Two Google Play Store file management apps have been identified to be spyware, putting the privacy and security of up to 1.5 million Android users at risk. These apps are misleading and discreetly transfer sensitive user data to malicious servers in China.
Pradeo, an established mobile security firm, discovered this concerning penetration. According to the research, the same group built both spyware programmes, File Recovery and Data Recovery (com.spot.music.file date) with over 1 million instals and File Manager (com.file.box.master.gkd) with over 500,000 instals. These seemingly innocent Android apps employ similar harmful techniques and run automatically when the device reboots without user intervention.
Contrary to what is on Google Play, where both apps tell users that no data is collected, Pradeo's analytics engine discovered that varying personal information is collected without users' knowledge. Contact lists, media files (pictures, audio files, and videos), real-time location, mobile country code, network provider details, SIM provider network code, operating system version, device brand, and model were all stolen.
The volume of data sent by these spyware programmes is particularly concerning. Each software sends out over a hundred communications, which is a lot of malicious actions. Once the data is taken, it is transferred to a number of servers in China that security experts believe are malicious.
To make matters worse, the developers of these spyware programmes have adopted deceptive techniques to make them appear more authentic and difficult to uninstall. Hackers used to install Farms or mobile device emulators to artificially raise the number of software downloads, providing a false sense of credibility. Furthermore, both apps feature extensive permissions that allow them to hide their icons on the home screen, making it difficult to inadvertently uninstall them.
Individuals should use caution when downloading apps, particularly ones without ratings and claiming a vast user base. To avoid breaches like this, it is vital to read and understand app permissions before accepting them.
To protect against potential attacks, organisations should prioritise training their staff about mobile hazards and implementing automated mobile detection and response systems.
This incident exemplifies the continuous conflict between cybersecurity experts and bad actors who prey on unwary consumers. Malware and spyware attacks are continually developing, with new methods of infiltrating trusted sites such as the Google Play Store. As a user, you must remain watchful, exercise caution when installing apps, and only download software from reliable sites.
Microsoft recently encountered significant issues with Outlook.com and Teams. A bug in Outlook affected email search functionality for several hours, while a flaw in Teams allowed for the sending of phishing emails and malware to other users.
users of Outlook experienced a disruption in their ability to search for emails. When attempting to perform searches, users were met with an error message stating, "Sorry, something went wrong. Please try again later." The issue was widespread and caused inconvenience to a significant number of Outlook users.
Microsoft promptly acknowledged the bug and posted updates on its service status portal. In its communication, Microsoft explained that the bug resulted from an exception occurring during search attempts, leading to 401 errors. The company conducted a thorough investigation to determine the source generating these errors and identify methods for remediation. The bug was eventually fixed.
Another concern for Microsoft arose with a flaw in its collaboration software, Teams. Security researchers discovered a default configuration weakness in Teams, allowing malicious actors to bypass the application's security tools. Exploiting this weakness, attackers could send targeted phishing emails and transmit malware to other Teams users.
Unlike the Outlook.com bug, Microsoft stated that it would not address this flaw. The company defended its decision, asserting that the flaw relies on social engineering techniques for its success. Microsoft advised users to practise good computing habits, exercise caution when clicking on links or opening unknown files, and be wary of accepting file transfers.
An automated attack tool called TeamsPhisher emerged, leveraging the Teams flaw to conduct phishing attacks. TeamsPhisher enables users to send phishing messages with malicious attachments to external Teams users. By exploiting the default configuration weakness, the tool uploads attachments to the sender's SharePoint and shares them via Teams. It offers additional options, such as prompting targeted victims to authenticate before viewing attachments.
To mitigate risks associated with the Teams flaw and tools like TeamsPhisher, organisations are advised to manage external access permissions within their Teams environment. Implementing restrictions on external communications or allowing trusted external sources can reduce the potential impact of such attacks. Additionally, maintaining awareness among employees about phishing threats and encouraging good cybersecurity practices is crucial.
Google has recently issued its monthly security updates for the Android operating system, aiming to resolve 46 software vulnerabilities. Notably, three of these vulnerabilities have been identified as actively exploited in targeted attacks. This report provides an overview of the exploited vulnerabilities and emphasises the significance of promptly applying security updates.
In addition to the exploited vulnerabilities, Google's July Android security bulletin highlights CVE-2023-21250, a critical vulnerability affecting the Android System component. This flaw enables remote code execution without user interaction or additional execution privileges.
Google released the security updates in two patch levels. The initial patch level, available on July 1, addresses 22 security defects in the Framework and System components. The second patch level, released on July 5, focuses on kernel and closed source components, resolving 20 vulnerabilities in Kernel, Arm, Imagination Technologies, MediaTek, and Qualcomm components.
Google has also released security patches tailored for its Pixel devices. These patches address 14 vulnerabilities in Kernel, Pixel, and Qualcomm components. Notably, two critical vulnerabilities pose risks of privilege elevation and denial-of-service attacks.
Google's prompt release of security updates for the Android operating system demonstrates its commitment to addressing vulnerabilities and enhancing user protection. Users are strongly advised to apply these updates to safeguard their devices against potential exploits. By promptly installing the patches, users can mitigate risks associated with the exploited vulnerabilities and maintain a secure Android ecosystem.
*Subscribe to our newsletter
.svg)
.png)
.png)
