Google | SecurePC LLC - Computer Repair, Maintenance and Security

RottenSys Malware Has Infected 5M Android Devices Since 2016

There’s a new threat on the horizon, according to security researchers from Check Point. A group of hackers in China are busy building a massive botnet that so far, totals almost five million Android smartphones. The hackers are quietly taking control of these devices using a strain of malware known as “RottenSys.”

While the malware is flexible and can be adapted to any number of purposes, in its present incarnation, it’s being used to display copious numbers of advertisements. This generates a healthy revenue stream for the hackers, but that could be just the beginning. The researchers have found evidence that the hackers are gearing up for a campaign that could be much more far-reaching and damaging. According to Check Point: “This botnet will have extensive capabilities, including silently installing additional apps and UI automation.”

RottenSys is fairly new to the malware ecosystem, first appearing in September 2016. So far, the hackers have spent most of their time simply spreading their creation to more devices. At current count, the number of infected Android phones stands at 4,964,460, and it grows by the day.

It wasn’t until last month that RottenSys got an update that gave its owners the ability to take direct control of all the devices. Prior to that, they were happy to simply rake in ad revenue, which is estimated to exceed $350,000 a month.

Currently, the malware hasn’t spread beyond the confines of China, but that could easily change as the hackers seek to add an increasing number of devices to their already massive botnet.

What makes RottenSys notable is the fact that it has managed to spread to so many devices in such a short period of time. As it turns out, the secret to the hackers’ success has to do with the code it’s built around, which includes both “Small”, (an open source virtualization framework) and “MarsDaemon”, which is a library that keeps apps “undead,” which ensures that the malware’s processes continue to operate even after users close them. This ensures that the ad-injection capacity cannot be disabled.

Only time will tell what the hackers have planned, but it can’t be anything good. They’ll have a formidable botnet to do damage with. Stay tuned.

Another Google Service Is Going Away

If you are a fan of, and regularly use Goo.gl (the URL shortener service), brace for impact. The company has announced that as of March 30, 2019, the service will be shut down for good. Long before then, beginning April 18th of this year, only existing users will be able to shorten links via goo.gl. No new signups will be allowed.

The company had this to say about the recent announcement:

“The URL Shortener has been a great tool that we’ve been proud to have built. As we look towards the future, we’re excited about the possibilities of Firebase Dynamic Links, particularly when it comes to dynamic platform detection and links that survive the app installation process….FDLs are smart URLs that allow you to send existing and potential users to any location within an iOS, Android or web app.”

Fortunately, we’re not actually losing a service as much as we’re seeing one swapped out for something better and arguably next generation. It is worth mentioning that Google does not have any plans to auto-migrate goo.gl links to Firebase Dynamic Links. If you opt to use the new system, you’ll have to export your short links and then import them manually into Firebase.

Given this, it’s expected that at least some percentage of goo.gl users will simply opt to shift to other URL shortening services such as Bit.ly or Ow.ly.

Although Google is not ending support for the service to make life more difficult for hackers and spammers, that’s one of the unintended consequences of the move. Both spammers and malware authors regularly make use of goo.gl. Sadly, legions of Marketing departments and other legitimate users do too, and many aren’t thrilled that although Google is offering an ostensibly better and more robust alternative, they’re not offering any means of auto-migration to the new platform.

Having Chrome Issues Since The Latest Windows 10 Update?

Microsoft has been having some “issues” of late. It’s April Windows 10 rollout had to be delayed on account of some mysterious BSOD (“Blue Screen of Death”) issues. This month’s rollout is plagued by similar problems, trading the BSOD issues for problems with both “Hey Cortana” and Google’s Chrome browser.

The problem is that when you try to navigate the web using Chrome with the latest Windows 10 update, the entire system will inexplicably hang. The company is hoping to have a fix ready for release in time for the next “Patch Tuesday” on May 8, but in the meantime, offered the following suggestions to users who are impacted by this issue:

If you’re on a laptop, sometimes (but not always) opening and closing the lid will revive the system.
Failing that, or if you’re not on a laptop, try using the keyboard combination: Win + Ctrl + Shift + B. This activates the “wake screen” sequence.
If you’re on a tablet, press the volume up and volume down buttons at the same time, three times within two seconds. If you hear a short beep, then you know Windows is responsive, and it will attempt to refresh the screen.

If none of the above works for you, then your only other option is to simply reboot the system, which is beyond annoying. Fortunately, however, it’s only temporary. The company is currently working on a fix (although whether it’s ready by Patch Tuesday remains to be seen).

While this is by no means the kiss of death, it is troubling that the last two updates have had major issues. Unless the issue is identified and remedied, the company could be facing larger and more pervasive problems in the months ahead.

Firefox To Start Showing Ads On Tab Page

Before Google released its Chrome browser, Firefox felt pretty good about their arrangement. They got a handsome reward in exchange for making Google.com their default search engine. It was a win-win.

These days though, Firefox’s position is a bit more precious. The Google deal is still the main source of the company’s income, but they’re also in direct competition with Chrome. If Google one day decides to pull the plug on the deal, the company could find itself in dire straits indeed.

That’s why they’ve been casting about for some means of expanding and diversifying their revenue, and the strategy they’ve hit on is advertising.

Don’t worry, you’re not about to be buried under a mountain of annoying ads, but with the release of Firefox 60, any time you open a new tab, you’ll see a listing of recommended links based on your browsing history.

Anytime the conversation turns to “recommended links” it naturally brings privacy concerns to the fore. After all, the only way Firefox can make sensible recommendations you’re likely to be interested in is to track your browsing habits.

Here though, the company has an innovative approach, because all the tracking happens on the client side, so Firefox doesn’t actually store anything. Although they will track how many of the “recommended links” you visit, so they can cull the list and remove any of the ones you don’t bother with, so they don’t keep reappearing.

On balance, it’s a good, even-handed approach that should solve the company’s revenue problems, while treading lightly on the good graces of their user base.

Like it or not, ads are an unavoidable consequence of the internet as it exists today. At the very least though, Firefox deserves credit for not making excessive use of them, and for respecting the privacy of its users by coming up with a non-intrusive method of deciding what links to display.

Fitbit and Google Partnership May Raise Privacy Concerns

Depending on which side of the privacy debate you’re on, you’re either going to love or hate this announcement:

“Fitbit intends to use Google’s new Cloud Healthcare API to help the company integrate further into the healthcare system, such as by connecting user data with electronic medical records.”

Rarely has a single sentence been so fraught with risk, while simultaneously promising such great opportunity.

On the plus side, the potential for innovation is virtually unlimited, and this new partnership will no doubt be a boon for the still-struggling wearables market. There are also potential increases in health care delivery efficiency, but the privacy concerns surrounding the issue are very real.

One has to only think back to the recent Allscripts fiasco, in which some 1,500 healthcare providers found themselves impacted by a nasty ransomware attack.

Google already collects copious amounts of data on its users, and with Fitbit angling to tap into healthcare records, the amount of private and personally identifiable information collected on users is bound to grow exponentially.

In addition to that, depending on exactly what data Fitbit attempts to link, it could very well make them a “business associate” from a HIPAA perspective. This can expose one or both companies to increased liabilities and vastly stricter standards on how the data can be used, and the steps that must be taken to safeguard it.

Right now, those details are very much in the air, and the issue could go either way. But there are some legal experts who believe that Google and Fitbit will be able to skirt the issue sufficiently so that they will not gain the “business associate” classification.

For Fitbit’s part, the company had this to say: “We have a longstanding commitment to privacy and data, and our data practices will continue to be governed by the Fitbit Privacy Policy. We are not sharing our user data with Google, we are partnering with Google to host Fitbit user data, similar to other cloud/hosting service providers. We take our obligation to safeguard users’ personal information very seriously and are committed to protecting the privacy and security of our users, while being transparent about our data practices.”

Comforting words, but they have done little to allay the concerns of privacy advocates, who see any number of negative outcomes associated with the new partnership. This is a debate that will no doubt be continuing for quite some time to come.

New Android OS To Improve Lower End Phones

Google has another new product out. A slimmed down, streamlined version of the Android OS called “Go.” Unfortunately, it’s release didn’t gather as much press as you’d expect when a new OS is released. The reason for that is simple. The new, slimmer, sleeker Android Go was designed for low-end phones with limited storage capacity, which don’t typically get much press either.

Despite the relative lack of fanfare, Android Go is an interesting app that deserves some attention, even if you don’t own a low-end phone. At first glance, it’s got a lot going for it, although it remains to be seen if users will embrace it and make full use of its capabilities.

The first major noteworthy difference between Go and the standard Android OS is the fact that it doesn’t take up nearly as much space. Counting the OS itself and the Android default apps, the entire package requires just over 3GB, which is a significant space savings. This makes a real difference on low-end phones, which typically have no more than 8GB of storage to begin with.

Second, it comes with an app called “File Go” that offers users suggestions on files that can be moved to the cloud or safely removed altogether. Another app known as “Datally” makes tools available to manage how much data other apps on the phone are using, especially helpful for people who have limited data plans.

Third, there’s a special “YouTube Go” version of the standard YouTube app that gives users three different video streaming options: basic, standard, and high quality. This comes with information about how much data each of the three options will eat up.

In addition to those changes, Google has added a special section to its Play Store, highlighting apps that don’t require a lot of space.

Android Go is aimed specifically at users in developing nations, as this is where the highest concentration of low-end smartphones can be found. As to how successful the new OS will be, only time will tell, but early indications are encouraging.

Vega Stealer Malware Goes After Your Saved Credentials

There’s a new security threat to be worried about, and security professionals are warning that it could be very bad indeed. The new malware is known as the “Vega Stealer,” and is currently being used in a relatively simplistic phishing campaign designed to harvest financial data that has been saved in both Google Chrome and Firefox browsers. Unfortunately, based on an analysis of the code, it could be a much more serious threat.

Vega Stealer isn’t 100 percent original work, but rather, is a variant of another nasty bit of malware known as “August Stealer.” Built on the .NET framework, it’s designed to ferret out and steal cryptocurrency wallets, passwords, cookies, saved credit cards, and more.

If your computer is infected, and you’re using Firefox, Vega Stealer will specifically target the files “key3.db” and “key4.db,” along with “cookies.sqlite” and “logins.json,” which store a variety of keys and passwords.

In addition to that though, it can also take screen captures of your PC and scan for, and steal any file with the following extensions:

.pdf
.xlsx
.xrft
.docx
.doc

Of course, it would be a trivial matter for the owners of the malware to expand this list even further.

As mentioned, the current campaign isn’t terribly sophisticated, relying on emails bearing titles like “Online Store Developer Required.” The emails being sent contain a poisoned file called “brief.doc” which contains macros designed to install the malware.

If the recipient clicks on the word doc, it will install a file named “ljoyoxu.pkzip” in that user’s “Music” directory, and then automatically executes the file so it can begin harvesting.

Researchers from Proofpoint, who found the malware strain had this to say:

“The document macro utilized in this campaign is a commodity macro that we believe is for sale and used by multiple actors, including the threat actor spreading Emotet banking Trojan. However, the URL pattern from which the macro retrieves the payload are the same as those used by an actor we are tracking who distributes the Ursnif banking Trojan, which often downloads secondary payloads such as Nymaim, Gootkit, or IcedID. As a result, we attribute this campaign to the same actor with medium confidence.”

Be on your guard.

21 Percent Of Internet Traffic Riddled With Bad Bots

How much of your website’s traffic is driven by bots? The answer may surprise you. Overall, bots account for nearly half of all web traffic. The “good” bots account for 20.4 percent, and “bad” bots account for 21.8 percent.

Hackers, scammers and fraudsters commonly use bad bots to scrape content, test stolen account credentials, issue spam, conduct digital ad fraud by generating bogus clicks, conduct brute force attacks, and mine data from competitors.

Distil Networks keeps tabs on bad bot activities in their annual “Bad Bot Report”. This year’s analysis reveals that gambling websites and commercial airline companies suffer a disproportionate percentage of bad bot attacks, with 53.1 percent of gambling traffic coming from bad bots, and 43.9 percent of airline traffic coming from bad bots.

83.2 percent of bad bot attacks are initiated via Chrome, FireFox, Internet Explorer, and Safari web browsers. 10.4 percent come from mobile browsers, with Android, Opera, and Safari Mobile being the most commonly used.

82.7 percent of bad bot traffic originates in data centers, which is up from 60.1 percent in 2016, indicating that hackers are coming to increasingly centralize and scale their efforts.

Tiffany Olson Jones, the CEO of Distil Networks had this to say about the recently published report:

“This year, bots took over public conversation as the FBI continues its investigation into Russia’s involvement in the 2016 US presidential election and new legislation made way for stricter regulations. Yet as awareness grows, bot traffic and sophistication continue to escalate at an alarming rate. Despite bad bot awareness being at an all-time high, this year’s Bad Bot Report illustrates that no industry is immune to automated threats and constant vigilance is required in order to thwart attacks of this kind.”

While the total number of bad bot attacks continues to increase, the landscape is shifting. For the first time since the Bad Bot report has been published, Russia topped the list as the most blocked country, with 20.7 percent of companies issuing country-specific IP block requests, while China, which topped last year’s list, fell to sixth place, with 8.3 percent.

This is a problem that’s not going to go away. Continued vigilance is a must.

You Can Now Search Google From iMessage With App Download

There’s a fun, new update for Apple’s iMessage app that will probably make lots of power users happy. As long as you also have Google’s iOS app installed, you’ll be able to perform Google searches from within iMessage itself.

In order to make it work, you’ll have to go into the app drawer (App Store icon) and enable the iMessage extension. Once enabled, all you have to do to use Google search is to tap on the Google shortcut icon to get the search box. Even better, the update includes shortcuts for watching trending YouTube videos, scoping out nearby restaurants, checking out local weather conditions, and even a handy GIF search. There’s also a quick news search option.

If you search for restaurant recommendations, the new app makes the results easy to share in the conversation you’re having. Although curiously, this feature doesn’t carry over to YouTube videos or news. Even so, it can be situationally useful.

In a similar vein, Google’s keyboard app, “GBoard” also now has search built into it. In fact, you don’t even have to have GBoard installed. As long as you’ve got the core Google App, the search extension will appear in iMessage’s app drawer.

These are small changes, but if you spend a lot of time texting, you’ll find them invaluable. Think back to prior text conversations you’ve had. There have probably been a number of occasions when you found yourself wishing you could do a quick search on whatever topic you were talking about.

It’s great to see these kinds of changes as the cellphone market continues to grow. When the iPhone first burst onto the scene, apps were few and far between. Now, not only are there untold thousands of apps on the market, but they are becoming increasingly integrated. That’s very good to see.

Microsoft Surpasses Google In Latest Valuation

<img class=”alignnone size-full wp-image-7941 alignleft” src=”https://www.securepc-wi.com/wp-content/uploads/2018/07/microsoft-stock-valuation-resized.jpg” alt=”” width=”300″ height=”225″ />Microsoft’s stock price is surging, putting the company’s total valuation at $753 billion. This makes it the third most valuable company on the planet, behind Amazon (782 billion), Apple ($923 billion) and leaving Google in fourth place, valued at $739 billion.

Google first overtook Microsoft in 2012, and since that time, the two companies have traded places repeatedly. So Microsoft’s current 3<sup>rd</sup> place position is expected to be relatively short-lived.

It’s worth noting, however, that since Satya Nadella took over for Steve Ballmer, Microsoft’s stock price has more than doubled, the company has moved decisively into some new areas, and has been dramatically refocused.

<strong>Some of those changes include:</strong>
<ul>
<li>A big emphasis on cloud-based technologies</li>
<li>A heavy emphasis on artificial intelligence</li>
<li>Big investments in quantum computing</li>
<li>Equally large investments in mixed-reality headsets</li>
<li>An emphasis on cross-platform technologies</li>
</ul>
Even more significantly, the company has veered away from two areas that had long been Microsoft staples. The company has abandoned efforts to develop a Windows-based smartphone, and has moved away from the strategy of putting Windows at the center of everything Microsoft.

Although Google is likely to regain its #3 market cap position in the near future, Microsoft has some important strategic advantages over both Google and Apple that will serve it well in the long run. The most significant of these is the fact that it has a much more diverse revenue stream.

Google gets some 90 percent of its income from advertising, and Apple gets some 60 percentof its income from the venerable iPhone. Microsoft, based on the most recent quarterly report, is generating 35 percent of its income from the Surface and its gaming division, another 30 percent from its cloud-based services, and a similar percentage from Office and the company’s various productivity tools.