China-Linked Blackwood APT Deploys Advanced NSPX30 Backdoor in Cyberespionage

0
[ad_1]

The Blackwood APT is using the NSPX30 backdoor in cyberespionage attacks against individuals and companies in China, Japan, and the UK.

ESET researchers have discovered a new China-aligned APT group, Blackwood, using advanced implants in cyberespionage attacks targeting individuals and companies in China, Japan, and the UK.

The researchers identified NSPX30, a sophisticated implant used by Blackwood, which uses adversary-in-the-middle (AiTM) techniques to hijack update requests from legitimate software.

ESET traced NSPX30’s evolution back to Project Wood, a simple backdoor, with the oldest sample found in 2005. The implants’ evolution began on January 9th, 2005. The backdoor collects system and network information, records keystrokes, and takes screenshots, as indicated by PE (Portable Executable) header timestamps in the loader and backdoor components

Blackwood backdoor has been operating since 2018, and in 2020, malicious activity on a targeted system in China increased. The NSPX30 implant, a multistage implant, was detected on a few systems, with victims including:

“Unidentified individuals in China and Japan, a Chinese-speaking individual connected to a high-profile UK public research university, a large Chinese manufacturing company, and China-based offices of a Japanese corporation,” researchers stated in a blog post.

NSPX30 is a modular implant with plugins that can steal sensitive data, monitor user activity, and disrupt system operations, potentially causing damage. Utilizing the NSPX30 implant, a sophisticated spying tool, attackers employ a strategy to re-compromise systems in the event of lost access.

China-Linked Blackwood APT Deploys Advanced NSPX30 Backdoor in Cyberespionage
Screenshots: ESET

ESET Research has identified a concerning pattern where legitimate software, such as Tencent QQ, Sogou Pinyin, and WPS Office, downloads updates from unencrypted HTTP servers. This vulnerability enables attackers to establish communication channels, gather data, and capture screenshots.

To further hide their activities, attackers leverage interception techniques to anonymize their infrastructure. The malicious traffic generated by NSPX30 is then seamlessly forwarded to the attackers’ infrastructure through an undisclosed mechanism.

The discovery of NSPX30 active since 2005, highlights how cybersecurity threats have evolved over the years. The discovery also emphasizes the need for strong cybersecurity practices, including keeping software updated, being cautious about suspicious attachments, and investing in security solutions with advanced malware detection capabilities, to better defend against this persistent threat.

  1. Mozi Botnet Takedown: Who Killed the IoT Zombie Botnet?
  2. Chinese APT Posing as Cloud Services to Spy on Cambodia
  3. Chinese Hackers Stole 60K US State Dept Emails from Microsoft
  4. Chinese Scammers Exploit Cloned Sites in Vast Gambling Network
  5. China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks

[ad_2]
Source link

Initial OnePlus 12 pre-orders are up 212% compared to OnePlus 11

0
[ad_1]

OnePlus’ new flagship seems to be immensely popular. OnePlus has announced, via its global X handle, that it received 212% more pre-orders for the OnePlus 12 than for the OnePlus 11 on the first day of its availability.

Initial OnePlus 12 pre-orders are through the roof, a 212% increase compared to the OnePlus 11

OnePlus did not specify if this information is from a specific market, but we’re guessing that’s not the case. The company is probably talking about global pre-orders in general, in all markets that the phone was made available in.

As a reminder, the OnePlus 12 launched globally on January 23, following its China launch. The phone is still available to pre-order across Europe and North America. In the US, the phone is priced at $799.99, but you can get a $100 discount if you offer ANY device in ANY condition. That brings the phone’s price down to $699.99. Needless to say, that’s an outstanding price for this handset. We’ve been using it for a while now, and you can see why it’s worth it in our review.

The phone is considerably more expensive in Europe compared to the US

That being said, in Europe, the phone is more expensive. Let’s take Spain, for example. The entry price tag is €969, and even though OnePlus is throwing in a free pair of earbuds and a case, there’s no €100 discount or anything of the sort. Also, prices do vary a bit across Europe, so it may be a bit more expensive or a bit more affordable in other countries, but not by much.

The OnePlus 12 is coming in 12GB RAM + 256GB storage and 16GB RAM + 512GB storage options. That goes for both North America and Europe, by the way. Silky Black and Flowy Emerald colors are on offer. Both of those models have glass backs.

The Snapdragon 8 Gen 3 fuels the phone, while an extremely bright 120Hz LTPO AMOLED display is included

This smartphone has an immensely powerful set of specs. It’s fueled by the Snapdragon 8 Gen 3 SoC, while it offers LPDDR5X RAM and UFS 4.0 flash storage. A 6.82-inch QHD+ LTPO AMOLED (1-120Hz refresh rate) is also included, and it’s curved.

There is a 5,500mAh battery included on the inside with 100W wired (80W in the US) and 50W wireless charging, on top of 10W reverse wireless charging. A charger is also included in the box.

Android 14 comes pre-installed along with OxygenOS 14. An in-display fingerprint scanner is also a part of the package. Stereo speakers are included, and three cameras. A 50-megapixel main camera is backed by a 48-megapixel ultrawide camera (114-degree FoV), and a 64-megapixel periscope telephoto unit (3x optical zoom, 6x “in-sensor zoom”). You can read more about its specs here.

Buy the OnePlus 12 (Best Buy)

Buy the OnePlus 12 (OnePlus)

OnePlus 12 global first day pre orders


[ad_2]
Source link

Motorola flagship rumored to launch in Q2 with Snapdragon 8 Gen 3

0
[ad_1]

Motorola was notably absent from the list of brands presented in the Snapdragon 8 Gen 3‘s launch announcement, that were planning to integrate the powerful chipset into their devices. However, recent leaks from tipster Wisdom Pikachu (translated from Chinese) indicate that Motorola has some plans to unveil a flagship smartphone featuring the Snapdragon 8 Gen 3 in the coming months. While specific details about the device remain scarce, the tipster suggests that Motorola has slated its upcoming Snapdragon 8 Gen 3 flagship for an official debut in Q2 2024.

Several prominent brands, including OnePlus, ASUS, Samsung, and others, have already incorporated the Snapdragon 8 Gen 3 chipset into their recently released smartphones, as initially communicated by Qualcomm during the chip’s launch in October 2023.

Interestingly, the leaked information from Wisdom Pikachu aligns with Motorola’s historical approach to flagship releases, with the company typically unveiling its flagship phones under the X-series in China and the Edge-series in the global market.

The anticipated Snapdragon 8 gen 3 powered Motorola flagship could be exclusive to China

Motorola’s previous China-exclusive flagship, the Moto X40, introduced in December 2022, featured the Snapdragon 8 Gen 2 chip. However, the company subsequently rebranded the device as the Motorola Edge 40 Pro for the global market, following a similar pattern that we may observe with the upcoming Snapdragon-powered flagship.

While the leaked information hints at the possibility of the company naming its upcoming China-exclusive flagship the Moto X50, there is speculation that they might rebrand the device as the Motorola Edge 50 Pro for the global audience.

Despite the lack of official confirmation, the rumor mill suggests that the latest Snapdragon-powered Motorola flagship might follow in the footsteps of its predecessor in terms of rebranding.

With the expected debut in Q2 2024, eager enthusiasts and industry watchers anticipate more detailed leaks and information about the company’s upcoming flagship in the weeks to come. Motorola’s entry into the third-generation Snapdragon flagship arena is likely to further enrich the market with its unique offerings.


[ad_2]
Source link

Google Chat might finally let you send voice messages

0
[ad_1]

Google Chat offers a range of features commonly seen in messaging apps. Yet, no platform covers every aspect, and Google Chat has been notably lacking a basic feature. The good news is that this gap is soon to be filled.

AssembleDebug, a trusted leaker, has revealed on TheSpAndroid (via Android Police) that Google Chat is gearing up to introduce a much-needed feature: voice messages. According to the leaker, this feature was activated by flipping a flag in the Google Chat app for Android. It is expected to roll out by the first quarter of 2024, so we might not have to wait long to start sending voice messages on the app.

The same flag reportedly worked in the Gmail app, too, as Google has integrated Google Chat functionality into it, according to the source.

Voice messages or recordings can be activated using the mic button at the bottom right of the screen, as illustrated in the screenshots. This mic button replaces the send button temporarily. However, the send button reappears either when the user begins typing in the text field or after they have finished recording the audio.

Although voice messaging is a common feature in popular messaging apps like WhatsApp, Messenger, Telegram, iMessage, and even Google’s own Messages app, it is quite surprising that Google hasn’t introduced it to Chat until now. As the feature is still in development, there is no precise timeline for its release. However, as said earlier, it is anticipated to roll out in the first quarter of 2024.

In a recent update, Google Chat introduced a fresh moderation tool aimed at reviewing and managing reported content within the platform. Additionally, the tech giant revealed plans to bring the star messages feature to both iOS and Android in the coming weeks.

For those unfamiliar, Google Chat is a cloud-based messaging platform developed by Google for businesses and individuals. It is part of the Google Workspace suite of productivity tools and is integrated with other Google products like Gmail, Google Calendar, and Google Drive.


[ad_2]
Source link

Chinese Hackers Hijack Software Updates to Install Malware

0
[ad_1]

In order to obtain unauthorized access and control, hackers take advantage of software vulnerabilities by manipulating updates.

By corrupting the updates, hackers can disseminate malware, compromise user data, and build backdoors for future attacks.

This enables hackers to compromise a large user base at once, making the software upgrades a luring target for malicious activities.

Cybersecurity researchers at ESET recently identified that Chinese hackers have been actively targeting and hacking software updates to install malware since 2005.

Chinese Hackers Hijack Software Updates

ESET found China-linked threat actor Blackwood behind a cyberattack since 2018. They use AitM attacks to deliver NSPX30 implants through software updates by targeting Chinese and Japanese entities.

Document
Run Free ThreatScan on Your Mailbox

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Blackwood hides the C2 server location by intercepting NSPX30-generated traffic.

In 2020, a Chinese system was hit by a surge of attacks from Evasive Panda, LuoYu, and LittleBear. Security analysts found a new threat, NSPX30, traced back to 2005 amid suspicious files, and it’s been discovered via a deep investigation.                    

Timeline (Source – ESET)

Evolution starts with a 2005 backdoor, Project Wood, which was found via timestamps. Researchers validate authenticity through the metadata of the PE header, UPX version, and Rich Headers. 

Project Wood served as a codebase that led to DCM in 2008. Tencent’s 2016 report details DCM’s advanced variant, exploiting AitM capabilities

The compromises occur during legit software updates via unencrypted HTTP that affects the popular Chinese software.

Chain of execution (Source – ESET)

Cybersecurity researchers at ESET found IP addresses linked to legitimate software firms in their telemetry. Millions of connections were registered, with downloads of genuine software components. 

How NSPX30 is delivered as malicious updates is unknown. Speculation points to a network implant, possibly on vulnerable devices like routers. 

However, no DNS redirection hints at intercepting unencrypted HTTP traffic for delivering the NSPX30 implant.

Orchestrator uses Baidu’s site to download backdoor, posing as Internet Explorer on Windows 98. Custom User-Agent and Request-URI reveal orchestrator and system info. 

While the backdoor initializes the UDP socket, facing complications with firewalls and NAT. Data exfiltration via DNS queries to Microsoft[.]com takes place and cleverly hides C&C location using AitM capability.

Geographical distribution (Source – ESET)

Victims in Japan and the UK were targeted via the AitM system. Blackwood threat actors have been observed since 2005 and have been constantly evolving from Project Wood. The history of the primordial backdoor, Project Wood, hints at experienced malware developers.


[ad_2]
Source link

Meta is now imposing stricter message settings for minors

0
[ad_1]

Tech giant Meta has just announced it will be imposing stricter message settings for minors on Instagram and Facebook. In a recent news post on its site, Meta talked about teen safety on its social media platforms. The new changes will promise to not only protect teens but also allow guardians more control. Unsolicited contact with minors on social media has been a societal plague for years. These new restrictions aim to combat this social contagion, as well as giving parents greater peace of mind.

Meta’s proposed changes to messaging minors

The company announced that it was planning to implement various different restrictions on its apps. For starters, Meta made changes to Instagram and Facebook earlier this month. These changes will help protect teens from encountering sensitive media on both platforms. Till now, anyone aged 19 or up has been unable to message a minor, period. This, of course, is only restricted to people said minor doesn’t follow. The limit is part of a larger change recently which included limiting strangers from messaging a user more than one message, or anything not text-based.

Now, teens on Instagram and Facebook have the option to turn off messages from strangers completely. This setting also includes other teens and will be on by default for minors. Going forward, only people a minor is connected to will be able to message them or add them to groups. This protection also extends to Facebook’s Messenger app, which will only allow messages from contacts or people a minor follows on Facebook. Meta says another feature is also in the works that will protect teens from seeing sensitive content from people they do follow. It wouldn’t be a bad bet to say this upcoming feature is likely to make use of AI.

Changes to parental supervision tools

In addition to message settings, Meta is also giving more control over supervised accounts. Parents and legal guardians will now have the option to approve or deny changes to their teen’s account settings. Before this, Instagram would only notify supervisors of changes to an account. Settings that will now require approval from guardians include the messaging restrictions mentioned above. Meta says these restrictions will apply to teens aged under 16, and under 18 in “certain countries”.

Parents and legal guardians will find it much easier to manage their teen’s social media exposure going forward. These proposed tools, restrictions, and features should hopefully see a significant reduction in inappropriate conduct with minors. Furthermore, these tools are more likely to entice strict parents to let their teens use Meta’s social media apps over other platforms.


[ad_2]
Source link

Netflix CEO explains why there will be no dedicated Netflix app for Vision Pro at launch

0
[ad_1]
So why is there no dedicated Netflix app for Vision Pro? Peters explained by saying, “We have to be careful about making sure that we’re not investing in places that are not really yielding a return, and I would say we’ll see where things go with Vision Pro. Certainly we’re always in discussions with Apple to try and figure that out but right now, the device is so subscale that it’s not really particularly relevant to most of our members.” 

If Vision Pro takes off, Peters says Netflix can put together a dedicated app “very, very quickly”

What if Apple were able to do something with Vision Pro that would change “the big picture strategic calculus for Netflix.” Peters responded, “And that’s something that’s been — we’ve worked together for a long time, we’ve always had active discussions to how we could help each other out. Sometimes we find a great space of overlap. We can move very, very quickly. Sometimes it takes a little bit longer.”
So even though Netflix won’t have a dedicated Vision Pro app now, it is something that could appear in the future. Right now it just isn’t worth the time, money, and effort for Netflix to develop an app for visionOS, especially considering that it’s been estimated that pre-orders for the spatial computer amounted to 180,000 units during the first weekend that units could be reserved. Compare that with the 1.56 million active iPhone units forecast to be active by the end of this year and you can understand Peter’s decision better.

Vision Pro users will still be able to access the video streamer via the spatial computer’s Safari browser

This absence of Vision Pro apps for Netflix and YouTube doesn’t mean that those who shell out $3,499 and up for the spatial computer can’t watch streaming video from the popular pair. It simply means that users will have to use Vision Pro‘s Safari browser, point them in the direction of the Netflix and YouTube websites, and view their content that way. Sure, it sounds so 2007 but if Vision Pro catches on, and subsequent versions have a more affordable price, Peters could have a dedicated Vision Pro app made available.
Let’s look at one video streamer that went all in to Vision Pro, Disney+. Bob Iger, Disney CEO said, “At Disney, we’re constantly searching for new ways to entertain, inform, and inspire by combining exceptional creativity with groundbreaking technology to create truly remarkable experiences. Apple Vision Pro is a revolutionary platform that will bring our fans closer to the characters and stories they love while immersing them more deeply in all that Disney has to offer. We’re proud to once again be partnering with Apple to bring extraordinary new Disney experiences to people around the world.”

And Disney+ is including four different environments with its Vision Pro app. The company says, “Each environment includes animations and sounds that make the space feel alive, and Easter eggs from films and franchises that will surprise and delight fans.” Netflix could have done something like this too, but not as many entertainment-related firms get Apple as much as Disney does.

Other video streamers that will have a dedicated app on Vision Pro besides Disney+ include Amazon Prime Video, and Paramount Plus. Vision Pro will be released on February 2nd.

[ad_2]
Source link

MediaTek’s Dimensity 9400 to use TSMC’s new 3nm process

0
[ad_1]

MediaTek’s upcoming flagship processor, the Dimensity 9400, is said to utilize TSMC’s new 3nm process. In other words, the chip will be manufactured using TSMC’s second-generation 3nm process, it seems.

MediaTek’s Dimensity 9400 processor will use TSMC’s new 3nm process, just like Qualcomm’s new chip

This information comes from a tipster, Digital Chat Station. That Chinese tipster is usually spot on, so we don’t really have a reason to doubt him. He also said that we can expect considerably improved performance.

As a reminder, Apple’s A17 Pro processor is made using TSMC’s 3nm processor. That chip is made using the ‘N3B’ process, which is the first-generation 3nm tech. MediaTek aims to use the ‘N3E’ process, which is the second-gen tech.

Just to be clear, MediaTek won’t be the only one to use it. Qualcomm will also utilize that tech for its Snapdragon 8 Gen 4 processor which is also coming later this year. So the two competitors will reach for the same manufacturing tech.

This processor will rely on ARM’s CPU and GPU designs

In any case, Digital Chat Station also mentioned that the Dimensity 9400 will rely on ARM’s CPU and GPU designs. We do know that the Cortex-X5 will be included, but not much else, unfortunately.

It will be interesting to see what kind of setup will MediaTek use. With the Dimensity 9300, the company decided to ditch efficiency cores altogether. It remains to be seen if the same will happen with the Dimensity 9400, but the rumors are saying it will.

Also, Qualcomm is switching to its custom Oryon cores later this year. So it remains to be seen how will that improve the chip, or perhaps lead it down a different path. The battle between Qualcomm and MediaTek chips is on the table every year, and we’re looking forward to this year’s. Oryon cores and a brand-new manufacturing process will certainly keep things interesting.


[ad_2]
Source link

Apple launches important podcasts feature with iOS 17.4

0
[ad_1]

Apple announced a lot of changes yesterday, including a complete rehaul of the App Store to allow sideloading, as well as new fees for those publishing their apps through the store. Many more changes have already been introduced with iOS 17.4 but they may have been overlooked in favor of the more important ones announced specifically for the EU.One such new feature that Apple has added with iOS 17.4 is transcripts for podcasts. Apple Podcasts have been around since 2012, although the Cupertino-based company supports podcasts for nearly two decades.

Transcripts allow Apple Podcasts listeners to read the full text of an episode, search for the episode for a specific word or phrase, as well as tap the text to play from that point in the episode.

It’s a nifty feature that makes it so much easier for anyone to access podcasts. Once transcripts are enabled, each word is highlighted while the episode plays. Additionally, Apple Podcasts users can access transcripts from the episode details page. Simply touch and hold a podcast episode and the option to view a transcript will show up.

Apple notes that it automatically generates transcripts after a new episode is published. However, there will be a short delay while Apple processes the transcript.

According to the company, if parts of an episode change with dynamically inserted audio, Podcasts won’t be able to display the segments of the audio that have changed since the original transcription. It’s also important to add that music lyrics are not displayed in the transcripts.

As far as availability goes, transcripts are now live in iOS 17.4 for podcasts in English, French, German, and Spanish. Apple says that more transcripts are being added to podcasts over time and that the new feature can be accessed in over 170 countries and regions.


[ad_2]
Source link

How to remote control PC from Android phone and vice versa?

0
[ad_1]

In today’s highly connected world, remote access to our devices provides much-needed flexibility in our daily lives. The ability to control computer with phone, or vice versa, enables us to access files, applications, and more from anywhere conveniently. This article will discuss how you can establish remote connectivity between an Android phone and a Windows PC using specialized remote access software.

We will cover how to control your PC using your Android device, as well as how to remotely control Android phone from your computer. Whether you need to quickly transfer files or fully operate your computer while on the go, read on to learn how remote desktop apps can make device control efficient and straightforward.

Part 1. Can I Control My PC from Android and Vice Versa?

The short answer – is yes; you can control PC with phone or Android device and also control a phone from PC. Technological advancements in remote desktop software now allow us to mirror one device’s screen onto another and even fully control it with special permissions. Apps like Avica Remote Desktop provide user-friendly mobile and desktop platforms equipped with all the necessary tools to enable seamless remote connectivity.

Part 2. How to Remotely Control PC with Android Phone

As working professionals and students increasingly operate on the move, securing instant remote access to your personal computer proves vital for productivity. This is where Avica’s mobile app steps in – serving as the ultimate solution for controlling your PC directly from Android smartphones and tablets.

With efficient features like low latency, multi-screen previews, and accessibility permissions, Avica guarantees a lag-free remote control experience between PC and Android. Its compatibility across Windows and Android operating systems makes remote device control achievable by anyone with the right permissions enabled. So whether you have an urgent file to access or want full control over applications, Avica’s remote desktop app facilitates it with ease.

Quick Look at Avica’s Standout Features:

Before moving on to the step-by-step PC access guide, first, let’s briefly highlight some of Avica’s winning attributes that make mobile-based remote connectivity a breeze:

Cross-Platform Versatility: With support for Windows, macOS, iOS and Android operating systems, Avica facilitates seamless and stable connections across multiple devices.

Minimal Latency: Avica’s cutting-edge video encoding technology minimizes lag, allowing up to 144fps refresh rates for smooth remote operations.

Enterprise-Grade Security: It implements bank-level end to end AES-256 encryption for securing data transfers between devices.

Zero Configuration Requirements: Get remotely connected instantly without tedious network configurations for LAN-paired devices.

With these reliable capabilities now guaranteed by Avica, accessing critical computer applications, files, and even software tools on the go have become more efficient.

Step-by-Step Guide to PC Control from Phone via Avica

Follow these easy instructions to start controlling your Windows PC straight from the Avica mobile app installed on your Android phone/tablet:

1. Install and Launch the Avica App

Download and install the Avica app on your PC and Android Phone. You can get Avica app from its official website or get Avica mobile app from Google Play. Register using your email ID and set up a strong password.

2. Enable Remote Connectivity on PC

Head to your Windows PC’s settings to toggle “Remote Access” permissions, along with enabling screen recording and input control.

Avica image 1

3. Access PC’s Unique Device ID

Your PC will now display a unique Avica ID and Password. Note these down to pair with your smartphone.

4. Connect Android Device via the Avica App

On the Avica mobile app, head to the ‘Remote Control’ tab. Enter your PC’s Avica ID and the prompted access Password to connect.

Avica image 4

5. Manage PC Directly from the Android Interface

You’ll now gain complete remote control for PC over your Android. Access files, run software tools, and control media – all directly through Avica’s intuitive mobile interface!

Avica image 3

Handling business-critical work or creative applications is now possible remotely via your mobile, thanks to Avica’s top-notch remote access capabilities. Simply install the app and follow the guided instructions above to effortlessly access your PC’s digital workspace straight from Android devices!

Part 3. How to Remote Control Android from PC

Just as you can control your PC from an Android device, Avica also lets you access and manage your Android phone/tablet directly from your Windows computer. After enabling the necessary permissions, Avica grants you full authority over your Android screen – letting you access app files, run queries and much more.

Follow these simple steps to get started with remote control Android using Avica desktop:

1. Download and install the Avica desktop remote access software on your Windows PC. Similarly, install the Avica mobile app on your Android device as well.

2. Set up your account credentials in both apps by adding your email ID and setting up a strong password. Sign into both apps.

3. On your Android device, go to Avica’s app settings and toggle the “Allow remote access” control to enable connectivity permissions.

4. You’ll now need to permit additional accessibility controls like screen recording and usage access. Enable all prompts-related permissions. You can remote into Android phones if permissions are enabled.

5. Under the connectivity tab, you’ll find the unique “Device ID” and “Password” keys for your Android device required to pair your PC. Note these down.

6. Head to your Avica app on PC, and under “Remote Session,” add your Android phone’s Device ID and enter the password when prompted.

7. You’ll now have seamless remote accessibility and control phone from PC through your PC’s keyboard and mouse.

Conclusion

The ability to control devices remotely paves the way for the future of computing mobility. With efficient remote connect device apps like Avica now bridging the gap between PCs and phones, staying productive on the go is easier. Its reliable connectivity protocols, intuitive control mechanisms, and multi-device support cement its position as a pioneering solution for remote device management. Implement the app’s features into your workflow to access computer applications from anywhere and even full device control for added convenience. Avica’s remote control capabilities usher in flexibility into our device access models, helping both the personal and professional realm.


[ad_2]
Source link