Google begins blocking, removing dodgy apps

Feb 09 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that delves into the depths of cyber-hell for your benefit like Tucker #Carlson with Putin. Or is the other way around with those two πŸ€·πŸ‘€πŸ˜‚

It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!

It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.

Congrats, the cybercriminals are no match… for your patch! 🩹🩹🩹

Check out these freshly hatched patches 🐣🐣🐣

Google: These are the β€˜Droid (patches!) you’re looking for 😏

🚨 Google Fixes Critical Remote Code Execution Flaw With Android πŸ€–

Google dropped the February 2024 Android security patches tackling 46 vulnerabilities, among them, a serious code flaw dubbed CVE-2024-0031 πŸ› οΈ. This bug, nestled in the System, bites at Android Open Source Project (AOSP) versions 11, 12, 12L, 13, and 14 πŸ“±.

"Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin”, according to Google's advisory. It also points to patches outside of AOSP. The most pressing issue, a critical security hole in the System, could allow remote code execution without any extra privileges 🚨.

Google rolled out two sets of patches, dated February 1st and 5th, to address these concerns πŸ“…. They did this to help partners focus on fixing a chunk of the vulnerabilities, although they suggest tackling all the issues listed in the bulletin. Users are encouraged to apply these patches pronto when they're available, keeping their devices shielded from potential exploits πŸ”’

Now, on to today’s hottest cybersecurity stories:

  • πŸ™…β€β™‚οΈ Google begins blocking, removing dodgy apps in Singapore 🍜

  • πŸ”¬ Researchers decode HijackLoader malware despite evolution πŸ’

  • πŸ€• Das Facebook fatal accident scam down but not out. Wunderbar πŸ€¦β€β™‚οΈ

Google be like: β›” Blocked, ❌ Deleted πŸ’…πŸ’β€β™€οΈπŸ’€

πŸ“± Google Launches Fraud Protection Pilot in Singapore!

Google has rolled out a groundbreaking pilot program in Singapore aimed at curbing the abuse of Android app permissions. 🚫 The initiative targets apps that exploit sensitive permissions to read one-time passwords and harvest sensitive data for financial fraud.

Under this enhanced fraud protection, users attempting to sideload such apps from internet sources like web browsers, messaging apps, or file managers will be automatically blocked. πŸ›‘ Google Play Protect will analyse the permissions requested by third-party apps in real-time and prevent the installation of those seeking access to sensitive data.

"These permissions are frequently abused by fraudsters to intercept one-time passwords via SMS or notifications, as well as spy on-screen content," explained Eugene Liderman, Google's director of mobile security strategy. πŸ‘€

The move comes amidst a collaborative effort to combat mobile fraud, with Google urging app developers to adhere to best practices and review their apps' device permissions to align with Mobile Unwanted Software principles. πŸ“²πŸ’‘

Google's real-time scanning with Play Protect has already proven effective in detecting and blocking malicious apps, with over 515,000 new malicious apps detected and 3.1 million warnings issued in select markets.

Meanwhile, Apple has announced significant changes to the App Store in the European Union to comply with the Digital Markets Act. 🍏 These changes, including Notarization for iOS apps, aim to enhance privacy and security for users. However, Apple warns that distributing iOS apps from alternative sources could expose users to increased risks.

With both tech giants taking proactive measures to safeguard user privacy and security, the battle against mobile fraud continues to evolve. πŸ›‘οΈπŸ’° Yay! Some good news πŸŽ‰

Hijack! Bye Jack πŸ‘‹πŸ‘€πŸ˜

πŸ” New HijackLoader Malware Variant Packs Stealthy Defense Evasion Tactics! πŸ›‘οΈ

Threat actors behind the notorious HijackLoader malware have upped their game with new defence evasion techniques, making it stealthier and more challenging to detect. πŸ’»

CrowdStrike researchers uncovered a novel approach where HijackLoader employs a standard process hollowing technique, triggered by the parent process writing to a pipe, enhancing its ability to evade detection. πŸ•΅οΈβ€β™‚οΈ This evolution marks a significant step forward in the malware's stealth capabilities.

Initially spotted by Zscaler ThreatLabz in September 2023, HijackLoader has since been a favoured tool for cybercriminal groups, facilitating the delivery of DanaBot, SystemBC, and RedLine Stealer. 🐺 Now, it's being wielded by TA544 to distribute Remcos RAT and SystemBC via phishing emails.

Liviu Arsene from CrowdStrike likened loaders to "wolves in sheep's clothing," emphasising their role in introducing and executing sophisticated threats. πŸΊπŸ‘ This latest variant of HijackLoader takes this deception to new heights, refining its digital camouflage for enhanced stealth.

The attack chain begins with the execution of "streaming_client.exe," which fetches a second-stage configuration from a remote server. Subsequent steps involve loading a legitimate DLL specified in the configuration and executing HijackLoader's payload using a combination of process doppelgΓ€nging and process hollowing techniques. πŸ”„πŸ­

Notably, the malware employs Heaven's Gate to bypass user-mode hooks, injecting shellcode into cmd.exe using transacted hollowing, a technique observed in malware like the Osiris banking trojan. ⚠️ This intricate evasion mechanism aims to fly under the radar of traditional security solutions, posing a significant challenge for threat researchers.

As adversaries continue to refine their tactics, the evolution of defence evasion capabilities in HijackLoader underscores the ongoing arms race between cybercriminals and security professionals. πŸš€ Stay vigilant and keep evolving your defences!

🎣 Catch of the Day!! 🌊🐟🦞

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Don’t fall Facebook, line, and sinker 😬😬😬

🚨 Watch Out for Fabled Facebook Fatal Accident Scam (now in German!) ⚠️

Facebook's battle against a persistent malvertising campaign has spilled over into the German language, with cybercriminals finding new ways to deceive users. 😱

The first scam involves a fake fundraiser post about a "Tâdlicher Verkehrsunfall" (Deadly Traffic Accident), tugging at heartstrings with false claims of highway fatalities. 😑 This sneaky tactic prevents users from commenting, making it harder to warn others.

Upon investigation, it's revealed that compromised accounts are used to spread this scam, often accompanied by Messenger messages urging users to click suspicious links. πŸ•΅οΈβ€β™‚οΈ These links, despite appearing legitimate with "googleapis.com," are actually used for phishing and tech support scams, analysing user data to tailor fraudulent activities.

In a similar vein, another scam featuring a California ambulance and motorcycle wreck masquerades as a German incident, complete with grammatical errors. πŸš‘βŒ Users who try to access these scams from Germany are thwarted by VPN detection, highlighting the criminals' efforts to evade detection.

The malvertising campaign doesn't stop there; it also employs browser push notifications, leading users to explicit content, scam sites, and gambling platforms. 😀 These tactics are designed to lure unsuspecting victims into fraudulent schemes.

So, how can you protect yourself from falling victim to these scams? πŸ€” First, be cautious of posts tagging multiple friends and promising videos. If your account is compromised, take immediate action: remove unknown Facebook apps, enable two-factor authentication, and change your password.

Vigilance is key to staying safe in the ever-evolving landscape of online threats! Another solution, of course, is to abstain from Facebook entirely. Delete your account, even. And all other social media… Hehe, enjoy your weekend folks and stay safe out there!! πŸ›‘οΈπŸ›‘οΈπŸ›‘οΈ

Peace out ✌️

πŸ—žοΈ Extra, Extra! Read all about it! πŸ—žοΈ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran 'Wealthy Primate' might be able to help you climb that tree πŸ’πŸŒ΄ with his stick and banana approach 🍌😏

  • Techspresso:Β Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter
  • 🌡 CACTUS ransomware exploits flaws in Qlik Sense πŸ’»

Recent articles