Popular Chrome Ad Blocker Faked, 30k Users Infected With Malware

“Fool me once, shame on you. Fool me twice, shame on me,” as the saying goes. Unfortunately, Google has now been fooled by the same trick twice.

For the second time in recent years, Google has allowed a malicious variant of the popular extension “AdBlock Plus” onto its Chrome Web Store. It was noticed by a security researcher going by the alias “SwiftOnSecurity.” Before Google removed it, it had been installed more than 37,000 times by unsuspecting users.

This incident underscores a serious flaw in the way that Chrome extensions are uploaded to the Web Store.

The entire process is automated, and Google only intervenes if an extension is reported as being problematic. Unfortunately, given the automated nature of the process, it’s almost frighteningly easy to abuse, and since there are no significant checks on the front end, hackers can upload extensions bearing the same or highly similar names as extensions from legitimate developers. Unless a user clicks on the “reviews” tab to read what other users are saying about the extension, at first glance, they’d have no real way of knowing that there was a problem until they started experiencing it for themselves.

As mentioned, this is actually the second time this very extension was abused, the first being back in 2015.

As malware goes, this one is annoying, but not awful. Instead of blocking ads, it has a tendency to open multiple new windows, displaying a torrent of unwanted advertising. Fortunately, there don’t seem to be any other “hooks” built into the code, so it doesn’t install more destructive malware, but it’s still annoying.

All that to say, if you’ve been experiencing a sudden flurry of advertising popups, you may have been one of the unlucky few to have grabbed a malicious variant of an otherwise excellent web extension. If you have, just uninstall it and go grab a new copy, and you should be all set.

Be Careful Of Downloads – Google Play Store Sees Malware Increase

Google’s Play Store is under siege. In recent month, there has been a sharp spike in malware campaigns launched against the store, with a shocking number of poisoned apps slipping past Google’s robust system of checks designed to prevent, or at least minimize such occurrences.

The spike in poisoned apps has been reported by three different security companies: Dr. Web, McAfee and Malwarebytes.

According to the latest McAfee report, 144 Play Store apps have been identified as containing malware. To give you a sense of the scope and scale of the attack, McAfee analyzed a sample of 34 of the malicious apps and found that they had been downloaded between 4.2 million and 17.4 million times.

Of the malware strains found to be present on the Play Store, far and away the most common is Grabos, which is designed to push fake notifications that trick unsuspecting users into installing other apps. Based on the observed behavior, it’s likely that Grabos’ authors generate revenue based on the number of installs achieved. Based on the sheer number of downloads, it’s a model that’s paying handsome dividends for the hackers.

The second most common malware strain identified in the McAfee report is AsiaHitGroup, which utilizes an IP blacklist to specifically target users in Asian countries. This malware was initially found in an app named “QR Code Generator,” and once it infects a user’s machine, it will download a second-stage threat in the form of an SMS Trojan, which auto-subscribes infected users to premium phone numbers using SMS text messages.

Since its initial discovery in QR Code Generator, the AsiaHitGroup malware has been found in a variety of other apps, including alarm clock, photo editor and internet speed test apps.

The security firm Dr. Web found a third distinct malware strain called Android.RemoteCode.106.origin, which was found to be embedded on nine different Play Store apps that had been downloaded between 2.37 million and 11.7 million times.

This campaign opens an “invisible” browser page that shows ads and is the least intrusive of the malware strains found. It’s likely that the hackers controlling this one get paid via ad impressions which are spoofed on the invisible browser window.

In addition to these, ESET has identified a fourth threat, having identified eight different apps that are infected with the MazerBot banking Trojan. This one is potentially the most damaging of the recently identified threats.

Google’s Play Store is clearly a fair bit more dangerous currently than its users are accustomed to. Be very careful when downloading apps until Google can beat back these recent attacks.

Android Bug Found In Adaptive Icons

Do you use apps that employ the new “Adaptive Icons” feature introduced in Android Oreo? If so, be aware that there’s a serious flaw in the code that could send your device into an infinite bootloop, leaving you no alternative but to restore the device to factory default settings, which will almost certainly result in at least some lost data.

It’s important to underscore the fact that this bug does not impact Android Oreo at all in its default state. Rather, it can be triggered by apps that use the Adaptive Icons feature.

The bug was discovered by a developer going by the name of Jcbsera, who wrote an app called “Swipe for Facebook.” His app, when installed, creates a conflict by introducing two files with the same file name, which creates a circular reference.

The only way around the problem relies on you having done some serious prep work in advance of installing the app, which includes having USB debugging enabled and uninstalling the app via ADB, a combination of conditions unlikely to be met by many users.

The bug wasn’t picked up on in testing because all testing was conducted on the emulator built into Android Studio, which did not allow the bug to manifest.

Note that if you’ve installed this app, you do not need to launch it in order to send your device into an infinite loop. That happens automatically, once the installation is complete.
Google has been notified, and plans are already in place to patch the issue in the upcoming release of Android Oreo 8.1.

This interesting, but ultimately unnecessary feature has already caused thousands of users to lose data by forcing them to restore to factory defaults. Just be aware of it so that it doesn’t happen to you, and update to version 8.1 as soon as it is available.

Google Can Still Track You With Location Services Disabled

Google recently found itself in a bit of hot water after an investigation by Quartz revealed that the company was intrusively collecting location data on literally every Android device in use today. That’s billions of devices all over the globe.

There are many instances when there’s an expectation that location data can and will be tracked. In fact, one of the most commonly used features of smartphones in general (GPS and directions) demands it.  After all, Google Maps can’t tell you how to get where you’re going if it doesn’t know where you are to begin with, so that’s all fine and good.

The problem, as revealed by the recent investigation, is that for all of 2017, Google was collecting location data on every Android device. This was happening even if the user took a series of frankly heroic measures in an effort to prevent it, including turning off location services, not allowing any apps to track their location and even pulling their SIM card from the phone.

The practice, as Quartz rightly pointed out, goes far beyond any reasonable expectation of consumer privacy and is wildly intrusive.

When Quartz made inquiries of Google regarding the matter, part of the official company response, sent via email, was as follows:

“In January of this year, we began looking into using Cell ID codes as an additional signal to further improve the speed and performance of message delivers. However, we never incorporated Cell ID into our network sync system, so that the data was immediately discarded, and we updated it to no longer request Cell ID.”

In recent years, all the major tech companies have come under fire for the vast amounts of data they collect on consumers of their products. Although Google made it clear that they were formally ending the practice, the current climate makes their intrusive data collection effort (which, again, went completely undetected for the better part of a year) even more disturbing, especially given the lengths the company has gone to in an effort to position themselves as champions of user privacy.

Chrome OS To Get App Multitasking Soon

Chromebooks have brought Android apps to a much wider market, making them accessible to virtually everyone, but the Chrome OS has always lagged behind other platforms developmentally.

One of its most serious limitations where running apps was concerned centered on its inability to multitask. Basically, if the app you’re using is not “in focus” or in the window you’re currently viewing, all activity in the app ceases.

There are a few exceptions such as the Spotify app, but most apps that rely on real time data and most games will freeze when a user clicks out of the window. If you’re coming to Chromebook from almost any other platform, it can be annoying and hard to get used to.

Fortunately, you won’t have to deal with this for much longer. Google recently announced the release of Chrome OS 64, which will, among other things, allow apps to continue running in the background, even when you’re not using them in the active window.

Right now, the update is available on the company’s Beta channel, so it’s a fair bet that it will be rolled out to the general user base in the very near future. However, the company has not given a firm timeframe for that.

If you have a Chromebook, this is good news indeed as it corrects what many industry insiders have long seen as a glaring weakness of the platform.

While Chromebooks don’t get much use at the Enterprise level, they are a cost-effective computing option for students and low-income people, and it’s good to see Google spending time and resources improving them.

While the latest version offers a number of enhancements, the two biggest are the multitasking support mentioned above, and the “split view” feature which will further enhance the multitasking capabilities of the platform.

Vertical Video Support On YouTube For iOS Finally Here

The owners of Android devices have been able to properly view vertical videos for more than two years, but for Apple users, it was a different story.

Instead of getting the traditional full-screen experience when viewing vertical videos, Apple users were saddled with annoying vertical bars that would appear on either side of the video itself. It’s a small thing, but undeniably annoying. Now, at long last, the problem has been solved and now Apple users can enjoy the same vertical, full-screen experience as the rest of us.

YouTube announced the upgrade in a tweet that read as follows:

“Bye-bye, black bars. Now the YouTube player on iOS will automatically adapt to the shape of the video you’re viewing!”

It matters because smartphones were designed to be held in that position, so it’s the natural way to interact with the device, no matter what you’re doing with it, including watching videos.

There’s one caveat, however: A surprising number of vertical videos won’t go full screen because they’ve actually been encoded with black bars on the sides, which technically makes them landscape vids that are only mimicking the appearance of a vertical video.

Now that YouTube has made this change, over time, you’ll probably see fewer and fewer videos shot like this and uploaded. In the short to medium term, don’t be the least bit surprised if you run into videos shot like this on a regular basis.

Why it took the company so long to update the Apple version of their app with this functionality, no one knows, but it’s not hard to hazard a few guesses. In any event, it’s not something that’s likely to have a major impact on your life, but it is a welcome change and we were happy to see it.

Vulnerabilities Found In Some GPS Services

A duo of researchers stumbled across a series of vulnerabilities in literally hundreds of GPS services that leave sensitive GPS tracking data open to hackers. Dubbed “Trackmageddon” by the researchers, the vulnerabilities span a range of weaknesses that include default or easy-to-guess passwords, IDOR (Insecure Direct Object Reference) issues, insecure API endpoints, and data collection folders that are entirely unsecured.

The reason so many different tracking services are impacted is that most of them rely on the same online software to deliver their services, and that software (believed to be designed by ThinkRace, one of the largest vendors of GPS tracking devices) itself is flawed. As more and more companies license it, the issues spread, exposing the data of an increasing number of customers who are entirely in the dark about how vulnerable their location data is.

The researchers have made attempts to contact the vendors offering GPS tracking services with vulnerabilities, but so far, have met with only limited success. According to their report:

“We tried to give the vendors enough time to fix (also respond for that matter) while we weighed this against the current immediate risk of the users.

We understand that only a vendor fix can remove a user’s location history (and any other stored user data for that matter) from the still affected services, but we (and I personally because my data is also on one of those sites) judge the risk of these vulnerabilities being exploited against live location tracking devices, much higher than the risk of historic data being exposed.”

As to the types of data being exposed, it includes: GPS coordinates, phone numbers, IMEI numbers, device information, and depending on which online service is being used, a hacker could even gain access to audio, video, and photos uploaded by the device being used.

While extremely convenient, these services do carry significant risks. Use them at your own risk.

Inappropriate Ads Found In Some Game Apps for Kids

Normally, Google’s robust series of checks and audits are pretty good at catching malicious code and preventing it from making its way to the Play Store. Sometimes, however, something slips through anyway despite the company’s best efforts. This latest one is particularly bad.

Researchers from Check Point have identified a new strain of malware called “AdultSwine” lurking in more than sixty gaming apps on the Play Store. Each of these apps has been downloaded between 3 million and 7 million times, which gives us approximately 150 million infected devices.

As the name suggests, the malware primarily displays ads from the web that are of an adult nature, and often overtly pornographic. It also attempts to trick unsuspecting users into installing additional malware that masquerades as “security apps.”

An analysis of the code reveals it to be highly flexible, allowing the authors to easily begin collecting all kinds of information about the owner of any infected device. This makes identity theft a real possibility if the hackers were inclined to do so.

The most disturbing element of all this is that the malware seems heavily focused on apps and games designed for children. So if you’re a parent, it pays to check the apps that are installed on your child’s phone. What seems at first glance to be a harmless game could actually be displaying pornographic advertising while they’re playing.

The Check Point researchers had this to say about the discovery:

“Although for now this malicious app seems to be a nasty nuisance, and most certainly damaging on both an emotional and financial level, it nevertheless also has a potentially much wider range of malicious activities that it can pursue, all relying on the same common concept. Indeed, these plots continue to be effective even today, especially when they originate in apps downloaded from trusted sources such as Google Play.”

Just to be safe, double check the apps on your child’s phone!

700,000 Potentially Malicious Apps Removed From Google Last Year

Google recently released their Play Store stats for 2017.  The results are both encouraging and disheartening.  Overall, Google caught and removed more than 700,000 malicious apps from the Play Store, minimizing their impact on the company’s massive Android user base.

That’s unquestionably good news, but it comes with a bit of a dark side.  That figure represents a staggering 70 percent increase in the number of apps removed compared with 2016 figures.  The hackers are not only relentless in their efforts, but they’re picking up the pace dramatically.

Last year, Google made a significant change, putting Play Store security under the umbrella of the Google Play Project.  This system is driven by “smart” detection software that automatically scans and provides alerts for any software that exhibits questionable behavior and gets better on its own thanks to Machine Learning protocols.

So far, that approach seems to be working pretty well.  It’s not without its flaws, of course.  Google found itself in the news a few times last year when some malicious apps managed to slip through their impressive detection mechanisms, and got downloaded by several thousand users.  Even so, it’s clear that the company is committed to the process and takes the security of its users very seriously.  Given today’s digital landscape, that’s important.  That means something.

As for Google’s plans for 2018:

More of the same.  Continued, incremental improvements in the Google Play Project, continued support for the Zero-Day initiative, and keeping a watchful eye on all things security-related.  The company is by no means perfect, but it’s nice to know that we’ve got such a large company out there, fighting back.

Of course, it still falls to each individual user to be careful what apps you install on your various devices.  No matter what Google does in the coming year, due diligence is still your last, best defense.

Google Wants Children Watching YouTube Kids App

More often than not, Google is seen as a force for good on the internet. However, in one area in particular, their actions and words haven’t been in alignment, and it’s gotten them in trouble.

Here’s Google’s official statement about their YouTube Kids service:

“Protecting kids and families has always been a top priority for us.  Because YouTube is not for children, we’ve invested significantly in the creation of the YouTube Kids app to offer an alternative specifically designed for children.”

That statement is true as far as it goes, but there’s an important catch.  The YouTube Kids app is frustratingly difficult to get.  You can’t install it on your Xbox.  Most smart TV’s on the market today don’t support it, and you can’t put it on a PC.  Aside from a few models of LG and Sony smart TVs, and smartphones, it’s just not an option.

Contrast that with the regular YouTube app, which has been rolled out to just about every platform there is, and it’s easy to see where Google’s primary focus is.

It’s not hard to understand the reasoning behind the difference in availability.  One of the key differences between YouTube and YouTube Kids is that the latter doesn’t have targeted advertising, while the former does. Google makes a lot of money on YouTube ads.  It’s simple economics.

Unfortunately, it’s also gotten the company into hot water.  They’ve had complaints from more than 20 consumer advocacy groups, who have banded together and taken their case to the FTC.

In part, the complaint reads as follows:

“Google has made substantial profits from the collection and use of personal data from children on YouTube.  Its illegal collection has been going on for many years and involves tens of millions of US children.”

Ultimately, what the advocacy groups want is for Google to move all kid-centric content over to YouTube kids. However, the company would be extremely reluctant to do that because their kid-friendly app has such limited availability.

This is a thorny issue with no easy answers, and at this point, it’s unclear how Google is going to respond to the complaint.