Tag Archive for: Google

Android malware posing as Google Chrome could steal your photos, contacts, and more — how to spot the fake


An updated version of the XLoader malware for Android devices doesn’t require any user interaction to launch once installed, according to researchers at McAfee (via BleepingComputer). Of course, you still need to click the malicious link in an SMS message to download and install the malware, but this XLoader variant doesn’t require users to manually launch the malware anymore.

Right now, the malware is being distributed through SMS texts on Android devices. If you’re targeted, the SMS text will include a shortened URL that, if clicked on, will direct you to a website to download an Android APK installation file for a mobile app.  McAfee says that, “While the app is installed, their malicious activity starts automatically.”

Source…

Messaging, News Apps Stuffed With Data Stealing Malware Listed On Google Play Store; Check List Here


VajraSpy Malware: Instances of malicious apps appearing on Google Play Store have been on the rise in recent times. Continuing this series, ESET researchers identified 12 Android apps with malicious code, six of which were listed on the Play Store. Most of these apps were messaging apps with one being from the news category. The apps execute VajraSpy, a remote access trojan (RAT) code of the Patchwork APT group on the affected device.

Depending on the permissions granted to these apps, they can steal call logs, contacts, messages and files from an affected device. Plus, it can extract messages from WhatsApp and Signal, record calls, click photos using the camera, intercept notifications and search files on the compromised handset. Among the most affected regions with this campaign were Pakistan and India. According to ESET Research, the apps on Play Store absorbed over 1,400 installs.

Also Read: Clean Malware From Android And Windows Devices With These Govt-Approved Free Tools

The cybersecurity firm managed to geolocate 148 devices compromised with the VajraSpy due to its weak security protocol. The blog of WeLiveSecurity stated that these bad actors used a “honey-trap romance scam” to lure victims to install the malware. Here is the list of apps that were available on the Play Store:

 Privee Talk

 MeetMe

 Let’s Chat

 Quick Chat

 Rafaqat (News)

 Chit Chat

The above-stated apps have now been removed from Google Play Store. (Image:Unsplash)

While the apps have been removed from the Play Store, here are the other apps that were available in the wild

YohooTalk

 TikTalk

 Hello Chat

 Nidus

 GlowChat

 Wave Chat

Also Read: Operation Triangulation To Xamalicious To Chameleon Trojan, Latest Threats Targeting iOS, Android Users; How To Be Safe

ESET researcher Lukas Stefanko noted that the impact of VajraSpy due to third-party app markets remains unknown due to the lack of download figures. As a precautionary measure, users must not download chat apps from links received from unknown people and monitor the permissions of apps on their devices.

Google shared a statement to BleepingComputer: “We take security and privacy claims against apps seriously, and if we…

Source…

WhatsApp Ensures Secure Android Google Drive Backups


WhatsApp, an immensely popular messaging application available on Android devices, has taken significant measures to enhance security and privacy for its users. As part of this initiative, WhatsApp has introduced end-to-end encryption for its Google Drive backups on Android, ensuring that users’ data remains protected and inaccessible to unauthorized individuals.

Enhanced Security Measures

With the implementation of end-to-end encryption for Google Drive backups, WhatsApp aims to provide its users with an additional layer of security. This encryption ensures that the content of the backups, including text messages, photos, and videos, is securely stored and can only be accessed by the authorized user. Even WhatsApp itself cannot decrypt the data, providing peace of mind to users concerned about their privacy.

Furthermore, this encryption applies to both the backup file stored on Google Drive and the transfer of data during the backup process, furthering the protection of users’ personal information.

Seamless user experience

WhatsApp has taken great care to ensure that implementing end-to-end encryption for Google Drive backups does not compromise the user experience. Backing up and restoring data remains a seamless process with minimal user interference, allowing users to continue enjoying the convenience and accessibility of their backups whilst knowing that their data is being protected.

The encryption does not inhibit users from efficiently navigating, searching, or accessing their backups, ensuring the preservation of their individual preferences and prior usage patterns.

Opting for Encryption

WhatsApp encourages all Android users to enable encryption for their Google Drive backups. By enabling this feature, users can enhance the security of their backups and fortify their privacy, making it significantly more difficult for unauthorized individuals to gain access to their personal data.

To activate encryption, users simply need to navigate to the settings within the WhatsApp application on their Android device and access the ‘Chats’ section. Here, they can select the ‘Chat backup’ option and proceed to toggle on the ‘Include videos’ and ‘Include voice…

Source…

Group permission misconfiguration exposes Google Kubernetes Engine clusters


GKE also supports anonymous access, and requests made to the Kubernetes API without presenting a client certificate or an authorized bearer token will automatically be executed as the “system:anonymous” user and the “system:unauthenticated” group role. However, if a token or certificate is presented, the API request will be identified as the corresponding identity with its defined roles but also with the roles assigned to the system:authenticated group. By default, this group provides access to some basic discovery URLs that don’t expose sensitive information, but admins could expand the group’s permissions without realizing the implications. “Administrators might think that binding system:authenticated to a new role, to ease their managerial burden of tens or hundreds of users, is completely safe,” the researchers said. “Although this definitely makes sense at first glance, this could actually turn out to be a nightmare scenario.”

To execute authenticated requests to a GKE cluster, all a user needs to do is use Google’s OAuth 2.0 Playground and authorize their account for the Kubernetes Engine API v1. By completing the playgroup authorization process, any user with a Google account can obtain an authorization code that can be exchanged for an access token on the same page. This access token can then be used to send requests to any GKE cluster and successfully identify as system:authenticated, which includes the system:basicuser role.

The system:basicuser allows users to list all the permissions they currently have, including those inherited from the system:authenticated group by querying the SelfSubjectRulesReview object. This provides a simple way for attackers to investigate whether a cluster’s admin has overpermissioned system:authenticated.

The Orca researchers demonstrated the impact with an example where the admin decided to associate any authenticated user with the ability to read all resources across all apiGroups in the cluster. This is “something that can be somewhat useful when there is a real governance around the users which can authenticate to the cluster, but not on GKE,” they said. “Our attacker can now, in the current…

Source…