Archive for the ‘General’ Category

Comparative analysis of Android and iOS security

Saturday, January 13th, 2024
Android vs iOS security

In the ever-shifting realm of mobile technology, the security paradigms of Android and iOS unfold as a compelling narrative of contrast and similarity. Android, with its roots in open-source philosophy, presents a vast spectrum of customization and choice, catering to diverse user needs. This openness, however, gives rise to a varied ecosystem where devices and versions each bear their unique security footprint, leading to a patchwork of protection standards.

Conversely, iOS operates within a meticulously curated environment, its closed ecosystem synonymous with controlled uniformity. This approach typically yields more consistent security updates and a fortified stance against malware, albeit at the expense of limited customization for the end-user.

Both Android and iOS have evolved an array of security mechanisms aimed at shielding users, encompassing app permissions, encryption methodologies, secure boot sequences, and a regimen of updates. Yet, the real-world efficacy of these security measures is often as much a function of user behavior as it is of technical design. Practices such as downloading from unverified sources, weak password usage, and overlooking updates can significantly undermine the security posture of a device.

The domain of mobile security is not merely a technical arena but a dynamic ecosystem where user awareness and behavior significantly influence security outcomes. As we navigate the intricacies of Android and iOS security, it’s imperative to acknowledge that the sanctity of our digital existence is often a reflection of our choices and habits.

(more…)

Remove Mintnav from Android phone

Wednesday, September 6th, 2023
Remove Mintnav from Android phone

Mintnav.com is a suspicious website that has been reported by numerous Android mobile users as the unexpected homepage in their Google Chrome browser. This sudden appearance has raised concerns among users, leading them to seek methods to remove or replace it. If you’re facing a similar issue, this article will guide you through the steps to remove Mintnav.com from your Android phone, specifically Xiaomi devices, and provide insights into the potential malware threat associated with it.

Mintnav’s sudden emergence as the default homepage on Android devices has been a topic of discussion on various forums. Users are often puzzled by its unexpected appearance and are eager to replace it with a more familiar or preferred URL. According to reports from users on Reddit, Xiaomi mobile phones might be compromised by malware present in the Chrome browser. While this information has not been officially confirmed by Xiaomi or cybersecurity experts, it has generated significant concern within the tech community.

The malware, referred to as ‘Mintnav’, is believed to hijack the Chrome browser on Xiaomi devices. Specific details regarding its operation or the exact components of the browser it affects remain unclear. However, users have observed alterations to their Chrome homepage, which now redirects to the Mintnav.com website. The legitimacy of this site is questionable, as no official documentation exists, and similar incidents have been reported on Xiaomi devices previously.

(more…)

New Android Trojan mimics ChatGPT, YouTube, Netflix, and other popular apps

Wednesday, May 31st, 2023

Cyber analysts from CloudSEK have reported an investigation into malicious attacks, revealing that hackers have started utilizing a Java-based Trojan called DogeRAT for Android. The creators of this malware are offering a wide array of malicious functions to clients for just $30 per month.

DogeRAT is an exceptionally effective virus that grants the operator covert control over the victim’s Android device. It stealthily steals sensitive information, including contacts, SMS messages, and online banking credentials. Moreover, the Trojan can perform unauthorized transactions, send spam messages, manipulate infected files, and even exploit the device’s camera to take photos without the user’s awareness. Within the hacking community, DogeRAT is being promoted as a service and has gained considerable popularity.

The true danger lies in the Trojan’s ability to disguise itself. It assumes the shape of both popular legitimate applications and fake ones, often impersonating gaming or banking apps. The researchers have identified approximately a thousand counterfeit applications associated with DogeRAT. Particularly notable among these disguises are replicas of well-known products such as the Opera Mini browser, a non-existent Android VulnScan OS, a clone of the ChatGPT bot, and premium versions of YouTube and Netflix.

(more…)

Keep your app from failing in a 64-bit-only Android phone

Friday, February 10th, 2023

Android hardware is always changing. Sometimes, the hardware change is highly visible, like from a regular screen to a wide screen or to an ultra-wide screen. And sometimes, it is not. If you are building apps for Android, I think you must be familiar with the device available in the market. Generally, there are two types. Some Android devices are 32-bit only. They are usually mobile devices for the low-end market or TV-devices. And the majority of mobile devices are 32/64-bit mixed mobile devices. Now, this is a bit different after the Pixel 7 is launched.

The first Android phone to be solely configured as 64-bit is the Pixel 7. And as forthcoming high-end SOC cannot run 32-bit code, this will be a big thing this year. Every developer should get ready for this. It is anticipated that 64-bit only will become the default option in the future, due to several advantages.

First, it is faster. 64-bit applications run faster because they have access to extra registers and adjustments that are not available to 32-bit apps. Secondly, it is safer. The bigger address space makes defense like ASLR more effective and the spare bits can be used to protect control full integrity. And the new hardware instructions get added to 64-bit but not 32-bit instruction sets. Thirdly, it improves system health. Removing support for 32-bit code, saves up to 150 megabytes of RAM, which has been used by the OS even when it is not running 32-bit apps. And finally, starting in 2023, high-end SOCs will no longer be able to run 32-bit code.

(more…)

Demystifying the Yahoo Search redirect virus on Mac

Tuesday, December 14th, 2021

Widespread Mac malware redirects to Yahoo SearchIt has been years since Yahoo became a piece of cybercriminals’ traffic monetization puzzle, but this is still a scheme whose gist seems murky.

Mixing malware campaigns with reputable services is the norm in today’s computer threat landscape. Not only is this tactic a way to make an attack look quasi-legitimate, but it may also be interpreted as collusion all the involved parties benefit from. At this point, it isn’t entirely clear which motivation is behind the spread of the Yahoo Search redirect virus in the macOS environment. The only sure-shot takeaway from its shenanigans is that its operators’ appetite comes with eating, as the traffic-hijacking wave has grown into a serious issue.

The threat manifests itself as follows: after installing a malware-laden application, a Mac user keeps going to search.yahoo.com whenever they enter search requests in the URL area of Safari, Google Chrome, or Mozilla Firefox. On a side note, the baddie supports all these browsers to the same extent, with some infection reports relating to Opera as well. (more…)

SearchLee redirect on macOS/iOS

Wednesday, February 10th, 2021

In a recent move, an ill-famed Mac malware gang has unleashed a new browser hijacker that constantly forces hits to searchlee.com.

Once again, Macs are in the crosshairs of bad actors who keep piggybacking on a surefire web traffic monetization scheme through aggressive redirects. This rising campaign involves a predatory application that takes over a victim’s default browser to push SearchLee, a rogue service mimicking a garden-variety search provider. The resulting page contains nothing but a search box and a few technicalities in the footer such as the privacy policy and terms of use. Although at first blush it doesn’t seem harmful at all, there are pitfalls lying beneath the external normality. First off, you aren’t likely to ever visit searchlee.com unless you test malware like we do, or unless your Mac has been infiltrated by a virus that’s wreaking havoc with all things web surfing.
(more…)

Taicheetee.com: inner workings of the Android virus

Tuesday, February 9th, 2021

Taicheetee.com keeps opening new tabs in Chrome on an Android device Android users are on the receiving end of a virus campaign that promotes the Taicheetee.com site by spawning incredibly annoying pop-ups and browser tabs.

Dirty traffic monetization schemes are a thorn in the side of numerous smartphone users who suddenly find themselves entrapped in a rabbit hole of Chrome and Safari browser redirects and pop-up ads that won’t seem to stop. The foul play with Taicheetee.com and URLs at its heart typifies this dynamically escalating cybercrime trend. It manifests itself through the random emergence of one or several new tabs in the Android version of Google Chrome. This activity gets particularly conspicuous when the device is unlocked after a relatively long period of inactivity. In this case, the site in question is sprinkled all over the browser and the user has quite a bit of tab closing work to do. (more…)

Conti ransomware jumps on the data leak hype train

Friday, September 18th, 2020

Conti ransomware, a spinoff and likely heir of the infamous Ryuk, has recently launched a data dump website to take its extortion tactic to the next level.

Conti.News leak site listing files stolen from a victimThis move fits the mold of the ongoing trend of pressuring victims into submitting a ransom. As before, this harmful code is being served via TrickBot, a modular banking Trojan that exhibits malware loading properties. It used to be that the Trojan would deploy the Ryuk ransomware as the final-stage payload.

According to security researchers, Ryuk isn’t being promoted this way since July 2020. Instead, criminals associated with the TrickBot malware distribution network switched to pushing the Conti ransomware.

Conti is a new Ransomware-as-a-Service (RaaS) platform with limited cybercriminal audiences. It has hired seasoned crooks to spread the file-encrypting threat. The operators get their cut from ransom payments and give the rest to ne’er-do-wells who execute a successful extortion attack.

As per statistics derived from the ransomware identification service “ID Ransomware”, Conti infections have been steadily growing since mid-June 2020. Meanwhile, the propagation of Ryuk has taken a nosedive ever since. The overlapping of these two opposite trends proves the theory that the Ryuk group is now plaguing enterprise networks with the Conti ransomware. (more…)

What You Need to Know About Starting Your Own Online Business

Sunday, March 31st, 2019

Starting Your Own Online Business Have you been thinking about starting an online business? Maybe you want an extra source of income or more freedom and flexibility with your time. Creating a successful online business from scratch is inexpensive and you can do it regardless of your educational or professional background. Don’t waste more time focusing on what could fail, for you have an opportunity to make unlimited income with a well-crafted online business.

Here are a few tips that will help you make the first steps into online entrepreneurship:

Find a Good Niche

Due to the low barriers to entry into the online business space, there is plenty of competition. The digital world is full of smart and determined entrepreneurs who will stand at nothing to make their ideas a success. How will you stand out from the crowd and make money with your online business?

(more…)

Chinese Authorities Seize Ransomware Creators distributing WannaCry Copycat for Android

Friday, August 4th, 2017

Chinese Police caught a pair of young people who spread a type of SLocker Android ransomware virus that was modified to resemble WannaCry, another ransomware that stretched around the globe in the course of May infecting Windows users.

The two arrests happened in the beginning of June just several days after infosec specialists from Tencent and Qihoo 360 had discovered initial virus attacks.
Ransomware virus was masked to look like a plugin for widespread and trendy Chinese mobile game called King of Glory.

This WannaCry copycat was derived from a recent version of the SLocker ransomware, an Android virus type which has lately been seen a renaissance in the first Quarter of 2017.

Law enforcement representatives stated the ransomware authors managed to infect around one hundred user devices. The ransomware effect was minimal since its creators didn’t possess the expertise and knowledge required for massive distribution. The pair of criminals utilized hyperlinks on Chinese discussion boards and community forums to distribute their fake Kings of Glory plugin.

Ransomware authors had a number of opsec slipups and failures which led them to arrests.

(more…)