San Francisco: Google Play has been infiltrated by a new Android malware called ‘Goldoson’, which has been discovered in 60 legitimate apps with a combined total of 100 million downloads.
The malicious malware component is integrated into a third-party library that the developers inadvertently incorporated into all sixty apps, reports BleepingComputer.
The Android malware, discovered by McAfee’s research team, is capable of collecting a range of sensitive data, including information on the user’s installed apps, WiFi and Bluetooth-connected devices, and GPS locations.
Additionally, it can perform ad fraud by clicking ads in the background without the user’s consent, according to the report.
When a user runs a Goldoson-containing app, the library registers the device and obtains its configuration from an obfuscated remote server.
The setup specifies the data-stealing and ad-clicking functions Goldoson should do on the infected device and how frequently.
Moreover, the report said that the data collection mechanism is commonly set to activate every two days, transmitting a list of installed apps, geographical position history, MAC addresses of devices connected via Bluetooth and WiFi, and other information to the C2 server.
The amount of data collected is determined by the permissions granted to the infected app during installation as well as the Android version.
Although Android 11 later are better protected against arbitrary data collection, researchers discovered that Goldoson had enough rights to acquire sensitive data in 10 per cent of the apps even in newer versions of the OS, the report mentioned.
Ad income is generated by loading HTML code and injecting it into a customised, hidden WebView, and then using that to execute numerous URL visits.
There is no indication of this action on the victim’s device.
In January, Google’s Threat Analysis Group terminated thousands of accounts associated with a group known as ‘Dragonbridge’ or ‘Spamouflage Dragon’ that disseminated pro-Chinese disinformation on various platforms.
According to the tech giant, Dragonbridge gets new Google Accounts from bulk account sellers, and at times they have even used accounts previously used by financially motivated actors repurposed for posting disinformation videos and blogs.
It may come with security risks but, for European Parliamentarians, TikTok is just too good a political tool to abandon.
Staff at the European Parliament were ordered to delete the video-sharing application from any work devices by March 20, after an edict last month from the Parliament’s President Roberta Metsola cited cybersecurity risks about the Chinese-owned platform. The chamber also “strongly recommended” that members of the European Parliament and their political advisers give up the app.
But with European Parliament elections scheduled for late spring 2024, the chamber’s political groups and many of its members are opting to stay on TikTok to win over the hearts and minds of the platform’s user base of young voters. TikTok says around 125 million Europeans actively use the app every month on average.
“It’s always important in my parliamentary work to communicate beyond those who are already convinced,” said Leïla Chaibi, a French far-left lawmaker who has 3,500 TikTok followers and has previously used the tool to broadcast videos from Strasbourg explaining how the EU Parliament works.
Malte Gallée, a 29-year-old German Greens lawmaker with over 36,000 followers on TikTok, said, “There are so many young people there but also more and more older people joining there. For me as a politician of course it’s important to be where the people that I represent are, and to know what they’re talking about.”
Finding Gen Z
Parliament took its decision to ban the app from staffers’ phones in late February, in the wake of similar moves by the European Commission, Council of the EU and the bloc’s diplomatic service.
A letter from the Parliament’s top IT official, obtained by POLITICO, said the institution took the decision after seeing similar bans by the likes of the U.S. federal government and the European Commission and to prevent “possible threats” against the Parliament and its lawmakers.
For the chamber, it was a remarkable U-turn. Just a few months earlier its top lawmakers in the institution’s Bureau, including President Metsola and 14 vice presidents, approved the launch of an official Parliament account on TikTok, according to a “TikTok strategy” document from the Parliament’s communications directorate-general dated November 18 and seen by POLITICO.
“Members and political groups are increasingly opening TikTok accounts,” stated the document, pointing out that teenagers then aged 16 will be eligible to vote in 2024. “The main purpose of opening a TikTok channel for the European Parliament is to connect directly with the young generation and first time voters in the European elections in 2024, especially among Generation Z,” it said.
Another supposed benefit of launching an official TikTok account would be countering disinformation about the war in Ukraine, the document stated.
Most awkwardly, the only sizeable TikTok account claiming to represent the European Parliament is actually a fake one that Parliament has asked TikTok to remove.
Dummy phones and workarounds
Among those who stand to lose out from the new TikTok policy are the European Parliament’s political groupings. Some of these groups have sizeable reach on the Chinese-owned app.
All political groups with a TikTok account said they will use dedicated computers in order to skirt the TikTok ban on work devices | Khaled Desouki/AFP via Getty Images
The largest group, the center-right European People’s Party, has 51,000 followers on TikTok. Spokesperson Pedro López previously dismissed the Parliament’s move to stop using TikTok as “absurd,” vowing the EPP’s account will stay up and active. López wrote to POLITICO that “we will use dedicated computers … only for TikTok and not connected to any EP or EPP network.”
That’s the same strategy that all other political groups with a TikTok account — The Left, Socialists and Democrats (S&D) and Liberal Renew groups — said they will use in order to skirt the TikTok ban on work devices like phones, computers or tablets, according to spokespeople. Around 30 Renew Europe lawmakers are active on the platform, according to the group’s spokesperson.
Beyond the groups, it’s the individual members of parliament — especially those popular on the app — that are pushing back on efforts to restrict its use.
Clare Daly, an Irish independent member who sits with the Left group, is one of the most popular MEPs on the platform with over 370,000 subscribed to watch clips of her plenary speeches. Daly has gained some 80,000 extra followers in just the few weeks since Parliament’s ban was announced.
Daly in an email railed against Parliament’s new policy: “This decision is not guided by a serious threat assessment. It is security theatre, more about appeasing a climate of geopolitical sinophobia in EU politics than it is about protecting sensitive information or mitigating cybersecurity threats,” she said.
According to Moritz Körner, an MEP from the centrist Renew Europe group, cybersecurity should be a priority. “Politicians should think about cybersecurity and espionage first and before thinking about their elections to the European Parliament,” he told POLITICO, adding that he doesn’t have a TikTok account.
Others are finding workarounds to have it both ways.
“We will use a dummy phone and not our work phones anymore. That [dummy] phone will only be used for producing videos,” said an assistant to German Social-democrat member Delara Burkhardt, who has close to 2,000 followers. The assistant credited the platform with driving a friendlier, less abrasive political debate than other platforms like Twitter: “On TikTok the culture is nicer, we get more questions.”
[ad_2]
#MEPs #cling #TikTok #Gen #votes
( With inputs from : www.politico.eu )
While the U.S. government disclosed last year that the new malware — called PIPEDREAM — was capable of infiltrating U.S. industrial control systems across multiple key sectors, Lee’s comments suggest that the danger was more acute than officials had disclosed. And his disclosure offers a new picture of the U.S. energy supply’s vulnerability to a crippling cyber assault — a possibility that had drawn widespread concern during the run-up to Russian President Vladimir Putin’s February 2022 invasion.
Lee described the malware as a “state-level, wartime capability.” He did not say if the malware had actually been installed in the targeted networks or if the hackers were just close to getting into the systems.
While Dragos does not link hacking groups to nation states as a matter of policy, other security researchers have said the PIPEDREAM malware used by Chernovite is likely connected to Russia.
The U.S. announced its discovery of the dangerous malware in April 2022, just three weeks after President Joe Biden warned that Russia was “exploring options for potential cyberattacks” against the U.S., and urging critical infrastructure groups to step up security efforts.
Lee said that Dragos worked with partners including the Cybersecurity and Infrastructure Security Agency, the Department of Energy, the FBI and the National Security Agency to “keep something off of American soil that was going to be disruptive in nature.”
“I don’t use those words lightly, not trying to hype anything up, but the state actor responsible for this, there is no chance that this was not their go-to package to be able to actually bring down infrastructure,” Lee said.
A spokesperson for CISA declined to comment on the impact of the malware, and the three other agencies did not respond to requests for comment. When they first announced the discovery of the malware, the agencies said in a joint alert that “certain advanced persistent threat actors” were using new tools to impact multiple types of industrial control systems.
According to Dragos, PIPEDREAM malware is the “first ever” type that can be used across a variety of industrial control systems, and that was not designed to disrupt one specific system — making it particularly dangerous. The malware also does not get into systems through vulnerabilities that could be patched, making it very hard to defend against.
“You could increase temperatures, you could have unsafe conditions in a plant,” Lee said of the impact the use of PIPEDREAM could have. “There is no need to exploit anything, there is no need to find a vulnerability when a capability is already built into the plant so the plant environments can operate.”
Lee told reporters that he believed that since the PIPEDREAM malware was not used successfully against any U.S. infrastructure, the security community “moved past it quickly,” but that there is more to come from these hackers.
“Chernovite is still active, so we assess with high confidence that they are still active and working on this framework and we expect to see it deployed in the future,” Lee said.
[ad_2]
#Russianlinked #malware #close #putting #U.S #electric #gas #facilities #offline #year
( With inputs from : www.politico.com )
