Press Release

Two million Android malware apps have been discovered on Google Play.

Published

7 months ago

October 1, 2023

Two million Android malware apps have been discovered on Google Play.

Over two million individuals have been duped into installing new Android malware, phishing, and adware apps that have penetrated the Google Play store.

The programmes, which appear to be helpful utilities and system optimizers but are actually the causes of performance glitches, advertisements, and a degraded user experience, were found by Dr. Web antivirus.

One Dr. Web-illustrated app that has one million downloads is TubeBox, which is still accessible on Google Play as of this writing.

When trying to redeem the collected prizes, TubeBox consistently presents problems, despite promising users money for watching movies and advertisements on the app.

Even customers who successfully complete the final withdrawal stage never actually receive the money, according to the researchers, as the whole thing is just a ploy to keep users on the app as long as possible so they may view adverts and bring in money for the makers.

The following adware applications also showed up on Google Play in October 2022 but were later taken down:

One million downloads of the Bluetooth device auto connect (bt autoconnect group)
USB, Wi-Fi, and Bluetooth drivers (simple things for everyone) Over 100,000 downloads
Bt Autoconnect Group’s Volume, Music Equalizer: 50,000 downloads
(Hippo VPN LLC) Fast Cleaner & Cooling Master – 500 downloads

The aforementioned apps take instructions from Firebase Cloud Messaging and load the websites listed in them, which results in the fraudulent display of advertisements on the affected devices.

The remote operators might also set up an infected device to function as a proxy server in the instance of Fast Cleaner & Cooling Master, which had a low download volume. The threat actors could route their own traffic through the infected device using this proxy server.

Last but not least, Dr. Web came across a number of loan scam apps with an average of 10,000 downloads on Google Play that claimed to have a direct connection to Russian banks and investment companies.

Through malicious advertising on other apps, these apps were marketed as offering assured investment returns. Actually, the apps direct users to phishing websites where their personal data is gathered.

You should always look for bad reviews, carefully read the privacy statement, and visit the developer’s website to verify the legitimacy of an app before downloading it from Google Play.

Generally speaking, try to limit the number of installed apps on your smartphone and occasionally check to make sure Google Play Protect is turned on.

Press Release

MICROSOFT IS IN TERMS TO BUY SPEECH TECHNOLOGY COMPANY NUANCE COMMUNICATIONS FOR ABOUT $16 BILLION, OR $56 A SHARE, A 23% OVERPAYMENT TO NUANCE’S FRIDAY CLOSE, According to Sources (BLOOMBERG)

Published

7 months ago

October 1, 2023

David Baddeley

MICROSOFT IS IN TERMS TO BUY SPEECH TECHNOLOGY COMPANY

Bloomberg:

According to sources, Microsoft is in advanced talks to acquire Nuance Communications, a provider of speech technology, for about $16 billion, or $56 per share, a 23% premium to Nuance’s Friday close. The proposed price would value Nuance at $56 per share. This week could see the announcement of a deal.

Press Release

After taking data, the Android spyware BRATA wipes your smartphone.

Published

7 months ago

October 1, 2023

David Baddeley

After taking data, the Android spyware BRATA wipes your smartphone.

The most recent version of the Android malware known as BRATA now includes several new and dangerous features, such as GPS tracking, the ability to use numerous communication channels, and a tool that wipes all evidence of malicious activity from the device by performing a factory reset.

Kaspersky originally identified BRATA as an Android RAT (remote access tool) in 2019 that mostly targeted Brazilian users.

A Cleafy report from December 2021 highlighted the malware’s appearance in Europe, where it was observed to target customers of online banking services and steal their credentials with the help of con artists posing as bank customer support representatives.

Cleafy analysts kept an eye out for new features in BRATA, and in a new research released today, they show how the malware is still evolving.

versions with modifications for various audiences
The most recent iterations of the BRATA malware currently target e-banking users in China, Latin America, the UK, Poland, Italy, and Spain.

With various overlay sets, languages, and even different apps to target particular populations, each version focuses on a different bank.

In all versions, the developers employ comparable obfuscation strategies, such as enclosing the APK file in an encrypted JAR or DEX package.

The VirusTotal scan below shows how effectively this obfuscation avoids antivirus detections.

On that front, before moving on to the data exfiltration process, BRATA now actively looks for indicators of AV presence on the device and tries to erase the discovered security tools.

New capabilities
The keylogging functionality, which is a new feature in the most recent BRATA versions, was discovered by Cleafy researchers and adds to the existing screen capturing capabilities.

All new variations also include GPS monitoring, however analysts are unsure of its precise function.

The performing of factory resets, which the actors do in the following circumstances, is the scariest of the new malevolent features.

The fraudulent transaction has been successfully finished after the compromise (i.e. credentials have been exfiltrated).
It has been discovered by the programme that it operates in a virtual environment, perhaps for analysis.
The kill switch used by BRATA is a factory reset, which wipes the device and increases the risk of a victim experiencing an unexpected and permanent loss of data.

Finally, BRATA now supports HTTP and WebSockets and has provided new channels for data exchange with the C2 server.

A direct, low-latency route that is perfect for in-the-moment communication and live manual exploitation is provided by the choice of WebSockets for the actors.

Additionally, because WebSockets don’t need to send headers with each connection, less suspicious network traffic is generated, which reduces the likelihood of being discovered.

Basic safety precautions
BRATA is only one of several sneaky RATs and Android banking trojans that target users’ banking credentials that are out there.

Installing apps from the Google Play Store, avoiding APKs from dubious websites, and always scanning them with an AV programme before opening them are the best strategies to prevent being infected by Android malware.

Pay close attention to the permissions that are requested during installation and don’t allow those that don’t seem necessary for the app’s primary functions.

Finally, keep an eye on your battery life and network traffic levels to spot any sudden spikes that can be caused by malicious processes that are running in the background.

Press Release

Record: hackers scraped information of 500M LinkedIn customers and published it available online; LinkedIn validates the dataset includes publicly viewable details from its site (Katie Canales/Insider).

Published

7 months ago

October 1, 2023

David Baddeley

ReporReport: hackers scraped data of 500M LinkedIn users and posted it for sale online; LinkedIn confirms the dataset includes publicly viewable info from its site (Katie Canales/Insider)

Katie Canales / Insider:
Report: hackers scraped data of 500M LinkedIn users and posted it for sale online; LinkedIn confirms the dataset includes publicly viewable info from its site — – Personal data from 500 million LinkedIn users has been scraped and is reportedly for sale on a hacking forum.t: hackers scraped data of 500M LinkedIn users and posted it for sale online; LinkedIn confirms the dataset includes publicly viewable info from its site (Katie Canales/Insider)