apps

now browsing by tag

 
 

North Korea #Hackers Use #Android Apps With #Malware To #Harass #Defectors

North Korean hackers are using Android apps with malware to target the country’s defectors, according to researchers from security software firm McAfee.

The Android apps, which were detected as Google Play Store malware, go beyond the usual unwanted advertisements and attempted scams. The apps track and blackmail the targets for escaping North Korea.

North Korea Launches Targeted Malware Attacks
A North Korea hacking team was recently able to upload three Android apps to the Google Play Store that targeted people who escaped from the authoritarian country, according to a report from McAfee.

The team behind the attacks was Sun Team, instead of the more infamous Lazarus, which was previously linked to the WannaCry ransomware from a year ago. This was not Sun Team’s first attempt at this kind of attack though. In January, McAfee spotted the same attempt, but it required the targets go out of their way and download the apps with malware outside of the Google Play Store.

The malware campaign, nicknamed RedDawn, involved the hackers contacting the targets through Facebook to invite them to install seemingly innocent apps from the Google Play Store. Compared to the first attempt, the new method of attack may have been more convincing, as the apps were downloaded from the official app store for Android devices.

Google Play Store Malware Harasses North Korea Defectors
The three apps were uploaded to the Google Play Store between January and March. The first app was Food Ingredients Info, which offered information on food, true to its name. The second and third apps were FastAppLock and Fast AppLock Free, which functioned as security tools.

The apps, however, were laced with malware. Once installed, the malware used Dropbox and Yandex to upload data and issue commands. The hackers were able to steal their targets’ personal data, which could then be used to track, threaten, and blackmail them.

It is unclear, however, how effective the apps were. They have now been removed from the Google Play Store after McAfee contacted Google, but only after recording about 100 downloads. McAfee said that it was able to identify the malware early on, and that there have been no public reports of being infected with them.

Being careful in downloading apps does not only apply to North Korean defectors though. Targeted malware attacks may come in any form, so users will need to be very cautious with the apps that they install, even if they come from the Google Play Store.

advertisement:

The post North Korea #Hackers Use #Android Apps With #Malware To #Harass #Defectors appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Department of #Homeland #Security Finds #Cybersecurity #Flaws in First #Responder Apps

Source: National Cyber Security – Produced By Gregory Evans

The Department of Homeland Security found critical cybersecurity flaws in mobile apps being used by public safety official during emergencies in pilot project.

Thanks to a pilot project run by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T), numerous cybersecurity vulnerabilities discovered in mobile apps used by first responders have been patched.

In emergency and disaster situations, mobile devices and apps enable public-safety professionals to receive and share critical information in real-time. The department’s S&T Directorate established the pilot projectin order to test how vulnerable smartphone apps used in the public safety sector are to cyberattack, including ransomware and spyware, and whether certain apps have coding vulnerabilities that could compromise device security, expose sensitive data, or allow for spying.

The pilot-testing project discovered potential security and privacy concerns — such as access to the device camera, contacts or SMS messages — in 32 of 33 popular apps that were tested. In all, 18 apps were discovered to have critical flaws such as hard-coded credentials stored in binary, issues with handling Secure Sockets Layer certificates or susceptibility to “man-in-the-middle” attacks.

Pilot project leaders worked with each app developer to remediate identified vulnerabilities, according to a press release. So far, 10 developers successfully remediated their apps, and as a result of the pilot project, the security and privacy concerns of 14 mobile apps were addressed.
“This pilot project illustrates the efficacy, benefits and value an ongoing app-testing program will provide to the public-safety community and the nation,” says Vincent Sritapan, S&T’s program manager for mobile security research and development. “During the testing phase, numerous cyber vulnerabilities were identified and remediated. This model can be used to ensure all apps used by the public-safety professionals are secured against cyberattacks and other security and privacy weaknesses.”

The post Department of #Homeland #Security Finds #Cybersecurity #Flaws in First #Responder Apps appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Google to #remove #apps found #violating #Accessibility Services, creating #cyber security #issues

Source: National Cyber Security – Produced By Gregory Evans

To better help users with disabilities, Android has a set of Accessibility Services that developers can use to improve their applications.

Google has warned app developers not to use its Accessibility Services – designed for users with disabilities – for other purposes that may create security issues, adding that it will remove such apps from its Play Store. To better help users with disabilities, Android has a set of Accessibility Services that developers can use to improve their applications.

“Google is most likely cracking down on Accessibility Services use due to security reasons. While applications like LastPass use the available APIs to identify password fields in other apps, this level of access can be used maliciously,” tech portal Android Police reported on Monday.

Google has sent an email to developers, stating that “unless developers can describe how the app properly uses the Accessibility Services to help users who are disabled, it will need to remove all requests for accessibility services or it will be taken off of the Play Store”, 9to5Google reported.

Apps like LastPass, Universal Copy, Clipboard Actions, Cerberus, Tasker and Network Monitor Mini use Accessibility Services.
The new directive could have major ramifications for several apps, especially those intended for customisation or power users.

“All violations are tracked. Serious or repeated violations of any nature will result in the termination of your developer account, and investigation and possible termination of related Google accounts,” Google said.

The post Google to #remove #apps found #violating #Accessibility Services, creating #cyber security #issues appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

iPhone #Wi-Fi #bug lets #hackers #hijack your #phone and #secretly install #malicious #apps

Source: National Cyber Security – Produced By Gregory Evans

iPhone #Wi-Fi #bug lets #hackers #hijack your #phone and #secretly install #malicious #apps

The cyber security community is still reeling after the revelation of the KRACK security vulnerability that breaks down Wi-Fi encryption. Now it seems another Wi-Fi-based bug has also been discovered.

Presented at the global Pwn2Own hacking contest in Tokyo, a team of researchers demonstrated how a separate Wi-Fi bug could be exploited to gain entry to iPhones and install malicious apps on them without the owners knowledge.

The details of the threat haven’t been made public yet as Apple hasn’t had time to patch the flaw. It’s discovery was enough to net the Tencent Keen Security Lab the top prize of $110,000.

The hacking contest is set up and run by the Zero Day Initiative, which seeks to find vulnerabilities in popular products and services and alert the manufacturers in time.

According to the official event page , the Tencent Keen Security Lab team used “code exectution through a WiFi bug” to escalate “privileges to persist through a reboot.” Effectively breaking through an iPhone’s lock screen through a Wi-Fi network.

The flaw will be relayed to Apple which could offer a software patch to close the gap.

“Once we verify the research presented is a true 0-day exploit, we immediately disclose the vulnerability to the vendor, who then has 90 days to release a fix,” explains the Zero Day Institute.

“Representatives from Apple, Google, and Huawei are all here and able to ask questions of the researchers if needed.

“At the end of the disclosure deadline, if a vendor is unresponsive or unable to provide a reasonable statement as to why the vulnerability is not fixed, the ZDI will publish a limited advisory including mitigation in an effort to enable the defensive community to protect users.”

As ever, from a security standpoint it is always advisable to make sure your phone is running the latest OS version and you closely vet the permissions you give to certain apps.

The post iPhone #Wi-Fi #bug lets #hackers #hijack your #phone and #secretly install #malicious #apps appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Tinder hacked? #Scary #security #flaws discovered in #raft of popular #dating apps

Source: National Cyber Security – Produced By Gregory Evans

Tinder hacked? #Scary #security #flaws discovered in #raft of popular #dating apps

A bevy of mobile dating apps including the infamous Tinder, have vulnerabilities that could reveal a user’s messages and the people they have viewed in the apps.

Researchers from security firm Kaspersky Lab found that it was very easy to effectively online stalk Tinder, Bumble and Happn users due to the amount of information the apps display about their users, such as jobs and education, as well as linking to easily accessed Instagram accounts.

With this data, the researchers found that in 60% of cases, they were able to find a user’s social media profile on sites such as Facebook and LinkedIn, which reveal the person’s full or real name.

Furthermore, stalkers with a bit of technical nous and plenty of time on their hands can use location based apps like Tinder and Happn to work out a user’s exact location.

“Even though the application doesn’t show in which direction, the location can be learned by moving around the victim and recording data about the distance to them,” the researchers explained.

“This method is quite laborious, though the services themselves simplify the task: an attacker can remain in one place, while feeding fake coordinates to a service, each time receiving data about the distance to the profile owner.”

But more alarming still is that in a clutch of dating apps data flowing between them and the social media sites they connect to in order to authenticate user’s, mainly Facebook, is vulnerable to interception.

Authentication tokens from Facebook can be stolen by hackers and used to gain access to the victim’s dating app account. From there the hackers can access messages and other user-specific content and activities.

“In addition, almost all the apps store photos of other users in the smartphone’s memory. This is because apps use standard methods to open web pages: the system caches photos that can be opened. With access to the cache folder, you can find out which profiles the user has viewed,” the researchers added.

This situation isn’t helped with some of the apps found to be transmitting unencrypted sensitive data, for example Mamba transmits message data in an unencrypted format.

Kaspersky Lab has alerted the app makers, who should move to fix the vulnerabilities, but in the meantime the researchers suggest users of dating apps don’t put their job or place of work on their profiles and avoid unsecured public Wi-Fi networks.

Read more at

The post Tinder hacked? #Scary #security #flaws discovered in #raft of popular #dating apps appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Online Dating Tips: How to Stay Safe Using Dating Apps

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Dating apps are a great way to connect with people, but meeting a complete stranger comes with the very real side effect of Stranger Danger. Plus, with personal information more accessible than ever, you never know…

The post Online Dating Tips: How to Stay Safe Using Dating Apps appeared first on Become007.com.

View full post on Become007.com

Russian hackers were planning to hit Europe with fake Android banking apps

Source: National Cyber Security – Produced By Gregory Evans

Russian hackers were planning to hit Europe with fake Android banking apps

Hackers in Russia, after infecting over a million Android devices with malware to siphon money using fake banking apps, were planning a major attack on European bank customers. The group, known as ‘Cron’ after their malware, is in custody now. The hacking group tricked Android users into downloading malware via fake mobile banking applications, as well as pornography and e-commerce …

The post Russian hackers were planning to hit Europe with fake Android banking apps appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The best dating apps and sites for men in 2017

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Gone are the days when a subscription to an online dating site came with a free, complimentary stigma. According to the latest data from Match.com, almost half of singles in the …

The post The best dating apps and sites for men in 2017 appeared first on Become007.com.

View full post on Become007.com

Online STD Testing Service Fills Need In Age Of Dating Apps

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Los Angeles-based myLAB Box is the first nationwide testing service for STDs, which are at an all-time high in the U.S., according to the Centers for Disease Control and Prevention. The …

The post Online STD Testing Service Fills Need In Age Of Dating Apps appeared first on Become007.com.

View full post on Become007.com