New malware with extensive spyware capabilities steals data from infected Android devices and is designed to automatically trigger whenever new info is read to be exfiltrated. The spyware can only be installed as a 'System Update' app available via third-party Android app stores as it was never available on Google's Play Store. This drastically limits the number of devices it can infect, given that most experienced users will most likely avoid installing it in the first place. The malware also lacks a method to infect other Android devices on its own, adding to its limited spreading capabilities.
However, when it comes to stealing your data, this remote access trojan (RAT) can collect and exfiltrate an extensive array of information to its command-and-control server. Zimperium researchers who spotted it observed it while "stealing data, messages, images and taking control of Android phones."
"Once in control, hackers can record audio and phone calls, take photos, review browser history, access WhatsApp messages, and more," they added. Zimperium said its extensive range of data theft capabilities includes:
Once installed on an Android device, the malware will send several pieces of info to its Firebase command-and-control (C2) server, including storage stats, the internet connection type, and the presence of various apps such as WhatsApp. The spyware harvests data directly if it has root access or will use Accessibility Services after tricking the victims into enabling the feature on the compromised device. It will also scan the external storage for any stored or cached data, harvest it, and deliver it to the C2 servers when the user connects to a Wi-Fi network. Unlike other malware designed to steal data, this one will get triggered using Android's contentObserver and Broadcast receivers only when some conditions are met, like the addition of a new contact, new text messages, or new apps being installed.
"Commands received through the Firebase messaging service initiate actions such as recording of audio from the microphone and exfiltration of data such as SMS messages," Zimperium said.
"The Firebase communication is only used to issue the commands, and a dedicated C&C server is used to collect the stolen data by using a POST request."
The malware will also display fake "Searching for the update.." system update notifications when it receives new commands from its masters to camouflage its malicious activity. The spyware also conceals its presence on infected Android devices by hiding the icon from the drawer/menu. To further evade detection, it will only steal thumbnails of videos and images it finds, thus reducing the victims' bandwidth consumption to avoid drawing their attention to the background data exfiltration activity. Unlike other malware that harvests data in bulk, this one will also make sure that it exfiltrates only the most recent data, collecting location data created and photos taken within the last few minutes.
If you would like to read more helpful articles and tips about various software and hardware visit errortools.com daily.
“Windows Sandbox failed to start, Error 0x80070057, The parameter is incorrect”.This particular error in Windows Sandbox occurs due to its dependence on numerous components of Windows 10 that are related to Hyper-V and Virtualization mainly. To fix this error, there are several options you can check out. You can try to install any pending updates on your Windows 10 computer, as well as make sure that all the services related to Windows Sandbox are enabled.
“Microsoft Windows Network: You can’t connect to the file share because it is not secure. This share requires the obsolete SMB1 protocol, which is unsafe and could expose your system to attack. Your system requires SMB2 or higher.”In this post, you will be guided on how to check if the SMB2.0 version can be installed on your Windows 10 computer. To get started, follow the steps below. Step 1: Tap the Win + X keys to open the Device Manager. Step 2: After that, click on the Windows PowerShell (Admin) option. Step 3: In the Windows PowerShell window, type the following command and hit Enter:
Get-SmbServerConfiguration | Select EnableSMB2ProtocolNote: After entering the command, you will see the following content on your screen which means that your Windows 10 computer is now capable of running the SMB2 protocol Now all that’s left for you to do is to enable the SMB 2 protocol on your Windows computer by enabling the SMB 1 protocol first and then upgrading it to SMB 2 afterward. Refer to the steps below for more details. Step 1: Tap the Win + I keys to open the Settings app. Step 2: Then type in “control panel” in the search area and click on Control Panel from the search results. Step 3: After opening Control Panel, click on Programs. From there, select the “Turn Windows features on or off” option under the larger menu of Programs and Features. Step 4: After that, Windows Features will appear on your screen. And from there, make sure that you select SMB 1.0/CIFS File Sharing Support and then click on OK. Step 5: Now let it install all the required files and then restart your computer to apply the changes made successfully. After your computer has restarted, the SMB 2 protocol should now be supported on your Windows 10 computer. Note: On the other hand, you can also enter the following command in the Windows PowerShell window. Just make sure you have admin rights to enable it.
Set-SmbServerConfiguration –EnableSMB2Protocol $true
Email Access Online is a browser extension published by Polarity Technologies Ltd. That offers users quick and easy access to emails and weather reports. While this might sound interesting and useful, there is nothing this extension offers that cannot be solved with a few simple bookmarks.
While installed Email Access Online monitors the user's browser activity and records visited websites, clicked links, and bought products, this data is later used to serve partner ads if the user looks for the covered categories, additionally, it will hijack your new tab page, changing your search engine to Yahoo to allow easier ad placement.
Browsing the internet with this extension enabled will result in additional ad placement, pop-up ads, and sponsored links throughout your browsing sessions.
Upon further investigation, it was discovered that this extension is a repack of MyEmailXP, which was a repack of Fast Email Checker. Due to its suspicious delivery methods and information gathering, several anti-virus scanners have marked this extension as a browser hijacker and it is recommended to remove it from your computer.
Problem signature: Problem Event Name: BlueScreen OS Version: 6.0.6002.2.2.0.16.7 Locale ID: 1033When the error occurs, the computer screen turns blue and the user is unable to view or access the program. It is advisable to fix the error right away, virtually because BSoD is a critical PC error, it can pose serious threats to your system.
You don’t need to hire a technician or be a computer whiz to resolve Blue Screen Locale ID1033 error code. Here are some methods that you can try to resolve this error on your PC. These methods are easy to perform and result-driven.