Some Android phones can now share your medical data during a 911 call, similar to iPhones

0
[ad_1]

Your Android phone is your companion in life. Your girlfriend may leave you, and your car may suddenly stop working in the middle of the highway during your vacation, but your phone will always be there for you. Well, as long as you keep it charged and don’t accidentally drop it off a cliff and destroy its display. And now, your Android phone could even help save your life if it supports the Personal Safety app (via Engadget).As the people behind RapidSOS, the platform that both Android and iOS use to send data to first responders, announced in a new blog post, Android phones with the Personal Safety app can now automatically send medical data to first responders when making a call or sending a text to 911. The data could include caller name, allergies, medications, preexisting conditions, emergency contacts, and more, depending on what you’ve chosen to share.To turn on the new feature, open the Personal Safety app, go to your info, tap “Emergency info access” and choose “Share during emergency call.” We should note that the Personal Safety app comes preinstalled on Pixel phones since the Pixel 4, so if you are a Pixel user, you should already be able to enable the new feature. If you are not using a Pixel phone, you can always visit the Personal Safety app page on the Google Play Store and see if you can install it on your trusty smartphone.

Now, if automatically transmitting medical data in an emergency call sounds familiar to you, it’s because it’s not really a novelty. Ever since 2020, when Apple released iOS 13.5, iPhones have had the ability to transmit health data to first responders automatically in an emergency call. So it’s nice that Android phones equipped with the Personal Safety app can do the same. Of course, we honestly hope your phone will never have to use this new feature, but it’s nice to know that the dispatched medical team will have your medical information beforehand if something happens to you, God forbid.


[ad_2]
Source link

Most Underrated Smartphone of 2023 – ASUS ZenFone 10

0
[ad_1]

The ASUS ZenFone 10 is an ideal smartphone for many people in so many ways, it’s a shame it’s so underrated.

We’ve picked the ASUS ZenFone 10 as our ‘Most Underrated Smartphone’ of 2023, and gave it an award to recognize that. Well, our readers seem to agree with us, as they did the same. We’ve placed a poll on X (formerly known as Twitter), and allowed our readers to share their opinion. The ASUS ZenFone 10 won in that category, rather comfortably. It managed to grab 39.1% of all votes, and is followed by the OnePlus Open, which grabbed 26.1% of the votes. The Pixel 7a is third with 21.7% of the votes, and the Motorola Razr is fourth with 13%.

This does not surprise us, to be quite honest, and we did expect the ZenFone 10 to win. ASUS created a truly compelling smartphone, which is not only compact enough to be very comfortable to use, but also excels in so many ways. The phone offers outstanding performance, capable cameras, good display, and staggering battery life, especially considering its size. Its software offering is also great, as it’s basically stock Android with some useful features sprinkled on it. ASUS is unfortunately not as popular in the smartphone world as it should be in order for this phone to sell. So, this award does make sense. We’ll get more into it below.

This size is just right for comfortable, one-hand use… without the display being too small

One of the main selling points of the ASUS ZenFone 10 is its size. This smartphone has a 5.9-inch display, and it’s smaller than basically all flagship smartphones in the market. It is not nearly as small as something like the iPhone SE 2022, though, and that’s a good thing. The iPhone SE 2022 is too small for comfortable use, many people would agree. However, a 5.9-inch display is large enough for basically anything, and it doesn’t make this phone a brick that is uncomfortable to handle. This is one of the best phones for one-handed usage on the market, at least as far as flagship-grade devices are concerned. Not only is its size great, but it’s also not heavy at all.

ASUS ZenFone 10 image 402
ASUS ZenFone 10 back side

The fact that ASUS opted for a somewhat grippy backplate only helps things. It used plastic, but it doesn’t feel like plastic. It feels like a combination of plastic, rubber, and paper, kind of. Regardless, it’s much less slippery than glass is. The sides of the phone are flat, with chamfered edges, and the device simply feels great in the hand because of it. The fact its corners are rounded also helps, of course. The ASUS ZenFone 10 also comes in some fun colors, including Black, Blue, Green, Red, and White, giving you plenty of options. The aforementioned display is good, and it offers a high refresh rate. It could be a bit brighter, but it’s bright enough as it is, so… it’s hard to complain.

Outstanding performance, and surprising battery life

The ASUS ZenFone 10 is one of the smoothest smartphones on the market. We were thoroughly impressed when we used the phone, and our ASUS ZenFone 10 review does reflect that. We’re still using the phone on and off, and even compared to some newer devices, it’s still flying high. Its software definitely has something to do with it, but its specs are also truly powerful. The Snapdragon 8 Gen 2 is backed by up to 16GB of LPDDR5X RAM and UFS 4.0 flash storage. The apps load fast, multitasking is a breeze, and the phone is even great for gaming, as long as you don’t find that display size too confining.

Also, the phone has outstanding battery life. When people talk about compact phones, the battery life argument always pops up. Smaller phones usually have worse battery life, unfortunately. Well, that’s not the case with the ZenFone 10, not at all. We managed to push this phone past the 10-hour mark a number of times. Even if you’re truly pushing it, getting over 8 hours of screen-on-time should be possible. It can actually go head-to-head with the best of the best in terms of battery life, and that’s a huge positive here.

ASUS Zenfone 10 Review AM AH18
ASUS ZenFone 10 display

ASUS did also add wireless charging to the phone, after omitting that feature on the ZenFone 9. So not only does it offer 30W wired charging, it also supports 15W wireless charging. Reverse wired charging is supported too, and the charger is included in the box.

What about the cameras?

Is the camera performance any good? Well, this phone does shine in so many ways, that the cameras are actually overshadowed by everything else. The camera performance is good, but there are limitations. The noise does tend to pop up in low light, and the phone often oversharpens images, while the saturation is also used a bit much in some scenarios. On the flip side, it is very consistent, it will stick to its style across all scenarios, and does a great job in HDR conditions too. The ultrawide camera is more than good enough, and it keeps up with the main sensor in terms of colors.

The ASUS ZenFone 10 is easily the most underrated smartphone of the year. I’m glad both us and our readers agree on that front. We do hope that ASUS will continue pushing out these compact flagships, and also work more on its marketing so that more people can experience how great they are.


[ad_2]
Source link

YouTube now offers Creators more control over their videos’ comments with a new “Pause” option

0
[ad_1]
Youtube Content Creators can now enjoy a little breather with the introduction of a new “Pause” feature in their comment moderation toolbox. This straightforward option gives them the power to freeze the creation of new comments for a specific video, while simultaneously preserving existing comments. This provides much-needed flexibility for managing online discussions and maintaining a positive online environment.Prior to this update, Content Creators only had the harsh choices of either disabling comments entirely or manually reviewing each one before it appeared publicly. This could be burdensome, especially for popular channels with a constant influx of comments.

The “Pause” option offers a much-needed middle ground, allowing creators to take a break from moderating comments when they become overwhelming — without resorting to complete shutdowns — and gain more control over the conversation by temporarily stopping the flow of new comments. This can be helpful during live streams or other unpredictable situations where managing comments in real-time can be challenging.

YouTube revealed that during the testing phase of this feature, both creators and moderators found the “Pause” option to be incredibly useful. It suddenly empowered them to create a more positive and engaging community, focus on other aspects of their channel, or simply take a mental break.

This update also marks a renaming of existing comment moderation settings for clarity and ease of use. However, the underlying functionality remains the same. Here’s a quick breakdown of the available options:

  • On, with optional comment moderation settings:
    • None: All comments are automatically published without review.
    • Basic: Potentially inappropriate comments are held for review.
    • Strict: A wider range of potentially inappropriate comments are held for review.
    • Hold All: All comments are held for review.
  • Pause: No new comments can be posted, but existing comments remain visible.
  • Off: Comments are disabled entirely.

Credit: YouTube Creators Channel

The new “Pause” feature is a welcome addition to YouTube’s comment moderation tools, offering creators more control and flexibility in managing their online communities. I’m curious to see how the larger YouTube community will react to this change and whether it will become part of the solution when it comes to curbing comment spam.

[ad_2]
Source link

AH Reader’s Choice Awards: Best Budget Phone of 2023

0
[ad_1]

The Google Pixel 7a made us fall in love with it, and it looks like our readers feel the same way

It’s the end of the year, and it’s time to do a wrap on some of the best phones we’ve seen these past 365 days. There were a ton of amazing affordable phones that came out over 2023, but one phone seemed to resonate the most with our readers, and that’s the Google Pixel 7a.

Many of our readers most likely purchased this phone when it launched earlier this year. If you’re looking to pick up a Pixel 7a for yourself, you won’t be sorry. This handset was able to bring the best Pixel experience for its price, and it definitely outshined other phones in the same bracket.

The thing that makes this phone incredible is the attention and care that Google had put into this phone to give you the best Pixel experience at $500. Both the hardware and software are developed by Google, so you know that it’s designed to work seamlessly and smoothly. It uses the same hardware powering the amazing Pixel 7 Pro, and it’s in a $500 phone!

This means that it’s going to be incredibly powerful, as we’re talking about flagship-level hardware. Not only that, but Google is a huge AI company. The Pixel 7 Pro was one of the smartest phones on the market because of the powerful artificial intelligence that comes on the chip. Well, you’re getting that same chip this time around.

We can’t forget about that screen

This phone has a screen that’s comfortably small, but it’s still able to give you a top-notch viewing experience. Google gave this one of its amazing screens. Google used the same screen in this phone that it used with the Pixel 7. However, it just won’t be as silky smooth. Anyway, this screen is still beautiful. Whatever you’re watching on this phone will pop. It doesn’t matter if you’re watching movies, TV shows, or videos, you’re going to have a great time. Google calibrated the display to be one to beat.

What’s a Pixel if not a great camera phone?

We can’t talk about the Pixel 7a without talking about the amazing camera experience. Pixel phones are known for their superior cameras, and this phone is no exception. No doubt, the Pixel 7a has one of the best cameras of any phone of this price, if not the best.

Using Google’s amazing image processing capabilities, this phone produces results that will impress anyone. It’s truly a fantastic camera for both well-lit and low-light shots. If you’re a person who wants a powerful camera experience in your phone, then the Pixel 7a’s camera is for you.

Take those aspects and bundle them with great speakers and battery performance, and you have the best phone that you can get for only $500. This is why the Pixel 7a won the AH Reader’s Choice Award.


[ad_2]
Source link

iPhone 16 to get a major microphone upgrade for AI purposes

0
[ad_1]

Apple will seemingly issue a major microphone upgrade for the iPhone 16. This information comes from Ming-Chi Kuo, a well-known analyst, who shared his thoughts via the Medium platform.

The iPhone 16 could get a major microphone upgrade to boost AI

He said that “strengthening Siri’s hardware and software features and specifications is the key to promoting AI-generated content”. He basically said that Apple will rely on improved voice input to boost Siri, kind of.

Apple’s generative AI goals and integration of large-language models (LLMs) into Siri seem to be the goal. Now, these improved microphones will offer a better signal-to-noise ratio, first and foremost. Better water resistance is also mentioned.

Considering that many other companies are heavily focusing on generative AI, Apple will seemingly go in that direction as well. It’s not exactly a secret that Siri has been lagging behind the competition, so we can expect some major improvements moving forward.

The Siri team got reorganized earlier this year

Apple actually reorganized the Siri team in Q3 this year, so that it gets the best possible team to push the tech forward. Now, it seems like AAC and Goertek will supply microphones for the iPhone 16.

Kuo says that the “ASP of microphones for each iPhone 16 will be at least 100–150% higher than that of the iPhone 15”.

The iPhone 16 series is not exactly around the corner. The Apple iPhone 15 models were announced a couple of months ago, so we’re in for a long wait. The iPhone 16 series will almost certainly arrive in September next year.

Based on everything we’ve seen thus far, generative AI will be a huge focus for Apple. That goes for both iPhone 16 and iOS 18 in combination. This is not the first time we’ve seen such rumors, nor is it the first time the info is coming from a trusted source.


[ad_2]
Source link

Threads rolls out “Tags”, its own simplified version of hashtags

0
[ad_1]

Meta’s Twitter competitor, Threads, is adding a new feature called “Tags,” which aims to simplify the way users categorize and discover content. Unlike traditional hashtags, Tags offer a more focused and streamlined approach to topic grouping, with several key differences.
Firstly, Threads limits users to just one tag per post. This eliminates the clutter of spammy hashtag lists often seen on other platforms, allowing for more meaningful and focused discussions. Meta believes this approach makes it easier for users to find and engage with content they’re genuinely interested in.

Secondly, Tags are integrated seamlessly within the text, appearing as blue hyperlinks rather than standalone hashtags prepended with the # symbol. This creates a cleaner and more visually appealing experience, while still maintaining their functionality.

Adding a Tag is simple: users can either type the # symbol followed by the desired Tag text directly within their post, or select it from the new post UI. This intuitive design ensures accessibility and ease of use. Unfortunately, it does not appear that tags are yet supported on the web version of the app, even if you manually type in the tag (#) symbol.

Instagram and Threads boss, Adam Mosseri, explained in his own post that Tags also support phrases and special characters, and that their purpose is to help “categorize your posts and make it easier for others to find and join in on the conversation.” He also stressed that the decision to not show the famous hashtag (#) symbol in the published post and to limit tags to one per post was done purposely in order to discourage engagement hacking.

With its focus on simplicity and clarity, Threads’ Tags feature represents a fresh approach into organizing topics and conversations in a more intelligent and user-centric manner. Keeping spammers out of the platform’s search results has been a goal for the platform and hopefully this implementation achieves just that.

[ad_2]
Source link

Bluetooth Vulnerability Enables Keystroke Injection on Android, Linux, macOS, iOS

0
[ad_1]

Keystroke injection is a method wherein malicious commands or keystrokes are remotely injected into a system to compromise or manipulate its functionality, often exploited for unauthorized access or control.

A critical vulnerability in Bluetooth allows attackers to take control of Android, Linux, macOS, and iOS devices, including devices in Lockdown Mode. This vulnerability is tracked as CVE-2023-45866 and disclosed by security researcher Marc Newlin. 

It enables attackers to connect to vulnerable devices without user confirmation and inject keystrokes, potentially allowing them to install malicious apps, run arbitrary commands, and perform other unauthorized actions (except those requiring password/biometric authentication). The software vendors were notified about the flaw in August 2023.

This vulnerability was first identified in 2016 in non-Bluetooth wireless mice and keyboards. Back then, it was assumed that Bluetooth was secure and promoted as a better alternative to vulnerable custom protocols.

In 2023, a challenge forced Newlin to focus on Apple’s Magic Keyboard due to its reliance on Bluetooth and Apple’s security reputation. Initial research revealed limited information about Bluetooth, macOS, and iOS, necessitating extensive learning. 

Later, unauthenticated Bluetooth keystroke injection vulnerabilities in macOS and iOS were discovered, which were exploitable even when Lockdown Mode was enabled. Similar flaws were identified in Linux and Android, suggesting a broader issue beyond individual implementations. The Bluetooth HID specification analysis revealed a combination of protocol design and implementation bugs.

Newlin explained in his post on GitHub that multiple Bluetooth stacks had authentication bypass vulnerabilities. The attack exploits an “unauthenticated pairing mechanism” defined within the Bluetooth specification, tricking the target device into accepting a fake keyboard.

This deception allows an attacker in close proximity to connect and inject keystrokes, potentially enabling them to install apps and execute arbitrary commands. It is worth noting that unpatched devices are vulnerable under specific conditions, such as:

  • Android: Bluetooth must be enabled.
  • Linux/BlueZ: Bluetooth must be discoverable/connectable.
  • iOS/macOS: Bluetooth must be enabled, and a Magic Keyboard must be paired with the device.

These vulnerabilities can be exploited with a standard Bluetooth adapter on a Linux computer. Notably, some vulnerabilities predate “MouseJack“, affecting Android devices as far back as version 4.2.2 (released in 2012). 

In a comment to Hackread.com, Ken Dunham, Director of Cyber Threat at Qualys said “The two new Bluetooth vulnerabilities that exist for Android, Linux, MacOS, and iOS enable unauthorized attackers to perform an “unauthenticated pairing”, then possibly enable execution of code and to run arbitrary commands.”

“Bluetooth attacks are limited to close physical proximity. As a workaround, users of vulnerable systems can limit their attack surface and risk until patched by disabling Bluetooth,” Dunham advised.

While a fix for the Linux vulnerability existed since 2020 (CVE-2020-0556), it was surprisingly left disabled by default. Despite announcements by major Linux distributions, only ChromeOS is known to have implemented the fix. The latest BlueZ patch for CVE-2023-45866 finally enables this crucial fix by default.

It is a serious vulnerability impacting a vast array of devices, exposing potential security risks inherent to Bluetooth technology. However, according to Google, “fixes for these issues that affect Android 11 through 14 are available to impacted OEMs. All currently-supported Pixel devices will receive this fix via December OTA updates.”

  1. BlueRepli attack bypasses Bluetooth authentication on Android
  2. BleedingTooth Bluetooth vulnerability allows RCE in Linux devices
  3. Update your devices: New Bluetooth flaw lets attackers monitor traffic
  4. BlueBorne Bluetooth Flaw Affects Millions of Smartphones, IoT and PCs
  5. Hackers can crash Google’s Nest Dropcams by exploiting Bluetooth flaws

[ad_2]
Source link

The Galaxy Note 20, A52 & more snag the December update

0
[ad_1]

A couple of days back, Samsung released the December security patch for the Galaxy S23 series in the US. The new security update has yet to roll out to the phones in other markets. Meanwhile, a few more Galaxy devices have started picking up the latest SMR (Security Maintenance Release). The December security update is available for the Galaxy Note 20 series, Galaxy A52, and Galaxy A03.

The Galaxy Note 20 series gets Samsung’s December update

Samsung stopped making Note-branded flagship phones after the Galaxy Note 20 series in 2020. It brought the S Pen to the Ultra model in the S series. Debuting with Android 10, the last Note phones received updates up to Android 13. They aren’t eligible for Android 14 or other feature updates. It’s only security patches for them now, at least until August 2024.

Thankfully, Samsung is still pushing those security releases to the Galaxy Note 20 and Galaxy Note 20 Ultra every month. The December 2023 SMR is rolling out to both 4G and 5G versions of the duo in Latin America. The new firmware build number for the 4G versions is N98*FXXS9HWL1. That, for the 5G versions, is N98*BXXS9HWL1. The official changelog supplied by Samsung confirms that the update doesn’t bring any new features.

The Korean firm recently revealed that the December SMR patches more than 60 vulnerabilities. These include seven critical and 40-odd high-severity security flaws in the Android OS, as well as over a dozen Galaxy-specific issues affecting Contacts, Knox Guard, Smart Manager, AR Emoji, Camera, and other system components. The latest update patches these issues on the Galaxy Note 20 phones.

The two Note phones should soon receive the December security update in more markets, including the US (4G versions weren’t released in the US). If you’re holding onto these aging but iconic Samsung devices, watch out for a notification promoting you to download the update over the air (OTA). You can also manually check for updates from Settings > Software update > Download and install.

The latest security patch is also available for the Galaxy A52 and A03

Alongside the Galaxy Note 20 series, Samsung is pushing the December security update to the Galaxy A52 and Galaxy A03. The 4G version of the former is receiving the update with the build number A525MUBS6DWK3. It is A035FXXS5CWK1 for the latter. There is no 5G version of the Galaxy A03, which isn’t eligible for Android 14. The Galaxy A52, meanwhile, is expected to receive the Android 14 update later this month.


[ad_2]
Source link

How to access Google Gemini

0
[ad_1]

The next generation of Google’s AI is here, as the company launched Gemini. It, in many ways, succeeds Bard, and it’s meant to be a proper competitor to OpenAI’s GPT-4. If you’ve been following this model’s development, then you should be excited to sink your teeth into it. Well, if you don’t know how, then here’s how to access Gemini.

At this stage, there’s more than one way to try out this model, but not all of them are available. As of December 2023, the most advanced version of Gemini isn’t available to the public. This article will be updated when it’s available. For the time being, two of the three versions of the model are accessible for you to use.

Also, at the time of writing this article, Gemini is still new. Google will most likely make the model accessible from more sources as time goes on. Be sure to check back to see if there are any additional ways to access it.

How to access Google Gemini

It’s time to take your AI to the next level, and you think that Gemini is the way to do so. It’s a leap over Bard, and it could be just what your business needs to become more streamlined. So, how do you gain access to this powerful model? There are a few ways that you can access it right now.

Before we get started, it’s important to know that there are three versions of Gemini. The largest and most capable version is called Gemini Ultra. This is the high-octane enterprise-level AI solution that major companies are going to be using.

Below that, there’s Gemini Pro, which is a great middle ground. It’s powerful (more powerful than Bard), and it should be perfect for startups and independent users.

Lastly, the smallest version is called Gemini Nano. This version is perfect for on-device computations, so it’s much smaller in scale compared to the others.

Through the Pixel 8 Pro

This might surprise you, but one way that you can access Gemini is through the Google Pixel 8 Pro. If you have this phone, then you have access to a version of the model called Gemini Nano. It’s the most compact version of the model, and it’s optimized to fit on a phone. Gemini Nano is designed for on-device computations.

Because it was added to the Pixel 8 Pro, this makes it essentially one of the smartest phones on the market if not the smartest. It runs the Google Tensor G3 chip, which is a chip that’s designed around AI. It already ran some insane AI before Gemini. Now, the company boosted its AI prowess with the new model.

Summarize in Recorder

Now, Gemini Nano will manifest in two key features in the phone right now. Starting off, there’s Summarize in Recorder. When you’re using Google’s voice recorder app, you’ll be able to use the AI on your chip to transcribe your audio recordings. Then, it will use generative AI to create a short and sweet summary of those recordings.

Say, you record a conversation with your friend about a story idea, and it goes on for some time. You can use the tool to give you a quick summary of your conversation and pick up on what ideas you discussed.

Smart Replies

Next, there’s the Smart Reply function. This feature goes through Gboard, and it will suggest replies that you can send to people you’re talking to in your conversations. While a feature like this isn’t entirely new, it will use conversation awareness to get an idea of what you’re talking about. Then, it will suggest the replies based on the conversation.

A list of only two features might sound disappointing, but Gemini just launched. As time goes on, we expect Google to roll out more features that leverage Gemini Nano. If you plan to pick up a Pixel 8, you’ll be able to see these features first-hand.

One thing to note is that more chips are being built with more powerful on-device AI capabilities. There’s no telling if we’ll see Gemini Nano make it to other phones using other chips.

Through Bard

If you’re an avid Google Bard user, then you’ve probably already had a taste of Gemini without knowing it. As a part of the release, Google upgraded Bard with a “fine-tuned” version of Gemini Pro. We’re not sure what Google means by “fine-tuned” exactly, but we’re sure that it means that it was trimmed down a bit in terms of its capabilities.

Gemini is multimodal, so it can understand and produce multiple forms of media including text, images, audio, and video. However, For the time being, Bard will not be getting multimodal capabilities. You’re still bound to text output.

Regardless, you’ll be able to enjoy the advanced reasoning capabilities that come along with Gemini Pro. So, your responses will be much smarter, and you’re less likely to run into hallucinations.

Gemini Ultra

If you’re disappointed that Gemini Pro for Bard doesn’t have multimodal capabilities, well this release might be what you’re looking for. In early 2024, Google is going to introduce an even more augmented version of Bard that’s powered by Gemini Ultra. The implementation of Gemini Ultra will bring the multimodal capabilities to Bard that you’ve been hoping for.

Gemini Ultra is the largest and most powerful version of the model, and it outpaces Gemini Pro in several areas. Getting access to it will bring much better reasoning capabilities and just an overall smarter experience.

The only thing is that we’re not sure how accessible it’s going to be. It’d be nice if people could access it free of charge, but there’d be no point in making Pro available to the public. We expect that Google will put Gemini Ultra behind a paywall. Gemini Ultra is an ultra-capable model, and there’s no doubt that it’s built for large enterprise applications. We expect the company to charge an enterprise fee, but that remains to be seen.

How to access Bard

If you’re not a Bard member, then you’ll need to sign up before using it. Go to the Google Bard website and sign in with your Google account. After you do that, you’ll want to take the time and read the information that the company presents you with. The company should give you information about what Bard is all about and how the company is using your data. If you’re careful about your data, take the time to read any information that the company gives you.

After that point, you’ll see Bard in all of its glory. You’ll see the chat bar at the bottom of the screen. At this point, you’ll be looking at the upgraded version of Bard that’s powered by Gemini.


[ad_2]
Source link

Exploitation Methods Used by PlugX Malware Revealed

0
[ad_1]

PlugX malware is sophisticated in evasion, as it uses the following techniques to avoid detection by antivirus programs, making it challenging for security measures to identify and mitigate its presence:-

  • Polymorphic coding
  • Rootkit functionalities
  • Encryption

That’s why PlugX malware stands out as a challenging and evasive malware in the ever-evolving landscape of cybersecurity threats.

With its advanced capabilities, it has a history marked by:-

  • Cyber espionage
  • Targeted attacks
  • An ongoing battle with security experts

Cybersecurity researchers at Splunk recently unmasked all the sophisticated evasion techniques used by the PlugX malware.

Technical analysis

The PlugX variant, like predecessors, sideloads ‘version.dll’ via ‘msbtc.exe’ to execute malicious code. Meanwhile, the ‘msbtc.dat’ decryption begins with ‘Version.DLL’ using the RC4 algorithm in the ‘VerQueryValueW’ function. 

After that, the successful decryption activates the critical headers for final payload decompression.

Decryption and Decompression of PlugX Payload (Source – Splunk)

Malware advances to a second decryption layer with XOR and basic math in the researchers’ extraction tool. Transformations create the compressed layer, unpacked with the ‘RtlDecompressBuffer()’ API.

The ‘msbtc.cfg’ decryption differs from ‘msbtc.dat.’ It uses the same key and RC4 algorithm as ‘Version.DLL’ for efficiency. A Python tool, plugx_extractor.py, automates extraction, simplifying analysis and empowering security professionals.

The PlugX decrypts ‘msbtc.dat,’ injects into ‘msdtc.exe,’ a Windows service managing distributed transactions, and does the following things:-

  • Communicates with C2 server.
  • Retrieves host info.
  • Queries ipinfo.io for network details.
  • Adds “Microsoft Edge” firewall rule for covert communication on a specified port like 7777.
  • Manipulates host settings for stealthy operation.
  • Installs a service on ‘msbtc.exe’ for persistence and elevated privileges.

To perform the following two essential functions, this service is configured:-

  • Automated Decryption
  • Dynamic Payload Loading
Create msbtc.exe services (Source – Splunk)

PlugX’s initial phase erases past traces for seamless reinstallation, dropping essential components in “%programdata%\MSB.” 

It gains privilege escalation by impersonating the user through “explorer.exe,” hiding activities. The malware features keylogging, discreetly storing data in “%ALLUSERPROFILE%\MSB\kl” for exfiltration to the C2 server.

IOCs

IOCs (Source – Splunk)

[ad_2]
Source link