Security News

Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware
2022-06-26 22:57

A week after it emerged that sophisticated mobile spyware dubbed Hermit was used by the government of Kazakhstan within its borders, Google said it has notified Android users of infected devices. Necessary changes have been implemented in Google Play Protect - Android's built-in malware defense service - to protect all users, Benoit Sevens and Clement Lecigne of Google Threat Analysis Group said in a Thursday report.

Russia fines Google for spreading ‘unreliable’ info defaming its army
2022-06-24 20:28

Roskomnadzor, Russia's telecommunications watchdog, has fined Google 68 million rubles for helping spread what it called "Unreliable" information on the war in Ukraine and the failure to remove it from its platforms. The Russian telecommunications regulator said Google's YouTube online video sharing platform "Purposefully contributes" to spreading inaccurate info on Russia's war in Ukraine, thus defaming Russia's army.

Google Warns Spyware Being Deployed Against Android, iOS Users
2022-06-24 11:02

Google is warning victims in Kazakhstan and Italy that they are being targeted by Hermit, a sophisticated and modular spyware from Italian vendor RCS Labs that not only can steal data but also record and make calls. Researchers from Google Threat Analysis Group revealed details in a blog post Thursday by TAG researchers Benoit Sevens and Clement Lecigne about campaigns that send a unique link to targets to fake apps impersonating legitimate ones to try to get them to download and install the spyware.

Google: How we tackled this iPhone, Android spyware
2022-06-24 10:46

We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. This app in fact infected the device with RCS's spyware.

Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild
2022-06-20 23:18

A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero. In early February 2022, Apple shipped patches for the bug across Safari, iOS, iPadOS, and macOS, while acknowledging that it "May have been actively exploited."

Google Chrome extensions can be fingerprinted to track you online
2022-06-19 17:59

A researcher has discovered how to use your installed Google Chrome extensions to generate a fingerprint of your device that can be used to track you online. Yesterday, web developer 'z0ccc' shared a new fingerprinting method called 'Extension Fingerprints' that can generate a tracking hash based on a browser's installed Google Chrome extensions.

Android malware on the Google Play Store gets 2 million downloads
2022-06-14 19:36

Cybersecurity researchers have discovered adware and information-stealing malware on the Google Play Store last month, with at least five still available and having amassed over two million downloads. Analysts at Dr. Web antivirus report that adware apps and data-stealing Trojans were among the most prominent Android threats in May 2022.

New Emotet Variant Stealing Users' Credit Card Information from Google Chrome
2022-06-10 07:39

The notorious Emotet malware has turned to deploy a new module designed to siphon credit card information stored in the Chrome web browser. The credit card stealer, which exclusively singles out Chrome, has the ability to exfiltrate the collected information to different remote command-and-control servers, according to enterprise security company Proofpoint, which observed the component on June 6.

Google has more reasons why it doesn't like antitrust law that affects Google
2022-06-08 17:45

Google has a fresh list of reasons why it opposes tech antitrust legislation making its way through Congress but, like others who've expressed discontent, the ad giant's complaints leave out mention of portions of the proposed law that address said gripes. Google VP of engineering for privacy, safety and security Royal Hansen penned Google's latest take on the bill, which he said undermines Google's ability to secure its platforms and protect users.

Emotet malware now steals credit cards from Google Chrome users
2022-06-08 16:20

The Emotet botnet is now attempting to infect potential victims with a credit card stealer module designed to harvest credit card information stored in Google Chrome user profiles. After stealing the credit card info, the malware will send it to command-and-control servers different than the ones the Emotet card stealer module.