The new threat, dubbed Chthonic, is based on ZeusVM, a Trojan program discovered in February that is itself a modification of the much older ZeuS Trojan.
“The Trojan is apparently an evolution of ZeusVM, although it has undergone a number of significant changes,” security researchers from antivirus vendor Kaspersky Lab said in a blog post. “Chthonic uses the same encryptor as Andromeda bots, the same encryption scheme as Zeus AES and Zeus V2 Trojans, and a virtual machine similar to that used in ZeusVM and KINS malware.”
Like ZeuS, Chthonic’s main feature is the ability to surreptitiously modify banking websites when opened by victims on their computers. This technique, commonly known as Web injection, is used to add rogue Web forms on banking websites that ask victims for sensitive information, like credit card details or second-factor authorization codes.
However, Chthonic has a modular architecture that allows cybercriminals to extend the Trojan’s functionality. The Kaspersky Lab researchers found Chthonic modules designed to collect system information, steal locally stored passwords, log keystrokes, allow remote connections to the computer through VNC, use the infected computer as a proxy server and record video and sound through the computer’s webcam and microphone.
According to Kaspersky Lab, there are several Chthonic-based botnets with different configurations, suggesting the malware is being used by different groups.
“Overall, the botnets we are aware of target online banking systems of over 150 different banks and 20 payment systems in 15 countries,” the company’s researchers said. “The cybercriminals seem most interested in banks in the UK, Spain, the US, Russia, Japan and Italy.”
Google may be planning to roll out a version of Android Auto for vehicle infotainment centers — also known as head units — that will eliminate the need for a smartphone to be connected, giving native access to the Internet and mobile applications.
Currently, Apple’s CarPlay, or open source standards such as MirrorLink or GENIVI, enable vehicle infotainment centers to mirror a version of a smartphone OS onto a vehicle’s head unit, thereby enabling the driver to use specific applications, such as Google Maps or iTunes. Google also announced Android Auto earlier this year, which when available next year, will mirror a connected Android smartphone to the car’s head unit.
The difference with what Google may be planning, according to one report, is that Android Auto would be native on the head unit, and a driver would no longer necessarily need a smartphone to connect to those applications and the Internet.
Thilo Koslowski, a vice president at industry research firm Gartner, said what Google may be planning should be no surprise as executives talked about it when they announced the formation of the Open Automotive Alliance (OAA) earlier this year. The OAA includes Google, Audi, General Motors, Honda, Hyundai and processor chip company Nvidia.
During the initial OAA announcement, Google talked about the car eventually becoming another device platform, Koslowski said.
The difference, according to the Reuters report, is that the upcoming version of Android Auto (or whatever Google decides on calling it) won’t be mirroring an application interface from a connected smartphone; it will have that interface natively.
The Boeing Black phone being developed by the Chicago-based aerospace and defense contractor, which is best known for jetliners and fighter planes, can self-destruct if it is tampered with.
The Boeing Black device encrypts calls and is aimed at government agencies and others that need to keep communications and data secure.
“We’re pleased to announce that Boeing is collaborating with BlackBerry to provide a secure mobile solution for Android devices utilizing our BES 12 platform,” BlackBerry CEO John Chen said on a conference call held to discuss its quarterly results.
“That, by the way, is all they allow me to say.”
The BlackBerry Enterprise Service, or BES 12, will allow clients such as corporations and government agencies to manage and secure not just BlackBerry devices on internal networks, but those that run on rival operating systems such as Google’s Android and Apple’s iOS.
The Boeing phone uses dual SIM cards to enable it to access multiple cell networks and can be configured to connect with biometric sensors and satellites. Boeing has begun offering the phone to potential customers.
T-Mobile has announced a monthly data rollover plan for consumers and business customers called “Data Stash,” but the plan still will not allow workers to share their data with others in a work group.
Data Stash works much the same way for users who have a Simple Choice plan (or Simple Choice for Business Value Plan) and have purchased 3GB or more of LTE data per month for smartphones and 1GB or more for tablets.
T-Mobile will give those existing customers, as well as new customers, 10GB of free LTE data in January. The data must be used by the end of 2015, and once it’s gone, each month of unused data in a plan can be rolled over monhtly for up to a year.
T-Mobile CEO John Legere described data rollover as a high priority for customers, noting that they asked on Twitter in 2014 more than 40,000 times for such a program. And Legere bashed rivals like AT&T and Verizon Wireless who don’t offer such a program, contending that $50 billion annually is lost by wireless customers who have paid for data but then see it disappear at the end of the month when it doesn’t roll over.
“We’re putting an end to this appalling industry practice today,” he said.
Even so, Data Stash won’t let workers share their data allotments with other workers in a group, as T-Mobile describes on its Web site: “Our data plans are specific to the person, so businesses aren’t wasting time and effort tracking everyone’s usage. In other words, this is not a shared data option.”
Chinese smartphone maker Coolpad has created an extensive “backdoor” into its Android devices that can track users, serve them unwanted advertisements and install unauthorized apps, a U.S. security firm alleged today.
In a research paper released today, Palo Alto Networks detailed its investigation of the backdoor, which it dubbed “CoolReaper.”
“Coolpad has built a backdoor that goes beyond the usual data collection,” said Ryan Olson, director of intelligence at Palo Alto’s Unit 42. “This is way beyond what one malicious insider could have done.”
Coolpad, which sells smartphones under several brand names — including Halo, also called Danzen — is one of China’s largest ODMs (original device manufacturers). According to IDC, it ranked fifth in China in the third quarter, with 8.4% of the market, and has expanded sales outside of the People’s Republic of China (PRC) and Taiwan to Southeast Asia, the U.S. and Western Europe.
Tipped off by a string of complaints from Coolpad smartphone users in China and Taiwan — who griped about seeing advertisements pop up and apps suddenly appear — Palo Alto dug into the ROM updates that Coolpad offered on its support site and found widespread evidence of CoolReaper.
Of the 77 ROMs that Palo Alto examined, 64 contained CoolReaper, including 41 hosted by Coolpad and signed with its own digital certificate.
Other evidence that Coolpad was the creator of the backdoor, said Olson, included the malware’s command-and-control servers — which were registered to domains belonging to the Chinese company and used, in fact, for its public cloud — and an administrative console that other researchers had found last month because of a vulnerability in Coolpad’s backend control system. The console confirmed CoolReaper’s functionality.
The U.S. Consumer Financial Protection Bureau has filed a lawsuit against Sprint Corp over unauthorized charges on customers’ cellphone bills, a practice known as cramming, in the agency’s first foray into mobile payments.
Marking the third cramming-related government enforcement action this year, the CFPB alleges that from 2004 through 2013, the wireless carrier allowed third parties to charge consumers tens of millions of dollars for services like ringtones or text-message horoscopes that consumers had not requested, while keeping 40 percent of the gross revenue.
The Federal Communications Commission is weighing a $105 million cramming fine against Sprint.
“Sprint mistreated consumers egregiously by creating a billing system that invited illegal third-party charges and processed them in a highly irresponsible manner,” the CFPB’s director, Richard Cordray, said.
Sprint expressed disappointment in being the target of the CFPB’s lawsuit and disputed the accusations, listing various steps it said it took to monitor third-party charges, such as hiring an outside compliance vendor and vetting billing companies.
“We strongly disagree with (the CFPB’s) characterization of our business practices,” Sprint spokeswoman Stephanie Vinge Walsh said in a statement.
“It appears the CFPB has decided to use this issue as the test case on whether it has legal authority to assert jurisdiction over wireless carriers,” she said in an email.
In July, the Federal Trade Commission sued T-Mobile US Inc over similar billing issues, and in October, the FCC and the FTC settled such a case with AT&T Inc.
For the CFPB, which oversees consumer financial products such as mortgages and credit cards, this case marked the first public action coordinated with the FCC.
“If a company is processing payments over a mobile network, that’s something that the bureau has jurisdiction over,” the CFPB’s deputy enforcement director, Jeff Ehrlich, told reporters. “We’ll take action against anyone who violates the consumer financial protection laws.”
FCC spokespeople said the FCC and the CFPB have agreed to continue close cooperation “on this and other cases on behalf of wireless customers nationwide.”
BlackBerry Ltd rolled out its much anticipated Classic on Wednesday, a smartphone it hopes will help it win back market share and woo those still using older versions of its physical keyboard devices.
The Canadian mobile technology company said the new device, which bears striking similarities to its once wildly popular Bold and Curve handsets, boasts a larger screen, longer battery life, an expanded app library with access to offerings from Amazon.com Inc’s Android App store, and a browser three times faster than the one on its legacy devices.
“The conversation about BlackBerry has changed in the last year,” Chief Executive John Chen said as he launched the Classic at Manhattan’s upscale Cipriani restaurant. “We are here to stay, there is no question about that. Now we have to engineer our growth.”
He said BlackBerry had listened to its fans and brought back the command bar functionality that helped make its legacy phones easy to navigate.
When the company initially introduced its new BlackBerry 10 operating system and devices early in 2012 it put more emphasis on touchscreens, alienating many fans of its physical keyboard.
Those who moved to the new physical keyboard phones that BlackBerry launched later were unhappy that command keys such as the Menu, Back, Send and End buttons, along with the trackpad had been dropped.
With the Classic and the recent launch of its Passport smartphone, Chen is in some ways taking the company back to its roots, re-emphasizing the physical keyboard, rather than trying to compete directly against the touchscreen handsets of dominant rivals like Samsung Electronics and Apple.
“We expect the Classic to be the most popular BlackBerry enterprise device and the easiest transition for current BB7 (legacy device) users,” said Wells Fargo analyst Maynard Um.
Android apps really take advantage of those permissions they ask for to access users’ personal information: one online store records a phone’s location up to 10 times a minute, French researchers have found. The tools to manage such access are limited, and inadequate given how much information phones can gather.
In a recent study, ten volunteers used Android phones that tracked app behavior using a monitoring app, Mobilitics, developed by the French National Institute for Informatics Research (INRIA) in conjunction with the National Commission on Computing and Liberty (CNIL). Mobilitics recorded every time another app accessed an item of personal data — the phone’s location, an identifier, photos, messages and so on — and whether it was subsequently transmitted to an external server. The log of the apps’ personal information use was stored on the phone and downloaded at the end of the three months for analysis.
The volunteers were encouraged to use the phones as if they were their own, and together used 121 apps over the period from July to September. A similar study last year used a special iOS app to examine the way iPhone apps access users’ personal data.
Many apps access phones’ identifying characteristics to track their users, the researchers said. One of the few options users have to avoid this tracking is a switch in the “Google Settings” app to reset their phone’s advertising ID. That’s not much help, though, as apps have other ways to identify users. Almost two-thirds of apps studied in the three-month real-world test accessed at least one mobile phone identifier, a quarter of them at least two identifiers, and a sixth three or more. That allows the apps to build up profiles of their users for advertising purposes.
Location was one of the most frequently-accessed items of data. It accounted for 30 percent of all accesses to personal information during the test, and 30 percent of the apps studied accessed it at some point. The Facebook app recorded one volunteer’s location 150,000 times during the three-month period — more than once per minute, on average, while the Google Play Store tracked another user ten times per minute at times. Often, the only use apps make of such information is to serve personalized advertising, as was the case with one game that recorded a user’s location 3,000 times during the study.
South Korea’s LG Electronics Inc will roll out a new range of high-tech TVs in early 2015, expanding its line-up while it strives to cut costs that make its prized light-emitting diode (OLED) sets too expensive for most consumers.
A spokesman for the world’s No. 2 TV maker after domestic rival Samsung Electronics Co Ltd said on Tuesday LG will start selling products using quantum dot technology early next year. He didn’t disclose details including pricing.
The technology incorporates a film of tiny light-emitting crystals into regular liquid crystal displays (LCD), boosting picture quality. LG will have 55-inch and 65-inch ultra-high definition quantum dot TVs on display at the major CES trade show next month in Las Vegas.
Japan’s Sony Corp is so far the only major TV maker selling quantum dot models.
LG was widely expected to launch quantum dot TVs next year, having declared its intention to use the products in a dual-track strategy as the firm and its affiliate LG Display Co Ltd try to push OLED prices down. Analysts say it may take the LG firms several years to meet that goal.
The OLED TV sets remain expensive: a 65-inch ultra-high definition model launched in Korea earlier this year was priced at 12 million won ($10,993). A comparable Sony quantum dot TV costs about $3,799, according to the Japanese firm’s website.
Samsung Electronics has said quantum dot is one of many technologies it is considering. Analysts expect Samsung Electronics to launch quantum dot TVs next year, and believe it could be more aggressive in pushing the products than LG, which remains committed to OLED.
The LG spokesman said Dow Chemical Co is supplying quantum dot material. Dow Chemical confirmed the supplier relationship in an emailed statement.
Dow is building a quantum dot factory in South Korea using technology from partner Nanoco Group Plc, with production starting in the first half of 2015.
The FCC voted last Thursday to update its rules for the Connect America Fund, the broadband subsidy program funded through fees on telephone service, with a major change being the increase in minimum download speeds from 4Mbps to 10Mbps from fixed broadband providers.
Broadband providers AT&T and Verizon had opposed the speed increase, and one of the FCC’s Republican commissioners questioned whether the new speed requirement could limit deployment.
The new speed requirements could double the cost of deployment to rural areas, but the commission did not also double the time that broadband providers could complete their deployments, Commissioner Ajit Pai said.
Instead of increasing the funding window for deployments from five to 10 years, as dozens of members of Congress had requested, the commission increased funding term to six years in most cases. Adding new speed requirements without allowing much more time for broadband providers to receive funding may discourage broadband providers from participating, Pai said.
“I fear we are going to leave many communities without broadband for the foreseeable future,” Pai said. “Incentivizing wireline broadband providers to deploy service deep into the unserved countryside requires a balance act. Today’s order disrupts that balance.”
But FCC Chairman Tom Wheeler said the agency doesn’t want to pay for “second-class broadband service.” If large broadband providers don’t agree with the terms of the subsidy, the FCC will use an auction to bring service to rural areas, he said.
Patent wars have become commonplace with smartphone vendors across the world, and now Xiaomi is no exception. The Chinese company announced it had halted its product sales in India, due to a patent dispute with Swedish network equipment vendor Ericsson.
The legal troubles throw a wrench in Xiaomi’s international expansion, and could open the company to even more lawsuits from other patent holders, analysts warn.
In Ericsson’s case, the company said it had spent more than three years complaining to Xiaomi about the alleged patent infringement, which relates to the telecommunications technology used in the company’s phones.
“Ericsson, as a last resort, had to take legal action,” the company said in an email, which claimed that Xiaomi had declined to pay a fair licensing fee for the technology.
In response, Xiaomi said it was working with Ericsson to resolve the matter, without elaborating. But doing so will probably come at some financial cost.
Xiaomi has enjoyed an almost meteoric rise, becoming China’s top smartphone maker this year. However, the company was only founded in 2010, and doesn’t possess an extensive patent portfolio that so many older technology firms like Ericsson wield.
Although Xiaomi declined to comment on its patent activities, analysts expected that the company would eventually run into intellectual property matters at some point in its international expansion.
“It’s possible lawsuits will be filed in other countries, and not just from Ericsson, but other vendors that want to use patents as a weapon against Xiaomi,” said Wang Jingwen, an analyst with research firm Canalys.
Xiaomi, which still sells most of its phones in China, made India a focus of its international efforts. The company still has a small market share in the country, but its phones have been selling like hot cakes there.
It could simply end up paying Ericsson and other companies for access to their patents, but that could mean paying a hefty price.
“If Xiaomi is willing to pay for the licensing fees to Ericsson, the issue can be resolved,” said Xiaohan Tay, an analyst with research firm IDC. “But the higher cost for smartphones may be passed on to consumers, and Xiaomi may not be able to offer phones at such a low cost to consumers anymore.”
“While the Internet of Things (IoT) conjures a vision of ‘anytime, any place’ connectivity for all things, the realization is complex given the need to work across interconnected and heterogeneous systems, and the special considerations needed for security, privacy, and safety,” co-wrote Google chief Internet evangelist Vint Cerf, in a blog post announcing the research program.
The ”Internet of Things” is technical shorthand describing what is expected to be a mass wave of portable devices and sensors that will gather information and send it over the Internet for purposes of analysis and monitoring. Over 50 billion things will be connected to the Internet by 2020, Cisco has estimated.
Google plans to issue two sets of awards, both meant to fuel work to be carried out over a year.
One set of grants will be for larger team projects that Google will pay between $500,000 and $800,000 to see completed. Google expects that the work could be undertaken either by an academician leading a team of researchers or by a graduate student “willing to dedicate a substantial portion of their research time to this expedition,” according to Google’s request for proposals document.
A smaller set of grants, ranging from $50,000 to $150,000, will also be given out. For these grants, Google is looking for “new and unorthodox solutions” in user interface and application development, in privacy and security, and in systems and protocols research, according to the blog post.
SoftBank subsidiary Sprint Corp dropped its bid to acquire the No. 4 U.S. carrier in August but the companies did not rule out future consolidation.
The Japanese telecommunications company is now transferring “the bulk” of manpower out of its West Coast operations, including dispersing development engineers to Sprint headquarters in Kansas, said the people, who declined to be identified because the move has not been made public.
SoftBank is also considering renting out one of two buildings it leased at an annual cost of over $3 million to accommodate a T-Mobile-driven expansion, the people said. The building has stood largely empty, they said.
The failed bid by Japan’s acquisitive No. 3 mobile carrier was a rare setback for founder Masayoshi Son. The billionaire encountered resistance from U.S. regulators, who insisted on keeping the number of major wireless carriers at four.
“There were people sent to Silicon Valley for the purpose of making (mobile phone) platforms, but that job was done and there’s nothing else to do,” said one of the people.
SoftBank spokesman Matthew Nicholson said some SoftBank employees are moving back to Tokyo or going to Kansas as certain joint projects between the company and Sprint have finished. He declined to comment regarding the relationship between the departures and the failed bid to acquire T-Mobile.
SoftBank bought No.3 U.S. carrier Sprint last year for $22 billion as part of an overseas expansion that has included investments across Asia.
Facebook Inc has discontinued including results from Microsoft Corp’s Bing search engine on its social networking site.
The move, confirmed by a company spokesperson, comes as Facebook has revamped its own search offerings, introducing a tool on Monday that allows users to quickly find past comments and other information posted by their friends on Facebook.
The decision may reflect the increasing importance that Facebook sees in Web search technology, a market dominated by rival Google Inc.
Searches on Facebook have long been geared toward helping users connect with friends and to find other information that exists within the walls of the 1.35 billion-user social networking service. But for years, Facebook’s search results also included links to standalone websites that were provided by Bing.
“We’re not currently showing web search results in Facebook Search because we’re focused on helping people find what’s been shared with them on Facebook,” a company spokesperson told Reuters. “We continue to have a great partnership with Microsoft in lots of different areas.”
Microsoft was not immediately available for comment.
Facebook Chief Executive Mark Zuckerberg has flagged search as one of the company’s key growth initiatives, noting in July that there were more than 1 billion search queries occurring on Facebook every day and hinting that the vast amount of information that users share within Facebook could eventually replace the need to search the Web for answers to certain questions.
“There is more than a trillion posts, which some of the search engineers on the team like to remind me, is bigger than any Web search corpus out there,” Zuckerberg said on a conference call with analysts in July.
Microsoft’s Bing is the No.2 Web search provider in the U.S., with a nearly 20 percent share of the market according to industry research firm comScore.
Facebook and Microsoft have a longstanding relationship dating back to Microsoft’s $240 million investment in Facebook, for a 1.6 percent stake in the company, in October 2007. As part of that deal, Microsoft provided banner ads on Facebook’s website in international markets.
Intel showed off a new platform which it claims makes it easier for companies to create Internet-connected smart products using its chips, security and software.
Intel’s platform is like Lego and based on the chipmaker’s components and software for companies to create smart, connected devices. The only difference is that you can’t enact your own Doctor Who scene from it.
Doug Davis, head of Intel’s Internet of Things business, said at a launch event in San Francisco it will make it a doddle to connect to data centres in order analyse data collected from devices’ sensors.
Intel’s chips should compute capability in end-point devices that scale from its highest performance Xeon processor to the Quark family of products.
Intel’s Internet of Things Group had $530 million in revenue in the September quarter. That accounted for just 4 percent of Intel’s total revenue in the quarter, but it grew 14 percent over the previous year, which was faster than the company’s PC business.
Dell, SAP, Tata Consultancy, Accenture and other companies are working with the new reference model, Davis said.