 Your new post is loading...
Your new post is loading...
|
Scooped by
Gust MEES
|
Security updates that Google released this week for Android resolve 43 vulnerabilities, including three that have been exploited in attacks.
The exploited flaws, tracked as CVE-2023-2136, CVE-2023-26083, and CVE-2021-29256, impact Android’s System and Arm Mali components.
The internet giant says “there are indications” that these security defects “may be under limited, targeted exploitation”.
CVE-2023-2136 was disclosed in April as a zero-day vulnerability in the Chrome browser, and is described as an integer overflow issue in Skia.
The bug allows “a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page,” a NIST advisory explains. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android
|
|
Scooped by
Gust MEES
|
A malware campaign with the aim of stealing passwords, bank details and other sensitive information is spreading quickly through Android devices.
Known as FluBot, the malware is installed via text messages claiming to be from a delivery company that asks users to click a link to track a package delivery. This phishing link asks users to install an application to follow the fake delivery – but the app is actually malware for stealing information from infected Android smartphones.
Once installed, FluBot also gains access to the victim's address book, allowing it to send the infected text message to all their contacts, further spreading the malware. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android
|
|
Scooped by
Gust MEES
|
The malicious app spreads the BlackRock malware, which steals credentials from 458 services – including Twitter, WhatsApp, Facebook and Amazon.
Researchers are warning of a fake version of the popular audio chat app Clubhouse, which delivers malware that steals login credentials for more than 450 apps.
Clubhouse has burst on the social media scene over the past few months, gaining hype through its audio-chat rooms where participants can discuss anything from politics to relationships. Despite being invite-only, and only being around for a year, the app is closing in on 13 million downloads. However, as of now the app is only available on Apple’s App Store mobile application marketplace – there’s no Android version yet (though plans are in the works to develop one).
Cybercriminals are swooping in on Android users looking to download Clubhouse by creating their own fake Android version of the app. To add a legitimacy to the scam, the fake app is delivered from a website purporting to be the real Clubhouse website – which “looks like the real deal,” said Lukas Stefanko, researcher with ESET. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Apps
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
Wenn Apps auf Speicherkarten zugreifen, kann dies von Cyberkriminellen ausgenutzt werden. Mit der sogenannten Man-in-the-Disk-Attacke können sie den Datenstrom manipulieren.
Ein "Man-in-the-Disk-Angriff" läuft in mehreren Schritten ab.
(Quelle: Check Point ) Die Verwendung von Speicherkarten durch Apps kann von Cyberkriminellen ausgenutzt werden, um Android-Smartphones anzugreifen. Zu diesem Schluss kommt ein Bericht der Sicherheitsspezialisten von Check Point. Die sogenannte Man-in-the-Disk-Attacke erlaubt es einem Angreifer, in den externen Speicher – beispielsweise eine Speicherkarte – einzudringen und sich einzumischen.
Der interne Speicher der Smartphones wird durch die Android-Sandbox abgeschirmt. Der Schutz für externe Speichermedien ist geringer. Dies erlaube dem Angreifer, den Datenaustausch zwischen der App und dem externen Speicher abzufangen und zu manipulieren. Beispielsweise kann er unerwünschte Anwendungen im Hintergrund installieren, Apps zum Absturz bringen oder Schadcode in Apps einschleusen.
Neben Androids Umgang mit Speicherkarten liegt das Problem auch bei den Entwicklern, die sich mit ihren Apps nicht an Googles Richtlinien zur Nutzung externer Speichermedien halten. Unter den von Check Point geprüften Apps waren allerdings auch Apps, die von Google selbst stammen. Darunter waren Google Translate, Google Voice Typing und Google Text-to-Speech.
Beispielsweise im Falle von Google Translate und Google Voice Typing haben die Sicherheitsexperten festgestellt, dass die Entwickler die Integrität der aus dem externen Speicher gelesenen Daten nicht überprüfen konnten. So war das Team in der Lage, bestimmte Dateien, die von diesen Anwendungen benötigt werden, zu kompromittieren. Dies führte zum Absturz der Anwendungen.
Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android
|
|
Scooped by
Gust MEES
|
Monero-mining Android malware will exhaust your phone in its quest for cash.
A new strain of Android malware will continuously use an infected device's CPU to mine the Monero cryptocurrency until the device is exhausted or even breaks down.
Security company Trend Micro has named the malware HiddenMiner because of the techniques it uses to protect itself from discovery and removal.
Like most cryptocurrency-mining software, HiddenMiner uses the device's CPU power to mine Monero. But Trend Micro said that because there is no switch, controller, or optimizer in HiddenMiner's code it will continuously mine Monero until the device's resources are exhausted.
"Given HiddenMiner's nature, it could cause the affected device to overheat and potentially fail," the company said. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency https://www.scoop.it/t/securite-pc-et-internet/?&tag=Crypto+Mining https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android
|
|
Scooped by
Gust MEES
|
Sicherheitsforscher warnen vor mehreren mit Schadcode verseuchten Spiele-Apps im offiziellen App Store von Google.
Offensichtlich haben die Sicherheitsmechanismen von Google Play versagt und 27 mit Schadcode verseuchte Spiele-Apps durchgelassen. Sicherheitsforschern von Dr. Web zufolge weisen die Apps insgesamt 4,5 Millionen Downloads auf.
In ihrer Warnung listen sie die Namen der Apps auf. Stichproben zeigen, dass ein Großteil bereits nicht mehr verfügbar ist. Wer davon Apps installiert hat, sollte diese schleunigst löschen.
SDK Wurzel des Bösen
Alle Apps wurden mit dem Ya Ya Yun SDK erstellt, das neben legitimen Funktionen eben auch Trojaner-Module mitbringt. Diese sollen nach dem ersten Start einer App vom Opfer unbemerkt Code herunterladen, der im Hintergrund heimlich Webseiten öffnet und auf Werbebanner klickt. Neben dem Klickbetrug könnten die Entwickler des SDKs wahrscheinlich noch weitere Angriffsmodule bereitstellen, vermuten die Sicherheitsforscher.
Unklar ist derzeit, ob die App-Entwickler die Trojaner-Module bewusst eingebaut haben oder ob letztlich die Macher des Ya Ya Yun SDK abkassieren. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Google-Play
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
Google has confirmed it has been able to track the location of Android users via the addresses of local mobile phone masts, even when location services were turned off and the sim cards removed to protect privacy.
Revealed by a report by Quartz, Google’s Android system, which handles messaging services to ensure delivery of push notifications, began requesting the unique addresses of mobile phone masts (called Cell ID) at the beginning of 2017.
The information was captured by the phone and routinely sent to Google by any modern Android device, even when location services were turned off and the sim card was removed. As a result Google could in theory track the location of the Android device and therefore the user, despite a reasonable expectation of privacy.
A Google spokesperson said: “In January of this year, we began looking into using Cell ID codes as an additional signal to further improve the speed and performance of message delivery.
“However, we never incorporated Cell ID into our network sync system, so that data was immediately discarded, and we updated it to no longer request Cell ID.” Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Cyberespionage https://www.scoop.it/t/securite-pc-et-internet/?&tag=Privacy https://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/ https://www.scoop.it/t/securite-pc-et-internet/?&tag=tracking
|
|
Scooped by
Gust MEES
|
A newly uncovered form of Android malware aims to steal data from over 40 popular apps including Facebook, WhatsApp, Skype and Firefox - and the trojan has been actively engaging in in this illicit activity for almost two years.
Dubbed SpyDealer by the Palo Alto Networks researchers who discovered it, the malware harvests vast accounts of personal information about compromised users, including phone numbers, messages, contacts, call history, connected wi-fi information and even the location of the device.
The espionage capabilities of the trojan also enable it to record phone calls and videos, along with surrounding audio and video, take photos with both front and rear cameras, take screenshots of sensitive information and monitor the devices location at all times.
Described as an advanced form of Android malware, SpyDealer is able to open a backdoor onto compromised devices by abusing a commercially available Android accessibility service feature in order to root phones into providing superuser privileges.
Samples of the malware analysed by researchers suggests that the malware reuses root exploits used by commercial rooting app "Baidu Easy Root" in order to maintain itself on the compromised device while it harvests personal information and spies on communications from the apps with root privilege. According to the researchers, SpyDealer attempts to steal data from apps including WeChat, Facebook, WhatsApp, Skype, Line, Viber, QQ, Tango, Telegram, Sina Weibo, Tencent Weibo, Android Native Browser, Firefox Browser, Oupeng Brower, QQ Mail, NetEase Mail, Taobao, and Baidu Net Disk. Learn more / En savoir plus / Mehr erfahren: http://www.scoop.it/t/securite-pc-et-internet/?&tag=Android
|
|
Scooped by
Gust MEES
|
|
|
|
Scooped by
Gust MEES
|
Mit Selfie-Apps lassen sich die Größe von Mund, Nase oder Augen verändern und Make-up auftragen. Doch die Apps erheben teilweise nicht nur biometrische Daten, sondern verkaufen sie auch an Dritte, wie das Verbraucherschutzportal Mobilsicher.de herausgefunden hat.
Das Portal hat die sechs beliebtesten Selfie-Bearbeitungs-Apps aus Googles Play Store auf Datenschutzprobleme hin überprüft. Zusammen wurden die Apps bisher über 500 Millionen Mal heruntergeladen.
Insbesondere die Datenschutzerklärung der App Perfect365 hat es demnach in sich. Laut Mobilsicher.de gibt der Anbieter dort an, dass in den vergangenen zwölf Monaten umfangreiche Datensätze über die Nutzer an Dritte verkauft wurden. Enthalten waren demnach die vollen Namen, biometrische Daten, Standortdaten sowie alle weiteren Angaben, die in der App gemacht wurden. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android
|
|
Scooped by
Gust MEES
|
Un nouveau malware circule sur Android. Repéré par un groupe de chercheurs, il se présente sous la forme d'une mise à jour critique du système et permet à un tiers de prendre le contrôle d'un smartphone en collectant des données personnelles.
Le cabinet de sécurité Zimperium, qui avait déjà découvert la faille StageFright en 2015, explique que le malware a été intégré dans une application baptisée System Update, disponible en dehors du Play Store. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android
|
|
Scooped by
Gust MEES
|
A new Android malware strain has been uncovered, part of the Rampant Kitten threat group’s widespread surveillance campaign that targets Telegram credentials and more.
Researchers have uncovered a threat group launching surveillance campaigns that target victims’ personal device data, browser credentials and Telegram messaging application files. One notable tool in the group’s arsenal is an Android malware that collects all two-factor authentication (2FA) security codes sent to devices, sniffs out Telegram credentials and launches Google account phishing attacks.
Researchers found the threat group, dubbed Rampant Kitten, has targeted Iranian entities with surveillance campaigns for at least six years. It specifically targets Iranian minorities and anti-regime organizations, including the Association of Families of Camp Ashraf and Liberty Residents (AFALR); and the Azerbaijan National Resistance Organization.
The threat group has relied on a wide array of tools for carrying out their attacks, including four Windows info-stealer variants used for pilfering Telegram and KeePass account information; phishing pages that impersonate Telegram to steal passwords; and the aforementioned Android backdoor that extracts 2FA codes from SMS messages and records the phone’s voice surroundings. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication
|
|
Scooped by
Gust MEES
|
Over the past six months, a new Android malware strain has made a name for itself after popping up on the radar of several antivirus companies, and annoying users thanks to a self-reinstall mechanism that has made it near impossible to remove.
Named xHelper, this malware was first spotted back in March but slowly expanded to infect more than 32,000 devices by August (per Malwarebytes), eventually reaching a total of 45,000 infections this month (per Symantec).
The malware is on a clear upward trajectory. Symantec says the xHelper crew is making on average 131 new victims per day and around 2,400 new victims per month. Most of these infections have been spotted in India, the US, and Russia.
INSTALLED VIA THIRD-PARTY APPS
According to Malwarebytes, the source of these infections is "web redirects" that send users to web pages hosting Android apps. These sites instruct users on how to side-load unofficial Android apps from outside the Play Store. Code hidden in these apps downloads the xHelper trojan. Learn more / En savoir plus / Mehr erfahren: https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/ https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Android
|
|
Scooped by
Gust MEES
|
The spyware poses as a legitimate application, spreading via SMS messages to victims’ contact lists.
An Android malware dubbed “FunkyBot” has started making the scene in Japan, operated by the same attackers responsible for the FakeSpy malware. It intercepts SMS messages sent to and from infected devices.
According to FortiGuard Labs, the malware (named after logging strings found in the persistence mechanism of the payload) masquerades as a legitimate Android application. The payload thus consists of two .dex files: One is a copy of the original legitimate application that the malware is impersonating, and the other is malicious code.
As for the kill chain, a packer first determines which version of Android the phone is running on, in order to generate the proper payload. After that, the payload is started by calling the method `runCode` class through Java reflection. This starts a class called KeepAliceMain, which is used as persistence mechanism by the malware. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android
|
|
Scooped by
Gust MEES
|
An Android banking trojan has returned with improvements which allow it to record the screens of infected devices while also adding new techniques that help the malware remain hidden from victims.
Can Google win its battle with Android malware?
Cybercriminals are sneaking malicious apps into Google's official app store. Can they be stopped?
First detailed by cybersecurity researchers at ThreatFabric in October last year, BianLian started life as a dropper for other forms of malware, most notably the Anubis banking malware, which has stolen funds from thousands of Android users around the globe.
But the cybercriminals behind BianLian soon changed their tactics, altering the code and re-purposing the malware into a banking trojan in its own right – repeatedly bypassing protections in the official Google Play app store as a means of distributing their malicious payload. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android
|
|
Scooped by
Gust MEES
|
Android Google Playstore Trickbetrüger versuchen mit gefälschten Installationszahlen unwissende Smartphone User dazu zu animieren, fragwürdige Apps zu installieren. Wir zeigen, wie man den Schwindel aufdeckt. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android
|
|
Scooped by
Gust MEES
|
Google says that it is getting better than ever at protecting Android users against bad apps and malicious developers.
In fact, in a recent post on the Android Developers blog, the company boasts that it removed a record number of malicious apps from the official Google Play store during 2017.
How many apps did Google remove from its app marketplace after finding they violated Google Play store policies? More than 700,000. That’s an impressive 2000 or so every day, and 70% more than the number of apps removed in 2016.
Furthermore, Google says it is getting better at proactively protecting Android users from the growing menace of mobile malware:
“Not only did we remove more bad apps, we were able to identify and action against them earlier. In fact, 99% of apps with abusive contents were identified and rejected before anyone could install them. This was possible through significant improvements in our ability to detect abuse – such as impersonation, inappropriate content, or malware – through new machine learning models and techniques.”
Furthermore, Google claims it banned more than 100,000 developer accounts controlled by “bad actors” who had attempted to create new accounts and publish yet more malicious apps. Learn more / En savoir plus / Mehr erfahren: https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/ https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android
|
|
Scooped by
Gust MEES
|
Personal data belonging to over 31 million customers of a popular virtual keyboard app has leaked online, after the app's developer failed to secure the database's server.
The server is owned by Eitan Fitusi, co-founder of AI.type, a customizable and personalizable on-screen keyboard, which boasts more than 40 million users across the world.
But the server wasn't protected with a password, allowing anyone to access the company's database of user records, totaling more than 577 gigabytes of sensitive data.
The database appears to only contain records on the app's Android users.
The discovery was found by security researchers at the Kromtech Security Center, which posted details of the exposure alongside ZDNet. The data was only secured after several attempts to contact Fitusi, who acknowledged the security lapse this weekend. The server has since been secured, but Fitusi did not respond when we asked for comment.
ZDNet obtained a portion of the database to verify. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Mobile-Security https://gustmeesde.wordpress.com/2014/12/13/mobile-security-smartphones-sind-auch-mini-computer/
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
Près d'un milliard de terminaux Android sont impactés par une faille qui permet d’enregistrer l’utilisateur sans qu’il s’en aperçoive… Concrètement, depuis l’intégration de l’API MediaProjection sur Android 5.0, les applications peuvent capturer le contenu de l’écran et enregistrer le son du microphone sans accéder aux droits administrateurs.
Un simple message apparaît sur une fenêtre pop-up pour indiquer que vous allez accepter que « MediaProjection » enregistre l'écran et le son du téléphone. Le problème étant qu’il est possible de recouvrir ce message d’avertissement par un quelconque texte. L’exemple donné est le suivant : « merci d’avoir téléchargé cette application. Nous espérons que vous allez l’apprécier ! » Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android
|
|
Scooped by
Gust MEES
|
Google’s July 2017 security fixes for Android are out.
As far as we can see, there are 138 bugs listed, each with its own CVE number, of which 18 are listed with the tag “RCE”.
RCE stands for Remote Code Execution, and denotes the sort of vulnerability that could be abused by a crook to run some sort of program sent in from outside – without any user interaction.
Generally speaking, RCE bugs give outsiders a sneaky chance to trigger the sort of insecure behaviour that would usually either pop up an obvious “Are you sure?” warning, or be blocked outright by the operating system.
In other words, RCEs can typically be used for so-called “drive-by” attacks, where just visiting a web page or looking at an email might leave you silently infected with malware.
Learn more / En savoir plus / Mehr erfahren: http://www.scoop.it/t/securite-pc-et-internet/?&tag=Android
|
Security updates that Google released this week for Android resolve 43 vulnerabilities, including three that have been exploited in attacks.
The exploited flaws, tracked as CVE-2023-2136, CVE-2023-26083, and CVE-2021-29256, impact Android’s System and Arm Mali components.
The internet giant says “there are indications” that these security defects “may be under limited, targeted exploitation”.
CVE-2023-2136 was disclosed in April as a zero-day vulnerability in the Chrome browser, and is described as an integer overflow issue in Skia.
The bug allows “a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page,” a NIST advisory explains.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android