Posts

Daily Food Diary app dishes malware up to its users


There’s an app for that. Remember that marketing line? Well, it’s basically true. There’s an app for just about everything, including tracking your food consumption and calories. Daily Food Diary is an app that does exactly that and more. According to Pradeo, Daily Food Diary made it through Play Protect security by deeply obfuscating its malicious code.

Mainly, the app steals users’ contact lists, prevents users from killing it, and seems related to the Joker Malware. Daily Food Diary had already been downloaded over 10,000 times before it was removed from the Play Store.

Daily Food Diary pretends to be a legitimate app to take pictures of your meals and set mealtime alerts. It features a very minimal design and a few basic functionalities with no real purpose. The only real purpose was to steal users’ data.

Report: Daily Food Diary app dishes malware up to its users
A bad screenshot of Daily Food Diary on the Play Store

When users launch it, they are immediately sent to the device settings to enable the app to automatically run at startup (foreground service permission). Besides, the app is set to always run in the background (wake lock permission). When users are on the app interface, attempts to exit are overridden to make it difficult to close it.

Daily Food Diary repeatedly asks for permissions to access the contact list, and when it gets it, it directly exfiltrates contacts’ information to unknown external storage. It also requests to manage phone calls, to potentially refuse incoming calls that would temporarily prevent the app from running in the background.

To hide its true intentions, Daily Food Diary malicious code is hidden in an encrypted file called 0OO00l111l1l. Other files contain the native library that can decrypt the malicious code so it can execute (libshellx-super.2019.so), the encryption key (tosversion), and additional resources (o0oooOO0ooOo.dat).

Besides, to stay undetected from dynamic analysis, the app does not perform its malicious behaviors when running in an emulator.

Pradeo

Users are encouraged to delete this app immediately from their devices.

What do you think of this app? Did you install it? Let us know in the comments below or on Twitter or Facebook. You can also comment on our MeWe page by…

Source…

DuckDuckGo surpasses 100 million daily search queries for the first time


DuckDuckGo

Image: DuckDuckGo

Privacy-focused search engine DuckDuckGo reached a major milestone in its 12-year-old history this week when it recorded on Monday its first-ever day with more than 100 million user search queries.

The achievement comes after a period of sustained growth the company has been seeing for the past two years, and especially since August 2020, when the search engine began seeing more than 2 billion search queries a month on a regular basis.

DuckDuckGo’s popularity comes after the search engine has expanded beyond its own site and now currently offers mobile apps for Android and iOS, but also a dedicated Chrome extension.

More than 4 million users installed these apps and extension, the company said in a tweet in September 2020.

But the search engine’s rising popularity is also due to its stated goal of not collecting user data and providing the same search results to all users.

As it highlighted last year, this lack of granular data sometimes makes it hard for the company to even estimate the size of its own userbase.

But this dedication to privacy has also helped the company gain a following among the privacy-conscious crowd. DuckDuckGo has been selected as the default search engine in the Tor Browser and is often the default search engine in the private browsing modes of several other browsers.

Historic week for privacy apps

DuckDuckGo’s historical milestone comes in a week when both Signal and Telegram, two other privacy-centric apps, also announced major periods of growth.

Telegram announced on Monday that it reached 500 million registered users, while Signal’s servers went down on Friday after seeing “millions upon millions of new users” in a sudden influx the company said exceeded even its most optimistic projections.

Source…

Cyber Daily: WHO Plans Security Rules for Covid-19 Vaccine Receipts


Hello. The World Health Organization is working on technical details and privacy standards for digital Covid-19 vaccine certificates to give individuals proof of immunization, WSJ Pro’s Catherine Stupp reports. Two aspects are crucial: Individuals should be able to delete their data from the certificates and technology providers shouldn’t be allowed to profit from the data they handle.

Other news: Apple removed Wimkin social-media platform from App Store over calls to violence; Italy, India push back on WhatsApp privacy changes; U.S. warns about intense attacks on cloud services; convicted hacker faces new fraud charges.

Weekend reading: Security chiefs reckon with supply chain security after
SolarWinds

hack; Social-media watchdogs find extremist threats; White House issues maritime security plan.

Readers: Our newsletter won’t be published Monday in observance of the

Dr. Martin Luther King Jr.
holiday.

Covid-19 Vaccination Data

WHO plans privacy, security rules for Covid-19 vaccine certificates. The World Health Organization is working with Estonia and a group of around 150 volunteer privacy, governance and other experts to determine how an international system for verifying individuals’ vaccine history could work. Specifications are expected by the end of the first quarter.

“There’s a very strong sense of urgency for getting the economy working and the citizens of each country would like to start traveling again in a safe way,” said Marten Kaevats, an adviser to the Estonian government on technology issues.

But any technology used to help people travel and avoid infection during the pandemic needs to keep data secure. Estonia started tests this week of a certificate built on blockchain technology.

Read the full story.

Quotable

“I can’t fault them for looking at it. I just wish they would give us a chance.”

— Jason Sheppard, founder of social-media platform Wimkin, on Apple removing the app from the App Store over content, since removed, that included calls for a civil…

Source…

Tax hikes are back on the agenda in Sacramento – Daily Breeze


With 1 million signatures in and several potential challengers, the recall drive against Gov. Gavin Newsom may be causing him to reconsider some of his more progressive policy positions. In his recently unveiled $4.5-billion stimulus program, he offered — get this — tax relief, not tax hikes.

The so-called “Equitable Recovery for California Businesses and Jobs” plan includes $575 million for small business grants, $777.5 million in tax credits to businesses that hire or retain employees, some sales-tax exemptions and $600 checks to low-income Californians.

Of course, it also contains the usual slop like $1.5 billion in subsidies to buy electric vehicles but, nonetheless, we take victories where we can get them in Taxifornia.

Newsom’s September pledge to oppose new taxes was fairly explicit: “In a global, mobile economy, now is not the time for the kind of state tax increases on income we saw proposed at the end of this legislative session and I will not sign such proposals into law.” The irony is not lost on us that the governor said this while also endorsing Prop. 15, the failed $12 billion tax hike — and latest attempt at gutting Proposition 13 — on the November ballot. But his remarks did provide a bit of assurance to the state’s job creators.

On the other hand, there is no such hesitancy to push tax increases in the California Legislature. Proposing a “tax increase du jour” is in the DNA of Democratic legislators. Here are just a few of the bills causing anxiety among those Californians who want to keep at least some of the money they earn.

Assembly Bill 65 by Assemblyman Evan Low would create a California Universal Basic Income. It is like AB2712 presented last legislative session, which proposed to raise the necessary money either through a value-added tax, raising corporate taxes or implementing a tax on services.

Assembly Bill 71 by Assembly members Luz Rivas and David Chiu creates a $2.4 billion homeless fund. The devil’s in the details, however, and the bill suggests the money could come from increases in income tax rates on individuals making over $1 million, increasing corporate income taxes, and collecting taxes on increases in the value of…

Source…