Tag: app’ | Page 26

Delete ‘Christmas Sticker’ Joker App Now: 3 Steps to Remove Malware

January 18, 2022/in Mobile Security

A new alert is being issued to all Android users who like downloading apps. They should be careful of the Joker malware, which is a malicious program that can steal personal information and force extra charges on an infected device.

For most Android users, downloading apps from the Google Play Store is a safe and secure method. This is because of its built-in Play Protect system that keeps track of harmful programs.

Unfortunately for Android users, the infamous Joker malware has proven time and again that it can evade the Google Play Store antivirus. The malware was recently spotted in the Android app “Christmas Stickers.”

Christmas Sticker: A Joker App

According to earlier reports, the Joker malware has deceived more than 500,000 Android users up to date. It was initially spotted in an app called Color Message.

This malicious malware also hid inside apps like: Beauty Camera Phone Editor, Battery Charging Animation Wallpaper and Multi-Language Keyboard, OneSuper Launcher, Simple Blood Suga and Colorful Wallpaper.

More recently, malware analyst Tatyana Shishkova identified the Joker code on the app Christmas Stickers. There were, unfortunately, more than 1,000 installations of the app since December 21, 2021.

#Joker Android Trojan on Google Play:https://t.co/RkSOlrVvne Dec 21, 1,000+ installs pic.twitter.com/r0iFUz1vKS

— Tatyana Shishkova (@sh1shk0va) December 27, 2021

Joker Malware: Android Issues

Once installed, the Joker app activates malware that is difficult to detect and contain. It sometimes disguises itself as a legitimate app icon, which fools most mobile security.

Joker malware starts its attack by gaining access and permission over the infected device. This lets it install a few more viruses which help it run its programs smoothly.

Afterward, Joker malware manipulates the device’s SMS functions to subscribe to unwanted premium services. This forces victims to pay a significant bill to their communications provider.

Lastly, the Joker malware tries to mine all available credentials on the device, like the user’s account and passwords. Be warned that information like this is often sold on the dark web for scam and phishing purposes.

Read Also: iPhone 14…

Source…

A Teen Took Control of Teslas by Hacking a Third-Party App

January 15, 2022/in Computer Security

On Friday, Russia did the previously unimaginable: It actually arrested a bunch of ransomware operators. Not only that, but members of the notorious group REvil, which has been behind some of the biggest attacks of the last several years, including IT management firm Kaseya and meat giant JBS. Russian president Vladimir Putin had previously given ransomware hackers a free pass. It’s not clear yet whether this was a calculated political move, a sign of a broader crackdown, or both, but it’s certainly a watershed moment.

As everyone scrambles to find Log4j in their systems—no easy task for even well-resourced companies—the FTC has set strict deadlines for patching the very bad, no good vulnerability in the ubiquitous logging library. It’ll be unlikely if not impossible for everyone to find it in time, which speaks more to the fragile and opaque nature of the open source software world than the FTC’s aggressive timeline.

Telecoms around the world have pushed back against Apple’s Private Relay, a not-quite-VPN that bounces your traffic through a couple of servers to give you extra anonymity. T-Mobile in the US recently blocked it for customers who had parental control filters. It’s unclear why they’ve taken those measures against Apple and not the many, many VPNs that work unfettered, but it may have to do with the potential scale of Apple customers who could sign up for the service.

In other Apple privacy news, iOS 15 brought with it a new report that shows you what sensors your apps are accessing and what domains they’re contacting. It’s a lot of information all at once; we helped break down how to read it.

North Korean hackers had a “banner year” in 2021, stealing nearly $400 million of cryptocurrency. And while Israeli spyware vendor NSO Group insists that it has controls in place to prevent abuses of its product, dozens of journalists and activists in El Salvador had their devices infected with Pegasus, NSO’s signature product, as recently as November.

And that’s not all! Each week we round up all the security news WIRED didn’t cover in depth. Click on the headlines to read the full stories.

A 19-year-old security researcher named David Colombo detailed this week how he…

Source…

Philly’s 311 app is on the fritz, and the city is redirecting users to an unsecured website

January 15, 2022/in Mobile Security

Christopher Sherman is a self-described “superuser” of the Philly 311 app. Graffiti removal, missed trash pickup, abandoned cars — the Fishtown resident says he’s reported 408 incidents to City Hall to date.

“It’s a wonderful app when it works,” said Sherman, 40, who works in IT. “I don’t have to know the right department to call or be friends with my councilperson because the streetlight’s out.”

Now a decade old, Philly 311 is a powerful tool for residents to request basic city services. But when Sherman opens the app on his Android phone now, he gets an unfortunate message: “Whoops, something went wrong.”

The source of that “whoops?”

Philly 311′s app has been on the fritz for some users for at least a month. City officials confirmed two problems so far: The Facebook login function for users has been broken since December and, as of this week, an unknown number of Android users like Sherman now have no access to the mobile app at all.

“Unfortunately, we cannot quantify how many Android users have been affected,” said city spokesperson Irene Contreras-Reyes.

And while it’s unclear how many of the app’s users were impacted, The Inquirer has heard numerous complaints from residents who say they’ve been having problems logging into the app since last month and could not find easy explanations.

Responding to The Inquirer’s questions, officials also inadvertently revealed another cyber security issue: The online 311 portal sits on an unsecured website.

With problems piling up on the mobile app, officials have been referring frustrated users to the city’s online 311 site to file their service requests. But the link takes people to a webpage that browsers identify as unsecure, meaning user data could be vulnerable to hackers.

Officials on Friday could not explain why or for how long the government-run site had been using an unsecure connection, but a “multidisciplinary team” was assigned to investigate the issue after The Inquirer asked questions.

“We’ll get answers to this question by next week since this involves multiple areas, not only 311,” Contreras-Reyes said.

According to 311 data, residents lodged at least 50,000 complaints per month…

Source…