An Android Trojan dubbed Hummer has infected millions of smartphones and experts believe the malware could have helped cybercriminals make a significant amount of money.
Security researchers at China-based Cheetah Mobile have been monitoring the malware family since August 2014, but the number of infections was insignificant until mid-2015. Infections have risen even more in 2016, with a daily average of 1.4 million affected devices. Data collected by the Chinese company shows that Hummer has become the Android Trojan with the highest number of infections in the world.Read more
Apple products are coming under increased scrutiny in China as the state is starting to ask more questions about the company's products.
The Chinese government has reportedly started to increase the number of reviews it carries out into products being sold in the country. These investigations, which target other companies as well as Apple, look into the capability of electronic devices sold in the country, and examine things like encryption and data storage. The uptick in the number of reviews by the Chinese government will be a worry for Apple as the company is trying to ensure that it has a working relationship with the state.Read more
Thousands of apps running code built by Chinese Internet giant Baidu have collected and transmitted users' personal information to the company, much of it easily intercepted, researchers say. The apps have been downloaded hundreds of millions of times.
The researchers at Canada-based Citizen Lab said they found the problems in an Android software development kit developed by Baidu. These affected Baidu's mobile browser and apps developed by Baidu and other firms using the same kit. Baidu's Windows browser was also affected, they said. The same researchers last year highlighted similar problems with unsecured personal data in Alibaba's UC Browser.Read more
Hackers in China attempted to access over 20 million active accounts on Alibaba Group Holding Ltd's Taobao e-commerce website using Alibaba's own cloud computing service, according to a state media report posted on the Internet regulator's website.
Analysts said the report from The Paper led to the price of Alibaba's U.S.-listed shares falling as much as 3.7 percent in late Wednesday trade. An Alibaba spokesman on Thursday said the company detected the attack in "the first instance", reminded users to change passwords, and worked closely with the police investigation. Chinese companies are grappling a sharp rise in the number of cyber attacks.Read more
Dodgy developers can have their data-stealing iOS applications boosted to the top ranks of Apple's App Store for as little as US$4000 thanks to services on offer by Chinese hackers. The price will get an application capable of evading Apple's security checks onto the top five paid application list through boosting services.
A payment of $US7200 will get an app onto the sought-after top 25 free apps lists, a price increase of $3800 since 2013. By contrast deviant developers can score 10,000 downloads for their malicious Android app a paltry US$16. The findings are part of analysis of the Chinese criminal underground by Trend Micro forward threat researcher Lion Gu.Read more
The Chinese government recently arrested a handful of hackers it says were connected to the breach of OPM’s database this year, a mammoth break-in that exposed the records of more than 22 million current and former federal employees.
The arrests took place shortly before a state visit by President Xi Jinping, and US officials say they appear to have been carried out in an effort to lessen tensions with Washington. The identities of the suspects — and whether they have any connection to the Chinese government — remain unclear. Hacks of government and corporate data emanating from China have been a constant source of tension between the US and China.Read more
VTech, a Chinese company that makes popular electronic toys for kids, had its app store hacked. An "unauthorized party" accessed customer information in a database for VTech's Learning Lodge app store. The app store lets parents download apps, games, e-books and educational content to VTech toys.
The database contains customer data including name, email address, password, IP address, mailing address and download history. VTech has not said how many customers were affected, but experts said information on nearly 5 million parents and more than 200,000 kids was exposed. The hacked data included kids' first name, gender and birthday.Read more
The United States should think about allowing US companies to "hack back" if data is stolen by Chinese hackers. Data lost in such attacks could be recovered or wiped, suggests a new report from the US-China Economic and Security Review Commission.
It says lost sales and fixing hacking damage have cost US firms tens of billions of dollars, with trade secrets being given to Chinese companies. The commission is typically very critical of the Chinese government. The report, which is due to be released on Wednesday, describes the American response to hacking attacks on domestic firms as "inadequate" and says the US is "ill-prepared" to defend itself from cyber-espionage.Read more
A software development kit created by Chinese Internet services company Baidu and used by thousands of Android applications contains a feature that gives attackers backdoor-like access to users' devices.
The SDK is called Moplus and while it's not open to the public, it was integrated in more than 14,000 apps, of which only around 4,000 were created by Baidu, security researchers said. The company estimates that the affected apps are used by over 100 million users. According to Trend Micro's analysis, the Moplus SDK opens an HTTP server on devices where affected apps are installed; the server doesn't use authentication and accepts requests from anyone on the Internet.Read more
Android applications built using the Taomike SDK, one of the largest mobile advertisement solution platforms in China, have been found to include SMS theft functionality. The Taomike SDK has been used in over 63,000 Android apps, but only around 18,000 of them have been observed to exhibit the message stealing functionality.
The security firm also notes that these applications have been grabbing copies of all messages sent to infected devices since August 1. The applications are being distributed through third-party mechanisms in China and are not available in the Google Play store, and all of them include specific library that enables the malicious behavior.Read more