Samsung is expected to launch three new flagship Android tablets as part of its Galaxy Tab S9 series later this year. We should get a base model, a Plus, and an Ultra. The devices will probably arrive alongside the Galaxy Z Fold 5 and Galaxy Z Flip 5 foldables. Early rumors suggest that the Korean firm will ship all of these upcoming products with the same chipset that powers the Galaxy S23 series.
According to Twitter tipster @Tech_Reve, the Galaxy Tab S9 series and the new foldables will be powered by the Snapdragon 8 Gen 2 for Galaxy. It’s an overclocked version of the latest Qualcomm processor exclusively available to Samsung. While the regular version has its Cortex-X3 prime CPU core running at a clock speed of 3.20GHz, the Galaxy version goes up to 3.36GHz. The Adreno 740 GPU in it also runs at a higher frequency of 719MHz, against 680MHz in the regular Snapdragon 8 Gen 2.
The tipster further added that the Galaxy Tab S9 will pack a 10,880mAh battery. That’s slightly smaller than the 11,200mAh unit found inside last year’s Galaxy Tab S8 Ultra. However, power-efficiency gains brought by the new chipset should make up for that capacity deficit. Unfortunately, not much else is known about the upcoming Galaxy tablets at the moment. Rumors are that they will be the first waterproof flagship tablets from Samsung. We should get confirmation about that in the coming months.
The Galaxy Tab S9 series and new foldables will arrive in the second half of 2023
Samsung hasn’t been launching new flagship tablets in a yearly cycle lately. The Galaxy Tab S7 series arrived in August 2020 while the Galaxy Tab S8 came in February last year. We are now seemingly looking at an August/September 2023 launch for the Galaxy Tab S9 series. As said earlier, there haven’t been many rumors about the new tablets so far. That’s likely because the devices are still in the early stages of development. Leaks should start coming more frequently in a few months once Samsung finalizes everything and proceeds to the manufacturing step.
Likewise, leaks about the Galaxy Z Fold 5 and Galaxy Z Flip 5 will also come thick and fast in the coming months as the Korean firm progresses with the development of the two foldables. All of these devices should go official in August or September this year. The Galaxy Watch 6 series and a new pair of Galaxy Buds TWS earbuds should also debut alongside them. The Galaxy S23 FE may follow a few months later if it arrives at all. We will keep you posted with all the latest information about these upcoming Samsung products.
The UK’s National Cyber Security Center (NCSC) is alerting the public about the dangers of ChatGPT. This artificial intelligence model gained popularity after its launch a few months ago. After it became available to the public, a ton of people trooped in to try out its abilities in various ways.
Some people asked for recipes for specific dishes, answers to assignment questions, and other random questions. The response of this artificial intelligence model to various questions thrown it’s way amazed lots of people. For this reason, more people wanted to give ChatGPT a try, hence increasing its popularity.
Now the system on which this artificial intelligence model run has received an upgrade. The GPT-4 system brings improvements to the conversation abilities of various artificial intelligence models that rely on it. With the increasing adoption of this artificial intelligence model, are there any dangers that it poses to society? A recent update highlights a few, let’s take a close look at these dangers.
According to the National Cyber Security Center (NCSC) here are the dangers of ChatGPT
The UK National Cyber Security Center (NCSC) has alerted the public to the dangers of ChatGPT. They did this with a recent blog post on their official website, where they delved into ChatGPT and large language models (LLMs).
With the increase in popularity of these artificial intelligence models, there is a need to know the risk they might pose. Well, the UK National Cyber Security Center (NCSC) has done the research to help enlighten the public. From their findings, users of ChatGPT and other LLMs will get to know what majors to take with these artificial intelligence models.
One of the first observations to take to mind with the artificial intelligence models is that they might be misleading. Some information they provide to users’ requests might be wrong, biased, violent, etc. For this reason, users of ChatGPT and other LLMs should be mindful of the content they consume from these artificial intelligence models.
There is also the need to be careful about the type of information you share with these platforms. The National Cyber Security Center (NCSC) advises against sharing sensitive information with ChatGPT or other LLMs. These platforms might not reveal user information, but they have access to user queries and can be hacked, hence revealing these queries to the public.
For this reason, try not to ask such platforms questions that are quite sensitive to your personal life or work. The dangers of ChatGPT and other LLMs also encompass how cyber criminals and bad actors can put it to use. So, while you try new or existing large language models, it is important to understand the risks they pose.
Pompompurin has been charged with a single count of conspiracy to commit access device fraud.
Conor Brian Fitzpatrick (aka Pompompurin, aka Pom), a 2021 graduate of Peekskill High School, has been arrested for running the notorious dark web data breach site BreachForums, according to FBI Special Agent John Longmire.
It is worth noting that Breach Forums surfaced as an alternative to the popular and now-seized Raidforums in 2022.
Pompompurin’s profile on Breach Forums (Screen credit: Hackread.com)
Fitzpatrick was arrested by a team of investigators at his home in Peekskill, New York, on Wednesday and charged with a single count of conspiracy to commit access device fraud. His arrest has also been confirmed by administrators of the forum, Hackread.com can confirm.
BreachForums, which hosted the stolen databases of almost 1,000 companies and websites, was a well-known site among cybercriminals who sold personal information, including names, emails, and passwords.
Fitzpatrick, who operated under the name “pompompurin” on the site, admitted to being the owner and operator of the site, according to Longmire’s statement.
Cybersecurity investigators had been closely monitoring Fitzpatrick for over a year before his arrest, considering him a significant player in the cybercrime ecosystem. In November 2021, Fitzpatrick claimed responsibility for sending out fake emails from a “fbi.gov” email address.
Breach Forums to Stay Online
At the time of publishing this article, the Breach Forums were still accessible and the dataset of 888 companies and organizations was available for download. This is because one of the forum administrators, who goes by the alias Baphomet, has claimed responsibility for taking over the forum to keep it running and protect it from being seized by authorities.
This is what Baphomet had to say (Screen credit: Hackread.com)
Nevertheless, according to Bloomberg, the charges filed against Fitzpatrick in federal court in Alexandria, Virginia, have not been made public. Fitzpatrick was presented in federal court in White Plains, New York, and released on a $300,000 unsecured bond, signed by his parents.
He is required to avoid any contact with codefendants, coconspirators, and witnesses in the case and is due to appear in court in Alexandria on March 24.
Rubrik, a cloud data management company, has revealed that Clop made use of an infamous GoAnywhere flaw.
Rubrik, a cybersecurity company specializing in cloud data management, has revealed that some of its systems were infiltrated by the Clop ransomware group. Rubrik is one of many companies attacked by Clop via an infamous zero-day vulnerability in the GoAnywhere file transfer software.
The attack began in February, according to its CEO Michael Mestrovich. “We detected unauthorized access to a limited amount of information in one of our non-production IT testing environments as a result of the GoAnywhere vulnerability,” he says in a blog post published Tuesday. Mestrovich claims that “based on our current investigation, being conducted with the assistance of third-party forensics experts, the unauthorized access did NOT include any data we secure on behalf of our customers via any Rubrik products.”
He also revealed the attackers compromised internal sales data, including customer and partner company names, business contact information, and some purchase orders from Rubrik distributors. According to Mestrovich, the third-party investigators used by Rubrik confirmed that no personal information, such as Social Security Numbers (SSNs), financial accounts, and payment card numbers, were compromised.
The GoAnywhere vulnerability, tracked as CVE-2023-0669, has a severity rating of High and was included in CISA’s Known Exploited Vulnerabilities Catalog, a list of actively exploited vulnerabilities every federal information system must patch urgently. The catalog is an essential go-to list for IT admins trying to prioritize their patching.
The attack on Rubrik happened before an emergency patch was available.
Clop hasn’t been shy about the 130 organizations it’s stolen data from thanks to the GoAnywhere vulnerability. Last week, the gang began sending out extortion emails to the victims, and adding them to its leak site. Known victims include Rubrik, Hatch Bank and Community Health Systems (CHS).
Organizations using GoAnywhere should download the security patch immediately. Fortra has also provided a technical mitigation in its advisory, which can be accessed via the company’s customer portal.
Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
The Galaxy S23 Ultra is Samsung’s latest and greatest smartphone. We’ve already compared it with a number of smartphones, including its predecessor, the Galaxy S22 Ultra. What if you’re still using the Galaxy S21 Ultra, though, and you’re thinking of upgrading? Well, that’s what we’re here for. In this article, we’ll compare the Samsung Galaxy S23 Ultra vs Samsung Galaxy S21 Ultra.
Two of Samsung’s behemoths will go head-to-head across a number of categories, but first, we’ll list their specs. Following that, we’ll compare their designs, displays, performance, battery life, cameras, and audio performance. There’s a lot to talk about here, as the difference between them is substantial. Let’s get started.
Specs
Samsung Galaxy S23 Ultra
Samsung Galaxy S21 Ultra
Screen size
6.8-inch QHD+ Dynamic AMOLED 2X display (curved, 120Hz adaptive refresh rate, LTPO, down to 1Hz, 1,750 nits peak brightness)
Samsung Galaxy S23 Ultra vs Samsung Galaxy S21 Ultra: Design
You’ll immediately be able to spot the difference between the two phones, the moment you lay your eyes on them. The Galaxy S23 Ultra has sharper corners, and flat top and bottom sides. That’s not the case with the Galaxy S21 Ultra. Both phones do have thin bezels, curved displays, and a centered display camera hole. The Galaxy S23 Ultra is slightly shorter, but also noticeably wider.
The two phones have the same exact thickness, while the Galaxy S23 Ultra is slightly heavier. Both phones are made out of metal and glass, and both are IP68 certified for water and dust resistance. When you flip them around, you’ll see a different camera design. The sensors are roughly in the same spots, but the Galaxy S23 Ultra’s protrudes directly from the backplate. The Galaxy S21 Ultra, on the other hand, has a camera island on the back.
Now, both of these phones do have support for an S Pen, but only the S23 Ultra comes with Samsung’s stylus. That phone also has an S Pen silo, which can be accessed from the bottom. The same cannot be said for the Galaxy S21 Ultra. They do feel premium in the hand, but if you don’t like hefty and large phones, you should think twice before getting either of them. Using a case is recommended due to the fact how slippery they are.
Samsung Galaxy S23 Ultra vs Samsung Galaxy S21 Ultra: Display
The Galaxy S23 Ultra features a 6.8-inch QHD+ (3088 x 1440) Dynamic AMOLED 2X display. That panel is curved, but only slightly, and it supports an adaptive refresh rate of up to 120Hz. HDR10+ content is supported here, while the display can get quite bright at 1,750 nits of peak brightness. This display is also well-protected thanks to a layer of the Corning Gorilla Glass 2.
Galaxy S21 Ultra
The Galaxy S21 Ultra, on the other hand, has a 6.8-inch panel as well. This display has a QHD+ resolution too, but a different aspect ratio. It has a 20:9 aspect ratio and a resolution of 3200 x 1440. This is also a Dynamic AMOLED 2X panel with a refresh rate of 120Hz, and it also supports HDR10+ content. Do note that this panel gets up to 1,500 nits of peak brightness, so, slightly less than the Galaxy S23 Ultra. This panel is also curved, considerably more than the unit on the Galaxy S23 Ultra.
Both of these phones have outstanding displays. Truth be said, the Galaxy S23 Ultra’s panel is newer and technically better, but you’ll be more than happy with either one. Both get bright enough, even outdoors, and both offer vivid colors, deep blacks, and great viewing angles. The touch response is also good on both of these displays. If you’re considering upgrading just because of the display, that may not be the best idea, both are great.
Samsung Galaxy S23 Ultra vs Samsung Galaxy S21 Ultra: Performance
Qualcomm’s Snapdragon 8 Gen 2 for Galaxy SoC fuels the Galaxy S23 Ultra. The phone also packs in 12GB of LPDDR5 RAM and UFS 4.0 flash storage. The Galaxy S21 Ultra is fueled by the Snapdragon 888 SoC in the US and China, but in many markets, it launched with the Exynos 2100 processor. Up to 16GB of LPDDR5 RAM is included on the phone, along with UFS 3.1 flash storage.
Now, the Galaxy S23 Ultra is definitely the more powerful phone in this comparison. The Snapdragon 8 Gen 2 is a much better chip with great power efficiency. It also comes inside every Galaxy S23 Ultra unit, so you don’t have to worry about inferior performance. It offers faster and more efficient RAM and flash storage too. Does this reflect on the actual real-life performance? Well, yes, it does.
The Galaxy S21 Ultra is not exactly laggy at this point, but it’s nowhere near as fluid as the Galaxy S23 Ultra, especially the Exynos model. The Galaxy S23 Ultra is one of the snappiest phones around, while the Galaxy S21 Ultra performs really well, but it does skip frames here and there. The difference is noticeable once you try both phones, that’s for sure, which is not exactly surprising.
Samsung Galaxy S23 Ultra vs Samsung Galaxy S21 Ultra: Battery
There is a 5,000mAh battery in both of these smartphones. The battery life is considerably different, though. The Galaxy S23 Ultra does have a more efficient SoC, and some other components, so that’s not surprising. We were able to go all the way to 10 hours of screen-on-time with the Galaxy S23 Ultra, and that was not an exception. The Galaxy S21 Ultra lingered around 6.5-7.5 hours when we reviewed it.
Do note that we didn’t really play games on either phone, other for testing purposes. They did go through a lot during our usage, ranging from browsing, messaging, image editing, photo editing, streaming, and so much more. Your mileage may vary, though, of course. You’ll be using different apps, have different usage habits, and different signal strengths. On top of that, it has been a while since we’ve rocked the Galaxy S21 Ultra as a daily driver, things may have changed.
The Galaxy S23 Ultra does support faster charging than the Galaxy S21 Ultra. It comes with 45W wired, 15W wireless, and 4.5 reverse wireless charging. The Galaxy S21 Ultra supports 25W wired charging, while the wireless and reverse wireless charging is identical as on its sibling. Do note that neither of these two phones comes with a charging brick in the box, though.
Samsung Galaxy S23 Ultra vs Samsung Galaxy S21 Ultra: Cameras
Both of these phones have four cameras on the back. The Galaxy S23 Ultra has a 200-megapixel main camera, a 12-megapixel ultrawide unit, a 10-megapixel telephoto camera, and a 10-megapixel periscope telephoto unit. The Galaxy S21 Ultra features a 108-megapixel main camera, a 12-megapixel ultrawide unit, a 10-megapixel telephoto camera, and a 10-megapixel periscope telephoto unit.
Galaxy S23 Ultra
Now that we got the hardware out of the way, let’s talk about their real-life performance. We are talking about two generations of phones here, so it is to be expected that the Galaxy S23 Ultra is better in the camera department. That is the case, and the difference is quite substantial. Samsung improved the cameras across the board, though some optimizations are still needed. In extreme HDR conditions, the phone does, at times, leave dark areas without much detail. In most HDR conditions it performs admirably, however.
It is better than the Galaxy S21 Ultra in every way. The pictures are better in terms of colors, you’re getting more details, they’re better balanced, and low light is also a major improvement. The ultrawide and telephoto shots are also noticeably better, though not to the level of the main camera images. You’ll even see some improvements in the periscope telephoto shots that go over the 3x level. If you’re in need of better camera performance, the Galaxy S23 Ultra certainly is an improvement. Video recording is also worth mentioning, as the Galaxy S23 Ultra footage is extra stable thanks to the changes Samsung made, and it looks better in pretty much every way.
Audio
Both of these phones include a good set of stereo speakers. The speakers on both phones have been tuned by AKG, and they both sound really good, and are quite loud. If we’re nitpicking, however, the Galaxy S23 Ultra did sound a bit louder, and provided a bit more bass.
Neither phone has a 3.5mm headphone jack, so you’ll have to use their Type-C ports if you’d like to connect your headphones via a wire. If you prefer a wireless connection, the Galaxy S23 Ultra offers Bluetooth 5.3, while its sibling supports Bluetooth 5.2.
Microsoft has just rolled out the ‘Moment 2’ update for Windows 11 that brings a bunch of new cool features, including support for this-party widgets and a touch-optimized taskbar.
The update is heading to Windows 11 version 22H2, along with Patch Tuesday updates. While this update rolled out as optional last month, it’s now mandatory for all users to install it. It’s available as KB5023706 (build 22621.1413). You can check the Windows Settings app to see if the update is rolled out to your device or manually download it from the Microsoft website.
The first feature that the update brings to Windows 11 is a touch-optimized taskbar. This feature hides app icons so you can have more space. To check if it’s activated or if you want to make any changes to the taskbar, navigate to Settings > Personalization > Taskbar.
Microsoft released Windows 11′ Moment 2′ update
Windows 11 now allows you to add third-party widgets in the Widgets panel. This could be an efficient add-on for certain apps like messengers and music streaming apps. You can now pin the widgets of your favorite apps to the Widgets board.
Windows 11 version 22H2 update still has a lot to offer. The next added feature is quick access to Windows Studio effects through the Quick Settings panel on the taskbar. You can now apply effects to the device’s camera and microphone. For example, for a business meeting, you can cancel the background noise or blur the background.
Additionally, Task Manager on Windows 11 now has a search bar that lets you find things faster. Microsoft also added Braille displays and improved Narrator integration with Braille drivers for low-vision users. More voice commands are also added to Windows. Finally, Azure Active Directory users can see AI-based recommendations on the Start men.
Besides adding these features to Windows 11, Microsoft released updates to the Windows apps. For example, the Snipping Tool now has a screen recorder feature and a Notepad app support tab. Other small fixes, like a crash, while playing HDR videos or a bug that prevented users from logging in by Pin or fingerprint, are also included.
Windows 11 version 21H2 also got the same update as version 22H2. Of course, there is an advanced auto-learning feature for facial recognition on version 21H2 now that suits well with Windows Hello.
The attack scheme begins with the FakeCalls malware masquerading as an online banking application of a reputable South Korean financial organization, proposing a low-interest rate loan to the victim.
In recent months, a new type of Android malware called “FakeCalls” has emerged, targeting users in South Korea. The malware is designed to trick users into divulging sensitive financial information by making fake calls that appear to be from a legitimate financial organization.
Voice phishing (aka vishing attacks) is a growing threat to mobile banking customers worldwide. Vishing attacks use phone calls to trick people into divulging sensitive information, and they often involve sophisticated social engineering techniques to make the calls seem legitimate.
According to a detailed report by CheckPoint Research, the creators of the malware use a variety of techniques to make the calls seem convincing, including spoofing the bank’s phone number and using pre-recorded messages that sound like the bank’s customer service department.
The attack scheme begins with the FakeCalls malware masquerading as an online banking application of a reputable South Korean financial organization. The malicious app proposes a low-interest rate loan to the target.
Once the target expresses interest, the malware places a call and plays a pre-recorded message from the bank’s customer service representative, providing instructions on getting the loan application approved.
Simultaneously, the malware conceals the phone number of the attacker with the bank’s real number to convince the victim that the conversation is taking place with a real banking representative. The victim is eventually tricked into “confirming” the credit card information in hopes of qualifying for the fake loan.
Such sophisticated voice phishing campaigns paired with malware using unique evasion techniques result in grave financial losses. According to the report on the official website of the South Korean government, voice phishing resulted in losses of roughly 600 million USD in 2020. The number of individuals affected by this crime from 2016 to 2020 was estimated to be as high as 170,000.
More than 2,500 samples of the FakeCalls malware were discovered with varying combinations of mimicked financial organizations and evasion techniques. In their highly technical report, CheckPoint researchers provide an in-depth analysis of the evasion techniques used by the malware developers behind FakeCalls.
To protect yourself from vishing attacks, it’s important to be aware of some common tactics that attackers use. For example, they may use a spoofed number that appears to be from your bank, or they may claim to be calling from a government agency or other trusted organization.
Don’t trust caller ID: Caller ID can be easily spoofed, so just because a call appears to be from your bank doesn’t mean it’s legitimate. Always be suspicious of unsolicited calls asking for personal information.
Verify the caller: If someone calls claiming to be from your bank or another organization, hang up and call them back using a phone number you know to be genuine. Don’t use the number they give you, as it may be fake.
Don’t give out personal information: Never give out personal information, such as passwords, PINs, or credit card numbers, to someone who calls you, until you have confirmed that they belong to a trusted organization.
Keep your phone and apps up to date: Make sure to keep your phone’s operating system and security software up to date to protect against known vulnerabilities.
Samsung recently launched the Galaxy A54 5G and Galaxy A34 5G in several global markets. As part of the official announcement in Turkey, the company confirmed the existence of another Galaxy A model: Galaxy A24. It said the device will arrive in the coming months, at least in the Turkish market. While we wait for that, that handset has appeared in leaked renders to give us an early look. We also have detailed specifications of the phone.
According to renders shared by Gadgety, the Galaxy A24 will have a similar design as the rest of Samsung’s smartphones in 2023. The handset gets flat front and back panels with no camera bump. As expected, it features a notched display instead of a punch-hole camera cutout. The display reportedly measures 6.5 inches diagonally and has an aspect ratio of 19.5:9. It’s a Super AMOLED panel with a Full HD+ resolution and 90Hz refresh rate. The report mentions a maximum brightness of 1000 units.
The Galaxy A24 will be reportedly powered by MediaTek’s Helio G99 processor. It features two Cortex-A76 CPU cores operating at a maximum frequency of 2.2 GHz and six Cortex-A55 cores at 2 GHz. Samsung will pair the chipset with 4GB of RAM and 128GB of internal storage. The handset will support microSD cards of up to 1TB capacity. Coming to the cameras, this phone gets a 50MP primary shooter with OIS (Optical Image Stabilization), 5MP ultrawide lens, and 2MP macro camera at the back. There’s a 13MP selfie camera at the front.
As revealed by an earlier leak, the Galaxy A24 packs a 5,000mAh battery with 25W fast charging support via a USB Type-C port. A recessed power button reveals a side-mounted fingerprint scanner. We can also see the SIM tray on the left side. The device will also get a 3.5mm headphone jack, with Samsung including Dolby Atmos support. The report mentions a dimension of 162.1 x 77.6 x 8.3 mm, with the handset weighing 195 grams. The Galaxy A24 is said to come in black, silver, red-burgundy, and lemon-green colors.
Samsung may also launch a Galaxy A24 5G
Samsung launched two Galaxy A23 models last year — a 4G model in March and a 5G model in August. It will likely do the same this year with the Galaxy A24. The device we see today is the 4G version. Its 5G counterpart should show up in leaks in the coming months. If history is any indication, the only notable difference between the two should be a 5G-enabled processor and a 120Hz display refresh rate on the latter. Since the Galaxy A24 4G has already been leaked extensively and has picked up regulatory certifications, it may debut soon. We will let you know when Samsung takes the wraps off it.
Security researchers at Google‘s Project Zero team have discovered multiple serious zero-day vulnerabilities on Samsung’s Exynos modems. The vulnerabilities affect dozens of smartphones and wearables from Samsung, Google, and Vivo. The Galaxy S22 series, Galaxy A53, Galaxy A33, Pixel 6 series, Pixel 7 series, Vivo X70 series, and the Vivo S16 series are among the affected devices.
In a recent blog post, Project Zero revealed that they have discovered 18 zero-day vulnerabilities in Exynos Modems produced by Samsung Semiconductor. Four of those are critical flaws that could lead to Internet-to-baseband remote code execution if exploited in the wild. A remote attacker would only require to know the victim’s phone number to compromise a phone at the baseband level with no user interaction. These vulnerabilities aren’t too difficult to exploit, the researchers concluded.
The remaining 14 vulnerabilities aren’t as severe, though. They require “either a malicious mobile network operator or an attacker with local access to the device”. Project Zero reported these vulnerabilities to Samsung between late 2022 and early 2023. It’s been more than 90 days since the researchers submitted some of the reports but the Korean firm has yet to patch any of the flaws.
Full list of devices affected by these Exynos vulnerabilities
These zero-day vulnerabilities affect over a dozen Samsung smartphones, including the Galaxy S22, Galaxy M33, Galaxy M13, Galaxy M12, Galaxy A71, Galaxy A53, Galaxy A33, Galaxy A21, Galaxy A13, Galaxy A12, and Galaxy A04 series.
Google, which started using Samsung-made Tensor chips in Pixel smartphones in 2021, has also found all recent Pixel models vulnerable, i.e. Pixel 6 and Pixel 7 series. Affected Vivo devices include the Vivo S16, Vivo S15, Vivo S6, Vivo X70, Vivo X60, and the Vivo X30 series.
Additionally, any wearable product featuring the Exynos W920 chipset is also vulnerable to these security flaws. Samsung’s Galaxy Watch 4 and Galaxy Watch 5 series are among them. Finally, these Exynos modem vulnerabilities also affect vehicles using the Exynos Auto T5123 chipset. According to the official release from Project Zero, Google’s March update for Pixel devices patches the issues.
The update is already available for the Pixel 7 series but the Pixel 6 series is still awaiting it. The vulnerabilities seemingly remain unpatched on other affected devices.
As a temporary protection measure, Project Zero’s head Tim Willis advises users to turn off Wi-Fi calling and Voice-over-LTE (VoLTE). This will “remove the exploitation risk of these vulnerabilities” on affected devices. Unfortunately, these features are essential for many people. We hope Samsung will patch these flaws on its Exynos modems sooner than later.
ESET cybersecurity researchers have discovered trojanized instant messaging apps that deliver clippers malware. According to their analysis, these Android and Windows-based clippers can abuse instant messages and steal crypto wallet funds via OCR (optical character recognition).
This is the first time clippers have been discovered disguised as instant messaging apps.
Dozens of Fake Messaging Apps Discovered
Based on the findings shared by ESET researchers, dozens of fake Telegram and WhatsApp websites have surfaced. These websites primarily target Windows and Android users and deliver weaponized versions of Telegram and WhatsApp instant messaging apps loaded with a type of malware that modifies clipboard content, called Clippers.
Clippers were first discovered on the Google Play Store in 2019, and now they have been built into messaging apps.
The infection chain (ESET)
What are Clippers?
Clippers refer to malicious codes, also called clipper copies, that can alter a device’s clipboard content, which in the latest campaign leads the attackers to access their victims’ cryptocurrency wallets.
This happens because online cryptocurrency wallets’ addresses comprise long strings of characters, and users often copy/paste these addresses via the clipboard instead of entering them.
Clippers can recognize the text and help attackers steal crypto by intercepting the clipboard data and secretly replacing wallet addresses with those that can be accessed by criminals.
“The main purpose of the clippers is to intercept the victim’s messaging communications and replace any sent and received cryptocurrency wallet addresses with addresses belonging to the attackers,”
ESET
Researchers Lukáš Štefanko and Peter Strýček wrote that Clippers are mainly launched to steal cryptocurrency, and many of them can target cryptocurrency wallets. These apps use OCR to recognize text from screenshots the user has stored on the device. This is also the first time this kind of tactic is used.
How are Users Targeted?
In their latest campaign, clipper operators are targeting Chinese-speaking users. They distribute the malware by creating Google Ads that lure users to fake YouTube channels, from where they are redirected to fake WhatsApp and Telegram websites.
Once a clipper infects a device, it uses OCR to find and steal seed phrases. For this, the apps leverage a legitimate machine learning plugin called ML Kit on Android.
Another clipper cluster tracks Telegram conversations for Chinese cryptocurrency-related keywords, either received from a server or hard-coded. If found, the cluster exfiltrates the complete message with channel name, username, and group name to a remote server.
The fourth cluster of Android clippers can switch the wallet address and steal device data and Telegram data like contacts and messages.
ESET also discovered two Windows clusters. One could swap wallet addresses, and the other distributed RATs (remote access trojans), most based on GH0st RAT, in place of clippers to hijack infected hosts and steal crypto.”
