Tag: General Interest

RottenSys Malware Has Infected 5M Android Devices Since 2016

There’s a new threat on the horizon, according to security researchers from Check Point.  A group of hackers in China are busy building a massive botnet that so far, totals almost five million Android smartphones.  The hackers are quietly taking control of these devices using a strain of malware known as “RottenSys.”

While the malware is flexible and can be adapted to any number of purposes, in its present incarnation, it’s being used to display copious numbers of advertisements. This generates a healthy revenue stream for the hackers, but that could be just the beginning.  The researchers have found evidence that the hackers are gearing up for a campaign that could be much more far-reaching and damaging.  According to Check Point: “This botnet will have extensive capabilities, including silently installing additional apps and UI automation.”

RottenSys is fairly new to the malware ecosystem, first appearing in September 2016. So far, the hackers have spent most of their time simply spreading their creation to more devices.  At current count, the number of infected Android phones stands at 4,964,460, and it grows by the day.

It wasn’t until last month that RottenSys got an update that gave its owners the ability to take direct control of all the devices.  Prior to that, they were happy to simply rake in ad revenue, which is estimated to exceed $350,000 a month.

Currently, the malware hasn’t spread beyond the confines of China, but that could easily change as the hackers seek to add an increasing number of devices to their already massive botnet.

What makes RottenSys notable is the fact that it has managed to spread to so many devices in such a short period of time.  As it turns out, the secret to the hackers’ success has to do with the code it’s built around, which includes both “Small”, (an open source virtualization framework) and “MarsDaemon”, which is a library that keeps apps “undead,” which ensures that the malware’s processes continue to operate even after users close them. This ensures that the ad-injection capacity cannot be disabled.

Only time will tell what the hackers have planned, but it can’t be anything good. They’ll have a formidable botnet to do damage with. Stay tuned.

Remote Desktop Flaw Affects Every Windows Version

Researchers at Preempt Security recently discovered a critical flaw in Microsoft’s Credential Security Support Provider protocol (CredSSP for short) that impacts every version of Windows in existence. It could allow a hacker to remotely exploit Windows Remote Desktop to execute malicious code and steal any data stored on the machine.

The flaw, logged as CVE-2018-0886 would allow a hacker to execute a man in the middle attack, (provided that they had Wi-Fi or physical access to the machine) and steal authentication data via a Remote Procedure Call attack.

Yaron Zinar, a lead researcher at Preempt, had this to say about the flaw:

“An attacker which has stolen a session from a user with sufficient privileges could run different commands with local admin privileges.  This is especially critical in case of domain controllers, where most Remote Procedure Calls (DCE/RPC) are enabled by default.  This could leave enterprises vulnerable to a variety of threats from attackers including lateral movement and infection on critical servers or domain controllers.”

This is a big deal because Windows Desktop is hands-down the most popular means of performing remote logins. In addition, business of all shapes and sizes make regular use of RDP for a variety of purposes, making them vulnerable until the flaw is patched.

Microsoft released a fix for the issue as part of their March 2018 Patch Tuesday, but security professionals close to the issue warned that simply applying the patch is not enough to provide protection.  You’ll also need to instruct your staff to make a few configuration changes (explained in the documentation surrounding the issue), including limiting your use of privileged accounts as much as possible and use non-privileged accounts whenever possible.

The March 2018 patch release was a hefty one, and included patches for a number of products including Core ChakraCore, PowerShell, Microsoft Office, Windows (OS), and both the Edge browser and Internet Explorer.

Another Google Service Is Going Away

If you are a fan of, and regularly use Goo.gl (the URL shortener service), brace for impact.  The company has announced that as of March 30, 2019, the service will be shut down for good.  Long before then, beginning April 18th of this year, only existing users will be able to shorten links via goo.gl.  No new signups will be allowed.

The company had this to say about the recent announcement:

“The URL Shortener has been a great tool that we’ve been proud to have built.  As we look towards the future, we’re excited about the possibilities of Firebase Dynamic Links, particularly when it comes to dynamic platform detection and links that survive the app installation process….FDLs are smart URLs that allow you to send existing and potential users to any location within an iOS, Android or web app.”

Fortunately, we’re not actually losing a service as much as we’re seeing one swapped out for something better and arguably next generation.  It is worth mentioning that Google does not have any plans to auto-migrate goo.gl links to Firebase Dynamic Links.  If you opt to use the new system, you’ll have to export your short links and then import them manually into Firebase.

Given this, it’s expected that at least some percentage of goo.gl users will simply opt to shift to other URL shortening services such as Bit.ly or Ow.ly.

Although Google is not ending support for the service to make life more difficult for hackers and spammers, that’s one of the unintended consequences of the move. Both spammers and malware authors regularly make use of goo.gl.  Sadly, legions of Marketing departments and other legitimate users do too, and many aren’t thrilled that although Google is offering an ostensibly better and more robust alternative, they’re not offering any means of auto-migration to the new platform.

MyFitnessPal User Information Data Breach Affects 150 Million

Another week, another high-profile data breach.  This time, it’s Under Armour in the hot seat.  Under Armour acquired the MyFitnessPal app back in February 2015, and the company recently announced that their new acquisition was hacked in late February 2018.

So far, the company is taking all steps we’ve come to see as usual in these circumstances.  They’ve notified their user base about the scope and scale of the attack, which impacted a hefty 150 million users.  In conjunction with the announcement of the event itself, they assured their users that the theft of data was limited to user names, email addresses and encrypted passwords.

Although the stolen passwords are encrypted with bcrypt (which is a highly secure solution), the company is still recommending that all of the app’s users change their passwords immediately, just to be safe.  Under Armour also assures its MyFitnessPal users that no credit card information was exposed.

In a departure from the routine we’ve come to expect in situations like these, the company is also warning users to be aware that since their emails were stolen, they may be subject to phishing scams in an attempt to get more of their personal information.

That announcement, in part, reads as follows:

“Please note that the email from MyFitnessPal about this issue does not ask you to click on any links or contain attachments and does not request your personal data.  If the email you received about this issue prompts you to click on a link, suggests you download an attachment, or asks you for information, the email was not sent by MyFitnessPal and may be an attempt to steal your personal data.  Avoid clicking on links or downloading attachments from such suspicious emails.”

While Under Armour’s handling of the incident has been solid so far, one has to wonder how many more of these incidents we’ll see before companies start taking data security more seriously.

Huge Spike in Malware With Mining Capabilities

There’s a new type of hacking attack to be concerned with, and it’s growing by leaps and bounds.  Called “Crypto-Jacking,” it’s a process by which malicious code is placed on websites. When the sites are visited, the code secretly siphons off a portion of the affected user’s PC, laptop, or smartphone’s processing power and uses it to mine for various cryptocurrencies  so that the hackers can profit from it.

Kevin Haley, the Director of Symantec’s Security Response Team, had this to say about the issue:

“Cryptojacking just came out of nowhere.  I think what we’re going to learn in the year to come is when people see the opportunity to take money, they’re going to come up with some really wild ways to do that.”

Based on the statistics the company has been collecting, cryptojacking increased a whopping 8500 percent in the fourth quarter of 2017 alone. As the prices of various cryptocurrencies continue to rise, we can expect to see even more of this because it provides the hackers with a hands-free method of gaining tremendous profits with almost no risk or exposure.

Mike Fey, the President and COO of Symantec adds, “Cryptojacking is a rising threat to cyber and personal security.  The massive profit incentive puts people, devices and organizations at risk of unauthorized coin miners siphoning resources from their systems, further motivating criminals to infiltrate everything from home PCs to giant data centers.”

Perhaps the most insidious aspect of this new attack vector is how easy it is to pull off.  Even a low-skill hacker with a very limited toolset can manage to insert the handful of lines of code needed to begin siphoning resources.

Unlike most other forms of attack, however, no company data is directly at risk.  What you can expect to see though, are serious performance hit as more of your equipment becomes infected.  It’s not a happy situation given the importance of speed in today’s fast-paced business environment.

Having Chrome Issues Since The Latest Windows 10 Update?

Microsoft has been having some “issues” of late.  It’s April Windows 10 rollout had to be delayed on account of some mysterious BSOD (“Blue Screen of Death”) issues. This month’s rollout is plagued by similar problems, trading the BSOD issues for problems with both “Hey Cortana” and Google’s Chrome browser.

The problem is that when you try to navigate the web using Chrome with the latest Windows 10 update, the entire system will inexplicably hang.  The company is hoping to have a fix ready for release in time for the next “Patch Tuesday” on May 8, but in the meantime, offered the following suggestions to users who are impacted by this issue:

  • If you’re on a laptop, sometimes (but not always) opening and closing the lid will revive the system.
  • Failing that, or if you’re not on a laptop, try using the keyboard combination: Win + Ctrl + Shift + B. This activates the “wake screen” sequence.
  • If you’re on a tablet, press the volume up and volume down buttons at the same time, three times within two seconds. If you hear a short beep, then you know Windows is responsive, and it will attempt to refresh the screen.

If none of the above works for you, then your only other option is to simply reboot the system, which is beyond annoying.  Fortunately, however, it’s only temporary. The company is currently working on a fix (although whether it’s ready by Patch Tuesday remains to be seen).

While this is by no means the kiss of death, it is troubling that the last two updates have had major issues.  Unless the issue is identified and remedied, the company could be facing larger and more pervasive problems in the months ahead.

Firefox To Start Showing Ads On Tab Page

Before Google released its Chrome browser, Firefox felt pretty good about their arrangement.  They got a handsome reward in exchange for making Google.com their default search engine.  It was a win-win.

These days though, Firefox’s position is a bit more precious.  The Google deal is still the main source of the company’s income, but they’re also in direct competition with Chrome.  If Google one day decides to pull the plug on the deal, the company could find itself in dire straits indeed.

That’s why they’ve been casting about for some means of expanding and diversifying their revenue, and the strategy they’ve hit on is advertising.

Don’t worry, you’re not about to be buried under a mountain of annoying ads, but with the release of Firefox 60, any time you open a new tab, you’ll see a listing of recommended links based on your browsing history.

Anytime the conversation turns to “recommended links” it naturally brings privacy concerns to the fore.  After all, the only way Firefox can make sensible recommendations you’re likely to be interested in is to track your browsing habits.

Here though, the company has an innovative approach, because all the tracking happens on the client side, so Firefox doesn’t actually store anything. Although they will track how many of the “recommended links” you visit, so they can cull the list and remove any of the ones you don’t bother with, so they don’t keep reappearing.

On balance, it’s a good, even-handed approach that should solve the company’s revenue problems, while treading lightly on the good graces of their user base.

Like it or not, ads are an unavoidable consequence of the internet as it exists today.  At the very least though, Firefox deserves credit for not making excessive use of them, and for respecting the privacy of its users by coming up with a non-intrusive method of deciding what links to display.

Lego and Alexa Team Up For Storytelling Through Device

In terms of toys, what could possibly be better than LEGOS?  How about LEGOS, combined with Alexa?  That’s the latest idea from Amazon, who has paired the unlikely duo in a newly announced service called “LEGO Duplo Stories.”  The new service (“skill,” in the parlance of Alexa) will be available on any device that offers Alexa support including Echo Dot and Amazon Echo. It provides a selection of stories with audio prompts that guide children in the construction of something with their LEGO Duplos that ties in with the story being told.

The stories are quite inventive, and change based on the responses of the children listening and interacting.  For example, one story involves going on vacation via plane, and based on what the children say they want to pack, the vacation destination will be either to a warm or a cool place, with various build instructions being introduced along the way.

According to the company, the goal is to use these interactive stories as a means of developing color recognition, social, and cognitive skills.

It’s an innovative approach, and an excellent use for a technology that is becoming increasingly common in American homes.  To access the stories, simply say “Alexa, open LEGO Duplo Stories,” then follow the prompts to begin the interactive experience.

Currently, the stories span ten different themes and work in tandem with existing Duplo sets.  It should be noted that you can still interact with the skill even if you don’t own a set of LEGOS, or don’t have all the required pieces (although obviously this will make it even more interactive).

James Poulter, the Head of emerging Platforms and Partnerships at LEGO, had this to say about the new offering: “Voice is such a powerful tool for play as it is one of the most human ways of interacting.  Long before we can type, read or control a device, we listen and speak.”

An exciting development, and it is available right now.

Hulu To Soon Offer Episode Downloading and Offline Streaming

Hulu recently announced that it would join both Netflix and Amazon Prime in allowing its users to download content to watch offline, but in Hulu’s case, it comes with a twist.

If you subscribe to the $7.99 a month tier, in addition to downloading the content you want to watch, you’ll also be downloading the advertising associated with that content.  It’s an important distinction because Hulu is structured quite differently from Netflix and Amazon Prime.

Much of Hulu’s programming is available on regular network television, and often airs the same day it does on the regular networks.  Consequently, ads on Hulu tend to command more of a premium than ads on the other two companies.

Combine that with the fact that Hulu gets most of its revenue from advertising, and you begin to see the appeal and the necessity of such a strategy from Hulu’s perspective.  Netflix and Amazon prime both have a deep bench of their own, unique programming which acts as a draw. However, Hulu is currently dependent on content licensed from others, which is why ad revenue is of utmost importance to them.

It should be noted that if you subscribe to the company’s $11.99/month plan, you can download ad-free content.

Either way, the ability to watch content offline is a big deal. This is especially important to frequent travelers who often find themselves in places with patchy internet service, or no connectivity at all.  In those cases, having access to offline content can be a real godsend that can mean the difference between a tolerable trip and a miserable one.

Kudos to Hulu for joining the ranks of Amazon and Netflix, and although there have been a few grumblings about having to endure ads, it really is a small price to pay for the flexibility and convenience.

High Speed Wireless Coming To Laptops Next Year

If you’re in the market for a new laptop but can milk a little more life out of the one you’ve got, 2019 will be the year to buy.  The reason?  5G.  AT&T is slated to become the first carrier to offer 5G network connectivity to small segments of its customer base this year (starting in Atlanta, Dallas, and Waco, and then slowly spreading to other areas).

While they’ll be the first, it’s not hard to imagine that their competitors will be hot on their heels, and all the major PC and laptop manufacturers are keenly aware of this.  That’s why Microsoft, Lenovo, HP, Dell, and Intel have all announced that the first 5G-enabled PCs will become available sometime in mid to late 2019, in a bid to take advantage of the awesome new capabilities that 5G promises to make a reality.

While Intel missed the 4G opportunity, the company has every intention of being front and center in the 5G revolution.

In fact, the company had this to say when it made its announcement earlier this week:

“Intel is investing deeply across its wireless portfolio and partners to bring 5G-connected mobile PCs to market, with benefits for users like high quality video on-the-go, high-end gaming, and seamless connections as users traverse WiFi and Cellular networks.”

All true, and a widespread 5G network would truly be a game changer.  The problem though, is that 5G has a bit of an image problem.  It has long been considered the Holy Grail of wireless networking, and Intel and other companies have been hyping its many advantages for years.

The difference of course is that now, companies have the technical capabilities to make it all real, and have firm timetables in place for a rollout, neither of which were true in the past. Even so, 5G now has to swim against a bit of a tide of its own making as it draws closer to becoming reality.