Tag: Downloads | Page 2

Android game with 1m downloads leaked users’ private messages

February 14, 2023/in Mobile Security

Popular mobile role-playing game (RPG) Tap Busters: Bounty Hunters spilled sensitive user data.

The research by Cybernews has discovered that the Tap Busters: Bounty Hunters app had left their database open to the public, allegedly exposing users’ private conversations for at least five months.

Also, app developers had sensitive data hardcoded into the client side of the app, making it vulnerable to further data leaks.

Tap Busters: Bounty Hunters is an idle RPG game with more than one million downloads on Google Play Store and a 4.5-star rating based on more than 45,000 reviews. In the game, players take on the role of bounty hunters trying to become masters of the galaxy. They defeat villains and collect loot as they travel through different alien realms. Idle game mechanics mean that players can progress in-game without constant input.

Significance

Researchers discovered that Tap Busters: Bounty Hunters leaked data through unprotected access to Firebase, Google’s mobile application development platform that provides cloud-hosted database services. Anyone could have accessed the database in the meantime.

The 349MB-strong unprotected dataset contained user ids, usernames, timestamps, and private messages. If the data leaked had not been backed up and a malicious actor had chosen to delete it, it is possible that the user’s private messages would have been permanently lost without the possibility of recovery.

Along with an open Firebase instance, the developers left some sensitive information, commonly known as secrets, hardcoded in the application’s client side. The keys found were: fir ebase_database_url, gcm_defaultSenderId, default_web_client_id, google_api_key, google_app_id, google_crash_reporting_api_key, google_storage_bucket.

Hardcoding sensitive data into the client side of an Android app is unsafe, as in most cases, it can be easily accessed through reverse engineering.

No response

The game’s developer is Tilting Point, which owns several other successful games with a large player community. Some of these games have over five million downloads. The app developer was informed of the data spill but failed to close public access to the database.

The app developers…

Source…

This info-stealing malware is hiding in downloads for popular apps — how to stay safe

January 18, 2023/in Computer Security

Downloading new apps on your computer is usually a simple and straightforward process, but you now need to be extra careful when doing so as hackers have begun impersonating popular apps to spread malware.

According to a new blog post (opens in new tab) from the cybersecurity firm Cyble, hackers have begun using phishing pages designed to impersonate a number of popular apps online. While a user may think they’re downloading a widely used app, they’re actually installing malware on their computer.

On January 16, the firm’s researchers discovered a phishing site that was impersonating a popular chat app. The very next day, the same phishing site had been transformed to mimic the site of the remote desktop tool TeamViewer. This shows that the hackers behind the campaign are actively changing and customizing their phishing sites to target a number of popular apps.

Once a user clicks the download button on these phishing sites, malware named “messenger.exe” and “teamviewer.exe” is downloaded onto their PC. However, the hackers behind this campaign are using a clever trick to bypass the best antivirus software: they’re padding these downloads with extra zeros to increase their file size. This helps their malicious executables bypass security checks, as larger software can be harder for antivirus software to detect.

Aurora malware

In this case, the malware being distributed is the Aurora infostealer which as the name suggests, can collect all kinds of sensitive data from the browsers, browser extensions, crypto wallets and user directories on an infected machine. Surprisingly, the malware can also extract data from Telegram if a user has the desktop app installed.

Once all of this sensitive information — including passwords — is gathered up by Aurora, it’s saved in JSON format, compressed using GZIP and converted into the Base64 encoding format before it’s sent off to a Command-and-Control (C&C) server controlled by the hackers behind this campaign.

With a user’s cookies, browsing history, login data and web data in hand, an attacker can commit fraud, drain a user’s bank accounts or even commit identity theft. While the consequences of downloading a fake app that…

Source…

Best free security downloads for your Windows and Mac

July 30, 2022/in Computer Security

Browsing the internet without protection is like stepping into a monsoon without an umbrella, boots or raincoat. You’ll find yourself in a huge mess and might be swept away by the storm of hackers and scammers. Protecting yourself is as easy as scrolling down this list of the best free security downloads.

We rounded up some of the best ways to protect your computer against viruses, cyberattacks and other threats. We’ve got you covered if you aren’t familiar with how cybersecurity threats work. Tap or click for a quick breakdown of the five most common digital threats you’ll encounter.

There are plenty of ways to protect your devices from harm. You can take preemptive measures like security software or scan your system for malware. Keep reading for the best ways to keep your devices safe — without spending a dime.

1. Spot unwanted devices on your network with Angry IP Scanner

What it is: Angry IP scanner keeps track of everything connected to your network. It scans your network for IP addresses and other information about the devices connected to your network.

Why you want it: It’s useful for troubleshooting tech issues and catching hackers since it pinpoints unknown or suspicious devices on your network. Have trouble connecting a device to your network? Angry IP Scanner can show the exact IP address of specific devices, which will help you fix the issue.

What you need to know: For Angry IP Scanner to run, you must have Java installed.

2. GlassWire checks your network

What it is: Free firewall software that detects malware from people trying to access your computer from afar.

Why you want it: You can use GlassWire to disable malware-ridden apps. Even better, it can stop you from downloading a virus in the first place. These free firewalls make your computer safer, especially when using the internet.

Do you have a Mac instead? This is one of the best free security downloads for you

Just check out Netdata, which you can use on macOS and Linux.

It’s our favorite…

Source…

Google Drive accounted for 50% of malicious Office document downloads

February 10, 2022/in Computer Security

OneDrive was responsible for 19% while 15% of malicious Microsoft Office documents were downloaded through Sharepoint in 2021.

A new report published by Atlas VPN has revealed startling new details about how widely used platforms like Google and Microsoft are exploited by attackers to spread malware.

The report should not come as a surprise because another report published last year revealed that nearly 43% of all malware downloads were hidden in infected MS Office documents.

Google Drive and Microsoft documents

The most surprising finding from Atlas VPN’s team is that in 2021 around 50% of malicious Microsoft Office documents out of all malware were downloaded from Google Drive, and 37% of all malware downloads on the platform were malicious office documents.

It is worth noting that Google Drive surpassed Microsoft OneDrive in terms of popularity in 2020, which caused 34% of all malicious office document download apps from this platform in 2020.

The research further revealed that MS OneDrive represented 19% of all malicious Office document downloads, while MS Sharepoint ranked third as users used it to download 15% of all malicious Office documents containing malware.

Google’s Gmail accounted for 4% of malicious office document downloads, and Box was used for 3% of office documents embedded with malware.

In the first quarter of 2020, out of all downloaded malware, the percentage of malicious office documents was 19%. This number increased to 46% in quarter two, while in quarter three and four of 2020, the percentage declines to 36% and 29%, respectively.

At the start of 2021, this percentage reached 43%, and by quarter four of 2021, the rate dropped to 37%.

Cybercriminals Abusing Cloud Applications

Atlas VPN’s cybersecurity writer William S stated that cybercriminals are abusing cloud applications for “personal benefits” since these services are becoming more popular among users lately.

Attackers can spread malware and steal data by targeting unsuspecting users with malicious documents. Securing your cloud apps with user authentication and threat monitoring tools will help mitigate malware attacks.

William S – Atlas…

Source…

Tag Archive for: Downloads

Significance

No response

1. Spot unwanted devices on your network with Angry IP Scanner

Tech news that matters to you, daily

2. GlassWire checks your network

Do you have a Mac instead? This is one of the best free security downloads for you

OneDrive was responsible for 19% while 15% of malicious Microsoft Office documents were downloaded through Sharepoint in 2021.

Google Drive and Microsoft documents

Cybercriminals Abusing Cloud Applications