Security News

Google this week reversed an overhaul of one of its security-related file formats after the transition broke Android apps. In November, 2021, Google announced changes to the format of its Chrome Certificate Transparency log list file and, in August, 2022, notified developers whose apps might be affected that it would stop publishing legacy log list files on October 17, 2022.

Chinese-speaking individuals in Southeast and East Asia are the targets of a new rogue Google Ads campaign that delivers remote access trojans such as FatalRAT to compromised machines. The attacks involve purchasing ad slots to appear in Google search results that direct users searching for popular applications to rogue websites hosting trojanized installers, ESET said in a report published today.

Google announced on Tuesday that it's officially rolling out Privacy Sandbox on Android in beta to eligible mobile devices running Android 13. "The Privacy Sandbox Beta provides new APIs that are designed with privacy at the core, and don't use identifiers that can track your activity across apps and websites," the search and advertising giant said.

Google on Tuesday began rolling out a beta test of its Privacy Sandbox software for a small portion of Android 13 devices to learn how its purportedly privacy-protecting ad tech actually performs. Google began working on its Privacy Sandbox in 2019 and its Android iteration surfaced a year ago.

A new phishing campaign targeting Amazon Web Services logins is abusing Google ads to sneak phishing sites into Google Search to steal your login credentials. The malicious Google ads take the victim to a blogger website under the attackers' control, which is a copy of a legitimate vegan food blog.

Criminals using Google search ads to deliver malware isn't new, but Ars Technica declared that the problem has become much worse recently. In the past, these families typically relied on phishing and malicious spam that attached Microsoft Word documents with booby-trapped macros.

An ongoing Google ads malvertising campaign is spreading malware installers that leverage KoiVM virtualization technology to evade detection when installing the Formbook data stealer. In a Google advertising campaign spotted by Sentinel Labs, threat actors push the Formbook information-stealing malware as virtualized.

Google sweetened the potential pot to $30,000 for bug hunters in its open source OSS-Fuzz code testing project. On Wednesday, Google increased bounties for fuzzing coverage projects, and added rewards for some FuzzBench integrations.

Google Fi, Google's U.S.-only telecommunications and mobile internet service, has informed customers that personal data was exposed by a data breach at one of its primary network providers, with some customers warned that it allowed SIM swapping attacks. Google sent notices of a data breach to Google Fi customers this week, informing them that the incident exposed their phone numbers, SIM card serial numbers, account status, account activation date, and mobile service plan details.

Operators of high-yielding investment scams known as "Pig butchering" have found a way to bypass the defenses in Google Play and Apple's App Store, the official repositories for Android and iOS apps. After gaining the victims' trust, the scammers say that they have an uncle working for a financial analysis firm and launch an invitation to trade cryptocurrency via an app on Play Store or App Store.