malware attack. One good this is the leak doesn’t affect all Android users but Samsung and LG users should not get happy by hearing about this news. Samsung and LG users, along with all the smartphones utilizing MediaTek chipsets are at risk of getting affected by this malware.

Currently, it has been reported by Lukasz Siewierski, a Google employee and malware reverse engineer, that various Android OEMs’ certificates were posted publicly. Malicious actors may use these keys to install malware on consumers’ smartphones. This might have been used to infect phones with malware. This sign-in key has the greatest level of OS rights, which is significant because it means that the malicious actor can insert malware without Google, the manufacturer of the device, or the app developer ever being aware of it. Theoretically, if customers download the update from a third-party website, the bad actor can inject malware while acting as a legal app update.

The application signing certificate used to sign the “android” application on the system image is known as a platform certificate. The “android” programme is executed with the extremely privileged user-id “android.uid.system” and has access to user data among other system permissions. The same level of access to the Android operating system is available to any other programme that is certified with the same certificate, according to a blog post by Google.

Thankfully, there is yet some hope. The affected businesses have already been alerted to the problem by the Android Security Team. The tech giant has additionally suggested that the impacted businesses “rotate the platform certificate by replacing it with a new set of public and private keys.” Additionally, according to a claim by XDA developers, Samsung has been aware of the problem for a while and has addressed the vulnerability. The company added in a statement to the publication that “we have deployed security fixes since 2016 upon being made aware of the issue, and there have been no known security incidents regarding this possible vulnerability.”

The act of application signing is a crucial component of how Android OS protects handsets for the uninitiated. This procedure makes sure that only reputable developers are supplying customers’ phones with software upgrades. This procedure needs a unique sign-in key that belongs to the app developer and is always kept private in order to add an additional layer of protection.

Related

• Samsung Partners With Zigbang To Unveil a Unique UWB-based Smart Door Lock
• Samsung, Huawei, LG Lead Metaverse Patent Race
• Bullitt and MediaTek to launch world’s first satellite-to-mobile messaging smartphone in Q1 next year

The post Samsung and LG Phones are at Risk of a Malware, Because of Leaked Android Certificate appeared first on Gizmochina.

Google Chrome is currently the most popular web browser in the world by a mile. The Google browser’s support for different extensions that help increase productivity and user experience is one of the reasons for its popularity.

Now, a new report from McAfee states that four Google Chrome extensions were stealing users’ browsing data. Over 1.4 million people have downloaded these five extensions. These extensions include Netflix Party, Netflix Party 2, Full Page Screenshot Capture – Screenshotting, and AutoBuy Flash Sales.

Among these, Netflix Party and Netflix Party 2 were the most downloaded of the five extensions. These extensions enable users to watch shows or movies on Netflix together even when they are in different locations by syncing the videos. Netflix Party has over 800,000 downloads, whereas Netflix Party 2 Chrome Extension has over 300,000 downloads.

According to the report, these extensions loaded a multipurpose script that transfers browsing data to an attacker-controlled domain. Every time a user visits a new URL, their browsing data is transferred to this domain. The data includes the user ID, device location, nationality, zip code, and an encoded referral URL. They use this in order to insert code into eCommerce websites that are being visited. This operation alters the site’s cookies so that the extension creators receive affiliate payment for any products purchased.

The Chrome Web Store has removed Netflix Play, Netflix Play 2, and AutoBuy Flash Sales extensions. The other extensions, on the other hand, are still available for download.

RELATED:

• Google Chrome will support handwriting-to-text using a stylus on Android 13
• Apple iPhones are most vulnerable to hacking when powered off
• Android users have to Immediately Update their Chrome browsers to patch severe vulnerability

The post Popular Chrome extensions with 1.4 million users found stealing user data appeared first on Gizmochina.

With the recent and explosive growth of Clubhouse app, fake versions of the application has been spreading around via fake ads. These ads have also been responsible for the increasing number of malware infections.

According to a PhoneArena report, the rising popularity is what likely lead to the creation of these fake ads of a non existent Clubhouse app. For those unaware, Clubhouse is only available in Apple iOS at the moment. Meaning, the Android version is still a few months away. But since the app has been quite popular in recent times, fake ads of its non existent versions, which is filed with malware has been circulating online.

For those unaware, the audio only chat room has become a rising social media platform over the course of a year. But, certain Facebook ads have been connecting users to pages on the social media site that impersonate the app. If people click on these ads, they will be directed to a fake Clubhouse PC website. When tapped, the link is also included with malware, which is downloaded into the victim’s device.

This app seeks instructions from a C&C (command and control) server as to what action to take next. Some of the people that clicked on the fake ads had their device be loaded with ransomware. In other words, victims would have to pay money for the infected device to function normally again. While Facebook hasn’t revealed the exact number of clicks on these fake ads, nine of these ads were discovered on the social media platform.

RELATED:

• Twitter held talks to acquire Clubhouse for a $4 billion deal: Report
• Lizhi partners with Tesla-rival Xpeng to bring Clubhouse like Live stream podcast in-car
• Clubhouse has recorded over 8 million downloads on the App Store

The post Fake ads of a PC version of Clubhouse has been spreading malware appeared first on Gizmochina.

The development of malware and other harmful softwares have risen for the Apple Macs last year. A new report has suggested the growth of Mac based malware risks, although the figure is still nowhere near as high as the number for Windows.

According to a AtlasVPN report (Via AppleInsider), security researchers at the AV-TEST GmbH found 674,273 new samples of malwares for macOS in 2020. On the other hand, the researchers found just 56,556 samples in 2019 and 92,570 in 2018. In other words, the group found a more than ten fold rise in malware samples for the platform. Furthermore, the data also proves that a lot more unique malware samples were identified, suggesting that malware developers are turning their attention towards Mac.

Notably, the 674,273 samples detected last year is also much higher than a total of 219,257 samples that were found by AV-TEST GmbH between 2012 and 2019. While the report does imply that harmful software and their development are growing, the number is still quite small when compared to Windows. AV-TEST GmbH found that 91.05 million samples were made for the Microsoft platform. This marks a new record high and an increase from 89.07 million samples in 2019.

Looking at these numbers, it implies that Windows based malware developers created an average of 249,452 new threats everyday. Meanwhile, Mac based malware creators only made about 1,847 new threats per day. As per AtlasVPN, macOS had become a target for attackers because of an increase in its market share in the overall PC market.

RELATED:

• Apple Maps now directs users to the nearest COVID-19 vaccination center across the US
• Apple iPhone users’ loyalty hits all time high while Android sees decline: Survey
• Apple leads the wearables market, while global shipments rise by 28% in 2020: Report
• Apple’s VR headset controller may be a device worn on two fingers, patent reveals

The post Apple Mac based malware risks surged in 2020, but Windows still worse affected appeared first on Gizmochina.

Earlier, we discussed IDP.Generic virus, which was detected by the third-party Antivirus software installed on your PC. In some cases, those are false-positive threats. We had provided different kinds of solutions to fix the same. Another threat that is shown by the third-part Antivirus software is the FileRepMalware threat. If you guys remember, AVG and Avast detected those, and the same is being repeated here too. These types of third-party software often identify these types of files. With this article, we will discuss the authenticity of these viruses. We will also include different solutions for fixing the same.

Must See: Google Chrome, Firefox, and other browsers suffer from a widespread malware campaign

Note: GizmoChina is not endorsing the use of pirated software, we are just publishing the facts for the users who often get a virus warning. 

What is the FileRepMalware virus identified by third-party apps?

The AntiVirus software that detects these viruses, like FileRepMalware, are mostly from some cracked software and apps like KMSpico. If you don’t know what KMSpico is, it helps you activate your Windows 10 and Microsoft Office. As of now, there are no reports from users that KMSpico had stolen their files or like. We meant that showing a threat that the KMSpico files are infected is just a gimmick that all AntiVirus, both defender and third-party Antivirus programs prompts.

Earlier, the error was known as Win32:Evo-gen [Susp]. The first part of the error, i.e., the Win32, suggests that those files are created for the Windows Operating System. And the latter part tells us that it is a file that is related to the Trojan virus. Don’t worry, and these are just based on some scores calculated by AntiVirus software. There are chances for FileRepMalware to be and not be a Trojan virus. These virus types can be seen on Adware, Unwanted ads, Pop-up Virus, Infected email attachments, External media infected with malware, Infected files on Peer-to-peer (P2) file-sharing networks, and Fake updates. 

How does this third-party AntiVirus software identify these files?

As we said, these FileRepMalware tags are given by third-party software. The Anit-Virus software provides the virus title if the publisher does not sign applications or the AntiVirus software doesn’t trust the signature. Moreover, it occurs if a large number of users have not used the file, or if the file is not added to the whitelist section.

Solution 1: Check with VirusTotal if the file is affected or not?

If you don’t know what is VirusTotal? Then, is an online software used to check whether a file is safe. For this, find the location of the FileRepMalware detected by your antivirus software. Now open the Virustotal website on your browser and tap on the File option. Then click on Choose files and select the files which your AntiVirus software has identified. If it is safe, then you can keep it, else delete the same immediately. 

Solution 2: Uninstall Adware from your PC using Control Panel

The first step to remove these FileRepMalware viruses is by removing Adware that has been installed on your device. If you don’t know, then you can follow the below-mentioned steps.

• Open the Start menu and then search for Run. Or you can open it by pressing Windows Key + R. 
• Then enter the Control Panel in the dialogue box, and it will open the same.
• You can also open the Control Panel by clicking on the Desktop icon or searching from the Start menu.
• Now tap on Programs and Features in the Windows, which pop-up.
• From here, select and remove the unwanted applications which you have installed.

Or you can use Malwarebytes to remove these potential affected. If you don’t know how to use this, you can follow the below-mentioned steps.

Solution 3: By using Malwarebytes Free version!

• For this, first, download the software from their official website.
• Once it has been downloaded, install the same on your PC. It will ask for permission to modify the system, and you should permit that.
• There will be many on-screen instructions, and you can install them by following those things. The setup will ask if it’s your Work computer or personal computer. 
• Select according to your wish and then continue the installation process.
• Once the program opens, tap on the Get Started button to start the process. It will ask for you to choose between free and premium versions. You can buy the premium version if you can afford it. But for our use, the free version is more than enough. So tap on the Free button.
• Now tap on the Scan button to start scanning, and the application will scan the entire files on your PC.
• Like any other app, it will take some time to scan the whole file. It’ll show a Quarantine button if it has found any viruses after reviewing. Tap on the same to delete those viruses. It will delete those malicious files and registry keys.
• Restart your PC to complete the process.

Solution 3: Remove all plugins and extensions installed in your Google Chrome or other browsers.

Some plugins may contain viruses which may create problems. To solve this, remove every extension which you have installed in your browser. Only install those which you can download from official websites. And read reviews of extensions before installing the same.

Solution 4: Use File Unlocker and Deleter to delete those infected files identified by your AntiVirus software.

If the files are affected by viruses, sometimes you can’t delete those files. Because the system would block these files, and you need specific apps to remove those malicious files. You can search on Google to find those applications.

These are the four different solutions available to remove the FileRepMalware virus. One of the main reasons for these viruses is using fake Windows, pirated software, and installing unwanted extensions. What we meant to say is that the virus identified by your AntiVirus software may be legit or not. Always download Windows 10 ISO from Microsoft’s website for safety reasons. Another one is from email attachments which spammers often send. Always use AntiVirus software to make your system safe.

Related: First Malware designed for Apple M1 chip has been discovered

The post What is FileRepMalware and how to remove the virus? appeared first on Gizmochina.

The first malware that has been specifically designed for the new M1 chip from Apple has just been discovered. This indicates that malware creators are now beginning to adapt their malicious software for the company’s new generator of ARM based Macs.

According to a report published by Mac security researcher Patrick Wardle (Via MacRumors), the new malware has been tailored and recompiled to run natively on the M1 chip. Wardle discovered that the first known native M1 malware in the form of a Safari adware extension. This was originally made to run on the Intel x86 based chips from the Cupertino based giant. The malicious extension is dubbed “GoSearch22” and is a known member of the “Pirrit” Mac adware family.

This extension was also first spotted at the end of December last year. For those unaware, Pirrit is one of the oldest and most active Mac adware families that have been found on the platform, which has constantly been adapting to avoid detection. So, it was only a matter of time before the malware to make it to the new Macs. The GoSearch22 adware appears as a legitimate Safari browser extension, which tracks and harvests users’ data and serves a large number of ads like banners and popups.

Some of these popups are linked to other malicious websites that spread more malware. As per Wardle, the adware was signed with an Apple Developer ID in November 2020, but that has since been revoked. He further added that as malware for the M1 is still at its early stages, antivirus softwares are not detecting it as easily as the ones on the x86 versions. In other words, this is just the beginning and we can expect more such malwares to surface soon.

RELATED:

• Apple reportedly being helped by LG for foldable iPhone development
• Alleged Apple M1X chipset specifications leaked online through benchmarking
• Intel highlights Apple M1 chips’ shortcomings in new Anti-Mac ad

The post First Malware designed for Apple M1 chip has been discovered appeared first on Gizmochina.

Google Chrome, Mozilla Firefox, Microsoft Edge, and other browsers are suffering from an ongoing malware campaign. The attack has affected various browsers and is designed to inject ads into search results and add malicious browser extensions as well.

According Gadgets360 report, a Microsoft blog post stated that from May to September 2020, the company recorded hundreds of thousands of encounters of the Adrozek malware across the globe. The tech giant even tracked 159 unique domains, each of which hosted an average of 17,300 unique URLs. This in turn hosted an average of over 15,300 distinct, polymorphic malware samples. The malware’s primary aim is to lead users to affiliated websites and even serve them ads by injecting them into search results.

Editor’s Pick: Samsung Galaxy S21 series new leak reveals names of accessories, new 30W fast charger

Furthermore, the malware achieves this by also silently adding on other malicious browser extensions as well. This changes the browser settings to insert ads into webpages, where one wouldn’t otherwise find them. These ads can then be found on top of other legitimate ads from the search engine and is claimed to also modify DLL per target browser. In simpler terms, it can turn of security controls on the browser.

According to a Microsoft researcher, “Despite targeting different extensions on each browser, the malware adds the same malicious scripts to these extensions. In the past, browser modifiers calculated the hashes like browsers do and update the Secure Preferences accordingly. Adrozek goes one step further and patches the function that launches the integrity check.”

UP NEXT: Vivo Y52s with 90Hz display, Dimensity 720, and 48MP dual cameras and 5G launched in China

The post Google Chrome, Firefox, and other browsers suffer from a widespread malware campaign appeared first on Gizmochina.

Research by the Georgia Institute of Technology back in 2013 discovered that it was possible to load malware onto the iPhone charging adapter and in turn compromise the security of the iOS device, regardless of whether or not the phone was jailbroken or if the user even took any action on the phone. Apparently, implanting malware on smartphones isn’t possible through the adapter alone but also via a shared power bank.

China’s Cybersecurity Bureau of the Ministry of Public Security recently sent out a warning via its official WeChat account that phone users should beware of the trap of shared power banks around them. The agency added that shared mobile power banks may be implanted with a Trojan Horse program. Thus, once it is plugged into a mobile phone, personal information may be stolen.

According to security experts, such malicious power banks have two general purposes. One is to steal information on the user’s mobile phone, such as photos, videos, phone numbers, text messages, invading the users’ privacy. The other purpose is the implantation of Trojan Horses or other malicious programs. Once a user’s mobile phone is implanted with a Trojan horse or malicious program, it can steal data from the user’s mobile phone for a long time in the future, download malicious programs for advertising, and even use the user’s mobile phone to perform other malicious activities. Among the two purposes, the second one is particularly serious, which literally puts the control of your mobile phone in the hands of a third party.

The best way to prevent this danger is to avoid sharing power banks in public. Where possible, always move with your own power bank. But if you mush share power bank, try to choose regular channels in public places to share power banks and products provided by big-brand service providers. Avoid using power banks from unknown sources and niche brands, especially free products. This also applies to buying a new power bank.

Secondly, Android phone users should try not to turn on the “Developer Mode”, as it is more vulnerable to attacks.

Furthermore, when using shared power banks and other third-party devices, pay attention to the prompts of the mobile phone. If similar prompts such as “Trust this device” appear on the mobile phone, be sure to be vigilant. Once you select “Yes”, The third-party device has the authority to operate the mobile phone, which can easily cause user data leakage or be implanted with Trojan Horses.

UP NEXT: Memory/SSD giant ADATA launches a smart Electric Tricycle with a range of 100km

(via)

The post Trojan Horse malware can be implanted on smartphones through shared Power banks appeared first on Gizmochina.