ESET researchers discover AhRat – a new Android RAT based on AhMyth – that exfiltrates files and records audio
The post Android app breaking bad: From legitimate screen recording to file exfiltration within a year appeared first on WeLiveSecurity
TikTok, the social video platform used by around 150 million people in the US, is set to hand access to its source code, algorithm and content moderation material to Oracle in a bid to allay data protection and national security concerns stateside.…
The FBI has issued a warning about fake job ads that recruit workers into forced labor operations in Southeast Asia – some of which enslave visitors and force them to participate in cryptocurrency scams.…
US memory-maker Micron has no idea why Chinese authorities have decided its products represent a security risk, or which customers it's not allowed to sell to.…
Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several large Mastodon communities to temporarily halt new registrations. According to the hacker, their spam software has been in private use until the last few weeks, when it was released as open source code.
Renaud Chaput is a freelance programmer working on modernizing and scaling the Mastodon project infrastructure — including joinmastodon.org, mastodon.online, and mastodon.social. Chaput said that on May 4, 2023, someone unleashed a spam torrent targeting users on these Mastodon communities via “private mentions,” a kind of direct messaging on the platform.
The messages said recipients had earned an investment credit at a cryptocurrency trading platform called moonxtrade[.]com. Chaput said the spammers used more than 1,500 Internet addresses across 400 providers to register new accounts, which then followed popular accounts on Mastodon and sent private mentions to the followers of those accounts.
Since then, the same spammers have used this method to advertise more than 100 different crypto investment-themed domains. Chaput said that at one point this month the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.
“We suddenly went from like three registrations per minute to 900 a minute,” Chaput said. “There was nothing in the Mastodon software to detect that activity, and the protocol is not designed to handle this.”
One of the crypto investment scam messages promoted in the spam campaigns on Mastodon this month.
Seeking to gain a temporary handle on the spam wave, Chaput said he briefly disabled new account registrations on mastodon.social and mastondon.online. Shortly after that, those same servers came under a sustained distributed denial-of-service (DDoS) attack.
Chaput said whoever was behind the DDoS was definitely not using point-and-click DDoS tools, like a booter or stresser service.
“This was three hours non-stop, 200,000 to 400,000 requests per second,” Chaput said of the DDoS. “At first, they were targeting one path, and when we blocked that they started to randomize things. Over three hours the attack evolved several times.”
Chaput says the spam waves have died down since they retrofitted mastodon.social with a CAPTCHA, those squiggly letter and number combinations designed to stymie automated account creation tools. But he’s worried that other Mastodon instances may not be as well-staffed and might be easy prey for these spammers.
“We don’t know if this is the work of one person, or if this is [related to] software or services being sold to others,” Chaput told KrebsOnSecurity. “We’re really impressed by the scale of it — using hundreds of domains and thousands of Microsoft email addresses.”
Chaput said a review of their logs indicates many of the newly registered Mastodon spam accounts were registered using the same 0auth credentials, and that a domain common to those credentials was quot[.]pw.
The domain quot[.]pw has been registered and abandoned by several parties since 2014, but the most recent registration data available through DomainTools.com shows it was registered in March 2020 to someone in Krasnodar, Russia with the email address edgard011012@gmail.com.
This email address is also connected to accounts on several Russian cybercrime forums, including “__edman__,” who had a history of selling “logs” — large amounts of data stolen from many bot-infected computers — as well as giving away access to hacked Internet of Things (IoT) devices.
In September 2018, a user by the name “ципа” (phonetically “Zipper” in Russian) registered on the Russian hacking forum Lolzteam using the edgard0111012@gmail.com address. In May 2020, Zipper told another Lolzteam member that quot[.]pw was their domain. That user advertised a service called “Quot Project” which said they could be hired to write programming scripts in Python and C++.
“I make Telegram bots and other rubbish cheaply,” reads one February 2020 sales thread from Zipper.
Clicking the “open chat in Telegram” button on Zipper’s Lolzteam profile page launched a Telegram instant message chat window where the user Quotpw responded almost immediately. Asked if they were aware their domain was being used to manage a spam botnet that was pelting Mastodon instances with crypto scam spam, Quotpw confirmed the spam was powered by their software.
“It was made for a limited circle of people,” Quotpw said, noting that they recently released the bot software as open source on GitHub.
Quotpw went on to say the spam botnet was powered by well more than the hundreds of IP addresses tracked by Chaput, and that these systems were mostly residential proxies. A residential proxy generally refers to a computer or mobile device running some type of software that enables the system to be used as a pass-through for Internet traffic from others.
Very often, this proxy software is installed surreptitiously, such as through a “Free VPN” service or mobile app. Residential proxies also can refer to households protected by compromised home routers running factory-default credentials or outdated firmware.
Quotpw maintains they have earned more than $2,000 sending roughly 100,000 private mentions to users of different Mastodon communities over the past few weeks. Quotpw said their conversion rate for the same bot-powered direct message spam on Twitter is usually much higher and more profitable, although they conceded that recent adjustments to Twitter’s anti-bot CAPTCHA have put a crimp in their Twitter earnings.
“My partners (I’m programmer) lost time and money while ArkoseLabs (funcaptcha) introduced new precautions on Twitter,” Quotpw wrote in a Telegram reply. “On Twitter, more spam and crypto scam.”
Asked whether they felt at all conflicted about spamming people with invitations to cryptocurrency scams, Quotpw said in their hometown “they pay more for such work than in ‘white’ jobs” — referring to legitimate programming jobs that don’t involve malware, botnets, spams and scams.
“Consider salaries in Russia,” Quotpw said. “Any spam is made for profit and brings illegal money to spammers.”
Shortly after edgard011012@gmail.com registered quot[.]pw, the WHOIS registration records for the domain were changed again, to msr-sergey2015@yandex.ru, and to a phone number in Austria: +43.6607003748.
Constella Intelligence, a company that tracks breached data, finds that the address msr-sergey2015@yandex.ru has been associated with accounts at the mobile app site aptoide.com (user: CoolappsforAndroid) and vimeworld.ru that were created from different Internet addresses in Vienna, Austria.
A search in Skype on that Austrian phone number shows it belongs to a Sergey Proshutinskiy who lists his location as Vienna, Austria. The very first result that comes up when one searches that unusual name in Google is a LinkedIn profile for a Sergey Proshutinskiy from Vienna, Austria.
Proshutinskiy’s LinkedIn profile says he is a Class of 2024 student at TGM, which is a state-owned, technical and engineering school in Austria. His resume also says he is a data science intern at Mondi Group, an Austrian manufacturer of sustainable packaging and paper.
Mr. Proshutinskiy did not respond to requests for comment.
Quotpw denied being Sergey, and said Sergey was a friend who registered the domain as a birthday present and favor last year.
“Initially, I bought it for 300 rubles,” Quotpw explained. “The extension cost 1300 rubles (expensive). I waited until it expired and forgot to buy it. After that, a friend (Sergey) bought [the] domain and transferred access rights to me.”
“He’s not even an information security specialist,” Quotpw said of Sergey. “My friends do not belong to this field. None of my friends are engaged in scams or other black [hat] activities.”
It may seem unlikely that someone would go to all this trouble to spam Mastodon users over several weeks using an impressive number of resources — all for just $2,000 in profit. But it is likely that whoever is actually running the various crypto scam platforms advertised by Quotpw’s spam messages pays handsomely for any investments generated by their spam.
According to the FBI, financial losses from cryptocurrency investment scams dwarfed losses for all other types of cybercrime in 2022, rising from $907 million in 2021 to $2.57 billion last year.
Update, May 25, 10:30 a.m.: Corrected attribution of the Austrian school TGM.
Uncle Sam announced its commenced over 4,000 legal actions in three months — mostly harshly worded letters — to rein in "money mules" involved in romance scams, business email compromise, and other fraudulent schemes.…
ispoof-1200
If you’re a parent of a teen, there’s a good chance that Instagram is the culprit behind a good chunk of their screen time. However, woven into the stream of reels, stories, selfies, and Insta-worthy moments, are potential risks to your child’s privacy and safety.
According to a recent Pew Research Center report, 62 percent of teens use Instagram, making it the third most popular social media platform after YouTube and TikTok. Teens use the photo and video-sharing platform to share their creativity, connect with friends, and get updates on their favorite celebrities and influencers.
Instagram’s format makes it easy for kids (and adults!) to spend hours using filters and stickers, commenting, liking posts, and counting likes. But all this fun can take a turn if kids misuse the platform or fail to take the risks seriously.
Whether your child is new to Instagram or a seasoned IG user, consider pausing to talk about the many aspects of the platform.
Here are a few critical topics to help you kick off those conversations.
Acknowledging the impulsive behavior and maturity gaps unique to the teen years is essential. Do you feel like you are repeating yourself on these topics? That’s okay—it means you are doing it right. Repetition works. Advise them: Sharing too many personal details online can set them up for serious privacy risks, including identity theft, online scams, sextortion, or cyberbullying. Also, oversharing can negatively influence potential schools and employers who may disapprove of the content teens choose to share online.
Suggestion: Sit down together and review Instagram’s privacy settings to limit who can see your child’s content. Please encourage them to use strong passwords and two-factor authentication to secure accounts. Also, advise them to think twice before posting something and warn them about the risks of sharing intimate photos online (even with friends), as they can be easily shared or stolen. Now may be the time if you’ve never considered adding security software to protect your family devices. McAfee+ provides all-in-one privacy, identity, and device protection for families. It includes helpful features, including identity monitoring, password manager, unlimited VPN, file shredding, protection score, and parental controls. The software has updated features to include personal data cleanup and credit monitoring and reporting to protect kids from identity theft further.
This acronym stands for Fear of Missing Out. This word came from the subtle undercurrent of emotions that can bubble up when using social media. It’s common for kids to feel anxious or even become depressed because they think they are being excluded from the party. FOMO can lead them to spend too much time and money on social media, neglect their family or school responsibilities, or engage in risky behaviors to fit in with or impress others.
Suggestion: Help your child understand that it’s normal to sometimes have FOMO feelings. Please encourage them to focus on their strengths and to develop fulfilling hobbies and interests offline. To reduce FOMO, encourage your child to take breaks from social media. Also, install software to help you manage family screen time.
Akin to FOMO, comparing oneself to others is an ever-present reality among teens that is only amplified on Instagram. According to several reports, Instagram’s photo-driven culture and photo filters that enhance facial and body features can make teens feel worse about their bodies and increase the risk of eating disorders, depression, and risky behaviors. Girls, especially, can develop low self-esteem, comparing themselves to unrealistic or edited images of celebrities, influencers, or friends. Social comparison can also lead to the fixation on getting more likes, followers, or comments on their posts.
Suggestion: Create a safe space for your teen to discuss this topic with you. Help them understand the differences between Instagram life and real life. Help them be aware of how they feel while using Instagram. Encourage them to follow accounts that inspire and uplift them and unfollow accounts that spark feelings of comparison, jealousy, or inferiority.
Hurtful events that impact teens, such as gossip, rumor spreading, peer pressure, criticism, and conflict, can increase in online communities. If your child posts online, they can receive mean or sexual comments from people they know and strangers (trolls). Cyberbullying can surface in many ways online, making kids feel anxious, fearful, isolated, and worthless.
Suggestions: Keep up on how kids bully one another online and check in with your child daily about what’s happening in their life. Encourage them not to respond to bullies and to block and report the person instead. Also, if they are getting bullied, remind them to take and store screenshots. Such evidence can be helpful if they need to confide with a parent, teacher, or law enforcement.
Understanding how to discern true and false information online is becoming more complicated daily. In the McAfee 2023 Threat Predictions: Evolution and Exploitation, experts predict that AI tools will enable more realistic and efficient manipulation of images and videos, which could increase disinformation and harm the public’s mental health. Understanding online content is a great way to help your kids build their confidence and security on Instagram and other networks.
Suggestion: Encourage critical thinking and guide kids to use fact-checking tools before believing or sharing content that could be fake and using ethical AI frameworks. Remind them of their digital footprints and how the things they do online can have long-lasting consequences.
It’s important to remember that all social networks come with inherent dangers and that Instagram has taken a number of steps to reduce the potential risks associated with its community by improving its security features and safety rules for kids. Remember, nothing protects your child like a solid parent-child relationship. As a parent or caregiver, you play a critical role in educating your child about their digital well-being and privacy. Working together, as a family, your child will be equipped to enjoy the good stuff and avoid the sketchy side of the digital world.
The post Instagram Safety for Kids: Protecting Privacy and Avoiding Risks appeared first on McAfee Blog.
in brief Google has settled another location tracking lawsuit, yet again being fined a relative pittance.…
The bad news train keeps rolling for Capita, with more local British councils surfacing to say their data was put on the line by an unsecured AWS bucket, and, separately, pension clients warning of possible data theft in March's mega breach.…
Sponsored Post Cyber criminals never stop learning so nor should you. Fresh security hacks are being concocted and deployed every week, so it's a good idea for cyber security professionals to pool their knowledge when working out how best to defend against them.…
Who, Me? Wait? What? Is it Monday already? Not to fear, gentle readerfolk, for Uncle Reg is here with another instalment of Who, Me? – tales of readers having a much worse day than you. Enjoy the schadenfreude.…
I feel like the .zip TLD debate is one of those cases where it's very easy for the purest security view to overwhelm the practical human reality. I'm yet to see a single good argument that is likely to have real world consequences as far as phishing goes and whilst I understand the sentiment surrounding the confusion new TLDs with common file types, all "the sky is falling" commentary I've seen is speculative at best. But hey, there's no rolling it back now, we can start judging by what actually happens with the TLD rather than sitting around creating misuse hypotheses.
The time has come. Your kids are chafing at the bit to get on social media and you can no longer hold them back. But you’re terrified. ‘What if they say the wrong thing? What if they meet some unsavoury types or worst case, what if they get bullied?’ I hear you – everything you are concerned about is completely normal and totally valid. But this is not the time to put your head in the sand people, tempting as it is.
So, make yourself a cuppa. I’m going to run you through the basics so you can get your offspring (and yourself) through this quite significant moment in the best shape possible.
Ah, such a tricky question!! While there is no specific Aussie law that dictates the minimum age kids need to be to join social media, most social media platforms require their users to be 13 years old to set up an account. This is a result of a US federal law, the Children’s Online Privacy Protection Act (COPPA) , which affects any social media platform that US citizens can join. So, therefore it affects nearly all social media platforms worldwide.
But let’s keep it real – most kids join before they are 13. Some do with the consent of their parents, but many don’t. So, if your kids are consulting you on their move into social media, then pat yourself on the back. You’ve done a great job in keeping the lines of communication open and staying relevant. But if yours just charged ahead without involving you (like some of mine did) then it’s still not too late to be part of their journey.
In my opinion, there is no simple answer. A one size fits all approach doesn’t work here. Some kids mature faster than their peers, others may have a bigger dose of emotional intelligence and instinctively understand the ramifications of poor online behaviour. Some kids are more resilient and robust while others are more sensitive. There are so many things to consider when advising but ultimately, this is your call as a parent.
This is where many of us can come unstuck because it can feel so overwhelming knowing where to start. But don’t worry – I’ve got you. I’m going to give you 5 things that you can action that will make a huge difference to your kids’ online safety. And these strategies are relevant to all of us parents – regardless of whether your kids are new to social media or old hands!
I can’t stress enough just how important it is to have real conversations with your kids about all aspects of their lives, including the digital part. Asking them what they do online, why they like a certain app and who they play online games with are just some of the ways of starting a conversation. I am also a fan of sharing details of your online life with them too. Whether its sharing new apps with my kids, funny posts, or relevant news articles, I think if I regularly demonstrate that I get social media then I generate a little ‘tech cred’. And when you’ve got ‘tech cred’, they are more likely to come to you when things aren’t going swimmingly. And that’s exactly what we want as parents!
I love the idea of a clear contract between parents and kids that details your expectations about their online behaviour and technology use. It’s a great way of developing a set of guidelines that will help them navigate some of the risks and challenges associated with being online. Now, this agreement should be a family exercise so ensure your kids are invested in the process too. If you want a starting point, check out this one from The Modern Parent here.
Without a doubt, one of the most powerful ways to stay safe online is to ensure you have super duper passwords for each of your online accounts. So, take some time to ensure your kids have got this covered. Every online account needs its own individual password that should have no link to your child’s name, school, family, or favourite pet. I’m a big fan of a crazy sentence – I find they are easier to remember. If you include at least one capital letter, a few numbers, and symbols then you’re doing well. Password managers can be a great way of remembering and also generating complex passwords. These can be a godsend when your list of online accounts grows. All you need to do is remember the master password. How good!
And ensure they know to NEVER share passwords. Tell them that passwords are like toothbrushes – never to be shared! That always worked with my boys!
Unless you are proactive, privacy settings on social media platforms will remain on the default setting which usually means public. Now, this means that anyone who has access to the internet can view the posts and photos that you share whether you want them to or not. Now, this is not ideal for anyone but particularly not a young tween who is trying to find their feet online.
So, take some time to help your kids turn activate the privacy settings on all their online accounts. Turning their profile to private will give them more control over who can see their content and what people can tag them in.
There is some amazing technology that can really help you, help your kids stay safe. Installing security software on your kids’ devices is essential. McAfee+, McAfee’s new ‘all in one’ privacy, identity and device protection is a fantastic way to ensure all your family members are protected online. It features identity monitoring and a password manager but also an unlimited VPN, a file shredder, protection score and parental controls. A complete no brainer!
My absolute hope is that your kids’ social media career is smooth sailing. However, with four kids of my own, I know that curveballs and challenges are often inevitable. But if you’ve developed an open line of communication with your kids and possibly even generated a little ‘tech cred’, then it is likely they will reach out to you if things go awry.
Depending on the issue they are experiencing, you may just need to talk them through the situation. Perhaps they need help understanding they should have expressed something in a less inflammatory way or that they may be over-reacting to a comment. It may be helpful for you to work with them to develop an action plan or formulate a response to someone who is perhaps being a bit tricky.
But if they have experienced behaviour that you consider to be unacceptable, then you may need to take further action. I always recommend taking screen shots of concerning behaviour online. These may be important if you need to take further action down the track. Once you’ve taken screen shots, then block the person who is causing your child grief. You can also report the behaviour to the social media platform. If the perpetrator goes to the same school as your child, then I would approach the school and ask them to assist. If the situation is super serious, you can always report it to the Office of our ESafety Commissioner in Australia or the Police who can both work with social media platforms.
Congratulations! You have completed the basic course in social media parenting. I know letting them go can feel quite terrifying, but I know that if you cover off the basics and keep talking to them, then you’re setting them up for success online.
Over to you now, mum and dad!
Good luck!
Alex
The post 5 Minute Parent’s Guide to Social Media appeared first on McAfee Blog.