Samsung’s apps getting One UI 6.1.1 support ahead of Galaxy Z Fold 6’s launch

andreasc
-
0
Samsung’s apps getting One UI 6.1.1 support ahead of Galaxy Z Fold 6’s launch
[ad_1]
Samsung is gearing up for one of its most important launch events of the year. The next Unpacked has already been confirmed for July 10, and we expect the South Korean company to go all in on foldables.

At least two high-end foldables will be revealed next month, the Galaxy Z Fold 6 and Galaxy Z Flip 6, but other Galaxy devices are likely to make appearances too, including the Galaxy Watch Ultra, Galaxy Watch 7, and Galaxy Buds 3/Pro.

If we already know what to expect in terms of hardware, when it comes to software, Samsung is rumored to prepare some surprises. The new One UI 6.1.1 running on Samsung’s new foldables is expected to be one of the event’s non-hardware stars.

The major OS update is expected to be rolled out to other devices too, and Samsung might announce something in that regard during the event. Evidence that the handset maker will eventually push out One UI 6.1.1 to even more Galaxy devices soon after the announcement is the fact that its apps are now being updated with One UI 6.1.1 support.

The folks at SamMobile spotted at least one Good Lock app module, Theme Park, which received a new update that adds code to support One UI 6.1.1. Of course, Good Lock is a very important customization app and Samsung may want to offer Galaxy Z Fold 6 and Galaxy Z Flip 6 buyers the chance to use it as soon as these phones are in their hands, but other apps might require a similar treatment.

While the entire One UI 6.1.1 changelog hasn’t been revealed yet, it’s said that the update will bring a bunch of improvements, including a vertical app drawer option for the home screen, as well as even more Galaxy AI features.


[ad_2]
Source link

Hackers Using VPNs To Exploit Restrictions And Steal Data

andreasc
-
0
Hackers Using VPNs To Exploit Restrictions And Steal Data
[ad_1]

Hackers are offering “free” mobile data access on Telegram channels by exploiting loopholes in telecom provider policies, which target users in Africa and Asia and involve sharing configuration files to mimic zero-rated traffic. 

The channels function as technical support hubs where users exchange instructions on creating custom payloads, setting up secure tunnels, and manipulating HTTP headers to disguise data usage, which has circulated numerous configuration files for various telecom providers over the past year. 

To bypass data metering on telecom networks, attackers leverage various tunneling techniques by manipulating data packets using tools like HTTP Injector to mimic traffic from zero-rated services (exempt from data charges).

Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

Payload generators further enhance this deception. Alternatively, they establish encrypted tunnels using SSH or Stunnel, disguising their traffic as legitimate secure communication, while VPNs with obfuscation techniques and undetectable protocols achieve a similar outcome. 

Configuration files

Attackers can manipulate traffic headers with proxies or route all traffic through a remote server using SOCKS proxies, tricking the network into treating their data as unmetered. 

To abuse zero-rating policies, attackers manipulate data traffic to appear as originating from exempt services, which involves modifying HTTP headers and payloads (traffic redirection), altering DNS settings to exploit zero-rated domains, or spoofing the Server Name Indication (SNI) in HTTPS requests. 

SNI proxies can also be used to forward traffic while disguising it as coming from a zero-rated source. Split tunneling and selective routing techniques channel-specific traffic through zero-rated services while keeping other data encrypted. 

For mobile data, attackers can exploit weaknesses in APN configurations, including modifying APN settings to trick the network (APN tweaks) or rapidly switching between APNs to bypass billing (APN switching). 

HTTP injectors can be used in conjunction with pre-configured profiles that contain individualized parameters to automate zero-rating exploitation. 

CloudSEK identified several tools used to bypass online restrictions and access secure connections, including HTTP Injector, an Android application for manipulating HTTP headers, crafting custom payloads, and establishing secure tunnels. 

Your Freedom VPN Client provides various tunneling methods to bypass firewalls, while HA Tunnel Plus is another option for creating secure VPN connections.

All three tools leverage their tunneling capabilities to circumvent restrictions and enable secure internet access. 

Telecom providers can deploy a multi-layered defense to curb free data exploitation via VPNs and tunneling, while deep packet inspection (DPI) and traffic analysis pinpoint suspicious traffic patterns. 

Limiting bandwidth for well-known tunneling protocols and blocking certain SNI fields that these apps use makes them less useful.

Blacklisting malicious IP addresses and monitoring DNS traffic for tunneling attempts further tighten the net. 

Better APN security protects against changes made without permission, and machine learning models find strange behavior that could be a sign of zero-rating abuse by disrupting free data exploitation methods.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free


[ad_2]
Source link

Galaxy Z Fold 6 & more products pass regulatory hurdles before launch

andreasc
-
0
Galaxy Z Fold 6 & more products pass regulatory hurdles before launch
[ad_1]

Samsung is rapidly completing the formalities before launching its new foldables and watches. The company has already put up official support pages for the devices on its website. It has also obtained several regulatory certifications for its upcoming products, including the Galaxy Z Fold 6, Galaxy Z Flip 6, Galaxy Watch 7, and Galaxy Watch Ultra. The devices have just passed a couple more regulatory hurdles on their way to launch next month.

Samsung’s Galaxy Z Fold 6 and Watch 7 pass more regulatory hurdles

The folks over at MySmartPrice recently discovered the Galaxy Z Fold 6 on the official website of the Singaporean regulatory body IMDA (Infocomm Media Development Authority). The agency listed the device with the model number SM-F956B/DS, which is the dual-SIM variant of its global version. The US version has the model numbers SM-F956U and SM-F956U1, with dual-SIM variants adding the “DS” suffix to the model number.

Samsung Galaxy Z Fold 6 IMDA certification

Separately, the publication found a similar certification listing for the Galaxy Watch 7 on an Indonesian telecom authority’s website. It mentioned the model number SM-L300 for the upcoming Samsung smartwatch along with its marketing name (Galaxy Watch 7). It’s the 40mm Bluetooth version version. The 44mm variant has the model number SM-L310, while their LTE models bear the identifiers SM-L305 and SM-L315, respectively.

These listings don’t reveal anything new we don’t already know about the Galaxy Z Fold 6 and Galaxy Watch 7. However, they indicate Samsung is closing in on the launch event. It hasn’t officially announced the date yet but there is enough evidence on the internet suggesting a July 10 unveiling of these products. Along with the new foldables and watches, the company may also launch new wireless earbuds and the Galaxy Ring at the event.

Samsung Galaxy Watch 7 indonesia certification

Leaks have already revealed a lot about these devices

Samsung’s next Unpacked may still be three weeks away, but there isn’t much left to know about the devices in the pipeline. Leaks have already revealed a lot about them, particularly the new foldables. The Korean firm is making them thinner and wider. The Galaxy Z Fold 6 also gets a titanium frame, while the Galaxy Z Flip 6 is picking up a new 50MP primary rear camera. There aren’t other major hardware upgrades to look forward to.

For smartwatch enthusiasts, Samsung’s Galaxy Watch Ultra could be of great interest. It’s the company’s first Ultra-branded watch. The wearable has a titanium body, a big battery, a big and bright display, a new chipset (probably Samsung’s first 3nm chip), and a lot more. Unsurprisingly, it will cost big too, with rumors suggesting a launch price of $700 and above. Stay tuned for the official announcement in a few weeks.


[ad_2]
Source link

Why your Internet is slow and how to fix it

andreasc
-
0
[ad_1]

In our super-connected world, a slow connection can feel like hitting a brick wall, whether you’re hustling on deadlines, diving into your favorite show, or battling it out online. In this article, let’s take a look at why your internet might be sluggish, and offer a few easy fixes.

Common Causes of Slow Internet

Outdated Equipment

One of the most common reasons for slow internet usage is outdated equipment. Older routers and modems may not support the latest internet speeds or technologies, leading to a bottleneck in your connection. A solution to this is upgrading your modem and router to the latest models that support higher speeds and modern standards like Wi-Fi 6.

Network Congestion

Network congestion occurs when too many devices are connected to the same network, leading to a decrease in available bandwidth for each device. This issue is common in households with multiple users streaming, gaming, or downloading simultaneously.

To reduce network congestion, try disconnecting devices that are not in use. Plus, consider upgrading your internet plan to one that offers higher speeds and greater bandwidth.

Distance from the Router

The farther you roam from your router, the fainter the Wi-Fi signal gets, leading to those frustrating buffering delays. Walls and furniture can also act like signal sponges, soaking up that precious connection strength. To solve this issue, try placing your router in a central spot within your home. If your home seems to swallow Wi-Fi signals whole in certain areas, consider using Wi-Fi extenders or mesh network systems.

Interference from Other Devices

Other electronic devices, such as microwaves, cordless phones, and baby monitors, can interfere with your Wi-Fi signal, causing slow internet speeds. Place your router away from other electronic devices and use the 5 GHz frequency band, which is less susceptible to interference than the 2.4 GHz band.

ISP Throttling

Some internet providers might slow things down a bit during peak times to keep everything running smoothly. Contact your ISP to discuss your problem. You may need to upgrade to a higher-tier plan that offers guaranteed speeds or switch to a different provider that does not throttle your connection.

Outdated Software

Outdated software, including your OS, browser, and network drivers, can lead to slow internet speeds due to compatibility issues or security vulnerabilities. Regularly update all software to the latest versions to ensure optimal performance and security.

Background Applications and Malware

Have you ever noticed your internet seems slower when you have a bunch of programs running in the background? Those programs can be using up bandwidth, leaving less for the things you really need. Use task manager to monitor and close unnecessary background apps. Plus, install and regularly update antivirus software to protect against malware that can compromise your internet speed.

How to Fix Slow Internet

Check Your Internet Plan

First things first, consider your internet plan. If you love streaming movies and battling it out in online games, a basic plan might not cut it. Check your plan’s details and compare it to your internet usage. Upgrading to a plan with more speed and data might be the key to smoother sailing.

Optimize Router Settings

Your router acts like the traffic controller of your home network. Sometimes, a few adjustments in its settings can make a big difference.  Here’s how to unlock its hidden potential:

  • Change the Wi-Fi Channel: Use a less congested channel to reduce interference from neighboring networks.
  • Enable Quality of Service (QoS): Prioritize bandwidth for critical apps like video conferencing and online gaming.
  • Update Firmware: Ensure your router’s firmware is up-to-date to benefit from performance improvements and security patches.

Switch ISPs

Not all ISPs are created equal. Some may offer better speeds, reliability, and customer service than others. Research different ISPs available in your area and compare their plans, speeds, and customer reviews. Use tools that provide high speed internet by address to find the best provider for your location. Switching to a more reliable ISP can result in significantly improved internet performance.

Conduct a Speed Test

Conducting a speed test helps you understand your current internet speed and identify any discrepancies between the advertised and actual speeds. Use online tools like Ookla Speedtest or Fast.com to measure your internet speed. If the results are lower than what your ISP promises, contact your provider for assistance.

Use Wired Connections

Wi-Fi is convenient, but for the ultimate speed and stability, a wired connection is the champion. Whenever possible, plug your devices directly into the router using an ethernet cable. This is especially important for bandwidth-hungry activities like streaming HD videos or playing online games.

Monitor Network Usage

High data usage by certain apps or devices can strain your network, leading to slower internet speeds for other users. Use your router’s built-in tools or third-party network monitoring software to track data usage. Identify bandwidth-heavy applications and schedule their usage during off-peak hours to reduce network congestion.


[ad_2]
Source link

AI meets AR: Snapchat unveils powerful tools for next-gen lenses

andreasc
-
0
AI meets AR: Snapchat unveils powerful tools for next-gen lenses
[ad_1]
Snap, the company behind Snapchat, has led the way in augmented reality (AR) for enhancing real-world photos and videos with digital effects. While smaller than competitors like Meta, Snap aims to attract new users and advertisers by offering advanced and imaginative special effects known as lenses.

Snap unveils AI tools for enhanced augmented reality


Snap has introduced its latest version of generative AI technology, enabling users to experience more lifelike special effects while filming with their phone cameras. This latest AI model will be coming soon to Snapchat. 

We’re previewing Snap’s real-time image model that can instantly bring your imagination to life in AR. This early prototype makes it possible to type in an idea for a transformation and generate vivid AR experiences in real time

– Snap, June 2024

Moreover, Snapchat users can now incorporate AI-powered lenses created by AR developers into their content, thanks to the latest updates from Snap. Also, Lens Studio has been equipped with a new suite of generative AI tools, including an AI assistant designed to assist developers with any questions they may have.


There is also another handy tool that lets artists enter a prompt and generate a three-dimensional image automatically, sparing them the effort of starting from scratch to develop a 3D model for their AR lens.


Before, Snap’s AR tech could only handle simple effects like placing a hat on someone’s head in a video. Now, thanks to these upgrades, AR developers can craft more realistic lenses. For example, these lenses can make the hat move naturally with the person’s head and adjust to the lighting in the video seamlessly.


Snap has also partnered with London’s National Portrait Gallery to develop Lenses inspired by iconic portrait styles using the GenAI Suite. Snapchat users can select from a range of portrait-style Lenses, snap a photo, and share it on the museum’s “Living Portrait” projection wall.


Launching this new suite of AI tools is a strategic move for Snapchat, enhancing its competitive edge against rivals like Meta’s Instagram and TikTok and possibly attracting more users. Both competitors are actively integrating AI into their platforms: TikTok has recently launched AI-generated digital avatars, while Meta has been heavily investing in AI and AR technologies over the past few years.

[ad_2]
Source link

IntelBroker Hacker Claims Apple Breach, Steals Source Code for Internal Tools

andreasc
-
0
IntelBroker Hacker Claims Apple Breach, Steals Source Code for Internal Tools
[ad_1]

The notorious IntelBroker hacker, who has previously been linked to high-profile breaches of major companies and government entities, has claimed to have breached Apple Inc. and stolen the source code of three internally used tools.

According to a post on the Breach Forums, IntelBroker claims to have accessed Apple’s systems in June 2024, obtaining the source code for the following tools:

  • AppleConnect-SSO
  • AppleMacroPlugin
  • Apple-HWE-Confluence-Advanced

The hacker provided no further details about the breach or the specific purpose of the stolen code. However, it is worth mentioning that this alleged breach does not impact Apple’s customers or their information in any way.

IntelBroker Hacker Claims Apple Breach, Steals Source Code for Internal Tools
Screenshot of the post published by Intel Broker on Breach Forums (Credit: Hackread.com)

Although there is not much information about the AppleMacroPlugin and Apple-HWE-Confluence-Advanced tools, AppleConnect-SSO is an internal single sign-on (SSO) and authentication system developed by Apple. It allows employees to securely access various applications within Apple’s network. This system is integrated with Apple’s Directory Services database, facilitating secure access to internal resources.

On iOS devices, it includes a gesture-based login option as an alternative to traditional passwords, enhancing ease of use while maintaining security. AppleConnect is utilized through applications on iOS and macOS and can involve various verification methods, including two-step verification and hardware tokens like YubiKey.

IntelBroker and Previous Hacks

This latest claim comes just hours after IntelBroker announced a similar breach of Advanced Micro Devices, Inc. (AMD), an American multinational semiconductor company stealing its employee and product information before putting it for sale.

IntelBroker’s track record is one of significant concern, with previous alleged breaches targeting a wide range of entities, including:

Although the hacker’s origins and affiliates are unknown, according to the United States government, IntelBroker is alleged to be the perpetrator behind one of the T-Mobile data breaches.

IntelBroker Hacker Claims Apple Breach, Steals Source Code for Internal Tools

The hacker’s motives and affiliations remain unknown, but the frequency and severity of these alleged breaches highlight the growing threat posed by sophisticated cybercriminals.

Apple has not yet commented on the alleged breach. Stay tuned!

  1. Dell Discloses Data Breach As Hacker Sells 49 Million User Data
  2. Insurance Giant ‘Globe Life’ Data Breach Impacting Policyholders
  3. ShinyHunters Hacks Santander Bank: 30 Million Users Data for Sale
  4. Location Tracker Firm Tile Hit by Data Breach, Internal Tools Accessed
  5. Ticketmaster Hacked: 560 Million Users’ Info for Sale on Breach Forums

[ad_2]
Source link

WhatsApp’s latest upcoming features involves AR effects and filters

andreasc
-
0
WhatsApp’s latest upcoming features involves AR effects and filters
[ad_1]
WhatsApp has been spotted working on multiple new features and improvements since the beginning of the year, but not many have made it to the stable version yet. Although it’s not unusual for big apps like WhatsApp to get so few new features compared to the number of features that are being tested, we had expected a slightly higher ratio.That said, file this one under the “new features being tested” category. It appears that WhatsApp is working on AR effects and filters for video calls. Many apps have tried in the past to borrow from Snapchat, so it’s no surprise that WhatsApp has decided to add a little bit of fun to one of its most popular functionalities: video calls.

As per WABetaInfo’s report, WhatsApp is now looking to integrate new AR effects and filters that users will be able to apply during video calls. The report claims that WhatsApp users will be able to take advantage of dynamic facial filters, including a touch-up tool meant to smooth their skin appearance, as well as low-light mode when they need to improve visibility.

WhatsApp's new AR effects/filters for video calls, Credits - WABetaInfo - WhatsApp’s latest upcoming features involves AR effects and filters

WhatsApp’s new AR effects/filters for video calls, Credits – WABetaInfo

Besides these AR effects and filters, WhatsApp was also spotted working on a brand-new tool that allows users to edit the background during calls. WABetaInfo claims that this particular will also be available on Desktop apps, not just on mobile.

Last but not least, a new option to use an avatar instead of the real-time video feed is now in the works too. It’s meant to maintain privacy for those who don’t want their face to appear in a video call.

[ad_2]
Source link

Beware of Nevermore Actor Promoting Ransomware Builder

andreasc
-
0
Beware of Nevermore Actor Promoting Ransomware Builder
[ad_1]

A prominent figure from the dark web, known by the alias “Nevermore,” has been found promoting a sophisticated ransomware builder.

This alarming development has raised concerns among cybersecurity experts and law enforcement agencies worldwide.

The Rise of Nevermore

Nevermore, a notorious actor in the cybercrime community has been on the radar of authorities for several years.

Known for their involvement in various cyber-attacks and data breaches, Nevermore has now endorsed a new ransomware builder.

This tool, designed to create custom ransomware, is being marketed to other cybercriminals, potentially leading to a surge in ransomware attacks.

Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

According to a tweet by DarkWebInformer, a well-known source for dark web intelligence, Nevermore has been actively promoting this ransomware builder on underground forums.

The tweet garnered significant attention: “Nevermore is now pushing a new ransomware builder.

This tool is highly sophisticated and poses a severe threat.”

Promoting this ransomware builder by a figure as influential as Nevermore is a cause for concern.

Ransomware attacks have already increased, with businesses and individuals falling victim to these malicious campaigns.

The availability of a user-friendly ransomware builder could lower the barrier to entry for aspiring cybercriminals, increasing the frequency and severity of attacks.

Cybersecurity experts are urging organizations to bolster their defenses and remain vigilant. “This development is a stark reminder of the evolving threat landscape,” said cybersecurity analyst Jane Doe.

“Organizations must prioritize cybersecurity measures and educate their employees about the risks of ransomware.”

Law Enforcement Response

Law enforcement agencies are also strengthening their efforts to combat this new threat.

International cooperation and intelligence sharing are crucial in tracking and apprehending cybercriminals like Nevermore.

Authorities are calling on the public to report suspicious activities and stay informed about the latest cybersecurity threats.

Nevermore’s promotion of a ransomware builder is a significant development in the world of cybercrime.

As the threat landscape evolves, individuals and organizations must stay informed and proactively protect themselves from ransomware attacks.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free


[ad_2]
Source link

OPPO Reno 12 series launches with goodness of AI on a budget

andreasc
-
0
OPPO Reno 12 series launches with goodness of AI on a budget
[ad_1]

OPPO has officially launched the Reno 12 series with the goodness of AI. While brands like Apple are integrating AI features into two of its expensive iPhones, OPPO decided to take the game to the next level by offering high-end AI tools in its budget and midrange smartphones. Earlier this month, OPPO promised that it would ship AI features on all its phone lines this year.

Now it seems the company is starting to deliver what it promised starting with the OPPO Reno 12 series. Notably, the recently launched OPPO Reno 12 and 12 Pro ship similar AI features available on the flagship Find X7 Ultra. Besides, the OPPO Reno 12 series will wow you with its impressive design and value.

The OPPO Reno 12 boasts a robust design and fast charging capabilities

The standard Reno 12 model flaunts a 6.7-inch curved AMOLED display with a 120Hz refresh rate. It is backed by the protection of Corning Gorilla Glass 7i and packs the custom 4nm Dimensity 7300 Energy SoC under the hood. On top of that, it ships 12GB of LPDDR4X RAM and 256GB/512GB of UFS 3.1 storage.

The Reno 12 houses a triple-rear camera setup including a 50MP Sony LYT-600 as the main camera sensor with OIS support. Besides, there’s an 8MP 112-degree ultra-wide lens and a 2MP macro sensor. On the front, you’ll find a 32MP selfie shooter, too. This entry-level phone packs a 5000mAh battery and supports 80W SuperVOOC charging. And, it can be charged from 0% to 50% in just 18 minutes.

Oppo Reno 12 camera

The OPPO Reno 12 Pro launches with an ‘Infinite View Screen’ and awesome camera specs

The OPPO Reno 12 Pro also boasts a 6.7-inch AMOLED display with a refresh rate of 120Hz. However, the Infinite View Screen is the standout feature here. In simpler words, the Reno 12 series is launched with a quad micro-curve design. Oppo says that it brings the goodness of a curved screen’s aesthetics with the grip of a flat screen. And, that it will offer fully immersive visuals and comfort while minimizing accidental touch usually associated with phones with curved displays. Notably, the Reno 12 Pro comes with Corning Gorilla Glass Victus 2. And, it ships with similar RAM and dual storage options as the Reno 12. It also packs the same processor under the hood and boots ColorOS 14.1 out-of-the-box.

Oppo Reno 12 Pro Zero Pressure Comfort Design

The Reno 12 Pro sports a triple-rear camera setup including a 50MP Sony LYT-600 camera sensor with OIS support. Besides, there’s a 50MP telephoto lens along with an 8MP 112-degree ultra-wide lens. On the front, you’ll get a 50MP selfie camera. The Pro model allows shooting 4K video at 30fps using the rear and front cameras. Moreover, it packs a 5000mAh battery and supports 80W SuperVOOC charging. And, it can be fully charged in 46 minutes.

OPPO lives up to its promise of delivering a true AI phone

The Reno 12 series comes with a slew of amazing AI features. For starters, the Reno 12 series comes with AI Eraser 2.0. As the name suggests, using this feature will help you remove unwanted objects from your photos with just a tap. Next, there’s the AI Clear Face feature where AI does the magic and gives everyone in a group photo a star makeover. In addition, you have the AI Studio feature that uses GenAI (generative AI) to create your digital avatars. 

The AI Toolbox is another feature on the Reno 12 lineup that uses Google Gemini to analyze in-screen content to offer multiple AI tools like the new Recording Summary which transcribes voice recordings. The next one is the AI Writer feature which generates comments and writes anything for you in Gmail or Outlook. It even helps you with social media posting and generates shopping lists for you.

AI LinkBoost and BeaconLink feature offers you peace of mind in low-network areas

The new AI LinkBoost feature in OPPO’s midrange Android smartphone allows for better signal reception. It can detect when you’re entering or leaving weak-signal areas like an elevator and quickly reconnect to the network. Besides, you can easily switch networks as AI ensures fewer delays and interruptions.

OPPO even has a solution for no-network zones, it’s called BeaconLink. This new feature allows calling nearby people, all just by using Bluetooth. You won’t even need a mobile network or an internet connection. However, the feature requires other parties to keep their Bluetooth on to make or receive calls.

Oppo Reno 12 series BeaconLink

The OPPO Reno 12 series price & availability

The Reno 12 starts at €499 in the global market, whereas, the Reno 12 Pro sets you back by €599. As with other OPPO phones, the Reno 12 series won’t be available in the United States. But, it will be available in different regions on different dates. Worth noting that the Chinese versions of both smartphones are up for sale in China which has more RAM, a better processor, and a few extra features.


[ad_2]
Source link

Beware Of Fake Microsoft Teams Website That Installs Oyster Malware

andreasc
-
0
Beware Of Fake Microsoft Teams Website That Installs Oyster Malware
[ad_1]

Fake websites of authoritative and popular companies claiming to be genuine sites make users believe that the site belongs to that specific company and is safe to use.

Besides this, hackers can more easily lure victims into entering sensitive information or downloading malware by mimicking popular and reputable brands.

Cybersecurity researchers at Rapid 7 identified a fresh malvertising campaign that deceives users into downloading malicious installers pretending to be well-known utilities, such as Google Chrome and Microsoft Teams.

These installers deliver a backdoor named “Oyster” or “Broomstick.” Following its establishment, hands-on keyboard activity involves system enumeration and deployment of other malicious payloads.

Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

Beware Of Fake Microsoft Teams Website

When they looked for the software on the Web, users downloaded Microsoft Teams installers from typosquatted websites in three instances.

These were rogue sites posing as authentic Microsoft ones and led trustful users to download malware instead of genuine software applications.

Fake Website

For one, “micrsoft-teams-download[.]com” sent binary MSTeamsSetup_c_l_.exe signed with a certificate issued for Shanxi Yanghua HOME Furnishings Ltd, likely used maliciously to look like a legitimate entity on VirusTotal.

In May 2024, legitimate software was impersonated by multiple installers, one of which employed a Microsoft Teams setup file with a revoked certificate.

The Rapid 7 report states that the Oyster (aka Broomstick, CleanUpLoader) malware family was first distributed via this installer in September 2023.

System data is collected while hardcoded C2s are contacted, consequently making it possible to execute remote code. The recent sample drops CleanUp30.dll, which creates a scheduled task that allows the virus to be launched every 3 hours when it runs itself again.

The C2 domains get decoded using a byte mapping algorithm, and fingerprint machines are infected, which helps send back such information to the C2 infrastructure.

Here below, we have mentioned all the functions that are used to fingerprint the infected machine:-

  • DsRoleGetPrimaryDomainInformation
  • GetUserNameW
  • NetUserGetInfo
  • GetComputerNameW
  • RtlGetVersion

While enumerating host information, the data is stored in JSON fields from decoded strings. 

The fingerprint is encoded by reversing and byte mapping the string before sending via HTTP POST to whereverhomebe[.]com/, supfoundrysettlers[.]us/, and retdirectyourman[.]eu/. 

CleanUp30.dll uses Boost.Beast for HTTP/WebSocket C2 communication. After executing CleanUp30.dll, a PowerShell script spawned, creating a startup shortcut DiskCleanUp.lnk to run CleanUp.dll via rundll32.exe. 

This executed the k1.ps1, main.dll, and getresult.exe payloads.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free


[ad_2]
Source link
1...119120121...1,470Page 120 of 1,470