Another month, another bunch of Android malware that's found its way onto Google Play. That's according to researchers from Check Point, who claimed to have found the second-biggest outbreak to ever hit Google's platform, with as many as 21.1 million infections from one malware family.
The malware's been dubbed ExpensiveWall after hiding inside wallpaper apps. The researchers warned it sent fraudulent premium SMS messages and charged for fake services. In the latest outbreak detected by Check Point, ExpensiveWall infected at least 50 apps, which together were downloaded between 1 million and 4.2 million times.Read more
When a company the size of Google makes a tiny mistake, the outcome could have immense repercussions – and this is precisely what happened in Japan last week.
Last Friday, half the internet in the country suddenly shut down after the Big G accidentally botched a Border Gateway Protocol (BGP) around noon local time. The origin of the blunder was a number of falsely announced peer prefixes sent to Verizon. Shortly after the faulty rerouting request went through, numerous users of internet providers NTT Communications and KDDI Corp. were unable to connect to the web – or experienced significantly slower surfing speeds.Read more
Twice in five days, developers of Chrome browser extensions have lost control of their code after unidentified attackers compromised the Google Chrome Web Store accounts used to issue updates.
The most recent case happened Wednesday to Chris Pederick, creator of the Web Developer extension. Last Friday, developers of Copyfish, a browser extension that performs optical character recognition, also had their account hijacked. In both cases, the attackers used the unauthorized access to publish fraudulent updates that by default are automatically pushed to all Chrome users who have the extensions installed.Read more
A form of Android ransomware which threatens to send the victim's private information and web history to all of their contacts has been discovered in the official Google Play app store.
LeakerLocker doesn't actually encrypt the victims' files, but instead claims to have made a backup of data stored on the device and threatens to share it with all of the user's phone and email contacts. Those behind the malware demand $50 in exchange for not leaking personal data including photos, Facebook messages, web history, emails, location history and more, playing on fears of potential embarrassment rather than any form of cryptography.Read more
EU antitrust regulators are weighing another record fine against Google over its Android mobile operating system and have set up a panel of experts to give a second opinion on the case, two people familiar with the matter said.
Assuming the panel agrees with the initial case team's conclusions, it could pave the way for the European Commission to issue a decision against Alphabet's Google by the end of the year. The Commission in April last year charged Google with using its dominant Android mobile operating system to shut out rivals following a complaint by lobby group FairSearch, U.S.-based ad-blocking and privacy firm Disconnect Inc.Read more
EU antitrust regulators hit Alphabet unit Google with a record 2.42-billion-euro fine on Tuesday, taking a tough line in the first of three investigations into the company's dominance in searches and smartphones.
It is the biggest fine the EU has ever imposed on a single company in an antitrust case, exceeding a 1.06-billion-euro sanction handed down to U.S. chipmaker Intel in 2009. The European Commission said the world's most popular internet search engine has 90 days to stop favoring its own shopping service or face a further penalty per day of up to 5 percent of Alphabet's average daily global turnover.Read more
Attackers that have set up a malicious site can use users’ account registration process to successfully perform a password reset process on a number of popular websites and messaging mobile applications.
The Password Reset Man in the Middle attack exploits the similarity of the registration and password reset processes. To launch such an attack, the attacker only needs to control a website. To entice victims to make an account on the malicious website, the attacker can offer free access to a wanted resource. Once the user initiates the account registration process by entering their email address, the attacker can use that information to initiate a password reset process.Read more
A new Google Chrome bug has been uncovered, which reportedly allows websites to record audio and video, without alerting the user or providing any visual indicators. Although the bug requires users to grant it permission to access audio and video features, it could potentially be used for spying on targets.
The bug was reportedly discovered by AOL developer Ran Bar-Zik, who reported the flaw to Google. However, Google said that it doesn't consider the issue to be valid security vulnerability, indicating that there is no quick fix on the way. Bar-Zik told that he came across the bug at work, when handling a website that ran WebRTC code.Read more
An Android malware campaign called Judy has been discovered lurking in more than 40 apps in the Google Play Store, and it might have punched its way through as many as 36.5 million devices. Check Point discovered the malware that thankfully doesn't resort to ransomware or stealing bank credentials.
Instead, it installs a form of auto-clicking adware to generate large amounts of fraudulent clicks on advertisements in order to raise money for the perpetrators. The malware has a reach of anywhere between 8.5 million and 36.5 million users worldwide from 41 different apps offered for sale on the Google Play Store.Read more
A new adware family changes the contact details of legitimate security companies in search results to promote tech support scams.
Dubbed Crusader, the adware is often installed as part of nuisanceware and free software bundles, downloading itself as a free browser extension for Chrome, a Firefox add-on, and Internet Explorer Browser Helper Object. When executed, the malware requests permissions to read and change the information on websites you visit, and should the user grant permission, their entire internet traffic is at risk of exploit or manipulation. Crusader pulls instructions from a configuration file downloaded after a user is infected.Read more