Connect with us

Tech

Over 300,000 users have been infected by a Trojan dropper in Play Store applications

Published

on

Android segurança

click to copy

https://computerworld.com.br/seguranca/mais-de-300-mil-usuarios-foram-infectados-por-trojan-tipo-conta-gotas-em-apps-da-play-store/

Cybersecurity researchers in ThreatFabric spoke in detail about a family of malicious programs that were not detected by the app store Google games and that he could reveal passwords for hundreds of thousands of people. Trojans to steal Android passwords masqueraded as readers QR code, fitness monitors, applications for working with cryptocurrency and others, according to the publication on the website ZDNet

More than 300,000 smartphone users Android downloaded this malware for banking Trojans.

According to ThreatFabric researchers, four different types of malware are delivered to victims through malicious versions of frequently downloaded applications such as document scanners, QR code readers, fitness monitors and cryptocurrency applications.

Apps disguise their malicious intent in real-world functions, encouraging users to download and install the app without being detected by the Play Store.

The Anatsa malware is one of four well-documented by researchers and has been installed by over 200,000 Android users. Researchers call it an “advanced” banking Trojan.

“Anatsa is a very advanced Trojan for Android with RAT and semi-ATS capabilities. It can also perform classic overlay attacks to steal credentials, accessibility logging (hijacking whatever is displayed on the user’s screen), and keeping keyloggers. ThreatFabric has previously reported cases of Anatsa being distributed alongside Cabassous as part of virus-killing campaigns across Europe, ”the researchers write in a blog post.

The Anasta malware has been active since January, but in June 2021, researchers discovered the first dropper disguised as a document scanning app. In total, ThreatFabric analysts managed to identify 6 Anatsa droppers posted on Google Play since June 2021.

See also  Xbox Series S Leak Reveals $ 299 Price

First of all, users become victims of phishing emails or fake advertising campaigns that lead victims to malicious applications.

One such application is the QR code scanner, which has been installed by only 50,000 users. But there were a lot of positive reviews on its download page that could have motivated people to download the app, ZDNet emphasizes.

Once downloaded, users are prompted to update the app to continue using it, and it is this update that connects to the C&C server and downloads the Anatsa payload to the device, the website reports, providing attackers with tools to steal bank details and other information.

Another malware family detailed by the researchers is Alien, a Trojan for Android that can also hijack two-factor authentication features that have been active for over a year and have received 95,000 installations via malicious apps in the Play Store.

One of the applications infected with this Trojan was a gym and fitness center. In this case, the app was still accompanied by a website to make it look even more legitimate, which also served as the command and control center for the Alien malware.

Like Anasta, after the initial download, users are forced to perform a fake app update in order to use it, which balances the load.

Hydra and Ermac, with at least 15,000 downloads, were other forms of malware detailed by ThreatFabric researchers, identified as the source of the attack by cybercriminal group Brunhilda, known for attacking Android devices with banking malware.

According to ZDNet, ThreatFabric reported all malicious apps to Google and they have either been removed or are under review.

See also  Lucid Reveals DreamDrive, Its Tesla Autopilot Rival

“The Android banking malware ecosystem is evolving rapidly. These numbers, which we are now seeing, are the result of a slow but inevitable shift in focus from criminals to the mobile environment. With this in mind, the Google Play Store is the most compelling platform to use. to serve malware, ”ThreatFabric mobile malware expert Dario Durando told ZDNet.

With information from ZDNet

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech

Portugal has been “sending” SMS for 27 years. Peaked in 2012

Published

on

Portugal has been "sending" SMS for 27 years.  Peaked in 2012

The text messaging service, launched in 1995 in Portugal, peaked in 2012 with over 27 million SMS sent, and according to ANACOM data, that number has dropped to 10 million in 2021.

The world’s first SMS (Short Message Service) was sent 30 years ago, on December 3, 1992, by Briton Neil Papworth, a telecommunications engineer at Sema Group Telecoms, in the United Kingdom.

A Merry Christmas message was sent from Neil Papworth’s computer to Vodafone’s Richard Jarvis’ Orbitel 901 mobile phone.

The historic moment reached a new level in December 2021 when the first 15-character SMS was auctioned off as NFTs (“Non Fungible Tokens” or “Non Fungible Token”) for 107,000 euros during an event hosted by Aguttes in France. .

In Portugal, the messaging service was launched in October 1995 when TMN (currently MEO) and Telecel (currently Vodafone) were in the mobile carrier market, according to data sent to the Lusa Autoridade Nacional de Comunicações (ANACOM) agency.

In October 1995, Telecel first launched the feature for contract services that were not prepaid, a small percentage of the customer base, said Lusa Nuno Taveira, a former product manager for SMS and “messaging” at Vodafone.

One of the turning points in the development of SMS was in February 2000, when an agreement was signed between the three existing operators (after the introduction of Optimus in 1998, now NOS) allowing users to communicate between different networks, the regulator cites.

The first data available in ANACOM refers precisely to the year 2000, when the number of SMS reached 550 million, i.e. about seven SMS per active user per month.

See also  Xbox Series S Leak Reveals $ 299 Price

The peak of SMS traffic was reached in 2012, when each effective user sent 180 messages per month, for a total of 27,860,126 messages.

However, according to ANACOM, this number is decreasing. In 2021, 68 SMS were sent per effective user per month (-62% compared to 2012), for a total of 10,729,392.

Another turning point for SMS in Portugal was the introduction of prepaid services, which allowed mobile services to become mainstream, said Lusa Teresa Salema, president of Fundação Portuguesa das Comunicações.

“We must remember that the mobile network first grows in higher segments. It was only after 1995, with the introduction of prepaid services, that we had a greater mass, and at that time, text messages also appeared with greater intensity and reached an absolute level. records,” he said, noting the arrival of the “famous MIMO developed at the time by Portugal Telecom in the laboratories of Aveiro.”

There are now more popular alternative ways to send messages, “instant messaging” such as Whatsapp or Messenger apps available for “smartphones” that combine text with the ability to send images, sounds, documents or popular GIFs.

In 30 years, SMS has had a peak in usage and is now in decline. But its use in advertising and marketing, from a security point of view, as an authentication factor or to create a particular spelling, such as using “k” to mean “it”, is a legacy that continues today.

However, the President of the Portuguese Communications Foundation stated that the technology currently available to the public involves the integration of several factors.

See also  Someone stubborn but smart put Google Maps on Nintendinho

“There are three things that are needed because, in addition to the equipment, access to networks with the bandwidth and speed that we currently have with optical fiber or 5G is needed. And “cloud” (cloud). These are three things that we need to have the services that we have now,” he analyzed.

Teresa Salema, who worked at the Companhia Portuguesa Rádio Marconi in the early 1990s and has a three-decade career in the sector, also defended that technology exists to “improve the quality of life as well as the health of the planet.” .

While there are better ways to send messages these days, Teresa Salema points out that all technology eventually finds its place.

“The fixed network has its own space. And SMS also has its place,” he stressed.

In the case of SMS, its popularity and widespread use via mobile phones ended with another service that had gained relevance earlier: pagers or the “beep-beep” service, he recalled.

“Today, in our museum, we only have what a written message of this type looked like. It was almost like a telegram, so it was even shorter than an SMS.”

In addition, the Fundação Portuguesa das Comunicações, now 25 years old, has a dual mission of “preserving and displaying the entire heritage of the communications sector in Portugal” through the Communications Museum in Lisbon.

Teresa Salema said the history of communication is “much longer” compared to the decade in which SMS was born, and in Portugal it is “five centuries ago, in 1520, with the creation of the postal service”.

See also  Redmi Note 10 Ultra: specs leaked at the next top of the Xiaomi lineup

“At one time, King D. Manuel created a postal service specifically to support the Portuguese maritime expansion. Because, as is obvious, any economic development is based on a communication network,” he stressed.

The Museum of Communications now has an exhibition to mark its 25th anniversary where you can “touch and experience objects” of old and working technologies such as the typewriter, fax, telex and some GSM equipment, including Nokia co the famous game “Snake”.

Continue Reading

Tech

To check for viruses, certificates from Samsung, LG and others were used.

Published

on

To check for viruses, certificates from Samsung, LG and others were used.

Security certificates used by major smartphone and component manufacturers have also been used to sign at least 10 Android malware. Validators serve to ensure the authenticity of official software and operating system features, including access to restricted permissions that put users at high risk if misused.

The certificates of four companies were used irregularly: Samsung, LG, MediaTech and Revue. However, the total number of validators that raised the warning sign is higher, and the companies responsible for them cannot be identified; Similarly, it is not known exactly what led to the compromise of these elements, which could be obtained as a result of leaks, intrusions into internal systems, or even the actions of malicious employees.

Be that as it may, the following packages related to malicious applications have been found to be dangerous and use illegitimate certificates:

  • com.russian.signato.renewis
  • com.sledsdffsjkh.search
  • com.android.power
  • com.management.propaganda
  • com.sec.android.musicplayer
  • com.houla.quicken
  • com.attd.da
  • com.arlo.fappx
  • com.metasploit.stage
  • com.vantage.ectronic.cornmuni

According to the Android Vulnerability Partners Initiative (AVPI) report, the use of such certificates by applications can grant them privileged access to smartphone data, as well as block functions such as intercepting and making calls, collecting information, and downloading or deleting other applications. . Essentially, the validator gives the software the same level of control as the owner of the device itself, if not more, allowing it to launch targeted and destructive attacks.

Although no specific campaigns were identified, the certificates were present in software that contained Trojan horses, displayed inappropriate ads, stole data, or delivered viruses. However, according to Googlewhose researcher Lukasz Severski of the Android security team was responsible for the detection, there is no indication that the malicious apps were present in the Play Store, ultimately reducing the scale of the attack.

See also  Redmi Note 10 Ultra: specs leaked at the next top of the Xiaomi lineup

The report was only released now, after the manufacturers were notified so that the certificates could be updated and the versions used by the attackers are no longer valid. Meanwhile, Google indicates that it has recommended that all affected companies immediately investigate the causes of the incident, as well as reduce the number of signed applications and resources in order to deter this type of misuse.

End users are also protected from further exploits even if they have downloaded malicious apps on their smartphones. Since the certificates that would guarantee fraud no longer work, they cannot work, with the usual recommendation to only download software from official sources, accompanying a warning, as a way to minimize future risks.

Source: APVI, Beeping Computer

Continue Reading

Tech

James Webb Telescope Reveals a New View of the Pillars of Creation

Published

on

Nearly 30 years ago, the Pillars of Creation stunned the world of astronomy when they were photographed by NASA’s famed Hubble Space Telescope.

Now a new generation can take a fresh look at the spectacular spectacle after the $10 billion (£7.4 billion) James Webb Hyperspace Telescope captured the same tentacles of gas and dust.

Resembling a ghostly hand, the Pillars of Creation are part of the Eagle Nebula, which lies 6,500 light-years from Earth and is known to be a source of star formation.

This week, NASA and the European Space Agency unveiled another look at Webb’s sharp eye feathers.

Bonito: Nearly 30 years ago, the Pillars of Creation stunned the world of astronomy when they were photographed by NASA’s famed Hubble Space Telescope. Now a new generation can take a fresh look at the spectacular spectacle after the $10 billion (£7.4 billion) James Webb Space Telescope captured the same tentacles of gas and dust (pictured).

Hubble took the first image of the Pillars of Creation in 1995. It provided the first evidence that stars could be born inside pillars.

What are the pillars of creation?

This is one of the most iconic space features ever captured on camera.

The Pillars of Creation was first captured by NASA’s Hubble Telescope in 1995 and re-captured in 2014.

Now, almost 30 years after we first saw the dying formation, it has been captured again by NASA’s new James Webb Super Space Telescope.

The Pillars of Creation, located 6500 light years from Earth in the constellation Serpens, are part of the Eagle Nebula.

It is known to be an important source of star formation.

Gas and dust in tentacle-like tentacles give rise to stars, including many very young, and some now photographed only a few 100,000 years old.

See also  Ubisoft continues to experience behavioral problems

In the 1995 Hubble image, blue represents oxygen, red represents sulfur, and green represents nitrogen and hydrogen.

The pillars are bathed in scorching ultraviolet light from off-screen clusters of young stars.

The winds of these stars are slowly destroying towers of gas and dust.

The most recent image was taken in the mid-infrared range, which dims the brightness of stars and captures only streams of gas and dust. It gave a new way to experience and understand amazing composition.

Webb has instruments that can see in different wavelengths of infrared light.

In October, experts published an image of the Pillars of Creation taken with the Near Infrared Camera (NIRCam) and then added an image taken with the Mid Infrared Light (MIRI) instrument.

Now they’ve stitched the images together to create a breathtaking image that shows the best of both worlds, showing bright edges of dust where young stars are just starting to form.

NIRCam shows newly formed stars in orange outside the pillars, while MRI shows layers of dust forming.

“This is one of the reasons this region is filled with stars – dust is a key component of star formation,” NASA said.

The bright red fingertips on the second column indicate active star formation, but the stars are still very young – according to NASA, they are only 100,000 years old.

It takes millions of years to fully form.

“By combining images of the iconic Pillars of Creation from two cameras aboard NASA’s James Webb Space Telescope, the cosmos is framed in infrared glory,” writes Webb’s team.

See also  Redmi Note 10 Ultra: specs leaked at the next top of the Xiaomi lineup

They said it “fired up this star forming region with new details.”

When clumps of gas and dust of sufficient mass form at the poles, they begin to collapse under their own gravity, slowly heating up and eventually forming new stars.

“Newly formed stars are especially visible at the edges of the top two pillars — they’re practically visible,” Webb’s team said.

Almost everything you see in this scene is local.

The distant Universe is largely hidden from our view by the interstellar medium, consisting of rarefied interstellar gas and dust, and a thick layer of dust in our own galaxy, the Milky Way.

“As a result, stars take center stage in the Pillars of Creation web show.”

The Pillars of Creation are located in the constellation Serpens.

New Super Space Telescope: Webb (pictured) has instruments that can see multiple wavelengths of infrared light.

In October, experts released an image of the Pillars of Creation from the Near Infrared Camera (NIRCam).

Then take a picture of a mid-infrared (MIRI) device.

It houses the hot young star cluster NGC6611, visible through modest backyard telescopes, cutting through and illuminating the surrounding gas and dust, creating huge holes and hollow pillars, each a few light-years across.

A 1995 Hubble image hinted that new stars were being born inside the pillars. Due to dust clogging, the Hubble Space Telescope’s visible-light image could not look inside and prove that young stars were forming.

So NASA brought Hubble back for a second visit, allowing them to compare the two images.

Astronomers have noticed a change in the jet-like feature moving away from one of the newborn stars inside the pillars.

See also  Burning Crusade Classic Patch Announced

Between observations, the length of the jet increased by 60 billion miles, indicating that the material in the jet was moving at about 450,000 miles per hour.

James Webb Telescope: NASA’s $10 billion telescope designed to detect light from the oldest stars and galaxies.

The James Webb Telescope has been described as a “time machine” that could help unlock the secrets of our universe.

The telescope will be used to observe the first galaxies born in the early universe more than 13.5 billion years ago, looking for the sources of stars, exoplanets and even our solar system’s moons and planets.

The huge telescope, which once cost over $7 billion (£5 billion), is believed to be the successor to the Hubble Space Telescope.

The James Webb telescope and most of his instruments are around 40 K, about minus 387 Fahrenheit (minus 233 degrees Celsius).

It is the largest and most powerful orbiting space telescope in the world, capable of looking back 100-200 million years after the Big Bang.

The infrared observatory orbiting it is about 100 times more powerful than its predecessor, the Hubble Space Telescope.

NASA prefers to think of James Webb as Hubble’s successor rather than his replacement, as the two will work together for a while.

The Hubble Telescope was launched on April 24, 1990 by the Space Shuttle Discovery from the Kennedy Space Center in Florida.

It orbits the Earth at about 17,000 miles per hour (27,300 km/h) in low Earth orbit at an altitude of about 340 miles.

Continue Reading

Trending