Tag Archive for: Browsers

Jupyter Malware Variant Targets Browsers, Crypto-Wallets with Sophisticated Evasion Techniques

/in


Security researchers have identified a significant uptick in attacks by a new, more sophisticated variant of the Jupyter malware, targeting popular browsers and crypto-wallets with advanced evasion techniques. This variant, also known as Yellow Cockatoo, Solarmarker, and Polazert, has been active since at least 2020 but has seen a resurgence with enhancements that make it harder to detect.

A Persistent Data-Stealing Cyber Threat

VMware’s Carbon Black team recently observed the malware leveraging PowerShell command modifications and legitimate-looking, digitally signed payloads to infect a growing number of systems. These modifications enhance Jupyter’s evasion capabilities, allowing it to backdoor machines and harvest a variety of credential information without detection. Morphisec and BlackBerry have further detailed its capabilities, including support for command and control communications and the execution of PowerShell scripts and commands, highlighting its function as a full-fledged backdoor.

Jupyter: Getting Around Malware Detection

The recent attacks have seen the Jupyter operator using valid certificates to digitally sign the malware, making it appear legitimate to malware detection tools. VMware researchers noted the malware’s use of SEO poisoning and search engine redirects as part of its attack chain, demonstrating its sophisticated credential harvesting and encrypted communication capabilities. Abe Schneider, threat analyst lead at Carbon Black, highlighted new improvements to the infostealer, including the use of an installer called InnoSetup, which serves as the first payload delivered to victim devices.

A Troubling Increase in Infostealers

Jupyter’s resurgence is part of a broader, concerning trend in the rise of infostealers, exacerbated by the shift to remote work during the COVID-19 pandemic. Organizations like Red Canary and Uptycs have reported sharp increases in infostealer distribution, with attackers leveraging the malware to gain quick, persistent, and privileged access to enterprise networks and systems. The demand for stolen data on criminal forums remains high, underscoring the ongoing threat posed…

Source…

Zero-Day Security Vulnerability Found in Chrome, Firefox and Other Browsers

/in


Updates are now available to patch a Chrome vulnerability that would allow attackers to run malicious code.

Closeup on the screen with depth of field and focus on the padlock.
Image: ktsdesign/Adobe Stock

It’s time to update Google Chrome, Mozilla’s Firefox or Thunderbird, Microsoft Edge, the Brave browser or Tor Browser; web development news site StackDiary has reported a zero-day vulnerability in all six browsers that could allow threat actors to execute malicious code.

Jump to:

Vulnerability originates in WebP reader

Users of the affected browsers should update to the most up-to-date version in order to ensure the zero-day vulnerability is patched on their machines. The problem isn’t with the browsers — the vulnerability originates in the WebP Codec, StackDiary discovered.

Other affected applications include:

  • Affinity.
  • Gimp.
  • Inkscape.
  • LibreOffice.
  • Telegram.
  • Many Android applications.
  • Cross-platform apps built with Flutter.

Apps built on Electron may also be affected; Electron released a patch.

Many applications use the WebP codec and libwebp library to render WebP images, StackDiary noted.

SEE: Check Point Software finds that cybersecurity attacks are coming from both the new school (AI) and the old school ( mysteriously dropped USBs). (TechRepublic) 

In more detail, a heap buffer overflow in WebP allowed attackers to perform an out-of-bounds memory write, NIST said. A heap buffer overflow allows attackers to insert malicious code by “overflowing” the amount of data in a program, StackDiary explained. Since this particular heap buffer overflow targets the codec (essentially a translator that lets a computer render WebP images), the attacker could create an image in which malicious code is embedded. From there, they could steal data or infect the computer with malware.

The vulnerability was first detected by the Apple Security Engineering and Architecture team and The Citizen Lab at The University of Toronto on September 6, StackDiary said.

What steps should users take?

Google, Mozilla, Brave, Microsoft and Tor have released security patches for this vulnerability. Individuals running those apps should update to the latest version. In the case of other applications, this is an ongoing…

Source…

In-app mobile browsers pose hidden privacy risks

/in


The browsers built into popular apps like Facebook and Twitter provide convenience for users looking to read a page — but also open them to broad privacy and security risks, as recent reports have highlighted.

The big picture: In-app browsers allow mobile users to follow links and read web pages without having to switch out of the app they’re using. But it’s difficult to audit who ends up with the data trails this browser activity creates — and that personal information could end up in the hands of the app maker.

How it works: Both Apple (iOS) and Google (Android) say they apply the same rules to in-app browsers that they apply to any other part of an app that they distribute in their app stores: Both companies require app makers to disclose all information they collect as part of their privacy policies.

  • Google also says it looks for data collected via in-app browser as part of its automated scans of apps submitted to the Google Play store.
  • Apple’s policies also prohibit particularly egregious abuses, such as surreptitiously discovering passwords or other private data.

Driving the news: Security researcher Felix Krause published a series of findings recently — including a report on TikTok last week and an earlier look at Instagram and Facebook — suggesting that many in-app browsers contain code that gives the app owners the ability to monitor what users tap, click or type.

Between the lines: App developers have the potential to collect more user information when they make use of an in-app browser to open links — and that could lead to more hidden data collection and heightened security risks, experts tell Axios.

  • Simple modifications to in-app browsers could easily allow platforms to track when someone types, clicks on a link or taps the screen, said Nick Doty, a senior fellow focused on internet architecture at the Center for Democracy and Technology.
  • This is true of all browsers, but with in-app browsers, users typically don’t realize that they’ve shifted into a different environment that might have different data collection practices — they might just think they’re using their default mobile browser, like Safari or Chrome, Doty told Axios.

Yes, but: It’s hard to say…

Source…

UK watchdog seeks to make mobile browsers competitive • The Register

/in


The United Kingdom’s Competition and Markets Authority (CMA) on Friday said it intends to launch an investigation of Apple’s and Google’s market power with respect to mobile browsers and cloud gaming, and to take enforcement action against Google for its app store payment practices.

“When it comes to how people use mobile phones, Apple and Google hold all the cards,” said Andrea Coscelli, Chief Executive of the CMA, in a statement. “As good as many of their services and products are, their strong grip on mobile ecosystems allows them to shut out competitors, holding back the British tech sector and limiting choice.”

The decision to open a formal investigation follows the CMA’s year-long study of the mobile ecosystem. The competition watchdog’s findings have been published in a report that concludes Apple and Google have a duopoly that limits competition.

“We have found that Apple and Google have substantial and entrenched market power in mobile operating systems as there is limited effective competition between the two and rivals face significant barriers to entry and expansion,” the final report [PDF] says.

This is the third Google-oriented inquiry by the CMA this year. In March, the CMA and the EU announced an investigation of Google and Meta (Facebook) of an alleged ad collusion called Jedi Blue. And the CMA said it is looking into Google ad tech last month as well.

The CMA in March, 2021 opened competition law investigation into the terms and conditions governing Apple’s App Store.

Back in March, 2022 when the CMA was still accepting input from tech firms on how it should proceed, Apple urged the UK regulator to look past the “often self-serving complaints from a limited number of the largest market participants,” as Apple’s law firm Gibson Dunn put it.

Google also maintained that the status quo works well [PDF] while taking…

Source…