Luna Grabber Malware Hits Roblox Devs Through npm Packages

0
[ad_1]

The campaign, which began at the start of August 2023, revolves around malicious packages impersonating the legitimate noblox.js, a popular Node.js Roblox API wrapper.

  • Roblox developers are being targeted by a new malware called Luna Grabber
  • The malware is being distributed through malicious npm packages that impersonate legitimate software.
  • Luna Grabber is capable of stealing sensitive data from victims’ web browsers, Discord applications, and local system configurations.
  • The malware was downloaded approximately 1000 times, but its impact was relatively low due to the security measures in place to protect developers on the npm repository.
  • The incident highlights the growing trend of malicious actors employing typo squatting to exploit developers’ trust in legitimate software packages.

Cybersecurity firm ReversingLabs has uncovered a sophisticated cyber attack targeting developers on the Roblox gaming platform. Malicious actors have been distributing malicious packages through the npm public repository, attempting to exploit users by mimicking legitimate software while incorporating malicious payloads that steal sensitive information from victims’ systems.

Malware Campaign Overview

The campaign, which began at the start of August 2023, revolves around malicious packages impersonating the legitimate noblox.js, a popular Node.js Roblox API wrapper. By infiltrating the npm public repository, attackers capitalized on unsuspecting developers seeking to interact with the Roblox gaming platform using scripts.

ReversingLabs researchers identified several malicious packages during the campaign, including noblox.js-vps, noblox.js-ssh, and noblox.js-secure. These packages were engineered to deliver multi-stage malicious payloads that targeted victims’ local web browsers and Discord applications. The most notable payload identified was Luna Grabber, an open-source malware designed to extract sensitive data.

Malware Execution and Strategy

Attackers meticulously designed the malicious packages to closely resemble the legitimate noblox.js package. By mirroring the original code and adopting similar naming conventions, the attackers aimed to deceive developers into downloading and using the compromised software.

The malicious packages leveraged a variety of techniques to compromise victims’ systems, including the incorporation of a separate file named postinstall.js. This post-installation script triggered the execution of a malicious payload after the package installation was completed. The malware then determined whether the victim was operating a Windows machine and proceeded to download and execute the Luna Grabber malware from Discord’s Content Delivery Network (CDN).

Luna Grabber: Information Stealing Malware

The research revealed that the primary payload of the malicious packages was Luna Grabber, a highly customizable malware capable of stealing information from victims’ web browsers, Discord applications, and local system configurations. The malware was also equipped with features that enabled it to detect virtual environments and initiate a self-destruct mechanism if necessary.

Interestingly, the attackers behind the campaign took advantage of the user-friendly nature of Luna Grabber’s builder application, simplifying the process of creating and configuring the malicious executable.

Luna Grabber Malware Hits Roblox Devs Through npm Packages
Screenshot shared by ReversingLabs shows Luna Grabber builder

While Luna Grabber’s open-source nature allowed attackers to tailor the malware to their needs, the choice of targeting developers on the Roblox platform suggests a focus on a specific user group.

Limited Impact and Lessons Learned

Despite the campaign’s sophistication, its impact remained relatively low. The malicious packages were downloaded approximately 1000 times, signalling that the security measures in place to protect developers on the npm repository were successful in limiting the reach of the attack.

The incident sheds light on the growing trend of malicious actors employing typo squatting to exploit developers’ trust in legitimate software packages. This approach has been previously observed in other campaigns, such as the IconBurst and Brainleeches campaigns.

Luna Grabber Malware Hits Roblox Devs Through npm Packages
Fake noblox.js-ssh’s npm website page (ReversingLabs)

While multi-stage malicious packages are common on certain open-source platforms, such as PyPI, their presence on npm—where this campaign took place—represents the ongoing challenge of maintaining secure open-source repositories and the importance of cautiousness in choosing software packages for development purposes.

  1. CISA warns of trojanized JavaScript library’s NPM package
  2. Discord.io Admits Data Breach: Info of 760K Users Sold Online
  3. 6 official Python repositories plagued with cryptomining malware

[ad_2]
Source link

Samsung reveals Galaxy Tab S9 FE, Tab S9 FE+ colors & storage

0
[ad_1]

Samsung‘s Galaxy Tab S9 FE series could launch soon. The new tablets have already picked up necessary regulatory approvals, while leaks have revealed their key specs. Now, the company has put up support pages for the devices on its official website. The pages confirm colors and storage options for both models.

Samsung launched three new flagship Android tablets last month: Galaxy Tab S9, Galaxy Tab S9+, and Galaxy Tab S9 Ultra. While it also had the Galaxy Tab S9 FE and Galaxy Tab S9 FE+ in the works, they didn’t arrive alongside the flagships. The company said nothing about the FE (Fan Edition) duo during the big launch event in late July.

However, the latter two tablets have been frequently surfacing on the internet over the past few weeks, hinting at a nearing launch. The biggest hint of them all has now come directly from Samsung. Hungarian publication GalaxyVilaga.hu recently spotted support pages for the Galaxy Tab S9 FE and Galaxy Tab S9 FE+ on the company’s official website in the country.

The Korean firm has published support pages for Wi-Fi and 5G versions of both models. As revealed by previous leaks and certification listings, the vanilla Galaxy Tab S9 FE has model numbers SM-X510 (Wi-Fi) and SM-X516B (5G). The model numbers for the Galaxy Tab S9 FE+ are SM-X610 and SM-X616B, respectively. All of these variants will be available in 8GB+128GB and 12GB+256GB memory and storage configurations.

The support pages also reveal that the Galaxy Tab S9 FE and Galaxy Tab S9 FE+ will be available in four color variants: Graphite/Grey, Lavender, Mint, and Silver. While this is all Samsung has officially confirmed about the new FE tablets, we do a lot more thanks to earlier leaks and certifications.

Galaxy Tab S9 FE series specifications

The Galaxy Tab S9 and Galaxy Tab S9 FE+ will be powered by Samsung’s Exynos 1380 processor. The former is the smaller of the two, featuring a 10.9-inch display. The latter has a 12.4-inch screen. It’s unclear whether the company will equip the tablets with an OLED display or LCD.

The new FE-series tablets are also expected to feature S Pen support, stereo speakers, and 45W fast charging. The Galaxy Tab S9 will only give you a single rear camera but the Galaxy Tab S9 FE+ has two cameras at the back. The devices should also boast Wi-Fi 6 and Samsung DeX support. They will debut with Android 13 onboard. Stay tuned for the official launch.


[ad_2]
Source link

Fake Amazon ad on Google takes users to Microsoft tech support scam

0
[ad_1]

Tech support scams have always targeted unsuspecting and elderly users who lack the technical knowledge to distinguish between legitimate and fake websites. Now, according to a new report from the BleepingComputer, threat actors have started using seemingly legitimate Amazon ads that appear on Google Search results and lead to a scam Microsoft Defender website.

As per the report, what makes this scam convincing is the fact the threat actors are using a convincingly genuine Amazon ad with a legitimate URL. However, when users click on this Amazon ad, anticipating a visit to the retailer’s site, they are redirected to a scam Microsoft website, which falsely asserts that their computer has fallen prey to the ‘ads(exe).financetrack(2).dll’ malware. Additionally, to make matters worse, the scam traps users’ browsers in full-screen mode, making it extremely difficult to exit the fraudulent page without closing all open browser windows.

Although forcibly closing the browser windows offers an escape route, the fact that Chrome prompts users to restore their previously closed tabs could compound the problems, as it will inadvertently reopen the fraudulent page.

History of scammers using Google ads

Unfortunately, this isn’t the first time scammers have used Google ads to promote their scams. This is because, just last year, security experts from Malwarebytes uncovered a similar scam, where threat actors leveraged a genuine-looking YouTube ad with a legitimate URL, which led users to the same Windows Defender tech support scam. Therefore, given the increase in such phishing scams, Google will need to implement stringent measures to prevent threat actors from creating ads that mimic other brands.

However, until then, users will need to stay remain vigilant and adopt proactive measures to safeguard themselves from such attacks. These include checking the sponsored links on the top of search results and using the F11 key or the Esc key on your keyboard to exit full-screen browser mode.


[ad_2]
Source link

The Google Photos editor just got better on desktop

0
[ad_1]

Google Photos has a decent selection of tools that you can use to edit your photos and videos. Editing your photos using the Google Photos app has offered more tools than using the desktop version, but Google is looking to change that. According to 9To5Google, the Google Photos editor on desktop is going to be getting better.

Editing photos on your phone and on the desktop are pretty similar. You have access to all the tools you need to make some quick edits to your photo.

Google just made editing photos on desktop better

Google recently updated the editing experience on the desktop, and that made it a lot easier to use. While that’s the case, the company recently pushed a new update that makes using it just a bit more intuitive.

Starting off, when you’re looking to crop your image, you’ll see the list of options pop up on the right side of the screen. You won’t need to access the dropdown menu to change the aspect ratio. The list has a handful of standard aspect ratios, so you can quickly choose.

Next, the platform will give you some suggestions that you can use to enhance the photo. This uses AI to identify the scene and give you suggestions. So, the list of suggestions will differ based on the image you’re editing.

When you’re looking to make adjustments to the photo like the color, contrast, etc, you’ll see all of the options laid out in a list of sliders. Before, all of the options were divided into different menus that you had to navigate through. This makes it easier to quickly find the option you want.

Lastly, the filters section is no longer the first one you see. It’s now the last one. These are nice changes that are good news for you if you edit your photos on the desktop.


[ad_2]
Source link

Apple pushes out iOS 17 Beta 7 & iPad OS 17 Beta 7

0
[ad_1]

Apple has started to push out the seventh beta for both iOS 17 and iPad OS 17. This comes just a week after the sixth betas were released. Which is pretty normal for Apple at this point. We’d expect to see a new beta every week until the release candidate in early September.

You can head over to Settings > Software Update and download the beta today. If you have not installed the beta already, you can check out how to do that here.

iOS 17 is getting pretty mature and stable at this point, since we are so close to the stable release coming out. We’d expect that to launch around the third week of September, so there’s less than a month before that happens.

What’s new with iOS 17?

iOS 17 isn’t a huge update this year, but there are still a number of new features available. This includes StandBy. This is a new mode for your iPhone when it is plugged in or on a MagSafe dock and in landscape mode. It will show you the time, as well as other options for picture galleries, shortcuts to Home toggles and more.

The update also brings interactive widgets to the home screen and lock screen in iOS 17. Something that users have wanted for quite some time.

AirDrop is also bringing in some new features for iOS 17, which includes NameDrop. Now when you tap your phone with someone else’s, you can instantly provide your contact information. No more needing to hand out business cards, nor write down someone’s phone number. Speaking of phone numbers, iOS 17 also brings in Contact Posters. This is a customizable poster that others will see when you call them. This can include just text, or a memoji, or even a portrait of yourself.

iOS 17 should be launching for everyone on the week of September 18, so just a little over a month before it’s available for everyone.


[ad_2]
Source link

Juniper Networks Junos OS let Attacker Remotely Execute Code

0
[ad_1]

Multiple vulnerabilities have been discovered on Junos OS, which can be combined to execute a preAuth remote code execution vulnerability on Junos OS on SRX and EX Series. An unauthenticated network-based attacker can exploit these vulnerabilities by chaining them.

Junos OS SRX is a firewall that is used to protect remote offices, branches, campuses, or data centers by extending to every point. EX series is a high-performance access and distribution/core-layer device for enterprise branches.

Juniper Networks has released a security advisory for fixing these vulnerabilities.

This vulnerability allows an unauthenticated network-based attacker to control some important environment variables by utilizing a crafted request and modifying the PHP environment variable, leading to integrity loss. The severity for these vulnerabilities is given as 5.3 (Medium).

An unauthenticated network-based attacker can cause a limited file system integrity impact, requiring authentication to upload arbitrary files through J-Web, leading to integrity loss on some parts of the file system. The severity for these vulnerabilities is given as 5.3 (Medium)

Affected Products

ProductAffected VersionFixed in Version
Junos OS on SRX SeriesAll versions prior to 20.4R3-S8;21.2 versions prior to 21.2R3-S6;21.3 versions prior to 21.3R3-S5;21.4 versions prior to 21.4R3-S5;22.1 versions prior to 22.1R3-S3;22.2 versions prior to 22.2R3-S2;22.3 versions prior to 22.3R2-S2, 22.3R3;22.4 versions prior to 22.4R2-S1, 22.4R3;20.4R3-S8, 21.2R3-S6, 21.3R3-S5*, 21.4R3-S5*, 22.1R3-S3, 22.2R3-S2*, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3*, 23.2R1, and all subsequent releases.
Junos OS on EX SeriesAll versions prior to 20.4R3-S8;21.2 versions prior to 21.2R3-S6;21.3 versions prior to 21.3R3-S5;21.4 versions prior to 21.4R3-S4;22.1 versions prior to 22.1R3-S3;22.2 versions prior to 22.2R3-S1;22.3 versions prior to 22.3R2-S2, 22.3R3;22.4 versions prior to 22.4R2-S1, 22.4R3.20.4R3-S8, 21.2R3-S6, 21.3R3-S5*, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3*, 23.2R1, and all subsequent releases.

Users of these products are recommended to upgrade to the latest version as per the security advisory released by Juniper Networks in order to prevent these vulnerabilities from getting exploited.

Keep informed about the latest Cyber Security News by following us on GoogleNewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

YouTube will take a shrink ray to the Skip Ads button

0
[ad_1]

If you’re not a YouTube Premium subscriber, then you’re used to waiting with bated breath for the Skip Ads button to pop up. We’re all used to seeing the rather large rectangle on the bottom right of our video feed. However, according to SearchEngineLand (via 9To5Google), YouTube will shrink the Skip Ads button.

This might seem like an odd visual change, but YouTube has been changing its UI over the past couple of months. It’s moving to be more in line with Material You. While this is the case, the Skip Ads button has remained the same over the years.

YouTube will shrink the Skip Ads button

YouTube told SearchEngineLand that “[its] goal is to provide a more consistent user experience in line with the updated look and feel on YouTube [it] announced last year.” With this new change, the Skip Ads button will still be on the right side of the screen.

However, looking at the screenshot, the button will be significantly smaller. In fact, it’s pretty hard to see. Along with being smaller, the button is now a pill rather than a box. With Google’s products, everything is either a rounded rectangle or a pill shape, so this is no surprise.

smaller skip ads button youtube
From SearchEngineLand

Right now, YouTube is testing this out, so you won’t see it for some time. It’s hard to say when YouTube will make this change live. The company has been working on changing up its look since last year, and the Skip Ads button means that no stone will go unturned.

In other YouTube news: YouTube Music got a TikTok-style feed

In this day and age, just about every social media or video-sharing platform has copied off of TikTok. Now, YouTube Music is getting a TikTok-style feed. Called Samples, you’ll be able to scroll through short clips of music videos on the platform. It’s a vertically-scrolling feed, so you’re able to flip through clips.

Since these are only samples, you won’t see the full video. However, the Play button on the bottom of the screen will take you to the full video.


[ad_2]
Source link

You will need to be patient, if you’re buying iPhone 15 Pro Max

0
[ad_1]

The iPhone 15 Pro Max is getting its dose of bad news on this Tuesday. According to an equity analyst, that shared the information with 9to5Mac, it looks like the iPhone 15 Pro Max (or potentially the iPhone 15 Ultra) could be getting delayed 3-4 weeks.

The delay should not be a big surprise. Recently, when Apple makes some big changes to hardware, those particular models are delayed. Like in 2020 with the iPhone 12 Pro Max and iPhone 12 Mini, they were shipping about a month later. The Pro Max had brand new cameras, and the Mini was brand new itself. Last year, the iPhone 14 Plus was delayed about a month, since it was also basically brand new. So seeing the iPhone 15 Pro Max or Ultra being delayed should not be a huge deal.

Apple is slated to give the iPhone 15 Pro Max the biggest update, of the iPhone 15 lineup

The iPhone 15 and 15 Pro aren’t set to see major updates. Other than USB-C and the regular iPhone 15 getting Dynamic Island. But the Pro Max, is getting plenty of upgrades. Rumors has it that it is getting a new primary sensor, in the Sony IMX903. Which would be the largest camera sensor ever used on an iPhone. It’s also set to get a periscope lens, which would allow for better zooming, rumors are pointing to 3x and up to 6x for optical zoom.

On top of that, it is also rumored to be getting a titanium build, similar to the Apple Watch Ultra. As well as a significantly larger battery and a larger screen. Now the display is only getting larger because the bezels will be so incredibly thin. Rumors are pointing to it featuring a 6.8-inch display, up from the 6.7-inch it currently has.

While the iPhone 15 Pro Max could be delayed, it definitely sounds like it’s going to be worth the wait. Remember, the iPhone 15 Pro Max is set to get a price bump to, jumping up to $1,299. But it is also rumored to be bumping up the base storage to 256GB.


[ad_2]
Source link

Let Attackers Access Critical APIs

0
[ad_1]

An unauthenticated critical API access vulnerability was found in the Ivanti Sentry interface, which could allow a threat actor to gain access to sensitive APIs that can be used to access the Ivanti administrator portal and configure Ivanti Sentry.

This vulnerability can also be used to execute OS commands on the 

If an attacker succeeds in exploitation, the attacker will be able to configure Ivnati Sentry, execute system commands, or write files onto the system.

However, since this administrator portal uses port 8443, users who do not have their Ivanti administrator portal exposed over the internet have a low ratio of exploitation.

This vulnerability exists due to insufficient restrictive Apache HTTPD configuration that allows a threat actor to bypass authentication controls on the administrator portal of Ivanti.

The CVSS score for this vulnerability is yet to be confirmed. Nonetheless, Ivanti Sentry has provided a CVSS score of 9.8 (Critical). 

“Exploitation is only possible through the System Manager Portal, hosted on port 8443 by default.” reads the Knowledge Base (KB) article of Ivanti. 

Ivanti Sentry, which was formerly known as MobileIron Sentry, is a Unified Endpoint Management product that can be used by organizations to encrypt, manage, decrypt, and protect mobile devices and backend systems traffic.

Ivanti confirmed in their security advisory that this vulnerability does not affect other Ivanti products like Ivanti EPMM or Ivanti Neurons for MDM. Ivanti Sentry products with versions 9.18, 9.17, 9.16, and older versions are affected by this vulnerability. 

For fixing this vulnerability, Ivanti has provided a resolution involving steps to remediate this vulnerability. Ivanti also recommended users restrict external access to the administrator portal at 8443, which can only be accessed by IT administrators or an internal management network.

Keep informed about the latest Cyber Security News by following us on GoogleNewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

The At a Glance widget will tell you more about the content it shows

0
[ad_1]

Different apps and services serve us a ton of useful information, but we often wonder where that information comes from. That’s especially true now with so much of our data being scraped 24/7. Well, the At a Glance widget in the Google Pixel Launcher will start giving us more information about the content it shares.

The At a Glance widget is an incredibly useful feature in the Pixel launcher. As its name suggests, it shows you information that you can access at a glance. You can check out the weather forecast, upcoming alarms, upcoming calendar events, air quality, etc. It sits right at the top of the Pixel Launcher and on the lock screen.

The At a Glance widget is going to show information about where it got its content

As useful as the At a Glance widget is, it still falls under the category of services that need to swipe data from its users. This is something that a lot of people don’t really think about. However, Google wants to make it clear where it’s getting its information.

According to 9To5Google, when you hold your finger down on the widget, you’ll see an About this content button appear above the Customize button. When you tap on it, you’ll see a panel pop up from the bottom of the screen showing you where Google obtained the information.

It will show you what apps and services the widget needs to tap in order to show you the information. For example, it lets you know that it gathered its weather data from Weather.com and it also uses your location data.

at a glance about content
From 9To5Google

You’re able to tap on the links to be taken to different sites. The Learn More button will explain how your location data is being used.

This is still rolling out, so you might not see it just yet. We’ve yet to see it on one of our phones. The new addition was first spotted in version U.6.playstore.pixel7.551778374 of Android System Intelligence.


[ad_2]
Source link