Security News

Do you know what information you share within the Google ecosystem? You can easily control what is visible or hidden, from with your Android device. Did you know that you are actually in control of what personal information people see when you create or share content within the Google ecosystem, such as YouTube and Google Drive? If you're serious about your privacy, this is something you should certainly want to take control of.

The app promises access to a coronavirus map tracker but instead holds your contacts and other data for ransom, DomainTools found. A new type of ransomware known as CovidLock encrypts key data on an Android device and denies access to the victims unless they pay up, according to the threat intelligence firm DomainTools.

A recently discovered piece of Android stalkerware can install itself persistently on the system partition and steals the file containing the hash sum for the screen unlock pattern or password to allow its operators to unlock devices. Referred to as MonitorMinor, the stalkerware targets communication applications to intercept victims' conversations, including LINE, Gmail, Zalo, Instagram, Facebook, Kik, Hangouts, Viber, Hike News & Content, Skype, Snapchat, JusTalk, and BOTIM. Given that Android sandboxes applications to prevent direct communications between them - this feature is called DAC, or Discretionary Access Control - MonitorMinor requires root access to bypass the security system and perform nefarious activities.

A recently discovered Android Trojan was designed to gain root access on infected devices and hijack Facebook accounts by stealing cookies from the browser and the social media app. While it's uncertain how the Trojan infects devices - it does not exploit flaws in the Facebook application or the browser - it achieves root by connecting with another backdoor installed on the smartphone, and passes it a shell command.

A new simple but dangerous strain of Android malware has been found in the wild that steals users' authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices. "Malware could steal cookie files of any website from other apps in the same way and achieve similar results."

The trojans are designed to gain control of Facebook user accounts by capturing browser cookies in Android, says Kaspersky. This trojan captures root rights on an Android device, thus allowing it to steal cookies from the browser and from Facebook and transfer them to the server of the cybercriminals behind it.

Their tastes however can run to a different sort of cookie, as evidenced by a fresh strain of Android malware that may be implanted prior to users purchasing a device. Appropriately dubbed "Cookiethief" by the Kaspersky researchers who discovered it, the trojan has a straightforward goal: "Its main task was to acquire root rights on the victim device, and transfer cookies used by the browser and Facebook app to the cybercriminals' server," explained Kaspersky researchers Anton Kivva and Igor Golovin, in an analysis on Thursday.

How long do Android smartphones and tablets continue to receive security updates after they're purchased? Many millions of users hang on to their Android devices for much longer, which raises questions about their ongoing security as the number of serious vulnerabilities continues to grow.

The really bad news is the CPU row, which has only three green squares, and tells you that the Sandcastle builds will only work on iPhone 7 devices for now. If you happen to have a surplus-to-requirements iPhone 7 lying around, and you decide to give this Android thing a spin please let us know in the comments how you got along.

File this one under "Well, duh." Consumer mag Which? today published research estimating that over a billion Android devices are vulnerable to hackers and malware as they are not receiving security updates. The most current version of Android is version 10, while Android 9.0 Pie and Android 8.0 Oreo continue to receive updates.