Reversing Mouse & Touchpad scrolling direction

California's Department of Fair Employment & Housing has widened its anti-discrimination lawsuit against Activision Blizzard and claims the publisher has been shredding vital documents relevant to the ongoing investigation. A recent report from Kotaku described the department as offering poorly paid, highly insecure positions, with a culture of hostility towards LGBTQ+ testers. The DFEH's rewording of "employees" to "workers" now hopes to take these contractors' experiences into account. "As a contract employee, I feel there's a lot of pressure to excel, impress, and move through the ranks as fast as you can before your contract ends and you're forced to go 3 months without income or find another job," Axios reports one worker saying. "I take pride in what I do, but it feels like it's never enough." Activision's contentious hiring of union-busting third-party law firm WilmerHale "directly interferes" with its own investigation, it says. By going to WilmerHale, Activision appears to be claiming that all work related to the investigation is privileged and can't be shared with DFEH. The suit also claims that Activision HR shredded documents related to "investigations and complaints", against its legal obligation to retain them during the investigation. The relevant parts of the updated lawsuit were shared by Axios reporters Stephen Totilo and Megan Farokhmanesh, the former also noting that the DFEH "fixed their misspelling of Bill Cosby's name". "DFEH is also informed and aware that documents and records have not been maintained as required by law or by the DFEH's Document Retention Notice," the complaint reads, "including but not limited to documents related to investigations and complaints were shredded by human resource personnel and emails are deleted thirty days after an employees separation."

Speculation and answer from Activision Blizzard

Blizzard employee Jessica Gonzalez suspects that the costs of fines associated with destroying these documents may have been an easier blow for Blizzard to take than any penalties drawn from their existence in helping the lawsuit go through. In an email to Kotaku, Activision denied the shredding allegations and issued a statement outlining steps it had taken to improve company culture—including the ousting of high-level executives like Blizzard president J. Allen Brack. The full statement reads: "Throughout our engagement with the DFEH, we have complied with every proper request in support of its review even as we had been implementing reforms to ensure our workplaces are welcoming and safe for every employee. Those changes continue today, and include:

•     Several high-level personnel changes
•     Revamped hiring and recruiting practices requiring diverse interview panels
•     Greater transparency on pay equity
•     Expanded and improved training and investigative capabilities for human resource and compliance staff
•     Created investigation teams outside of business units to support greater independence
•     Restructured divisions to support greater accountability
•     Enhanced review processes to include evaluation of managers by employees
•     Clear boundaries on workplace behavior with a zero-tolerance approach to harassment and other actions that diminish or marginalize.

"We strive to be a company that recognizes and celebrates the diverse talents and perspectives that lead to the creation of great, globally appealing entertainment. We have provided the DFEH with clear evidence that we do not have gender pay or promotion disparities. Our senior leadership is increasingly diverse, with a growing number of women in key leadership roles across the company. "We share DFEH’s goal of a safe, inclusive workplace that rewards employees equitably and is committed to setting an example that others can follow."

California and RIOT

Beyond Activision Blizzard, California's DFEH has also probed into League of Legends creator Riot Games, accusing the studio of dragging its heels over sexual harassment allegations dating back to 2019. Riot denied the allegations, telling us that it "will never retaliate against anyone for talking to any government agency".

You probably heard about switches for LAN but not a lot of people heard about KVM switches. So what exactly is KVM switch?

If we look at the name, it is a shortcut for Keyboard, Video & Mouse and the original idea was to have multiple computers but one keyboard, mouse, and monitor. These peripherals would be connected to the KVM switch and other computers could all use one set of these on the fly when needed.

The technology behind the switch is a little interesting since it will actively fake signals to other computers that are not using peripherals. Once they are switched to them the transition is smooth and not noticeable. In old days these switches were more important than today since on every mouse or keyboard disconnection you had to reboot the computer, and although today that is not the case CPU will still detect disconnection and on the next connection it will run through the ID of the device and try to use the existing driver and if peripheral was connected in other USB port, it will install the same driver but connect it to the new USB port.

This type of reconnection can slow down work and place unnecessary load on the CPU so that is why KVM will fake connection in order to make switching externals on the computer smooth and in nick of a time.

Modern KVM switch

These days modern KVM switches will offer you more options than just being able to switch between keyboard, mouse, and monitor. Modern switches now offer Lan, audio, and many more various options.

There are also different kinds of switches offering you only one option, like for example just a Video switch that will let you use one monitor on three computers and many more other specialized options.

Software switches

So far we talked about Hardware switches, a real device being able to take peripherals into it and switch computers on the fly. On the other line, we have software switch solutions that will have specific software installed on all computers and have it run at all times, and switching between them will be through specific software.

There are two very good and main advantages of using software solutions instead of a hardware one. First, of course, is the price, since the most popular Synergy is an open-source solution, completely free of charge. The second big advantage is that software switch is not limited to how many computers can you use. Hardware switches tend to go to a large number like 16 but if you have a large cluster of computers over a LAN, let's say 30 then the box solution might be difficult.

On the other hand software solution will switch only keyboard and mouse since each other computer will have to have some screen on it in order to work. Both solutions have their strong advantages and disadvantages and it is up to you to choose one that best suits you.

Conclusion

If you are multitasking with a lot of computers or just need your peripherals from time to time to connect to another machine then the KVM switch is something that you might find the use of. Just be aware that if you go for some cheap switch you might experience some lag on your peripherals, but if that is not a concern you can get hardware one for as low as $50 USD.

Page Fault in Non-Paged Area is a blue screen error usually happening with faulty drivers but it can come from different issues like faulty RAM. In this short article, we will cover usual ways on how to approach and solve this error.

Solving Page fault in Non-Paged Area

Rollback using system restore

Simple and easy solution, roll back to the previous system restore point where Windows was stable and working.

Fix Page Fault in Non-Paged Area using device manager

1. Press ⊞ WINDOWS + X to open the hidden menu
2. Click on device manager
3. Find a device with a question mark and right-click on it
4. Click on the rollback driver button

Fix via command prompt

1. Press ⊞ WINDOWS + X to open the hidden menu
2. Click on command prompt (admin)
3. Inside command prompt type in SFC / scannow and press ENTER
4. Wait for the process to be finished and then reboot the PC

Fix via DISM tool

1. Press ⊞ WINDOWS + X to open the hidden menu
2. Click on command prompt (admin)
3. Inside command prompt type in DISM /Online /Cleanup-image /Restorehealth and press ENTER
4. Wait for the process to be finished and then reboot the PC

Page fault in Non-Paged Area via a dedicated tool

Sometimes manual and provided solutions just simply cannot cut it because the issue is triggered also with something else and not just a single issue. Use DRIVERFIX to fix this specific issue with a single click.

REevil is one of the most active and successful hacking groups connected to Russia and operating all over the world. The group recently demanded a huge bitcoin ransom for an attack targeting IT firm Kaseya in the USA. Since Tuesday blog and payment site run by REvil group cannot be longer reached without any kind of explanation or why. The reason behind the disappearance is unknown but has sparked speculation that the group may have been targeted deliberately by authorities. US President Joe Biden said he raised the issue with Vladimir Putin during a phone call on Friday, after discussing the subject during a summit with the Russian president in Geneva last month. Mr. Biden told reporters that he had "made it very clear to him...we expect them to act" on information and also hinted the US could take direct digital retaliation on servers used for intrusions. The timing of Tuesday's outage has sparked speculation that either the US or Russian officials may have taken action against REvil - though officials have so far declined to comment and cyber experts say sudden disappearances of groups are not necessarily uncommon. The development comes after a series of high-profile ransomware attacks which have hit major US businesses this year. The FBI accused REvil - also known as Sodinokibi - of being behind a ransomware attack on the world's largest meat processing company JBS last month.

If you suddenly find the Windows Recovery Environment not working and you see an error message saying, “Could not find the recovery environment”, then you’ve come to the right place as this post will guide you on how you can fix it. In times when you can’t boot into the Windows Recovery Environment, there could be several reasons behind it. However, have you ever wondered where exactly the Windows Recovery Environment is in your computer? Windows initially places the Windows RE Image file in the installation partition during Windows Setup so if you have installed Windows in the C drive, you can find the Windows RE at the C:/Windows/System32/Recovery or C:/Recovery folder. Keep in mind that this folder is hidden and later on, the system copies the image file into the recovery tools partition to make sure that one can boot into recovery if there are any issues with the drive partition. The “Could not find the recovery environment” error mostly occurs if the Windows Recovery Environment is disabled or if the “Winre.wim” file is corrupted. Thus, to fix this error, you need to refer to the given suggestions below.

Option 1 – Try to enable Windows Recovery Environment

• In the Windows Start Search, type “PowerShell” and from the search results that appear, right-click on Windows PowerShell and then select the “Run as administrator” option to open it with admin privileges.
• Next, type the “reagentc /info” command and tap Enter to execute it.
• After that, if the output states that Status is enabled, then you’re all set.
• Now type the “reagentc /enable” command and tap Enter to enable the Windows Recovery Environment. You will see a success message at the end signifying that Windows RE is available.

Option 2 – Try to fix the corrupted or missing “Winre.wim” file

If the Winre.wim file is either corrupted or missing, you need to get a new copy of this file from another computer where the Windows RE is working. Once you’re able to get a new copy of the Winre.wim file, you have to set the image path to a new location. For more details, refer to these steps:

• First, type “Powershell” in Windows Start Search and right-click on Windows PowerShell from the results, and select Run as administrator.
• Next, execute the given command below to change the path of the WIM file to the new location. Note that the steps should be used when the file path of the Windows Recovery Environment is different from the usual spot.

Reagentc /setreimage /path C:RecoveryWindowsRE

• As mentioned, if the file is corrupted, you just have to get a new copy from another PC but before you do that, make sure that the WINRE on that computer is disabled (just enable it later on) and then place it in the C:/Recovery path and then set its path again using the command given above and then verify its path by executing the following command.

reagentc /info command

Note: Since the Recovery folder is hidden as well as the WINRE folder in it and you won’t be able to access them using the Windows File Explorer, you need to use the Windows PowerShell or Command Prompt so that you can access them.

Option 3 – Try checking and fixing the WinRE Reference in the Windows Boot Loader

The Windows Boot Loader is the one that determines if it has to load the Windows Recovery Environment. It could be that the boot loader is pointing to an incorrect location which is why you’re getting the error. To resolve it, you have to check and fix the WinRE Reference in the boot loader. How? Follow these steps:

• In the Windows Start Search, type “PowerShell” and from the search results that appear, right-click on Windows PowerShell and then select the “Run as administrator” option to open it with admin privileges.
• After that, execute the “bcdedit /enum all” command.
• Next, look for an entry in the Windows Boot Loader identifier set as Current and look for “recoverysequence” in that section and take note of the GUID.
• Ensure that the device and the osdevice items show the path for the Winre.wim file and that they are the same. If not, you need to point the current identifier to the one which has the same.
• Once you’ve found the new GUID, execute this command: bcdedit /set {current} recoverysequence {GUID_which_has_same_path_of_device_and_device}
• Now check if the error in the Recovery Environment is fixed or not.

Option 4 – Try creating a Recovery Media

You could also try creating a Recovery Media to resolve the error in the Windows RE. All you have to do is download the Windows 10 ISO file using the Media Creation tool and then create a recovery drive. Once you’re done, check if it fixes the problem or not.

Error Code 36 – What is it?

This is a common Device Manager Error Code that users encounter. It is commonly found on all Windows 2000 and later versions of Windows operating systems. Error Code 36 is usually prompted by the following message:

"This device is requesting a PCI interrupt but is configured for an ISA interrupt (or vice versa). Please use the computer's system setup program to reconfigure the interrupt for this device. (Code 36)"

Solution

Error Causes

Error Code 36 occurs when there is a failure in IRQ translation due to your Windows operating system getting corrupted. This is caused due to a number of triggers, such as:

• An excess of startup entries
• Errors in registries
• RAM or hardware failure
• Excessive unnecessary installed programs
• Malware or spyware

When programs are removed excessively, some programs are not removed completely and create problems in your computer’s registry.

Also, due to the presence of malware and spyware and other causes mentioned above, your computer registry builds up errors with the time that leads to slowing your PC, time lags, and even result in crashes and freezes.

Error Code 36 can cause internal and external components to malfunction or experience time lags such as DVD drive or printer and hence can severely affect your entire PC.

Further Information and Manual Repair

Error Code 36 is a severe PC error and any attempt at fixing the error must be approached with extreme caution for your PC to start functioning properly again. Here are two methods to fixing your PC.

Method 1 – Change IRQ reservation settings

Changing the IRQ reservation settings is the best way you can rely on to fix the error code. You can do this by changing the BIOS settings of your PC.

The BIOS stands for ‘Basic Input/Output System’ and is the program of your PC’s microprocessor that allows your PC to boot after you switch it on.

Caution needs to be exercised before changing the BIOS settings of your PC. This is because every PC’s BIOS version differs from another and any wrong attempt to change the settings may make matters worse.

It is therefore recommended to refer to hardware documentation that you received with your PC or motherboard and check for the model number and details of your PC’s motherboard.

Only after you have checked and confirmed all the details, should you use the specific BIOS settings required to configure your IRQ reservations?

Method 2 – Install DriverFIX

Error Code 36 isn’t an easy error to remove.

While changing the BIOS settings can work to restore your PC, it may create a whole lot of inconvenience for finding the time and effort to check the hardware documentation details and attempting to change the specific settings and especially, if your PC does not support the options to change IRQ reservations.

Given the high risks of fixing such an error, you can also install software that enables you to fix your slow PC at the click of a few buttons.

Programs such as DriverFIX can enable you to download and replace your outdated drivers with new updated ones without you having to look for them. It will detect which drivers to download based on your PC’s motherboard version from the program’s database and can get rid of error code 36.

Click here to download DriverFIX and remove error code 36 and any other type of Device Manager error from your PC.

Error Code 46 – What is it?

Error Code 46 is a device driver error that occurs when Windows fails to access the connected peripheral device to the computer as Windows is in a process of shutting down.

Users experience this error on any Windows 2000 and later operating system versions and usually see a pop-up with the following message:

“Windows cannot gain access to this hardware device because the operating system is in the process of shutting down. (Code 46)”

Solution

Error Causes

Error Code 46 is caused when there is a temporary problem with windows system files which prompts that the system is undergoing a shut down when in fact is it not.

This prevents access to the connected devices. This error may also be caused by a registry issue in which case it has either become corrupted or damaged.

Further Information and Manual Repair

Unlike all other Windows error codes, code 46 is relatively easy to fix with the right knowledge and does not pose any serious threat to the well-being of your PC. Here is how you can do it.

Method 1 – Restart your PC

The simplest method to resolve Error Code 46 is to run a restart of your computer.

The error is most commonly a temporary registry glitch that prevents you from accessing the device connected to your computer. Upon restarting your computer, it will resume working properly as before.

There is no need to run a troubleshooting wizard, use system restore, or run anti-virus software to scan and remove malware or spyware. A simple restart is all that is needed.

Method 2 – Install DriverFIX

Although the error code can be resolved upon restarting the computer, there’s a possibility of damaged or corrupted Windows registry files. This can be fixed by using a program like DriverFIX.

DriverFIX, with its user-friendly approach to help you fix your PC issues, comes with an integrated database that detects which drivers you need to reconfigure within just a few seconds and downloads it automatically.

It further ensures that your drivers are installed in their entirety leaving no room for any corrupted or damaged registry.

Error Code 46 may not be much of an issue, however, to prevent any risk of a Windows system corruption can be disastrous for your computer.

DriverFIX helps you fix your PC registry and device driver problems with user-friendly software and an integrated database. The database which consists of detailed information on what device driver needs to be installed will automatically download the required device driver without you need to refer to your hardware instruction manual.

Registry problems resulting from incomplete program installations and viruses such as malware and spyware damaged registry files. This affects your PC in serious ways.

DriverFIX further has an automatic backup and restoration system that helps create system ‘checkpoints’ which allow you to roll back to a healthier state and resume operations. This can help you avert any Windows error codes in the future.

Click here to download DriverFIX now!

Stop 0x0000000A - What is it?

Stop 0x000000A is a type of blue screen of death error associated with Windows XP. It occurs either during or after the installation of Windows XP. In other cases, the stop 0x000000A error may occur when the device driver uses an incorrect memory address, causing an IRQ conflict. The Stop 0x000000A error message means that a process or a driver attempted to access a memory section without permission.  The stop error message is displayed in the following format:

Stop: 0x0000000A (parameter1, parameter2, parameter3, parameter4) IRQL_NOT_LESS_OR_EQUAL *** Address x has base at x - filename

Solution

Error Causes

The stop 0x000000A error is triggered due to multiple reasons. These include:

• Faulty hardware
• The poor device driver installation
• Incompatible device driver
• Viruses and malware attack
• Disk fragmentation

Blue screen of death errors like the stop 0x000000A error code is critical. These errors may pose serious PC threats. When this error occurs the computer screen turns blue, the program running on the system stops and if the error is not fixed in time it may also result in a system crash and failure.

Further Information and Manual Repair

To resolve the Stop 0x000000A error on your PC, here are some solutions that you can try:

1. Roll Back Drivers

To do this, click on the start button and go to the control panel. Then double click the system icon and locate the ‘System Properties’ window. After that click on the ‘hardware’ tab and then click the ‘Device Manager’ button. Here locate the device that you recently updated which could be causing the IRQ conflict. Now double click the device recently updated and click the driver tab. Then click on the ‘Roll Back Driver' button. Wait for the process to finish and then simply reboot your system.

2. Specify the Hardware Abstraction Layer (HAL)

Another method to resolve the Stop 0x000000A error on your system is to specify the hardware abstraction layer (HAL). This can be done during Windows XP installation startup. Simply press the F5 button on your keyboard while the “Setup is inspecting your computer’s hardware configuration’. When prompted, make sure that you specify the correct computer type and HAL (the Hardware Abstraction Layer). Most computers use a single processor, if your computer also has a single processor then simply select ‘Standard PC HAL’ computer type from the menu. Now reboot your PC and then reinstall the Windows XP operating system. If the error is still not resolved then try turning off features in CMOS settings

3. Turn off Features in CMOS Settings

Turn off all the following features in the CMOS settings:

• All caching, including L2, BIOS, internal/external, and write back caching on disk controllers
• Plug and Play
• All shadowing
• Any BIOS-based virus protection feature

After turning off these features, try reinstalling Windows XP again. If this works, then that’s great! However, if it doesn’t, then try method 4; maybe the cause of the stop 0x000000A is associated with incompatible drivers.

4. Install Windows XP compatible Drivers

Sometimes device driver compatibility can also shoot up the stop 0x000000A error message. First, remove the drivers that are incompatible with Windows XP. Now obtain and install new Windows XP compatible drivers. To do this, go to the start menu and the control panel. Now double click on Add or Remove Programs icon. Select the drivers that are incompatible with Windows XP and click on the remove button. After that restart PC and install Windows XP, compatible drivers, for the hardware devices on your system.

5. Scan for Viruses and Repair the Registry

If all the methods discussed above do not resolve the stop 0x000000A error on your PC, then it means either your computer is affected by an infection virus or the problem is associated with the registry like disk fragmentation and invalid entries. To scan for both viruses and registry issues simultaneously in seconds, it is advisable to download Restoro. Restoro is an advanced and multi-functional PC repair tool integrated with powerful utilities including a registry cleaner, antivirus, and a system optimizer. It also scans for Active X controls and class ID errors. The registry cleaning utility scans your entire PC for all possible registry issues triggering different error codes including the stop 0x000000A error. It wipes out all the unnecessary files cluttering and damaging the registry including cookies, temporary files, junk files, and invalid entries. It repairs the fragmented disk and the registry thereby resolving the stop 0x000000A error on your system. The privacy error utility functions like an antivirus. It detects all kinds of malicious software on your system including malware, adware, spyware, and viruses. These are removed immediately thus making your PC error-free. Restoro is safe, efficient, and user-friendly. It is compatible with all Windows versions including XP.  It has a sophisticated interface and a neat layout which makes it quite easy to operate and workaround. Click here to download Restoro and repair your PC and resolve the stop 0x000000A error code now!

What is Error 0x8024a11a or 0x8024a112 ? If you are trying to update your Windows 10 computer and just when you were done downloading the feature update and about to install it, you encounter an error message saying:

“We’re having trouble restarting to finish the install, Error 0x8024a11a, 0x8024a112, 0x80070005 or 0x80070032”

And so to fix this problem, this post will give you a couple of possible solutions. Refer to the options given below to get started.

Option 1 – Restart your computer many times

This is the first thing you can try since there are instances when the Windows Update process gets stuck for a minor thing and restarting the computer usually helps in resolving the issue. All you have to do is click the Restart now button. However, if it does not work, you can use the Power buttons from the Start Menu or WinX Menu. Aside from that, you can also use your power buttons such as Alt + Ctrl + Del to restart your computer. And during the boot process, it is recommended that you restart your computer in Safe Mode or even in a Clean Boot State. After that, you can restart your computer in normal mode. This will make sure that no third-party processes will be able to interfere with the Windows Update process. To put your PC in a Clean Boot State, here’s what you have to do:

• Log onto your PC as an administrator.
• Type in MSConfig in the Start Search to open the System Configuration utility.
• From there, go to the General tab and click “Selective startup”.
• Clear the “Load Startup items” check box and make sure that the “Load System Services” and “Use Original boot configuration” options are checked.
• Next, click the Services tab and select the “Hide All Microsoft Services” check box.
• Click Disable all.
• Click on Apply/OK and restart your PC. (This will put your PC into a Clean Boot State. And configure Windows to use the usual startup, just simply undo the changes.)
• After that, try to install the Windows Updates or upgrade again.

Option 2 – Try running the Windows Module Installer

The Windows Module Installer is a built-in service in the Windows operating system that could help you resolve the Windows update error 0x8024a11a or 0x8024a112. You need to make sure that this service is Started and that its Startup type is set to Automatic – you can do this via Services Manager or by executing the command given below in an elevated Command Prompt.

• Tap the Win + R keys to open the Run dialog box.
• Then type “command prompt” in the field and hit Enter to open Command Prompt.
• And in the elevated Command Prompt type in the following command and hit Enter:

SC config trustedinstaller start=auto

• After executing the command successfully, you should see the “[SC] ChangeServiceConfig SUCCESS” message on the Command Prompt window.

Option 3 – Run the DISM tool

You can also run the DISM Tool as it helps in repairing the Windows System Image as well as the Windows Component Store in Windows 10. Using this built-in tool, you have various options such as the “/ScanHealth”, “/CheckHealth”, and “/RestoreHealth” which could help in fixing the Windows update error 0x8024a11a or 0x8024a112.

• Open the Command Prompt with admin privileges.
• Then type in the following commands and make sure to hit Enter right after you type each one of them:
  • Dism /Online /Cleanup-Image /CheckHealth
  • Dism /Online /Cleanup-Image /ScanHealth
  • exe /Online /Cleanup-image /Restorehealth
• Do not close the window if the process takes a while as it will probably take a few minutes to finish.

Option 4 – Run the System File Checker

System File Checker or SFC is a built-in command utility that helps in restoring corrupted files as well as missing files. It replaces bad and corrupted system files to good system files that might be the cause why you’re getting the errors 0x8024a11a and 0x8024a112. To run the SFC command, follow the steps given below.

• Tap Win + R to launch Run.
• Type in cmd in the field and tap Enter.
• After opening Command Prompt, type in sfc /scannow

The command will start a system scan which will take a few whiles before it finishes. Once it’s done, you could get the following results:

1. Windows Resource Protection did not find any integrity violations.
2. Windows Resource Protection found corrupt files and successfully repaired them.
3. Windows Resource Protection found corrupt files but was unable to fix some of them.

Option 5 – Run the Windows Update Troubleshooter

Running the built-in Windows Update troubleshooter could also help you resolve the Windows update error 0xca00a000. To run it, go to Settings and then select Troubleshoot from the options. From there, click on Windows Update and then click the “Run the troubleshooter” button. After that, follow the next on-screen instructions and you should be good to go.

Option 6 – Run Microsoft’s online troubleshooter

Running Microsoft’s online troubleshooter might also help you fix the Windows update error 0x8024a11a or 0x8024a112. This online troubleshooter is known to help in fixing Windows Update errors, it scans your computer for issues that might be causing the problem and then fixes them automatically.

New malware with extensive spyware capabilities steals data from infected Android devices and is designed to automatically trigger whenever new info is read to be exfiltrated. The spyware can only be installed as a 'System Update' app available via third-party Android app stores as it was never available on Google's Play Store. This drastically limits the number of devices it can infect, given that most experienced users will most likely avoid installing it in the first place. The malware also lacks a method to infect other Android devices on its own, adding to its limited spreading capabilities. However, when it comes to stealing your data, this remote access trojan (RAT) can collect and exfiltrate an extensive array of information to its command-and-control server. Zimperium researchers who spotted it observed it while "stealing data, messages, images and taking control of Android phones."

What happens when malicious software is installed

"Once in control, hackers can record audio and phone calls, take photos, review browser history, access WhatsApp messages, and more," they added. Zimperium said its extensive range of data theft capabilities includes:

• Stealing instant messenger messages;
• Stealing instant messenger database files (if the root is available);
• Inspecting the default browser's bookmarks and searches;
• Inspecting the bookmark and search history from Google Chrome, Mozilla Firefox, and Samsung Internet Browser;
• Searching for files with specific extensions (including .pdf, .doc, .docx, and .xls, .xlsx);
• Inspecting the clipboard data;
• Inspecting the content of the notifications;
• Recording audio;
• Recording phone calls;
• Periodically take pictures (either through the front or back cameras);
• Listing of the installed applications;
• Stealing images and videos;
• Monitoring the GPS location;
• Stealing SMS messages;
• Stealing phone contacts;
• Stealing call logs;
• Exfiltrating device information (e.g., installed applications, device name, storage stats).

How does it work?

Once installed on an Android device, the malware will send several pieces of info to its Firebase command-and-control (C2) server, including storage stats, the internet connection type, and the presence of various apps such as WhatsApp. The spyware harvests data directly if it has root access or will use Accessibility Services after tricking the victims into enabling the feature on the compromised device. It will also scan the external storage for any stored or cached data, harvest it, and deliver it to the C2 servers when the user connects to a Wi-Fi network. Unlike other malware designed to steal data, this one will get triggered using Android's contentObserver and Broadcast receivers only when some conditions are met, like the addition of a new contact, new text messages, or new apps being installed. "Commands received through the Firebase messaging service initiate actions such as recording of audio from the microphone and exfiltration of data such as SMS messages," Zimperium said. "The Firebase communication is only used to issue the commands, and a dedicated C&C server is used to collect the stolen data by using a POST request."

Camouflage

The malware will also display fake "Searching for the update.." system update notifications when it receives new commands from its masters to camouflage its malicious activity. The spyware also conceals its presence on infected Android devices by hiding the icon from the drawer/menu. To further evade detection, it will only steal thumbnails of videos and images it finds, thus reducing the victims' bandwidth consumption to avoid drawing their attention to the background data exfiltration activity. Unlike other malware that harvests data in bulk, this one will also make sure that it exfiltrates only the most recent data, collecting location data created and photos taken within the last few minutes. If you would like to read more helpful articles and tips about various software and hardware visit errortools.com daily.