Security News

Since August 2021, malware peddlers have managed to spread four families of Android banking trojans via malware droppers introduced in Google Play. They did it by employing a series of tricks to bypass the app store's restrictions, evade automatic detection, and trick users into believing the apps they downloaded are legitimate and innocuous.

Malware campaigns distributing Android trojans that steals online bank credentials have infected almost 300,000 devices through malicious apps pushed via Google's Play Store. The Android banking trojans delivered onto compromised devices attempt to steal users' credentials when they log in to an online banking or cryptocurrency apps.

Overcoming Google Play app restrictions, attackers have successfully racked up more than 300,000 banking trojan installations over just the past four months in the official Android app marketplace. Researchers from Threat Fabric reported that these threat groups have honed their ability to use Google Play to propagate banking trojans by shrinking the footprint of their dropper apps, eliminating the number of permissions they ask for, boosting the overall quality of the attack with better code and standing up convincing companion websites.

Threat actors are exploiting improperly-secured Google Cloud Platform instances to download cryptocurrency mining software to the compromised systems as well as abusing its infrastructure to install ransomware, stage phishing campaigns, and even generate traffic to YouTube videos for view count manipulation. "While cloud customers continue to face a variety of threats across applications and infrastructure, many successful attacks are due to poor hygiene and a lack of basic control implementation," Google's Cybersecurity Action Team outlined as part of its recent Threat Horizons report published last week.

Italy's antitrust regulator has fined both Apple and Google €10 million each for what it calls are "Aggressive" data practices and for not providing consumers with clear information on commercial uses of their personal data during the account creation phase. The Autorità Garante della Concorrenza e del Mercato said "Google and Apple did not provide clear and immediate information on the acquisition and use of user data for commercial purposes," adding the tech companies chose to emphasize the data collection as only necessary to improve their own services and personalize user experience without offering any indication that the data could be transferred and used for other reasons.

Italy's competition authority has announced a fine of 10 million Euros against Google and Apple. The companies were fined due to violations of the Consumer Code involving lack of information on how personal data is used and aggressive consumer data acquisition practices for commercial purposes.

The CMA's claims come in the wake of yesterday's call by the UK's data watchdog, the Information Commissioner's Office, for Google and co to sort out the privacy risks posed by ads. In June the CMA consulted on initial commitments offered by Google and the feedback from third parties was... they needed a bit of work.

Google's Cybersecurity Action Team has released its first "Threat horizon" report on the scary things it's found on the internet. The Team's first report offers six nuggets of intelligence, and The Register believes none will surprise readers.

A newly discovered Iranian threat actor is stealing Google and Instagram credentials belonging to Farsi-speaking targets worldwide using a new PowerShell-based stealer dubbed PowerShortShell by security researchers at SafeBreach Labs. They target Windows users with malicious Winword attachments that exploit a Microsoft MSHTML remote code execution bug tracked as CVE-2021-40444.

Google Chrome 96 was released yesterday, and users are reporting problems with Twitter, Discord, and Instagram caused by the new version. After upgrading to Chrome 96, users report errors in their Twitter notifications, with the website warning that "Something went wrong. Try reloading," as shown below.