Items tagged with Spyware
Avast is a well-known company that sells antivirus software, and provides free versions for Windows and macOS platforms. However, the company has come under fire in recent months due to a browser extension that was found to be sending user data to third-party marketing firms. At the time, Avast reassured users that their data was "fully de-identified and aggregated" during this process. However, an investigation by Motherboard and PCMag has uncovered that Avast is bending at the truth a bit, as it's relatively easy for marketers to build a profile on individuals, their purchase habits, and their browser click history. All of this trickery stems from Avast subsidiary Jumpshot,...
Read more...
The latest “Joker” spyware is no laughing matter as it can easily compromise a lot of the personal data you keep on your phone. Researchers recently discovered spyware that can access your SMS messages, contact list and other information. The spyware was found in over 24 Android apps on Google Play and has infected nearly 500,000 users. The “Joker” spyware was originally detected this past June and was named after one of its command-and-control (C2) domain names. It can gain access to a victim’s SMS messages, contacts list, and other specific device information. It can also sign victims up for premium subscription services without their knowledge. The Joker is able...
Read more...
Some HP laptop customers are outraged over the discovery a piece of hidden software that is getting installed and running without their consent. It is a Windows telemetry serviced called HP Touchpoint Analytics Client that harvests telemetry information that is used by HP Touchpoint's analytical services. it seems to send data to HP once per day, though users are also complaining that it bogs down system performance. As Ricky Ricardo would often tell Lucy, HP, you have some explaining to do. "HP Touchpoint Analytics Client was installed on my computer without my consent, I'm assuming it was installed in the background as an update to H{ support or framework. However it happened I don't appreciate...
Read more...
Sarahah, an anonymous feedback app that has recently exploded in popularity across the globe, is now coming under fire for privacy violations. The app stands accused of uploading emails and phone numbers from user address books to its servers. More intriguingly, there doesn’t seem to be a reason for why the company would need to take such an ill-advised action in the app's current form. The developers of Sarahah describe the app, stating, “Sarahah helps you in discovering your strengths and areas for improvement by receiving honest feedback from your employees and your friends in a private manner”. That’s all well and good, but Bishop Fox security analyst Zachary Julian discovered that the app...
Read more...
Just last weekend, we wrote about SonicSpy, a grossly robust piece of malware that infected hundreds of apps on the Play Store. Google is always quick to remove this awful junk when it is detected, but the fact that we keep talking about the issue means it's not going away. It was security research firm Lookout that informed us of SonicSpy, and apparently, the company has been working overtime, as it now introduces us to yet another piece of Android maliciousness, an ad network called lgexin. This issue has impacted many apps on the Play Store, although it's not guaranteed that all of them unleashed their full capabilities. lgexin is an advertising SDK which had some versions equipped with a...
Read more...
A freelance security consultant and Handler at SANS Internet Storm Center has discovered a rather interesting exploit in Microsoft Word, one that allows an attacker to abuse the productivity program's ability to auto-update links. This is a feature that is enabled by default—when you add links to external sources like URLs, World with automatically update them without any prompts. Therein lies the issue. "The infection vector was classic: The document (‘N_Order#xxxxx.docx with 5 random numbers) was received as an attachment and has a VT score of 12/59 this morning. The file has an embedded link to another document which is a malicious RTF file that tries to exploit the CVE 2017-0199," security...
Read more...
Despite Google's best efforts to protect its users who download apps from its Play Store, some malware inevitably slips through the cracks. While it might be easy to assume that most of that malware is found in obscure software that people shouldn't be downloading anyway, this latest case is proof that if malware does manage to get through, it could impact millions of people. Research firm Zscaler, and its threat-hunting team ThreatLabz, recently discovered an app on the Play Store that included the Android spyware SMSVova. Looking at the image below, it's hard to imagine why anyone would fall for such an app. Yet, millions of people downloaded this tool which promised to update their device....
Read more...
The last thing that Verizon customers were probably asking for was the addition of yet another app to invade their Android smartphone. But that is just what the nation's #1 wireless carrier is doing with the inclusion of AppFlash, which will gain prominent positioning on the home screens of Verizon smartphones (sans the iPhone, of course). AppFlash, which was developed by Evie, allows you to discover new apps, browse for music, check out movie showings, or search for restaurants in the area. It will also give you listing of frequently used apps, and provides a universal search feature that is able to comb through all of your installed apps. In essence, AppFlash doesn’t appear to be capable of...
Read more...
The folks at Lookout Mobile Security released the 2011 Mobile Threat Report, which offers a sobering look at the current state of mobile threats. According to the report, mobile users are more likely than ever to experience a malware attack, and the tactics that cybercriminals are employing are increasingly sophisticated. The news is worse for Android users, as most of those threats are targeted at them. Apparently that walled garden Apple built is good for something, at least for now; the report states that although issues of privacy and application vulnerabilities affect both iOS and Android platforms, Android is far and away the greater target of malware and spyware. Although spyware has been...
Read more...
If you have a Symbian, BlackBerry, Windows Mobile, iOS, or Android smartphone, your phone even now could be infected with spyware. However, it might be spyware that your significant other or spouse intentionally installed on your phone. The software is ePhoneTracker. Released last week, ePhoneTracker allows users to monitor everything one on an "infected" smartphone, including the following: Every text message sent and received, including the full text ... even if the phone's logs are deleted. All incoming and outgoing call numbers along with duration and time. GPS positions captured at an variable rate, including a link to a map. All contacts in the phone's Contacts list. All websites visited...
Read more...
If you've surfed the Internet for any length of time, chances are good that you've seen a browser window pop up with a warning that your computer is in DANGER from a whole slew of evil viruses. Such windows, if clicked on, often perform an utterly fake virus scan during which they invariably "detect" infected/contaminated files. Users are then prompted to purchase a registered copy of Antivirus 2010 in order to protect themselves. Certain versions of the program will intercept and hijack online searches, disable or refuse to install real antimalware software, and may even block users from accessing web portals that are known to contain removal tools. These are the sorts of blocks AntiVirus 2009...
Read more...
Thinking of using those newfound hacking skills to engage in nefarious behavior? Think again. Albert Gonzalez is a name that'll go down in hacking history, but it's not for anything positive. After being charged with stealing some 130 million credit and debit card numbers, Albert plead guilty to previous data-theft charges in New York and Massachusetts. His penalty? Aside from dealing with a stream of media coverage, he'll be forced to cough up $1.65 million in assets. Oh, and then there's a little thing called "jail time." He'll be dealing with 15 to 25 years of that, after Federal prosecutors in Boston charged Gonzalez and others with stealing credit and debit card numbers from companies including...
Read more...
There's hardly anything that gets us at HotHardware more steamed than spyware, and we can only imagine how infuriated over 100,000 BlackBerry users in the UAE are after being fooled with a spyware-infused update. In a story that's sounds too bizarre to be true (but is, in fact, true), Etisalat--a major cellular operator in the United Arab Emirates--pushed out an update to its 145,000 BlackBerry customers that actually contained spyware.The application was reportedly developed by SS8, and it promised BlackBerry users that it would improve performance. In fact, the company is still maintaining that the update was necessary for undisclosed "service enhancements." Regardless of what the carrier claims,...
Read more...
After a 10-month cyber espionage investigation, researchers have found 1,295 computers in 103 countries with software that is capable of stealing information from high-profile targets such as the Dalai Lama and government agencies around the world. In the report published today by Information Warfare Monitor, a Toronto-based organization, we learn the affected computers include embassies belonging to Germany, India, Romania, and Thailand as well as the ministries of foreign affairs for Barbados, Iran, and Latvia. The infected computers acted as an illicit information-gathering network. Researchers observed sensitive documents being stolen from a computer network operated by the Dalai Lama’s organization....
Read more...
