 Dozens of Android camera applications, some of them with over 1 million installs on the Google Play Store, were serving malicious ads and fake update prompts while also making sure that they won't be uninstalled by hiding their entries from the application list. Lorin Wu, a mobile threats analyst for Trend Micro, sorted these malicious apps in two different categories: some of them were variations of the same camera application designed to beautify photos, while the other kind allowed their users to apply photo filters on their snapshots. These apps have all been removed from the Google Play store by now, but not before they were able to amass millions of installations (some of them most probably fake). All of them were also obviously connected to each other given that they were sharing various design components such as the screenshots added to their Google Play entries. According to Wu, the beauty camera apps detected as AndroidOS_BadCamera.HRX, were "capable of accessing remote ad configuration servers that can be used for malicious purposes." After installation, they would automatically hide from the application list to make sure the victim would not be able to remove them and start displaying adult content and fraudulent content ads using the default web browser after every device unlock event. To add insult to injury, the user would not be able to pinpoint the app that pushed the ads, while some of the advertisements redirected the victims to websites which asked for personal information to be able to collect various fake prizes. Learn more from OUR FORUM.  An investigation has revealed that Facebook has been paying people aged between 13 and 35 to install a data harvesting VPN tool. The "Facebook Research" VPN was offered to iOS and Android users who were paid up to $20 per month -- plus referral commissions -- to provide the social network with near-unfettered access to phone, app, and web usage data (a Root Certificate is installed to give a terrifying level of access). As news of the activity came to light, Facebook has announced that the program (sometimes referred to as Project Atlas) is being terminated on iOS, but it seems that it will be continuing on Android. If this sounds slightly familiar, you just need to think back a few months to when Facebook's Onavo Protect VPN was kicked out of the App Store for violating Apple's data collection rules. The investigation was carried out by TechCrunch. It found that Facebook has been using the research program for some time to "gather data on usage habits". Facebook's Research was made available through a range of beta testing services, and in this way, the app was able to "sidestep" the App Store. TechCrunch says that users were asked to install the app and provide "root access to network traffic in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity". Learn more by visiting OUR FORUM.  A serious Apple iOS bug has been discovered that allows FaceTime users to access the microphone and front-facing camera of who they are calling even if the person does not answer the call. To use this bug, a caller would FaceTime another person who has an iOS device and before the recipient answers, add themselves as an additional contact to Group FaceTime. This will cause the microphone of the person you are calling to turn on and allow the caller to listen to what is happening in the room. Even worse, if the person that is being called presses the power button to mute the FaceTime call, the front-facing camera would turn on as well. What this means, is if someone is calling you on FaceTime, they could be listening and seeing what you are doing without you even knowing. BleepingComputer has tested and confirmed that this bug works in iOS 12.1.2 and we were able to hear and see the person. When testing it against an Apple Watch, though, we were not able to get the audio portion of the bug to work. While it is not known who first discovered this bug, numerous people have been posting about it on social media and making video demonstrations as shown below. When 9to5Mac first reported on the bug, they were only able to get the microphone snooping working. Later, BuzzFeed reported that they could also access the front-facing camera and that Apple stated that they are "aware of this issue and we have identified a fix that will be released in a software update later this week." We have the video and instructions on disabling Facetime posted on OUR FORUM. |
Latest Articles
|