OilRig C#/.NET Backdoor to Attack Wide Range of Industries

0
[ad_1]

OilRig (APT34) is an Iranian cyberespionage group active since 2014, targeting Middle Eastern governments and various industries like:-

  • Chemical
  • Energy
  • Finance
  • Telecom

OilRig launched DNSpionage in 2018-2019 against Lebanon and the UAE, followed by the 2019-2020 HardPass campaign using LinkedIn for energy and government sector targets.

Recently, the cybersecurity researchers at ESET have identified and analyzed two OilRig APT group’s campaigns:- 

  • Outer Space (2021)
  • Juicy Mix (2022)

These cyberespionage campaigns exclusively targeted Israeli organizations, following their Middle East focus. They infiltrated via legitimate websites, employing VBS droppers for C#/.NET backdoors and post-compromise data tools.

Document
FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Campaign Overview

  • Outer Space: It’s an OilRig campaign from 2021 that used an Israeli HR site as a C&C server for the Solar backdoor. Here, with basic functions, the Solar led to SC5k downloader, while MKG was used for browser data exfiltration.
OilRig
OilRig’s Outer Space compromise chain (Source – ESET)
  • Juicy Mix: In 2022, OilRig launched a fresh campaign, Juicy Mix, targeting Israeli groups with upgraded tools, compromising a job portal for C&C, then hitting an Israeli healthcare org with Mango backdoor, two secret browser-data dumpers, and a Credential Manager stealer.
OilRig
Components used in OilRig’s Juicy Mix campaign (Source – ESET)

Technical Analysis

Both campaigns used VBS droppers, likely delivered via spearphishing emails to establish system access. 

These droppers delivered Mango, ensured persistence, and connected to the C&C server. At the same time, the embedded backdoor used base64 encoding and simple string deobfuscation for concealment.

After embedding the backdoor, the dropper schedules Mango (or Solar) to run every 14 minutes and sends the compromised computer’s name via a base64-encoded POST request to the C&C server.

OilRig’s Outer Space campaign deploys Solar, a simple yet versatile backdoor capable of downloading, executing files, and autonomously exfiltrating staged data.

flow of Solar
Initial execution flow of Solar (Source – ESET)

OilRig replaced Solar with Mango in Juicy Mix, sharing a familiar workflow and capabilities but featuring significant distinctions.

Mango initiates an in-memory task running every 32 seconds like Solar, communicates with the C&C server, and executes commands. However, Mango differs by replacing Solar’s Venus task with a new exfiltration command.

Post-compromise tools

Here below, we have mentioned all the post-compromise tools:-

  • SampleCheck5000 (SC5k) downloader
  • Browser-data dumpers
  • Windows Credential Manager stealer

With backdoor-like implants, OilRig advances from Solar to Mango. They still utilize conventional techniques to obtain user data while using specialized technologies for data collection.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

Google Pixel 8 & Pixel 8 Pro pricing revealed early

0
[ad_1]

Google Pixel 8 and Pixel 8 Pro are scheduled for launch on October 4. Thanks to an X tipster, we know how much they will cost in the US market.

The previous seven generations of Google Pixel have strengthened their foothold in the market. Now, millions of fans worldwide are waiting for the unveiling of the eighth generation. The Pixel series could challenge flagships from other companies by offering a pack of solid hardware and a pure taste of Android at a competitive price.

The Google Pixel 8 and Pixel 8 Pro are expected to follow the same path. According to the latest information, the Pixel 8 starting price in the US is $699. The price also soars to $899 for Pixel 8 Pro. The information comes from a screenshot from Google and confirms the devices won’t get a price hike. F6yjkFXXAAAJjKc

This is how much the Google Pixel 8 series costs in the US

Some high-quality renders from the Google Pixel 8 series were leaked a few days ago that demonstrated the phone in all angles and colors. As for the design, there isn’t much difference between the seventh and eighth generations. However, the Pixel 8 Pro camera array now puts all three modules in an elongated oval instead of separating them. Google added Obsidian Black, Porcelain, and Sky Blue colors to the Pixel 8 Pro lineup.

The screenshot also gives even more details about the hardware and camera. The Google Pixel 8 uses a Tensor G3 chip with 8GB of RAM. We also know the phone’s rear camera consists of a 50MP wide module and a 12MP ultrawide with Macro Focus. A 10.5MP front camera is also there.

The Google Pixel 8 Pro will launch with the same Tensor G3 processor, but it has 12GB of RAM under the hood. The device has a triple camera setup, which includes a 50MP wide module, a 48MP ultrawide with Macro focus, and a 48MP lens with 5x telephoto. The selfie camera also has a 10.5MP lens.

Based on the current information, the Pixel 8 series has slightly improved over the previous generation, and no revolutionary upgrade is waiting for you. A faster processor and a better camera. That’s all that you get.


[ad_2]
Source link

Meta adds another highly-requested feature to Threads

0
[ad_1]

Threads had an impressive drop in number of users soon after Meta officially introduced the social app. Although that’s somewhat normal, not many have returned after the big exodus, on the contrary, more people stop using the app because it lacks some basic features that the competition has had for a long time.Despite that, Threads continues to be improved with new features almost on a weekly basis, so if you’re one of the people who are still using the app, know that you’ll be getting something new every several days now.

Even though some of these features might seem unimportant at first glance, most of them are features that a social app can’t function well without or don’t offer a complete experience.

The most recent new feature introduced by Threads is the ability to switch between multiple profiles. The new feature is now available on mobile, the app confirmed on its official Threads account.

To switch between multiple Threads profiles, you just need to press the profile tab to have the menu showing the list of your profiles pop up. Once you see your other logged-in Instagram account, you’ll be able to choose one of them to switch to.

Of course, you can also tap “Add profile” to log in on Threads or add another profile to the app. Just like every other social app, Threads will retain your credentials of your accounts so that you can switch between them on the fly.

After Threads launched the web version of its app two weeks ago, the app is now expected to roll out one very important feature that apps like X (formerly Twitter) keep gated behind a paywall: the ability to edit posts.

Of course, there’s no ETA for this specific feature yet, but it would probably be something that would convince some users to return to Threads.


[ad_2]
Source link

Popular Thesaurus Website Used in Sneaky Cryptojacking Scheme

0
[ad_1]

KEY FINDINGS

  • Group-IB uncovers cryptojacking campaign on popular thesaurus site.
  • Attackers used a drive-by-download technique to spread malware.
  • The campaign distributed a Monero cryptocurrency miner.
  • Unsophisticated tactics highlight risks even on trusted websites.
  • Recommendations emphasize the importance of regular updates and robust security measures.

Cybersecurity researchers at Group-IB unearthed a covert cryptojacking campaign concealed within a popular online thesaurus boasting over five million monthly visitors. This campaign employed a cunning tactic, embedding a script that surreptitiously installed malware on visitors’ computers to mine cryptocurrency, opening the door for more malicious activities.

Group-IB’s experts crack the story behind this cybercriminal operation through their use of Managed Extended Detection and Response (MXDR), a solution designed for round-the-clock threat monitoring, proactive threat hunting, and real-time attack mitigation.

During their monitoring, Group-IB’s security specialists detected numerous malicious archives flagged by the MXDR system. This triggered an alarm as they observed an unusually high number of malware samples emerging within the infrastructure of several client companies.

These archives, peculiarly named in the pattern of “chromium-patch-nightly.00.{3}.{3}.zip,” each with a unique identifier, indicated that the MXDR customers had received these malicious archives from a common source, suggesting an unconventional approach taken by the attackers.

Upon analyzing these malicious archives; Group-IB found that they contained an executable file functioning as a dropper, responsible for installing the XMRig Coinminer—a cryptocurrency mining tool specifically designed for Monero. Monero’s inherent anonymity, which conceals transaction details, allows threat actors to remain covert.

To trace the source of these infected archives, Group-IB turned to data from the Endpoint Detection and Response (EDR) module. After analyzing the events related to the discovery of the malicious objects on host machines, it was apparent that the archives had been downloaded to the “Downloads” folder, typically used by default during user internet sessions. The security experts examined browser history, revealing that these malicious samples were downloaded from an online thesaurus.

Group-IB’s analysts reconstructed the infection chain, revealing that when visitors accessed the thesaurus website, a decoy page triggered the automatic download of a malicious archive. Notably, the script responsible for this action was not injected into the section of the website dedicated to antonyms. The archive itself was downloaded from another website, chrome-errorco.

Further investigation revealed that the dropper, despite being downloaded to users’ machines, had not been executed, preventing any immediate threats.

Popular Thesaurus Website Used in Sneaky Cryptojacking Scheme
Screenshot: Group-IB

According to Group-IB’s report, to safeguard their clients from potential security incidents, Group-IB promptly notified them about the threat. Additionally, the experts shared contextual insights about the incident and recommended preventive measures, including the deletion of the malicious archive.

In the event of confirmed malicious files, Group-IB MXDR’s Endpoint Detection and Response (EDR) agent is capable of automatically blocking and locally quarantining such files.

Despite the ability of Group-IB MXDR to block known malicious files, the system sends periodic requests to the main console, sharing hashes of files marked as malicious by the behavioral analysis subsystem. This feature ensures that if one customer detects a malicious file, the hash is subsequently added to other customers’ blocklists.

Popular Thesaurus Website Used in Sneaky Cryptojacking Scheme
Group-IB’s Group-IB MXDR alerts its clients

The analyzed script responsible for the attack conducted the following actions:

Sent a signal to a specified page and downloaded a new script, executing it
Displayed a fake Chrome error page instructing users to install a downloaded update
Ultimately, this revelation underscores the critical need for vigilance even on trusted and highly frequented websites.

The cybercriminals behind this campaign employed well-known tactics, such as drive-by downloads and social engineering via deceptive error pages, emphasizing the importance of robust cybersecurity measures.

Group-IB’s analysis further revealed that the threat actors’ relatively unsophisticated approach should not be underestimated. Once the loader infiltrates a target company’s infrastructure, it can serve as a potent vector for future, more damaging attacks beyond cryptocurrency mining, such as ransomware or wipers, which can result in severe disruptions and significant damage.

For secure defences against such threats, Group-IB recommends:

  • Keeping operating systems and software up to date
  • Downloading software and updates from official sources or restricting user rights to update independently
  • Monitoring workstation resource utilization for signs of cryptomining activity
  • Employing Endpoint Detection and Response solutions to block malicious file downloads and halt attacks at their earliest stages
  • Utilizing modern Malware Detonation Platforms for safe and thorough analysis of suspicious files

Infected WAV files install malware & cryptominers on PCs

Group-IB Founder Ilya Sachkov Jailed for 14 Years in Russia

VictoryGate cryptominer infected 35K devices via USB drives

Crypto Miner Hiding in Fake Microsoft, Google Translate Apps

WinRAR users update software as 0-day vulnerability is found


[ad_2]
Source link

Network Penetration Testing Checklist – 2023

0
[ad_1]

Network Penetration Testing checklist determines vulnerabilities in the network posture by discovering Open ports, troubleshooting live systems, and services, and grabbing system banners.

The pen-testing helps the administrator to close unused ports, additional services, Hide or customize banners, troubleshoot services, and to calibrate firewall rules.

You should test in all ways to guarantee there is no security loophole.

Network penetration testing, also known as ethical hacking or white-hat hacking, is a systematic process of evaluating the security of a computer network infrastructure.

The goal of a network penetration test is to identify vulnerabilities and weaknesses in the network’s defenses that malicious actors could potentially exploit.

Let’s see how we conduct step-by-step Network penetration testing by using some famous network scanners.

1. Host Discovery

Footprinting is the first and most important phase where one gathers information about their target system.

DNS footprinting helps to enumerate DNS records like (A, MX, NS, SRV, PTR, SOA, and CNAME) resolving to the target domain.

  • A – A record is used to point the domain name such as gbhackers.com to the IP address of its hosting server.
  •  MX – Records responsible for Email exchange.
  • NS – NS records are to identify DNS servers responsible for the domain.
  • SRV – Records to distinguish the service hosted on specific servers.
  • PTR – Reverse DNS lookup, with the help of IP you can get domains associated with it.
  • SOA – Start of record, it is nothing but the information in the DNS system about DNS Zone and other DNS records.
  • CNAME – Cname record maps a domain name to another domain name.

We can detect live hosts, and accessible hosts in the target network by using network scanning tools such as Advanced IP scanner, NMAP, HPING3, and NESSUS.

Ping&Ping Sweep:

root@kali:~# nmap -sn 192.168.169.128root@kali:~# nmap -sn 192.168.169.128-20 To ScanRange of IProot@kali:~# nmap -sn 192.168.169.* Wildcardroot@kali:~# nmap -sn 192.168.169.128/24 Entire Subnet

Whois Information 

To obtain Whois information and the name server of a website

root@kali:~# whois testdomain.com
  1. http://whois.domaintools.com/
  2. https://whois.icann.org/en

Traceroute

Network Diagonastic tool that displays route path and transit delay in packets

root@kali:~# traceroute google.com

Online Tools

  1. http://www.monitis.com/traceroute/
  2. http://ping.eu/traceroute/

2. Port Scanning

Perform port scanning using tools such as Nmap, Hping3, Netscan tools, and Network monitor. These tools help us to probe a server or host on the target network for open ports.

Open ports are the gateway for attackers to enter and install malicious backdoor applications.

root@kali:~# nmap –open gbhackers.com             To find all open portsroot@kali:~# nmap -p 80 192.168.169.128           Specific Portroot@kali:~# nmap -p 80-200 192.168.169.128   Range of portsroot@kali:~# nmap -p “*” 192.168.169.128          To scan all ports

Online Tools

  1. http://www.yougetsignal.com/
  2. https://pentest-tools.com/information-gathering/find-subdomains-of-domain

3. Banner Grabbing/OS Fingerprinting

Perform banner Grabbing/OS fingerprinting such as Telnet, IDServe, and NMAP determines the operating system of the target host and the operating system.

Once you know the version and operating system of the target, you need to find the vulnerabilities and exploit them. Try to gain control over the system.

root@kali:~# nmap -A 192.168.169.128root@kali:~# nmap -v -A 192.168.169.128 with high verbosity level

IDserve is another good tool for Banner Grabbing.

Networkpentesting Flowchart

Online Tools

  1. https://www.netcraft.com/
  2. https://w3dt.net/tools/httprecon
  3. https://www.shodan.io/

4. Scan for Vulnerabilities

Scan the network using Vulnerabilities using GIFLanguard, Nessus, Ratina CS, SAINT.

These tools help us find vulnerabilities in the target and operating systems. With these steps, you can find loopholes in the target network system.

GFILanguard

It acts as a security consultant and offers patch management vulnerability assessment, and network auditing services.

Nessus

Nessus is a vulnerability scanner tool that searches for bugs in software and finds a specific way to violate the security of a software product.

  • Data gathering.
  • Host identification.
  • Port scan.
  • Plug-in selection.
  • Reporting of data.

5. Draw Network Diagrams

Draw a network diagram about the organization that helps you understand the logical connection path to the target host in the network.

The network diagram can be drawn by LANmanager, LANstate, Friendly pinger, and Network View.

6. Prepare Proxies

Proxies act as an intermediary between two networking devices. A proxy can protect the local network from outside access.

With proxy servers, we can anonymize web browsing and filter unwanted content, such as ads and many others.

Proxies such as Proxifier, SSL Proxy, Proxy Finder..etc, to hide from being caught.

6. Document all Findings

The last and very important step is to document all the findings from penetration testing.

This document will help you find potential vulnerabilities in your network. Once you determine the Vulnerabilities, you can plan counteractions accordingly.

You can download the rules and scope Worksheet here: Rules and Scope sheet 

Thus, penetration testing helps assess your network before it gets into real trouble that may cause severe loss in terms of value and finance.

important tools

Important Tools used for Network Pentesting

Frameworks

Reconnaisance

Discovery

Angry IP scanner, Colasoft ping tool, nmap, Maltego, NetResident,LanSurveyor, OpManager

Port Scanning

Nmap, Megaping, Hping3, Netscan tools pro, Advanced port scannerService Fingerprinting Xprobe, nmap, zenmap

Enumeration

Superscan, Netbios enumerator, Snmpcheck, onesixtyone, Jxplorer, Hyena,DumpSec, WinFingerprint, Ps Tools, NsAuditor, Enum4Linux, nslookup, Netscan

Scanning

Password Cracking

Ncrack, Cain & Abel, LC5, Ophcrack, pwdump7, fgdump, John The Ripper,Rainbow Crack

Sniffing

Wireshark, Ettercap, Capsa Network Analyzer

MiTM Attacks

Exploitation

 Metasploit, Core Impact

These are the Most important checklist you should concentrate with Network penetration Testing .

You can follow us on LinkedinTwitter, and Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep yourself self-updated.

Also Read:


[ad_2]
Source link

Kaspersky Reveals Alarming IoT Threats and Dark Web DDoS Boom

0
[ad_1]

The cybersecurity researchers at Kaspersky have unveiled alarming statistics about the expanding cybercrime economy on the dark web.

Key Findings:

  1. DDoS Demand Soars: Kaspersky’s analysts discovered over 700 dark web ads for DDoS attack services in H1 2023, highlighting the escalating demand among hackers.
  2. Cost of DDoS Services: Rates for DDoS attack services on the dark web ranged from $20 per day to $10,000 per month, with an average cost of $63.50 per day or $1,350 per month.
  3. IoT Malware Evolution: Fierce competition among cybercriminals has driven the development of IoT malware, with features designed to thwart rival malware, including firewall rules and process terminations.
  4. Brute-Force Attacks Prevalent: Brute-forcing weak passwords remains the primary method for compromising IoT devices, with 97.91% of attacks focusing on Telnet, compared to 2.09% on SSH.
  5. Global Attack Landscape: While China, India, and the United States were the primary targets of IoT attacks, China, Pakistan, and Russia emerged as the most active attackers, highlighting the global reach of cyber threats.

The Internet of Things (IoT) landscape is under siege, with a growing underground economy centered around IoT-related services, particularly for Distributed Denial of Service (DDoS) attacks, according to a recent report by cybersecurity firm Kaspersky.

The study delves into the evolving threats targeting the IoT sector, shedding light on the modus operandi of cybercriminals and the alarming prevalence of malware types.

IoT devices are poised to surpass a staggering 29 billion by 2030, making them an attractive target for cybercriminals. Kaspersky’s research presents crucial insights into dark web activities, prevalent malware strains, and the tactics employed by hackers.

While DDoS protection and mitigation services are utilizing all available resources to secure their clients’ infrastructure; DDoS attacks orchestrated through IoT botnets are experiencing a surge in demand within the cybercriminal community. Kaspersky’s Digital Footprint Intelligence service analysts unearthed over 700 ads for DDoS attack services on various dark web forums in the first half of 2023.

Alarming IoT Vulnerabilities and Dark Web's Thriving DDoS Economy Exposed
One of the many ads identified by Kaspersky researchers – Translation: I’m the world’s best-known DDoS attacker for hire (getting ahead of myself here). Not going to waffle — I’ll just tell you why it is my service you should choose. Our advantages: 1. Botnet based on Medusa, working since 2020. Starts with ~50 browser instances per Windows PC which evades any anti-DDoS defense. 10,000–80,000 online devices: the largest Windows or IoT botnet in 2023.

The cost of these services varies depending on factors such as DDoS protection, CAPTCHA, and JavaScript verification on the victim’s side, ranging from $20 per day to $10,000 per month. On average, these illicit services were offered at a rate of $63.50 per day or $1,350 per month.

Furthermore, the dark web marketplace isn’t just limited to DDoS services. It offers zero-day exploits for vulnerabilities in IoT devices, bundled with infrastructure and supporting utilities.

IoT malware, which comes in various families, has a history rooted in the 2016 Mirai malware. Fierce competition among cybercriminals has prompted the development of features designed to outwit rival malware. These strategies include the implementation of firewall rules, disabling remote device management, and terminating processes linked to competing malware.

The primary method employed by cybercriminals to compromise IoT devices remains brute-forcing weak passwords, followed closely by exploiting vulnerabilities in network services. Brute-force attacks primarily target Telnet, a widely used unencrypted protocol. Hackers crack passwords to gain unauthorized access, allowing them to execute arbitrary commands and deploy malware. While SSH, a more secure protocol, is also susceptible, it poses a greater resource challenge for attackers.

In the first half of 2023, Kaspersky’s honeypots recorded that a staggering 97.91% of password brute-force attempts focused on Telnet, with a mere 2.09% directed at SSH. The majority of these attacks were concentrated in China, India, and the United States, while China, Pakistan, and Russia emerged as the most active attackers.

Exploiting vulnerabilities in IoT web interfaces is another avenue for attacks on IoT devices. Cybercriminals execute malicious commands through these vulnerabilities, leading to severe consequences such as the proliferation of malware like Mirai.

Yaroslav Shmelev, a security expert at Kaspersky, issued a stern warning: “Kaspersky urges vendors to prioritize cybersecurity in both consumer and industrial IoT devices. We believe that they must make changing default passwords on IoT devices mandatory and consistently release patches to fix vulnerabilities.”

“In a nutshell, the IoT world is filled with cyber dangers, including DDoS attacks, ransomware, and security issues in both smart home and industrial devices. Kaspersky’s report stresses the need for a responsible approach to IoT security, obliging vendors to enhance product security from the get-go and proactively protect users,” Yaroslav added.

To provide further insights, the Kaspersky report details several types of IoT malware, including DDoS botnets, ransomware, miners, DNS changers, and proxy bots. Each of these malicious programs serves distinct purposes, adding to the complexity of IoT security challenges.

In conclusion, Kaspersky’s research paints a harsh picture of the IoT threat landscape for 2023. As the number of IoT devices continues to skyrocket, cybersecurity becomes paramount. Cybercriminals are relentless in their pursuit, and only a concerted effort by both manufacturers and consumers can safeguard the future of the IoT.

By conducting regular security audits, monitoring network traffic, and following best practices, stakeholders can take meaningful steps to secure this rapidly evolving ecosystem.


[ad_2]
Source link

Here’s all the New Camera Features coming with Google Pixel 8

0
[ad_1]

Google is set to announce the Pixel 8 in a little over a week, on October 4. But that’s not stopping the leaks from coming fast and furious. The latest leak comes from 91Mobiles, which has detailed just about every new feature coming to the Pixel 8 series this year. And this is thanks to a leaked video that was uncovered.

The first new featured is “Video Boost”. This is using AI to create a “smoother view” as well as bringing Night Sight’s effects to video. Google will also bring along “Audio Eraser” which is a lot like the Magic Eraser feature, but not for Audio. There’s a nice example in the video of removing city noise from the background of a video of a cello player.

Magic Editor is also coming, which Google teased at I/O earlier this year. This is a feature that will help you move a subject or change things like the sky. It really sounds a lot like the generative AI fill that Photoshop has added recently.

Google’s AI chops are showing off with Pixel 8

What’s even more impressive, perhaps, is the ability to change people’s faces in a shot, using AI. So not only can you remove people, but you can change how they look. Which is pretty wild, and it’ll be interesting to see how Google announces this at its Made by Google October 4 event.

Google has always relied pretty heavily on AI in its camera, and there’s plenty of new features here that use AI. Showing that Google is really far ahead of the competition when it comes to AI.

Now as far as the cameras on the Pixel 8 series, we’re expecting a 50-megapixel main sensor on both, still. The same as the last two years. While the Pixel 8 Pro will sport a 48-megapixel ultrawide and a 48-megapixel telephoto camera that can zoom at 5x. These are some pretty nice upgrades, particularly on the ultrawide. Which was only a 12-megapixel sensor on the Pixel 7 Pro last year.


[ad_2]
Source link

These counterfeit apps might be filming you – delete them before you become an accidental star

0
[ad_1]

Three apps that have chiefly been designed to target government officials but are probably as likely to have been downloaded by an unsuspecting user are gathering a terrifying amount of data.

Bleeping Computer reports that SentinelLabs has identified a cybercriminal group known as Transparent Tribe (APT36) which has been instrumental in promoting three fake YouTube apps. 
Two of the apps are called YouTube and the third one is named Piya Sharma after a famous anchor of the same name. The apps try to trick users into thinking that they are downloading the YouTube app but they look more like internet browsers and are lacking in some features found in the original app. It’s believed that the Piya Sharma app is used in romance-based scams.

The apps are not present on the Google Play Store. Instead, Transparent Tribe (APT36) presumably uses social media platforms and fake landing pages to distribute the apps. They ask for an alarming number of permissions during the installation process, some of which such as microphone access are relevant to video apps. Other permissions, such as the ability to send and view SMS, should be enough to sound alarm bells, but a person who is not tech-savvy may not think much of them.

At their core, these apps are the CapraRAT malware. They can not only steal deeply private information such as call logs, text messages, and GPS data but can also record audio and video and initiate phone calls. The apps can also take screenshots and interfere with system settings.

In addition to info theft, the apps can also allow their operators to run identity theft campaigns and carry out phishing attacks.

SentinelLabs asserts that APT36 might be working for the Pakistani government and the apps’ primary targets are members of the Indian army and government as well as Indian human rights activists. Those involved in diplomacy work in Kashmir are also a target. 

To avoid being a target of fake apps like these, it’s best to only download apps from trusted sources such as the Google Play Store.


[ad_2]
Source link

‘Massive Fight’ Breaks Out in Dubai over Apple’s iPhone 15

0
[ad_1]

In the Dubai Mall, a fight broke out, as many were attempting to purchase the new iPhone 15 on Friday. This year, many lined up all around the world to be one of the first to buy the new iPhone 15. And in the Dubai Mall, things got a bit heated.

According to The National, security guards had actually began erecting barriers as the crowd packed in the day before. Security also had to tell them over loudspeakers to stop surging forward. Then ended up corralling them into several zones.

As the iPhone 15 launch drew closer, many people began rushing to get in line. There’s many on social media showing customers rushing up escalators to get ahead of each other. And then tempers began to flare. Reports claim that these rushing customers began shoving each other, making some fall to the ground. And that eventually ended up in a full-on fight. As you can see from a post on X.

Crowds formed worldwide to purchase the iPhone 15 on launch day

If there was any doubt about whether or not the iPhone 15 was going to be popular, well those doubts are gone. On Friday, crowds around the world lined up to purchase the iPhone 15. Just a quick search on X (formerly Twitter), will show you that there were crowds in New York City, Chicago, and any other big city.

In fact, as someone that had to go to the Apple Store to pick up their pre-order, I saw the crowd first hand. Many were lined up to buy, or had a reservation to buy the new iPhone. Why they didn’t pre-order is a bit odd. But you can see from my post on X about that.

The iPhone is always going to sell well, since it is pretty tough to jump ship to Android, since you’re usually so invested in the ecosystem. And it looks like many had their upgrades come due this year, so they are upgrading to the 15.


[ad_2]
Source link

Carriers in Finland decided to ban the sales of Xiaomi products

0
[ad_1]

While Xiaomi’s phones have always offered great value for money, the company has also faced various controversies. Now, according to reports from multiple Finnish outlets, three major telecom operators in Finland—Telia, DNA, and Elisa—have decided to ban the sales of Xiaomi smartphones and associated brands, including Redmi and POCO.

This move comes after Xiaomi’s continued presence in Russia, which some view as indirect support for Russia’s military actions in Ukraine. Furthermore, Xiaomi’s active support of Russian companies in launching new products instead of distancing itself from the Russian market has raised some serious questions.

“At Telia, we constantly review our equipment selection and make changes to it if necessary. For the time being, we have given up cooperation with Xiaomi, so new device models will no longer be available. The remaining products in stock are sold through the online store and stores,” said Markku Saranpää, director of Telia’s device business.

However, it is important to note that Finland’s decision is independent of any EU sanctions on Xiaomi. Additionally, Finnish retailers such as Gigantti and Verkkokauppa plan to continue selling Xiaomi smartphones and devices.

Xiaomi’s response

While Xiaomi has not directly commented on the situation, the company has previously defended its position by arguing that it has a responsibility towards its Russian customers and employees, emphasizing its commitment to providing services in the region. However, the EU has repeatedly criticized Xiaomi’s stance, asserting that its continued operations in Russia indirectly provide financial support to the Russian government.

Moreover, Finland isn’t the only country to take such action. In March, Poland and Lithuania banned the sale of Xiaomi products in their respective countries.

Potential consequences

Although Finland may have a smaller population compared to other countries, it still holds significance as Xiaomi maintains a 10% market share in the country. Furthermore, the decision by Finland could attract the attention of the EU, potentially leading to far-reaching consequences, as a ban on Xiaomi in the EU could prove detrimental.


[ad_2]
Source link