Tag Archive for: secretly

Windows 11 tool to add Google Play secretly installed malware


Windows 11 malware

A popular Windows 11 ToolBox script used to add the Google Play Store to the Android Subsystem has secretly infected users with malicious scripts, Chrome extensions, and potentially other malware.

When Windows 11 was released in October, Microsoft announced that it will allow users to run native Android apps directly from within Windows.

This feature was exciting for many users, but when the Android for Windows 11 preview was released in February, many were disappointed they could not use it with Google Play and were stuck with apps from the Amazon App Store.

While there were ways to use ADB to sideload Android apps, users began looking for methods that let them add the Google Play Store to Windows 11.

Around that time, someone released a new tool called Windows Toolbox on GitHub with a host of features, including the ability to debloat Windows 11, activate Microsoft Office and Windows, and install Google Play Store for the Android subsystem.

Windows Toolbox on GitHub
Windows Toolbox on GitHub

Once tech sites discovered the script, it was quickly promoted and installed by many.

However, unbeknownst to everyone until this week, the Windows Toolbox was actually a Trojan that executed a series of obfuscated, malicious PowerShell scripts to install a trojan clicker and possibly other malware on devices.

Abusing Cloudflare workers to install malware

Over the past week, various users shared the discovery that the Windows Toolbox script was a front for a very clever malware attack, leading to a surprisingly low-quality malware infection.

While the Windows Toolbox script performed all of the features described on GitHub, it also contained obfuscated PowerShell code that would retrieve various scripts from Cloudflare workers and use them to execute commands and download files on an infected device.

To run Windows Toolbox, the developer told users to execute the following command, which loaded a PowerShell script from a Cloudflare worker hosted at http://ps.microsoft-toolbox.workers.dev/.

Original GitHub instructions for launching the script
Original GitHub instructions for launching the script

The use of Cloudflare Workers to host the malicious scripts was clever, as it allowed the threat actors to modify the scripts as needed and to use a platform that has…

Source…

Analysis | The Postal Service secretly built a risky mobile voting system – The Washington Post



Analysis | The Postal Service secretly built a risky mobile voting system  The Washington Post

Source…

Norwich doctor jailed for secretly filming women


Published:
9:07 AM November 20, 2021



A doctor from Norwich who hacked personal photo accounts and used hidden cameras to spy on women has been jailed.

Vinesh Godhania, 33, from Marlingford Way, was jailed for two years and eight months at St Albans Crown Court on Friday (November 19).

He had pleaded guilty to seven counts of voyeurism and eight counts of unauthorised access to computer material.

The offences were committed from 2012 until 2020, when Godhania was initially a medical student and then went on to qualify as a doctor.

He was arrested in November 2020 following an investigation by the Eastern Region Special Operations Unit (ERSOU).

Godhania admitted to setting up covert cameras to film a number of victims without their knowledge.

He also used key logging software on NHS computers to fraudulently obtain data relating to both colleagues and passwords.

He also admitted to hacking a number of women’s iCloud accounts, gaining access of sexually explicit photos of them, as well as personal information such as passwords.

Detective Sergeant Ian Russell, from ERSOU’s cyber crime unit, said: “These were despicable actions by a man in a position of trust, and I’m really pleased he will now be facing time behind bars.

“I’d like to thank the victims for their bravery throughout this case. It’s thanks to their support and courage that Godhania has been jailed.

“This abhorrent behaviour is never acceptable and we will work hard to ensure that those who look to take advantage of others in this sickening way are identified and made to face the consequences of their actions.”

The ERSOU’s Cyber Protection team have given the following advice on how to avoid being a victim of cyber crime: 

1. Use a strong and separate password for your email account
2. Create strong passwords using two random words
3. Save your passwords in your browser – this is safer than using weak passwords or the same password for each site
4. Turn on two-factor authentication (2FA)
5. Update your devices
6. Back up your data
For more detailed advice and guidance to safeguard your online presence,  visit the National Cyber Security Centre website: Cyber Aware – NCSC.GOV.UK

Source…

Apple Can ‘Secretly’ Read Your WhatsApp Messages—This Is How To Stop It


Apple’s iPhone has broken Facebook’s business model this year, stripping billions in ad revenue from the social media giant. Now it seems the iPhone can also break WhatsApp’s huge new security update, unless millions of you change your settings.

“No other messaging service provides this level of security for your messages,” WhatsApp proudly told me in September, as Mark Zuckerberg proclaimed WhatsApp the first global platform “to offer end-to-end encrypted messaging and backups.” Unfortunately, a fairly well-hidden setting on your iPhone might stop this working, putting all those private WhatsApp messages where Apple can read them.

WhatsApp’s messages have been secured by end-to-end encryption for years. The issue that Facebook fixed was the security wrapper around the messaging platform’s cloud backups, hosted courtesy of Google Cloud for Android and Apple iCloud for iOS.

Until now, WhatsApp’s cloud backups have been outside its encryption, meaning that Apple or Google can access your chats and media. Law enforcement requests on Apple for iCloud data could return WhatsApp backups along with everything else. But by adding encryption, WhatsApp stops anyone but you from accessing your backups.

I have warned about the dangers of unencrypted backups multiple times. “We figured you’d be excited about this one,” WhatsApp’s spokesperson said when they called to tell me that encrypted backups was ready and set for deployment. And now it’s here. The only problem is the way Apple sets up its iPhone could spoil the party.

The issue is the iCloud backup itself—the general iPhone backup that you can use to restore your settings, home screen, app installs and data that’s only on your phone. Your iCloud backup isn’t end-to-end encrypted, Apple holds the key to all that data.

Zuckerberg has attacked iMessage in the past for security weaknesses relating to this iCloud backup. “iMessage stores non-end-to-end encrypted backups of your messages by default unless you disable iCloud,” he has warned. “Apple and governments have the ability to access most people’s messages. So, when it comes…

Source…