Subscribe to:

Subscribe to :: ::

Is HP Installing Unwanted Telemetry Software On PC’s

December 4, 2017 by  
Filed under Computing

HP is allegedly installing a telemetry client on customers’ machines without asking permission.

According to a report at ComputerWorld the sneaky software, which was first identified on 15 November, is dubbed ‘HP Touchpoint Analytics Service’, which HP itself says “harvests telemetry information that is used by HP Touchpoint’s analytical services.”

A user on the Bleeping Computer forums first spotted the software, saying: “After the latest batch of Windows updates, about a half hour after installing the last, I noticed that this had been installed on my computer because it showed up in the notes of my Kaspersky, and that it opened the Windows Dump File verifier and ran a disk check and battery test.”

This comment, as ComputerWorld notes, points the finger squarely at Windows updates. However, it remains unclear as to whether Microsoft or HP is at fault. 

Regardless, given that HP made no effort to ask users for permission before the software was dumped on their PC, it’s no surprise that complaints have since flooded the company’s own forums, where users have moaned that the software is slowing down their system.

One miffed HP customer wrote: “This CPU gobbling nonsense also cropped up on my desktop machine in the past few days – I noticed the fan was constantly running and looked to see what was causing the load on my system.”

Another added: “I noticed my mouse lagging significantly on Chrome, went to Programs & Features in Control Panel on my Windows 7 HP desktop and saw this “HP Touchpoint Analytics Client” was installed on my PC without my permission on 11-17-17.”

Thankfully, it appears the offending software can be removed fairly easily, and a detailed report on how to do so can be found here. 

We’ve asked HP to comment on the report but have yet to receive a response.

This isn’t the first time the firm has found itself caught up in a spyware scandal, though. Back in May, it was revealed that HP had been shipping audio drivers with built-in keyloggers since ‘at least’ Christmas 2015.

Security firm Modzero at the time revealed that the audio driver package, developed and digitally signed by the audio chip manufacturer Conexant, has been poorly implemented, turning the driver “effectively into keylogging spyware.”


Can IBM’s Quad9 Block Botnets

November 28, 2017 by  
Filed under Computing

IBM has partnered with the Global Cyber Alliance (GCA), an organisation founded by law enforcement and research firms to help reduce cyber-crime, to launch a free public Domain Name Service (DNS) system.

While that might not sound so fascinating, the interesting thing is that the new DNS system, named Quad9, will block domains associated with botnets, phishing attacks, and other malicious internet hosts. This is especially good news for businesses that don’t run their own DNS blacklisting and whitelisting services, as it will make them much safer.

Quad9, which is named as such du to its Internet Protocol address, works in the same way as any other public DNS server, such as Google’s, but the difference is it won’t return name resolutions for sites that are identified via threat feeds the service aggregates daily.

“Anyone, anywhere can use it,” said GCA’s president and chief operating officer, Phil Rettinger, in an interview with Ars Technica, adding that the service will be “privacy-sensitive” with no logging of the addresses making DNS requests.

“We will keep only [rough] geolocation data,” he said, explaining that this will be used to track the spread of requests associated with particular malicious domains. “We’re anonymising the data, sacrificing on the side of privacy,” he added.

So where does IBM come in? According to GCA, the computer giant will provide the power behind one of Quad9’s major threat feeds, one of which is IBM’s X-Force. This converts the feeds into a database that is then de-duplicated.

So whenever a Quad9 user clicks on a website link or types an address into a web browser, Quad9 checks the site against IBM X-Force’s threat intelligence database of over 40 billion analysed web pages and images. The other 18 feeds the service taps from include threat intelligence partners including, the Anti-Phishing Working Group, Bambenek Consulting, F-Secure, mnemonic, 360Netlab, Hybrid Analysis GmbH, Proofpoint, RiskIQ, and ThreatSTOP.

Quad9 then generates a whitelist of domains never to block, using a list of the top one million requested domains, as well as a “gold list” of safe providers, such as major Internet service sites like Microsoft’s Azure cloud, Google, and Amazon Web Services.

The blocked sites, whitelist, and gold lists are then converted into a Response Policy Zone (RPZ) format before being pushed out to the clusters of DNS servers around the world maintained by Packet Clearing House via DNS zone transfers. The DNS server clusters, which are each load-balanced with dnsdist, use a mix of Unbound and PowerDNS servers to deliver responses.

As of launch, there were clusters of DNS servers configured in 70 different locations around the world, and Quad9 expects to have 100 sites up and running by the end of the year. It’s also free, but will need to be continually funded as the GCA is a non-profit.

IBM said that telemetry data on blocked domains from Quad9 will be shared with threat intelligence partners for the improvement of their threat intelligence responses for their customers and Quad9.


Is SAP Losing Steam

October 23, 2017 by  
Filed under Around The Net

The maker of expensive management software, which no-one really knows what it does, SAP has seen its profits take a dip.

The outfit missed market expectations for third quarter profit as it invested heavily to shift business customers into cloud computing.

SAP said it is in the middle of a transition to offering cloud-based services to its business customers and management had flagged that 2017 would see a trough in profit margins as it invested in datacenters and redeployed staff.

The outfit said it should see a recovery next year and had a “very good shot” at stabilizing margins in the fourth quarter. Chief Financial Officer Luka Mucic told a conference call:  “Going into 2018 we see a margin turnaround.”

Revenue for the German business planning software provider grew eight percent to 5.59 billion euro from a year earlier, falling short of the mean forecast of 5.71 billion euro from 16 analysts surveyed by Reuters.

Core profit excluding special items rose by four percent to 1.64 billion euro at constant currency rates, SAP said, below the 1.69 billion euro expected by analysts.

The euro’s strength sliced four percentage points off core profits, which was flat after taking currency moves into account. Analysts at Baader Helvea said they expected currency headwinds to continue for the next three quarters.

The company nudged up guidance for the full year core operating profits to 6.85-7.0 billion euro and said 2017 total revenue would range from 23.4-23.8 billion euro, marking year-to-year growth of around six to eight percent, excluding currency effects.

Cloud subscriptions and support revenue rose 27 percent in the third quarter to 938 million euro, excluding currency effects, compared with the 29 percent analysts had expected, on average.

This was offset by its classic software license and support business revenue, which rose four percent to 3.72 billion euro, slightly above the 2.2 percent growth rate expected by analysts.

Chief Executive Bill McDermott was bullish for the fourth quarter: “We are gaining share against our competitors. SAP is growing faster in the cloud – and we are doing it organically.” During a conference call, he contrasted his company with the the acquisition-fueled growth of its rivals.


Tesla Hands Pink Slips To 400 Employees

October 16, 2017 by  
Filed under Around The Net

Luxury electric vehicle maker Tesla Inc fired about 400 employees late last week, including associates, team leaders and supervisors, a former employee told Reuters on Friday.

The dismissals were a result of a company-wide annual review, Tesla said in an emailed statement, without confirming the number of employees leaving the company.

“It’s about 400 people ranging from associates to team leaders to supervisors. We don’t know how high up it went,” said the former employee, who worked on the assembly line and did not want to be identified.

Though Tesla cited performance as the reason for the firings, the source told Reuters he was fired in spite of never having been given a bad review.

The Palo Alto, California-based company said earlier in the month that “production bottlenecks” had left Tesla behind its planned ramp-up for the new Model 3 mass-market sedan.

The company delivered 220 Model 3 sedans and produced 260 during the third quarter. In July, it began production of the Model 3, which starts at $35,000 – half the starting price of the Model S.

Mercury News had earlier reported about the firing of hundreds of employees by Tesla in the past week.

Tesla Delays Big Rig Debut, Focuses On Model 3 Production

October 10, 2017 by  
Filed under Around The Net

Tesla Inc Chief Executive Elon Musk has delayed the unveiling of the company’s big rig truck until mid-November, tweeting that the electric vehicle maker was diverting resources to fix production bottlenecks of its new Model 3 sedan and to help Puerto Rico.

Musk said Tesla’s Model 3 was “deep in production hell” echoing his own comments in July when he showed off some of the first cars of that model.

The Model 3 could help Tesla approach its goal of becoming more of a mass-market producer. Recent comments have tempered expectations about the speed of the increase in production, though.

The Palo Alto, California-based company delivered just 220 Model 3 sedans and produced 260 in the third quarter. It had planned to produce more than 1,500.

Musk also tweeted the company was diverting resources to increasing battery production to help hurricane-hit Puerto Rico, where most residents remain without electricity.

Earlier this week Tesla reported that “production bottlenecks” had left it behind the planned ramp-up for the Model 3.

In response to a Tesla customer asking if he would get his car delivered this year, Musk tweeted, “December will be a big month, so probably, but it is impossible to be certain right now.”

A Wall Street Journal report said parts of Model 3 were being made by hand as recently as early September, adding to production delays.

Musk also said Tesla would reschedule the unveiling of its semi-truck to Nov. 16 as it focuses on fixing production issues tied to Model 3 and increases battery production for Puerto Rico.

The unveiling of the truck, called Tesla Semi, has been delayed for the second time this year. Musk had initially said the truck would be unveiled in September, but he later rescheduled it to late October.

Reuters in August reported that the truck would have a working range of 200-300 miles.

Earlier in the day, Musk said the company will send more battery installers to Puerto Rico to help restore power after Hurricane Maria knocked out power on the island over two weeks ago.

Lyft Forms Sel-driving Car Division, Speeds Up Autonomous Vehicle Efforts

July 24, 2017 by  
Filed under Around The Net

Lyft Inc has formed an autonomous cars division, company executives said, a bold investment for the second-largest U.S. ride-services firm as it jockeys for position in the highly competitive self-driving vehicle race.

The executives said on Thursday the company would soon open a facility in Palo Alto, California, that would eventually be staffed by “several hundred” engineers. Lyft engineers will collaborate there with autonomous vehicle experts from other companies to build self-driving systems.

“We are putting down the accelerator significantly on investment on this,” Raj Kapoor, chief strategy officer for Lyft, told reporters at its San Francisco headquarters.

The move marks a striking strategy change for Lyft, which said previously it would leave the building of self-driving systems to others while allowing partners to test their autonomous cars in Lyft’s ride-hailing network.

Lyft previously announced partnerships with Alphabet’s self-driving division, Waymo, technology company Nutonomy, and automakers General Motors Co and Jaguar Land Rover. Lyft’s new effort could put it in direct competition with some of those partners.

The company, which will not be manufacturing the actual cars, offered no time line for its self-driving ambitions. Executives said Lyft would share data from its self-driving efforts with other companies joining the collaboration.

Lyft does not have a permit to test autonomous cars in California, according to the state Department of Motor Vehicles. The company plans to launch a pilot with Nutonomy in Boston by year-end.

Building autonomous driving systems is a complicated and expensive endeavor, and brings a new layer of complexity to Lyft. Unlike its far larger rival, Uber Technologies Inc, which has tackled everything from food delivery to flying cars, and expanded overseas, Lyft has operated strictly as a ride service for people in the United States.

Lyft’s 700,000 drivers complete more than 200 million rides and 1.2 billion miles (1.9 billion km) a year in the 350 cities where it operates, which executives said gave the company detailed knowledge of traffic patterns, bridges, construction and other roadway data critical for building autonomous systems.

“The one thing that is very, very key is the scale that we have,” said Luc Vincent, vice president of engineering.

AT&T Teams Up With IBM, Nokia To Tackle IoT Vulnerabilities

February 10, 2017 by  
Filed under Computing

Some of the most notable firms in security and the internet of things, including AT&T and Nokia, are joining forces to solve problems that they say make IoT vulnerable in many areas.

The IoT Cybersecurity Alliance, formed Wednesday, also includes IBM, Symantec, Palo Alto Networks, and mobile security company Trustonic. The group said it won’t set standards but will conduct research, educate consumers and businesses, and influence standards and policies.

As IoT technologies take shape, there’s a danger of new vulnerabilities being created in several areas. Consumer devices have been in the security spotlight thanks to incidents like the DDoS attacks last year that turned poorly secured set-top boxes and DVRs into botnets. But the potential weaknesses are much broader, spanning the network, cloud, and application layers, the new group said in a press release.

AT&T says over the past three years it has detected an increase of more than 3,000 percent in attackers scanning IoT devices for weaknesses. Enterprises aren’t confident their devices are secure, AT&T says.

“That combination of attacker interest and customer concern could damage or even derail the rosy future most vendors see for the Internet of Things,” Pund-IT analyst Charles King said in an email.

The Alliance vows to jointly research problems in those areas and in major IoT use cases such as connected cars, healthcare, industrial IoT, and so-called smart cities.

The group’s goals and methods are similar to what the Industrial Internet Consortium has been doing since 2014. IIC, which includes AT&T and IBM, also aims to define best practices and influence IoT standards in several areas, including security. But it’s focused specifically on industrial IoT.

Ford To Link Some Cars To Amazon’s Alexa Home Voice System

October 5, 2016 by  
Filed under Consumer Electronics

ford-logo-150x150Some Ford owners will soon be able to control features in their home from their cars using Amazon’s Alexa voice service or start their vehicles from their desks using the same system.

Ford Motor Co said that three models, the Focus Electric, Fusion Energi and C-Max Energi, by year’s end will be able to communicate with smart home devices using Alexa by pressing a voice recognition button on the steering wheel.

Consumers can send instructions to their Ford vehicles from home by using Amazon’s Echo smart home device and Alexa, an “intelligent assistant,” similar to Apple’s Siri, that enables users to access Internet services and interact with devices using voice commands. Vehicle owners also will be able to send simple commands via Alexa to smart home appliances and systems.

The Ford-Amazon partnership was announced at the annual Consumer Electronics Show in January. Production plans were shared last week with Reuters during a demonstration of the service at Ford’s Research and Innovation Center in Palo Alto, California. A Ford spokesperson said the service has entered a final phase of testing with Amazon before its planned release at the end of the year.

Among the functions that Alexa can provide are the ability to preset temperature in the home, check the security system or turn on the outside lights from the car. Using an Echo device in the home or office, Alexa users can start the vehicle, lock or unlock their doors and check the range between charges, after providing a security code.

Alexa also can be used to update shopping lists, get weather reports, check appointments and cue up music in the car.

Some of the in-vehicle services through Alexa will be rolled out to other Ford models starting early next year, according to Ford spokesman Alan Hall.


SAP Buys Could Up-Start Altiscale

October 4, 2016 by  
Filed under Computing

SAP the esoteric business software outfit which makes expensive business software which no one can be certain what it does, has just bought the cloud start-up Altiscale.

SAP said that Altiscale offers cloud based versions of the Hadoop and Spark open source software for storing, processing and analysing different types of data. It is thought that the deal was worth about $125 million but this is mostly guessing.

Altiscale has published a blog post to let its customers know that it will become a part of SAP. Apparently SAP wants to harness its technology:

“Altiscale is a natural fit for SAP, as we share our overall focus of helping enterprises derive business value from data — and successfully use big data. Since Altiscale is a leader in big data-as-a-service based on Hadoop and Spark, it enables SAP to drive end-to-end value in Big Data across the technology, data platform PaaS (platform as a service), analytics, and application stack”.

Raymie Stata, Altiscale cofounder and chief executive, notes that the startup will focus on integrating its technology with SAP and will also work on SAP strategy around data and platform.
Altiscale flogs its stuff to Accel Partners, AME Cloud Ventures, Northgate, General Catalyst Partners, Sequoia Capital and Wildcat Venture Partners.


SAP Expands IoT Footprint With Plat.One Acquisition

September 30, 2016 by  
Filed under Around The Net

sap-logo-150x150SAP has acquired IoT software developer Plat.One,taking the first step of a plan to invest $2 billion in the internet of things over the next five years.

Some of those billions will be spent on the creation of IoT development labs around the world, SAP said Wednesday. It already has plans for such labs in Berlin, Johannesburg, Munich, Palo Alto, Shanghai and São Leopoldo in Brazil.

The company is also rolling out a series of “jump-start” and “accelerator” IoT software packages for particular industries, to help them monitor and control equipment.

Another compoent of SAP’s IoT plan is to acquire new businesses, the latest of which is Plat.One. This company makes a platform that helps smart devices talk to one another and with a central database, translating between the different protocols they use to communicate. Plat.One says it manages 200,000 devices for 25 enterprise customers, including three telecommunications companies: BT, T-Systems and Telecom Italia.

Back in June SAP bought Fedem Technology, a Norwegian company specializing in the modeling of structures under load. By mapping sensor data from real structures onto these models, SAP intends to create digital avatars of buildings and industrial machines that can be inspected for wear or damage virtually, without the need for a site visit.

SAP is not alone in having designs on the industrial IoT market. Hewlett Packard Enterprise teamed up with GE to sell that company’s Predix IoT platform back in June, with GE naming HPE its preferred storage and infrastructure provider in return. The following month it was Microsoft’s turn, as it struck a deal to put GE’s Predix on the Azure cloud platform.

SAP’s plan for Plat.One is to link it with its HANA Cloud Platform, built around the company’s HANA in-memory database. One of the strengths Plat.One claims for its software is that it works well on the network edge, particularly in environments where connectivity to cloud platforms is intermittent. That could be useful for tracking machinery in industrial or mining environments with patchy network coverage.

Plat.One is headquartered in Palo Alto, California, but it was founded near Genoa in Italy, where its research team is still based.


iPhone 7 Plus Outselling Smaller Version

September 20, 2016 by  
Filed under Mobile

iphone-7-plus-150x150Early data from U.S. sales of Apple’s latest iPhones suggested that the larger 7 Plus was outselling the smaller 7, according to market research data.

Of the iPhone 7 online pre-orders during the initial 48 hours of availability, 55% were for the 5.5-in. iPhone 7 Plus; the remaining 45% were for the 4.7-in. iPhone 7. That was the first-ever flip to the Plus size in the three annual cycles since Apple offered a big-screen iPhone in 2014.

According to Palo Alto, Calif.-based Slice Intelligence, U.S. buyers of the iPhone 6 or 6 Plus two years ago leaned toward the former in a split of 65% to 35%. The gap narrowed last year with the 6S and 6S Plus, when the smaller iPhone 6S accounted for 59% of the total, and the 6S Plus with 41%.

Slice based its data on a sampling of approximately 4 million U.S. consumers. Those people have opted in to Slice’s services or apps — including the same-named shopper’s assistant app for iOS and Android — or those of partners which license the firm’s technology, and so give Slice access to their email inboxes. Slice sniffs through the inboxes, then spots and copies emailed receipts for online orders.

Apple does not disclose the sales splits between iPhone models — or the various versions of its other hardware for that matter — but instead tallies all iPhones into a single number for each quarter.

Slice’s data hinted at a larger gross revenue number for Apple in the U.S. this launch cycle: The iPhone 7 Plus sells for $120 more than the iPhone 7.

Not surprisingly, Slice’s email receipts also showed that the iPhone’s new Black and Jet Black colors were the two most popular for pre-order customers, replacing the now-extinct Space Gray, which had been the top choice for the last two years. Nearly half of all iPhone 7 and 7 Plus orders (46% to be exact) were for the Black, said Slice, with another 23% were for the Jet Black.

Jet Black, a new highly polished finish, has been in short supply, high demand, or both: Apple ran out of that color almost as soon as pre-orders opened on Sept. 9. Currently, a Jet Black iPhone 7 Plus will ship to U.S. buyers sometime in November, according to Apple’s e-mart, while a Jet Black iPhone 7 will ship three to five weeks after ordering.


Wireless Keyboards Appear To Be A Big Security Risk

August 1, 2016 by  
Filed under Around The Net

Wireless keyboards and mice from a number of big-name brands transmit keystrokes unencrypted or poorly encrypted, enabling them to be sniffed from distances of up to 100 metres.

That’s according to new research, which comes at least seven years after the first investigations into wireless keyboard security highlighted glaring vulnerabilities.

Tens of millions of wireless keyboards and mice are in use worldwide, but a hacking tool called KeySniffer can identify the keystrokes of wireless keyboards from at least eight companies. The security flaws could enable a determined attacker to sniff passwords and other sensitive information from the devices.

The tool was developed by security company Bastille. It was used to test devices from 12 manufacturers and found security holes in products from eight of them.

The affected brands include Anker, EagleTec, General Electric, HP Inc, Insignia, Kensington and Radio Shack. Significantly, perhaps, devices from Microsoft and market leader Logitech appear to be secure.

“Vulnerable keyboards are easy for hackers to detect as they are always transmitting, whether or not the user is typing. Consequently, a hacker can scan a room, building or public area for vulnerable devices at any time,” warned Bastille in an advisory.

Part of the problem, claimed the company, is that wireless keyboards typically transmit at 2.4GHz bands using proprietary tools and, unlike Bluetooth, there is no security standard that all manufacturers can adopt.

“In order to prevent eavesdropping, high-end keyboards encrypt the keystroke data before it is transmitted wirelessly to the USB dongle. The dongle knows the encryption key being used by the keyboard, so it is able to decrypt the data and see which key was pressed,” said Bastille Networks engineer Marc Newlin .

“[But] many of today’s inexpensive wireless keyboards do not encrypt the keystroke data before it is transmitted wirelessly to the USB dongle.

“This makes it possible for an attacker to eavesdrop on everything a victim types, as well as transmit their own malicious keystrokes, which allows them to type directly on the victim’s computer.”

Only two of the eight vendors have responded to the research. Kensington said in a statement: “We have taken all necessary measures to close any security gaps and ensure the privacy of users.

“Kensington has released a firmware update that includes AES encryption. Products with the new firmware will be updated with a new part number, K72324USA.”

This is not the first time that wireless keyboards and mice have been the subject of hackers’ attentions.

The first research into the security of wireless devices was conducted in about 2009, and the majority were insecure until the development of KeyKeriki, a small device designed to be used surreptitiously in the target environment where it would log keystrokes for download and analysis later.

“Consider this scenario. You are in your home office and logging into your bank account using your computer that has a wireless keyboard,” wrote security specialist Siva Ram at the time.

“Someone is outside your window (or has dropped the device there) and is logging your credentials. Or you are making a purchase and typing in your credit card and CVV number. Someone is getting all this information.

“Another scenario is if someone slips this device into their laptop bag and brings it to work. They can potentially log all the keystrokes from all the people in neighbouring cubicles.”

A number of manufacturers have since improved the security of wireless keyboards and mice, most notably Logitech, but many manufacturers, including some big names, still don’t appear to have caught up.

The KeyKeriki team exposed weaknesses in the XOR encryption used in a number of wireless keyboards from Microsoft in 2010, while an exploit called KeySweeper was developed in 2015 to take advantage of the vulnerability.




Will Android Nougat Really Thwart Ransomware?

July 11, 2016 by  
Filed under Mobile

Android 7.0 Nougat will have added security to prevent malware, especially ransomware, resetting passwords and locking owners out of their device.

The long overdue security measure comes after the Android platform was invaded by a wave of ransomware, particularly Android.Lockdroid.E and its variants, in late 2015.

Dinesh Venkatesan, a principal threat analysis engineer at Symantec, said in a Security Response blog post: “These variants scare victims with a system error GUI and then reset the lockscreen password used to access the device.

“Even users who manage to remove the malware without resetting the device may be unable to use the phone because they won’t be able to get around the password the malware sets.”

The malware can reset a PIN or pattern-style password in Android by invoking the resetPassword API.

“In order to invoke this method, the calling application must be a device administrator,” explained Venkatesan.

“The upcoming Android version … will introduce a condition so that the invocation of the resetPassword API can only be used to set the password and not to reset the password.”

This ensures that malware cannot reset the lockscreen password, as the change is strictly enforced and there is no backward compatibility escape route for the threat.

“Backward compatibility would have allowed malware to reset the lockscreen password even on newer Android versions. With this change, there is no way for the malware to reset the lockscreen password on Android Nougat,” Venkatesan said.

However, the measure won’t protect people who have not set a password, and who therefore deserve everything they get.

Venkatesan concluded: “The new feature will also affect standalone disinfection utilities, which also depend on the resetPassword() API. A disinfector utility is an automated tool designed to help users whose devices are infected with malware.

“The disinfector should clean the malware [and] reset the arbitrary password set by the threat during its infection routine.

“Before Android Nougat, the disinfector calls the resetPassword() API to achieve this functionality. However, with Android Nougat’s new restrictions, the disinfector’s ability to call that API is bound to fail.”




Viking Horde Malware Invades Android Devices

May 13, 2016 by  
Filed under Mobile

A new strain of malware dubbed ‘Viking Horde’ has potentially infected hundreds of thousands of Android devices by masquerading as popular apps in Google Play.

Viking Horde was uncovered by the security team at Check Point and reported to Google on 5 May. The malware is viewed as particularly dangerous because it can target rooted and non-rooted devices.

However, rooted devices are the most at risk, as this allows the malware to download additional components that make it almost impossible to remove.

“On rooted devices, Viking Horde delivers additional malware payloads that can execute any code remotely,” the security firm said. “It also takes advantage of root access privileges to make itself difficult or even impossible to remove manually.”

Once a user has installed an app containing the Viking Horde malware, the infected device joins a botnet, or network controlled by the attacker, without the owner knowing. The bots are used by the hacker for advertising clicks to generate income.

“The malware’s primary objective is to hijack a device and then use it to simulate clicks on advertisements in websites to accumulate profit,” Check Point said.

Users’ personal information is also at risk given that the app has access to all parts of a device that it infects, while some user reviews claim that the app also sends premium text messages, which could be used for DDoS attacks, spamming and delivering malware.

“SCAM!!! COSTS ME £4.50 THE GAME WAS ASKING FOR ROOT ACCESS which was suspicious then asks for sms permissions then sent a message that costs £4.50 then deletes it to cover it up,” said one user review on Google Play.

The malware has been found inside five apps in the Google Play store: Viking Jump, Parrot Copter, WiFi Plus, Memory Booster and Simple 2048. Viking Jump, the most popular of the apps with between 50,000 and 100,000 downloads, can still be found in the app store, although the others have been removed.

Check Point said that most of those who downloaded Viking Horde-infected apps are in Russia, Spain, Lebanon, Mexico and the US.

Viking Horde isn’t the only threat plaguing Android users at present. It was revealed last week that users of Snapdragon-powered smartphones are at risk from a “undetectable” Qualcomm software flaw that leaves text messages and call histories open to hackers.



New Ransomware Wreaking Havoc

March 15, 2016 by  
Filed under Computing

Locky, a new malware strain that wants to part you from your hard-earned.

Locky, as we learn at the Trustwave website, is a swine, and a greedy one at that. It’s ransomware with a dash of spamming and JavaScript that is after your pennies, apparently.

“We are currently seeing extraordinarily huge volumes of JavaScript attachments being spammed out which, if clicked on by users, lead to the download of ransomware. Ransomware encrypts data on a hard drive, and then demands payment from the victim for the key to decrypt the data,” said the firm on its Spiderlabs blog.

“Our Spam Research Database saw around four million malware spams in the last seven days, and the malware category as a whole accounted for 18 percent of total spam arriving at our spam traps.”

These campaigns are coming from the same botnet responsible for previously spammed documents with malicious macros which downloaded the Dridex trojan, the firm explained.

“The actors behind the campaigns have merely changed the delivery mechanism (.js attachment) and the end malware (ransomware). This type of malware has a very destructive payload,” Trustwave said.

This mere change, however, is a big part of the Locky problem since it has enabled the malware to fool some antivirus software and cause havoc.

The payload is a software git that encrypts all your files and asks for a bitcoin ransom. There is some debate over whether it is wise to pay out on ransomware demands, but some have done it.

Trustwave, which can protect you against this, suggested that firms consider blocking .js attachments at the gateway, presumably with a sharp stick.

“Ransomware attacks grow more common because they’re effective and lucrative. They’re effective because it’s relatively easy to trick someone into downloading malware via phishing,” said David Gibson, VP of strategy and market development at Varonis.

“It’s lucrative because many people and organisations end up deciding it’s just easier to pay.”



Next Page »