Android app with 100 million users spread malware

However, a recent influx of negative reviews pointed to problems with the app’s user experience which prompted Kaspersky to investigate the software …

Google has pulled the popular CamScanner app from its Play Store after it was discovered that it was spreading malware.

Kaspersky discovered that the app – which was installed more than 100 million times – contained an advertising library with a malicious dropper component.

The component was detected as “Trojan-Dropper.AndroidOS.Necro.n” and was designed to download and launch a payload from malicious servers.

CamScanner was a popular app among Android users which allowed them to scan documents with their smartphone camera and save the content to a PDF document.

The app had 1.8 million reviews, most of which were positive. However, a recent influx of negative reviews pointed to problems with the app’s user experience which prompted Kaspersky to investigate the software.

Now read: Apple patches flaw that allowed iPhone jailbreak

Related Posts:

  • No Related Posts

New FinSpy versions extend surveillance capabilities

According to the researchers, FinSpy is an “extremely effective” software … According to Kaspersky telemetry, “several dozen” mobile devices have …

The latest versions of the advanced malicious surveillance tool FinSpy have been discovered by security researchers at security firm Kaspersky.

The software is produced and sold to governments and law enforcement agencies by Gamma International, which has branches in the UK and Germany.

FinSpy for desktop devices were first described in 2011 by Wikileaks, and mobile implants were discovered in 2012. Since then, Kaspersky has monitored the development of this malware and the emergence of new versions in the wild.

In 2014, Wikileaks revealed that FinSpy, also known as FinFisher, was being used by police in New South Wales, Australia, as well as national police in the Netherlands, Mongolia, Estonia and Singapore, and the secret services of Hungary, Italy, and Bosnia and Herzegovina.

Former FinSpy licence holders include Belgium, Italy, South Africa, Bahrain, Pakistan, Vietnam, Nigeria, and state security in Slovakia and Qatar.

The latest versions of FinSpy work on both iOS and Android devices, can monitor activity on almost all popular messaging services – including encrypted ones – and hide their traces better than before, according to the Kaspersky researchers.

The surveillance tool allows attackers to spy on all device activities and exfiltrate sensitive data such as GPS location, messages, photos and call information.

To guard against FinSpy, Kaspersky researchers advise users to

  • Not leave your smartphone or tablet unlocked and always make sure nobody is able to see your pin-code when you enter it.
  • Not jailbreak or root your device because it will make an attacker’s job easier.
  • Install only mobile applications from official app stores, such as Google Play.
  • Not follow suspicious links sent from unknown numbers.
  • Block the installation of programs from unknown sources in device settings.
  • Avoid disclosing the password or passcode to mobile devices to anyone.
  • Not store unfamiliar files or applications on device.

According to the researchers, FinSpy is an “extremely effective” software tool for targeted surveillance that has been observed stealing information from international NGOs, governments and law enforcement organisations all over the world. Its operators can tailor the behavior of each malicious FinSpy implant to a specific target or group of targets, the researchers found.

The basic functionality of the malware includes almost unlimited monitoring of the device’s activities: such as geolocation, all incoming and outgoing messages, contacts, media stored on the device, and data from popular messaging services like WhatsApp, Facebook messenger or Viber. All the exfiltrated data is transferred to the attacker via text messages or the HTTP protocol.

The latest known versions of the malware extend this surveillance functionality to additional messaging services, including those considered “secure”, such as Telegram, Signal and Threema.

They are also more adept at covering their tracks, with the versions targeting iOS 11 and older versions now able to hide signs of jailbreaking. The new version for Android contains an exploit capable of gaining root privileges or almost unlimited, complete access to all files and commands on an unrooted device.

However, based on the information available to Kaspersky, to successfully infect both Android and iOS-based devices, attackers need either physical access to the phone or an already jailbroken/rooted device. For jailbroken/rooted phones, there are at least three possible infection vectors: text message, email or push notifications.

Read more about spyware

According to Kaspersky telemetry, “several dozen” mobile devices have been infected with FinSpy in the past year.

“The developers behind FinSpy constantly monitor security updates for mobile platforms and tend to quickly change their malicious programs to avoid their operation being blocked by fixes,” said Alexey Firsh, security researcher at Kaspersky Lab.

“Moreover, they follow trends and implement functionality to exfiltrate data from applications that are currently popular. We observe victims of the FinSpy implants on a daily basis, so it’s worth keeping an eye on the latest platform updates and installing them as soon as they’re released.

“Regardless of how secure the apps you use might be, and how protected your data, once the phone is rooted or jailbroken, it is wide open to spying,” he said.

Up-to-date versions of FinSpy used in the wild were detected in almost 20 countries. “However, assuming the size of Gamma’s customer base, it’s likely that the real number of victims is much higher,” the researchers said.

Related Posts:

  • No Related Posts

Kaspersky says its new app will now flag “stalkerware” used in domestic abuse

Kaspersky Lab says its Kaspersky Internet Security for Android with Privacy Alert app will now flag commercially available spyware, sometimes …

The software isn’t itself thought to be illegal, and it’s sometimes marketed for use by parents or employers to monitor phone use, but it can be used by stalkers and abusive partners to track people’s locations, photos, texts, and online activity, sometimes without them realizing it’s installed on their phones. In some cases, it can even capture audio and images in real time.

“We believe users have a right to know if such a program is installed on their device,” said Kaspersky security researcher Alexey Firsh in a statement. “Our new alert will help them to do that and assess the risk properly.”

Generally, the software has to be installed by someone with access to a phone, but that can be done without someone’s knowledge if they leave their phone unattended. They’re generally not distributed through mainstream software markets, like Apple’s App Store and Google Play, which means the software is usually harder to install on iOS devices, which must be jailbroken before such tools can be installed, according to a blog post by Firsh. The company found more than 58,000 users with such tools installed on phones or tablets in 2018, Firsh wrote.

Kaspersky’s app will now flag the software when it’s found and give users the option to delete it or leave it in place.

Related Posts:

  • No Related Posts

Hacked versions of iPhone apps being distributed

Amine Hambaba, head of security at software firm Shape Security, said: “There’s nothing stopping these companies from doing this again from another …

San Francisco

SOFTWARE pirates have hijacked technology designed by Apple Inc to distribute hacked versions of Spotify, Angry Birds, Pokemon Go, Minecraft and other popular apps on iPhones, Reuters has found. Illicit software distributors such as TutuApp, Panda Helper, AppValley and TweakBox have found ways to use digital certificates to get access to a program Apple introduced to let corporations distribute business apps to their employees, without going through Apple’s tightly controlled App Store.

Using so-called enterprise developer certificates, these pirate operations are providing modified versions of popular apps to consumers, enabling them to stream music without ads and to circumvent fees and rules in games, depriving Apple and legitimate app makers of revenue. By doing so, the pirate app distributors are violating the rules of Apple’s developer programs, which allow apps to be distributed to the general public only through the App Store.

Downloading modified versions violates the terms of service of almost all major apps.

Market voices on:

TutuApp, Panda Helper, AppValley and TweakBox did not respond to multiple requests for comment.

Apple has no way of tracking the real-time distribution of these certificates, or the spread of improperly modified apps on its phones, but it can cancel the certificates if it finds misuse.

An Apple spokesman said: “Developers that abuse our enterprise certificates are in violation of the Apple Developer Enterprise Program Agreement and will have their certificates terminated, and if appropriate, they will be removed from our Developer Program completely. We are continuously evaluating the cases of misuse and are prepared to take immediate action.”

After Reuters initially contacted Apple for comment last week, some of the pirates were banned from the system, but within days, they were using different certificates and were operational again.

Amine Hambaba, head of security at software firm Shape Security, said: “There’s nothing stopping these companies from doing this again from another team, another developer account.”

Apple confirmed a media report on Wednesday that it would require two-factor authentication – using a code sent to a phone as well as a password – to log into all developer accounts by the end of this month, which could help prevent certificate misuse.

Major app makers Spotify Technology SA, Rovio Entertainment Oyj and Niantic Inc have begun to fight back.

Spotify declined to comment on the matter of modified apps, but the streaming music provider did say earlier this month that its new terms of service would crack down on users who are “creating or distributing tools designed to block advertisements” on its service.

Rovio, the maker of Angry Birds mobile games, said it actively works with partners to address infringement “for the benefit of both our player community and Rovio as a business”.

Niantic, which makes Pokemon Go, said players who use pirated apps that enable cheating on its game are regularly banned for violating its terms of service; Microsoft Corp, which owns the creative building game Minecraft, declined to comment.

It is unclear how much revenue the pirate distributors are siphoning away from Apple and legitimate app makers. TutuApp offers a free version of Minecraft, which costs US$6.99 in Apple’s App Store; AppValley offers a version of Spotify’s free streaming music service with the advertisements stripped away. The distributors make money by charging US$13 or more per year for subscriptions to what they calls “VIP” versions of their services, which they say are more stable than the free versions.

It is impossible to know how many users buy such subscriptions, but the pirate distributors combined have more than 600,000 followers on Twitter. Security researchers have long warned about the misuse of enterprise developer certificates, which act as digital keys that tell an iPhone a piece of software downloaded from the Internet can be trusted and opened. They are the centrepiece of Apple’s program for corporate apps and enable consumers to install apps onto iPhones without Apple’s knowledge.

Apple last month briefly banned Facebook Inc and Alphabet Inc from using enterprise certificates after they used them to distribute data-gathering apps to consumers. The distributors of pirated apps seen by Reuters are using certificates obtained in the name of legitimate businesses, although it is unclear how.

Several pirates have impersonated a subsidiary of China Mobile Ltd. China Mobile did not respond to requests for comment.

Tech news website TechCrunch earlier this week reported that certificate abuse also enabled the distribution of apps for pornography and gambling, both of which are banned from the App Store.

Since the App Store debuted in 2008, Apple has sought to portray the iPhone as safer than rival Android devices because Apple reviews and approves all apps distributed to the devices. Early on, hackers “jailbroke” iPhones by modifying their software to evade Apple’s controls, but that process voided the iPhone’s warranty and scared off many casual users. The misuse of the enterprise certificates seen by Reuters does not rely on jailbreaking and can be used on unmodified iPhones. REUTERS

Related Posts:

  • No Related Posts

Infamous Hacker George Hotz Calls Bitcoin Cash the ‘Real Bitcoin’

On Wednesday, Oct. 17, Hotz published a cryptocurrency programming video using bitcoin cash and showed people how to send a BCH transaction …
Infamous Hacker George Hotz Calls Bitcoin Cash the ‘Real Bitcoin’
4 hours ago



Jamie Redman


Well-known American hacker George Hotz, also known as Geohot, has been talking extensively about cryptocurrencies lately, and more specifically about bitcoin cash. On Wednesday, Oct. 17, Hotz published a cryptocurrency programming video using bitcoin cash and showed people how to send a BCH transaction from scratch using the Python programming language.

Also read: BCH Devcon Streamlines Bitcoin Innovation in San Francisco

Geohot Hacks With Bitcoin Cash

Infamous Hacker George Hotz Calls Bitcoin Cash the “Real Bitcoin”
George Hotz aka ‘Geohot.’

Popular entrepreneur and hacker George Hotz, aka Geohot, has a reputation for being the first person to unlock the Iphone and jailbreak the iOS software back in 2007. The programmer is also known for his relationship with Elon Musk, which he claims Musk offered him millions to create a better autonomous vehicle system than the current Tesla Mobileye solution. Recently, he attended the BCH Devcon in San Francisco and was interviewed by BCH Youtuber Hayden Otto. Following the event, on Wednesday, Hotz showed people how to generate a BCH private key from scratch using Python.

While most of the five-hour video shows Hotz coding and explaining what he was doing, the programmer emphasized how he would not be talking much about cryptocurrency politics.

“I know we’re doing crypto things today but we’re not going to talk about the politics of crypto — Because politics is for losers,” Hotz explained to the viewers. Before getting started, he also explained how he learned a few things at the BCH Devcon the prior week. “Transaction fees are super low on bitcoin cash,” the hacker detailed before starting the key generation process.

Hotz continued:

[I’m] Using bitcoin cash because it’s the real bitcoin.

Infamous Hacker George Hotz Calls Bitcoin Cash the “Real Bitcoin”

“Lightning Network Too Complicated in a ‘Won’t Work’ Kind of Way”

During his interview at the BCH Devcon, Hotz also talked about the Lightning Network and the Ethereum network’s dapp projects. The programmer said he likes cryptocurrency technology and reads Ethereum code for pleasure. However, Hotz detailed that the Ethereum network is a “bug bounty” because he believes smart contracts open the doors to malicious hackers getting paid without breaking laws.

Hotz further stated that he was irritated with paying high network fees on the BTC network last year. As far as the Lightning Network is concerned, he explained the system is too complicated in a fashion that probably “won’t work.” Bitcoin Cash proponents on forums and social media enjoyed learning about Hotz’s opinion on the Bitcoin scaling debate and his informative Python lesson using the protocol’s code.

What do you think of George Hotz (Geohot) and his opinion about the Bitcoin Cash protocol and the Lightning Network? Let us know what you think about this subject in the comments section below.

Images via Pixabay and Youtube.

At all comments containing links are automatically held up for moderation in the Disqus system. That means an editor has to take a look at the comment to approve it. This is due to the many, repetitive, spam and scam links people post under our articles. We do not censor any comment content based on politics or personal opinions. So, please be patient. Your comment will be published.

Related Posts:

  • No Related Posts