Lifeboat Foundation

Security researchers from Google’s Project Zero team recently uncovered pre-installed apps in Android devices that either allowed remote attackers to carry out remote code execution, could disable Google Play Protect in devices, or could collect information on users’ web activities.

At the Black Hat cybersecurity conference in Las Vegas, Maddie Stone, a security researcher on Project Zero and who previously served as Senior Reverse Engineer & Tech Lead on Android Security team, revealed that her team discovered three instances of Android malware being pre-installed in budget Android phones in the recent past.

One such pre-installed app was capable of turning off Google Play Protect, the default mobile security app in Android devices, thereby leaving devices vulnerable to all forms of cyber attacks or remote surveillance. The Project Zero team also found an app pre-installed on Android phones that gathered logs of users’ web activities.

Cyber-espionage group Cloud Atlas has added polymorphic malware to its arsenal to avoid having its operations detected and monitored with the help of previously collected indicators of compromise (IOCs).

The hacking group also known as Inception [1, 2] was initially identified in 2014 by Kaspersky’s Global Research and Analysis Team researchers, and it has a history of targeting government agencies and entities from a wide range of industries via spear-phishing campaigns.

While the malware and Tactics, Techniques, and Procedures (TTP) Cloud Atlas uses during its operations has remained unchanged since at least 2018, the APT group has now added new polymorphic HTML Application malware dropper in the form of a malicious HTA and a backdoor dubbed VBShower.

The last-resort option for getting rid of malware is reinstalling Windows. Also, the tricky thing about Microsoft’s OneDrive cloud storage. And how to get a certain antivirus program off your computer. Patrick Marshall answers your personal technology questions each week.

Just five months ago at the RSA conference, the NSA released Ghidra, a piece of open source software for reverse-engineering malware. It was an unusual move for the spy agency, and it’s sticking to its plan for regular updates — including some based on requests from the public.

In the coming months, Ghidra will get support for Android binaries, according to Brian Knighton, a senior researcher for the NSA, and Chris Delikat, a cyber team lead in its Research Directorate, who previewed details of the upcoming release with CyberScoop. Knighton and Delikat are discussing their plans at a session of the Black Hat security conference in Las Vegas Thursday.

Before the Android support arrives, a version 9.1 will include new features intended to save time for users and boost accuracy in reverse-engineering malware — enhancements that will come from features such as processor modules, new support for system calls and the ability to conduct additional editing, known as sleigh editing, in the Eclipse development environment.

The Android Security team’s former tech lead, who’s now a security researcher on Google’s Project Zero, breaks down why.

For five years, several AT&T employees were conspiring with a Pakistani man to install malware on company computers so that man could unlock millions of smartphones subsidized by the carrier, according to federal investigators.

On Tuesday, the Justice Department unsealed an indictment against Muhammad Fahd for bribing AT&T employees at a call center in Washington state to pull off the scheme. According to the feds, Fahd allegedly paid more than $1 million in bribes to the AT&T employees during the conspiracy, which allowed him to fraudulently unlock more than 2 million AT&T phones from 2012 to 2017.

Fahd allegedly partnered with businesses that offered cell phone unlocking services in exchange for a fee. These unnamed business would then supply him with the IMEI numbers of the phones bound to AT&T’s network.

With over 350,000 new malware samples emerging every day, it’s difficult for any one strain of malware to make a name for itself. Any single malware sample whose name you know — be it Mirai, WannaCry, or NotPetya — speaks to a trail of devastation.

In 2019, people are also hearing another name: Emotet.

But Emotet has been around in one form or another since 2014, and its first major resurgence was in 2017. In the beginning, Emotet was just one trojan among many — a particularly run-of-the-mill banking trojan that did some damage before being researched, understood, and dismissed in a flurry of signature updates.

He can hack your WhatsApp, find out where you are in 15 minutes and monitor your iPhone. But Tal Dilian says he’s one of the good guys. It’s badly-behaved governments who should be in trouble, not the $12 billion industry he’s come to represent.

Graphics chip maker Nvidia is urging users to install new security updates that address one high-severity flaw and four others that can be exploited by attackers.