Tag Archive for: VPN

Cyber-Threat Actor Uses Booby-Trapped VPN App to Deploy Android Spyware

/in


Adware and other unwanted and potentially risky applications continue to represent the biggest threat that users of mobile devices currently face. But that doesn’t mean attackers aren’t constantly trying to deploy other sophisticated mobile malware as well.

The latest example is “SandStrike,” a booby-trapped VPN application for loading spyware on Android devices. The malware is designed to find and steal call logs, contact lists, and other sensitive data from infected devices; it can also track and monitor targeted users, Kaspersky said in a report this week.

The security vendor said its researchers had observed the operators of SandStrike attempting to deploy the sophisticated spyware on devices belonging to members of Iran’s Baha’i community, a persecuted, Persian-speaking minority group. But the vendor did not disclose how many devices the threat actor might have targeted or succeeded in infecting. Kaspersky could not be immediately reached for comment.

Elaborate Social Media Lures

To lure users into downloading the weaponized app, the threat actors have established multiple Facebook and Instagram accounts, all of which purport to have more than 1,000 followers. The social media accounts are loaded with what Kaspersky described as attractive, religious-themed graphics designed to grab the attention of members of the targeted faith group. The accounts often also contain a link to a Telegram channel that offers a free VPN app for users wishing to access sites containing banned religious materials.

According to Kaspersky, the threat actors have even set up their own VPN infrastructure to make the app fully functional. But when a user downloads and uses SandStrike, it quietly collects and exfiltrates sensitive data associated with the owner of the infected device.

The campaign is just the latest in a growing list of espionage efforts involving advanced infrastructure and mobile spyware — an arena that includes well-known threats like NSO Group’s notorious Pegasus spyware along with emerging problems like Hermit.

Mobile Malware on the Rise

The booby-trapped SandStrike VPN app is an example of the growing range of malware tools being deployed on mobile devices. Research that Proofpoint…

Source…

Top 3 Mobile Antivirus Software | Mobile Security

/in



How to Choose a VPN – Forbes Advisor Australia

/in


With plenty of global VPNs available to the Australian market, how can you choose which is best for you? VPN providers offer various features, so it is best to consider what you need from the network and what cost you are willing to pay.

As Neel Baggam, a cyber security engineer for Deloitte explains, some of the most crucial factors to consider when comparing VPNs are to “read the privacy policy to understand what kind of logs and data the vendor collects from the user, and how it is stored”.

Baggam also recommends making sure the VPN provider has a fast network speed and an extensive server network. Here’s what that all means, along with additional VPN features to consider.

Related: Nord VPN Review

Number of servers and locations

The number of servers and locations a VPN has can affect the overall quality of the network. If it has a large number of servers, this means all of the VPN providers’ users will be spread out across those servers. With a smaller number of users on each server, this allows for better connection speeds and stable performance.

Additionally, a higher number of servers across various locations allows users to switch between preferred locations. This can enhance the security of your connection, as it makes it harder for third parties to track your data if the server you are accessing websites with is based in Australia one day, but connecting from the UK the next day.

Simultaneous connections

VPN providers offering a varying number of simultaneous connections. This means that you, your family or your business are able to connect to the same network at the same time across various devices.

Even while connected to the same network simultaneously, the individual user’s data will not be shared between devices. It is most common for a VPN provider to offer around five simultaneous connections, although some offer more.

Connection and download speeds

“Anytime you go online, speed is important. Nobody wants to deal with loading pages, long downloads, buffering streams, or lagging video games,” writes VPN.com founder Michael Gargiulo.

Using a VPN, however, has shown to slow the average internet experience by 10-20%–a difference which would…

Source…

Android’s Design Leaks Some VPN Traffic Data, Google Calls It “Intended Behavior”

/in


Android devices with a VPN purposefully leak some traffic, including IP addresses and DNS/HTTP(S) requests, when connecting to a wireless network. According to a security audit by Mullvad VPN, leaking a small amount of data is inherent to the mobile operating system, something that third-party VPNs cannot prevent or control.

The Europe-based VPN service provider said that enabling Always-on VPN and Block connections without VPN doesn’t help either. Mullvad VPN noted that the bug (Google argues it is a feature) is built into Android.

“We have looked into the feature request you have reported and would like to inform you that this is working as intended,” a Google engineer told Mullvad VPN on the search giant’s issue tracker page. “ We do not think such an option would be understandable by most users, so we don’t think there is a strong case for offering this.”

Let us see how VPNs on Android function.

When an Android device connects to a public network, it performs certain checks before successfully establishing a connection. To perform these checks, Mullvad VPN discovered that Android sends data outside the secure tunnel that shields users from the internet.

Block connections without VPN is an Android setting designed to prevent this, which may happen during connectivity checks. Split tunneling can also leak a part of the traffic over the underlying network, Google pointed out.

“We understand why the Android system wants to send this traffic by default. If for instance there is a captive portal [a webpage usually displayed after a device connects to a new public network] on the network, the connection will be unusable until the user has logged in to it,” Mullvad VPN wrote.

See More: Built-in iOS VPNs Leaking Traffic Data From Over Two Years Ago

“So most users will want the captive portal check to happen and allow them to display and use the portal. However, this can be a privacy concern for some users with certain threat models,” the company added.

Indeed, because the small amount of data that the OS leaks includes DNS lookups, HTTP(S) and possibly NTP traffic, and the user IP address (as metadata), precisely what users intend to…

Source…