Mintnav.com is a suspicious website that has been reported by numerous Android mobile users as the unexpected homepage in their Google Chrome browser. This sudden appearance has raised concerns among users, leading them to seek methods to remove or replace it. If you’re facing a similar issue, this article will guide you through the steps to remove Mintnav.com from your Android phone, specifically Xiaomi devices, and provide insights into the potential malware threat associated with it.
Mintnav’s sudden emergence as the default homepage on Android devices has been a topic of discussion on various forums. Users are often puzzled by its unexpected appearance and are eager to replace it with a more familiar or preferred URL. According to reports from users on Reddit, Xiaomi mobile phones might be compromised by malware present in the Chrome browser. While this information has not been officially confirmed by Xiaomi or cybersecurity experts, it has generated significant concern within the tech community.
The malware, referred to as ‘Mintnav’, is believed to hijack the Chrome browser on Xiaomi devices. Specific details regarding its operation or the exact components of the browser it affects remain unclear. However, users have observed alterations to their Chrome homepage, which now redirects to the Mintnav.com website. The legitimacy of this site is questionable, as no official documentation exists, and similar incidents have been reported on Xiaomi devices previously.
Cyber analysts from CloudSEK have reported an investigation into malicious attacks, revealing that hackers have started utilizing a Java-based Trojan called DogeRAT for Android. The creators of this malware are offering a wide array of malicious functions to clients for just $30 per month.
DogeRAT is an exceptionally effective virus that grants the operator covert control over the victim’s Android device. It stealthily steals sensitive information, including contacts, SMS messages, and online banking credentials. Moreover, the Trojan can perform unauthorized transactions, send spam messages, manipulate infected files, and even exploit the device’s camera to take photos without the user’s awareness. Within the hacking community, DogeRAT is being promoted as a service and has gained considerable popularity.
The true danger lies in the Trojan’s ability to disguise itself. It assumes the shape of both popular legitimate applications and fake ones, often impersonating gaming or banking apps. The researchers have identified approximately a thousand counterfeit applications associated with DogeRAT. Particularly notable among these disguises are replicas of well-known products such as the Opera Mini browser, a non-existent Android VulnScan OS, a clone of the ChatGPT bot, and premium versions of YouTube and Netflix.
Android hardware is always changing. Sometimes, the hardware change is highly visible, like from a regular screen to a wide screen or to an ultra-wide screen. And sometimes, it is not. If you are building apps for Android, I think you must be familiar with the device available in the market. Generally, there are two types. Some Android devices are 32-bit only. They are usually mobile devices for the low-end market or TV-devices. And the majority of mobile devices are 32/64-bit mixed mobile devices. Now, this is a bit different after the Pixel 7 is launched.
The first Android phone to be solely configured as 64-bit is the Pixel 7. And as forthcoming high-end SOC cannot run 32-bit code, this will be a big thing this year. Every developer should get ready for this. It is anticipated that 64-bit only will become the default option in the future, due to several advantages.
First, it is faster. 64-bit applications run faster because they have access to extra registers and adjustments that are not available to 32-bit apps. Secondly, it is safer. The bigger address space makes defense like ASLR more effective and the spare bits can be used to protect control full integrity. And the new hardware instructions get added to 64-bit but not 32-bit instruction sets. Thirdly, it improves system health. Removing support for 32-bit code, saves up to 150 megabytes of RAM, which has been used by the OS even when it is not running 32-bit apps. And finally, starting in 2023, high-end SOCs will no longer be able to run 32-bit code.
Android users are on the receiving end of a virus campaign that promotes the Taicheetee.com site by spawning incredibly annoying pop-ups and browser tabs.
Dirty traffic monetization schemes are a thorn in the side of numerous smartphone users who suddenly find themselves entrapped in a rabbit hole of Chrome and Safari browser redirects and pop-up ads that won’t seem to stop. The foul play with Taicheetee.com and URLs at its heart typifies this dynamically escalating cybercrime trend. It manifests itself through the random emergence of one or several new tabs in the Android version of Google Chrome. This activity gets particularly conspicuous when the device is unlocked after a relatively long period of inactivity. In this case, the site in question is sprinkled all over the browser and the user has quite a bit of tab closing work to do. (more…)
Chinese Police caught a pair of young people who spread a type of SLocker Android ransomware virus that was modified to resemble WannaCry, another ransomware that stretched around the globe in the course of May infecting Windows users.
The two arrests happened in the beginning of June just several days after infosec specialists from Tencent and Qihoo 360 had discovered initial virus attacks.
Ransomware virus was masked to look like a plugin for widespread and trendy Chinese mobile game called King of Glory.
This WannaCry copycat was derived from a recent version of the SLocker ransomware, an Android virus type which has lately been seen a renaissance in the first Quarter of 2017.
Law enforcement representatives stated the ransomware authors managed to infect around one hundred user devices. The ransomware effect was minimal since its creators didn’t possess the expertise and knowledge required for massive distribution. The pair of criminals utilized hyperlinks on Chinese discussion boards and community forums to distribute their fake Kings of Glory plugin.
Ransomware authors had a number of opsec slipups and failures which led them to arrests.
Check out the first demo vid of Su-Preme MPA – my first Android app to be released on the market in few days!
MPA is a sample based music production app that mimics the look and feel of a classic analog device that is widely popular among urban music producers.
I’m proud to say that MPA is not a toy. We really mean it to be used by actual music producers to make actual beats.
The app was co-designed and will be promoted by Alaric “Supreme” Wilder of Wu-Tang Clan fame. He also did the video!
Why scan the classpath? There are various patterns that are often used in enterprise Java applications that require scanning of classpath and getting the list of all classes that are present in the application.
For example, if you want to discover all classes with a certain annotation (such as @Component in Spring Framework) to process them in a special way, you need a way to go over all classes in your application and select some of them based on which annotations they have.
However, neither Java SE nor Android have built-in facilities to safely get the list of all classes in your application in runtime. The reason for that is the theory behind classloaders in Java – the ability to go over all classes is neither needed in classic OOP nor feasible for all theoretically possible classloader implementations. However, in practice, scanning classpath and discovering the classes you need is quite possible in most cases, both in your web app and on Android. This is always going to be more or less a hack, but if it has been useful in web applications, it can also be useful in Android apps – with some caution, of course.
Thus, in this article I will show and explain a piece of code that does exactly that – scans your classpath and gives you the ability to go over all classes in your app.
My definition or, rather, my perception of an enterprise mobile app is generally the following:
The app in question is a mobile client for a multi-user client-server application. It can either be the only kind of client for the app, or co-exist with a web interface or, for example, a PC desktop client for the same server app.
It has a “serious” user interface – rather than trying to impress the end-user with a slick, non-typical UI, it aims to be as straightforward and predictable as possible. It tends to have various forms, charts, trees and lists of various complexity.
Conceptually, very often a big part of the app is dedicated to managing (CRUDing) a set of entities such as users, documents, reports etc. Domain models can get quite complex, often with tree-like structures, fine-grained user permissions with different access levels and profiles.
Internally the app uses typical client-server protocols like SOAP, XML-RPC or even CORBA. Often in-house protocols and frameworks are used on top of those generic ones or instead of them. You get the picture.
Enterprise apps might not seem to be the most interesting kind to work on. However, they are attractive for many studios because customers usually pay well for them. In addition, as a developer, you will find that they are often challenging to implement – at least with functional and internal quality that will satisfy both the customer and you.
In this article, I would like to cover a list of typical facilities that Android developers need when developing such kind of apps. The platform does not really have that much to offer (as we will see), and many developers build their own ad-hoc frameworks that they try to reuse as needs arise.
I will share some thoughts that I have about that, and will be happy to know your stories too.
How do you separate application state, user interaction logic and data presentation in your Android apps?
Platform designers did not enforce any high-level application architecture framework upon us but left us enough options to implement our own solutions based on application requirements and scale. Most simple applications will get away with just storing data in their widgets (such as in text fields, spinners etc.) and their state manipulation right in event handlers such as OnClickListener‘s. However, if you are going to write a complex application or plan to sophisticate your simple app further, you should really think how to layer it well so that the architecture supports adding new features and satisfies the expected performance, flexibility, responsiveness and other requirements, and your code does not become a mess.
In this article, I will show you one practical approach to dividing application code into three layers according the MVC paradigm and connecting the view to the controller using the Android messaging framework. I used it in my own code and although it might not be 100% academically correct or applicable for every possible app, I love the benefits it gives to me as my app grows more and more complex.
After few months of busy work in the underground laboratories, MTR is back again. As you can see, I have even installed a new theme which looks to me kinda less annoying and more effective in terms of content.
What I plan to do is, of course, to continue the series of articles on Android development so we can go on sharing our knowledge and experience. Many things have been changing in the Android world. Tablets are here today, and new versions of the platform are soon to come. Android is becoming a more and more widespread and seriously taken platform and at this point, there is no way back.
As for this blog, it is still going to be about useful content (at least content that I consider useful), not about promo articles or high traffic volumes. I am still very interested in general architecture topics, plus multimedia (especially audio) and, sure enough, your questions, issues and achievements.