Home Tags Social networks

Tag: social networks

Information overload makes social media a swamp of fake news

Low attention and a flood of data are serious problems for social networks.

Two Tickets as Bait

Over the previous weekend, social networks were hit with a wave of posts that falsely claimed that major airlines were giving away tickets for free. Users from all over the world became involved in this: they published posts that mentioned Emirates, Air France, Aeroflot, S7 Airline, Eva Air, Turkish Airlines, Air Asia, Air India, and other companies.

Why online etiquette matters — and why IT leaders should care

It seems that not a week goes by without social media hitting a new high — or, as United Airlines might attest, a new low. Whatever your perspective, there’s no denying that social networks and online connections can shape how we work, think and interact to a dramatic degree.High-tech analyst and consultant Scott Steinberg offers guidance on how to get along in this digital world with his new book, Netiquette Essentials: New Rules for Minding Your Manners in a Digital World, which was released in February.

This is Steinberg’s seventh book about business or technology. Here he discusses why manners matter on social media, and why CIOs should care.
To read this article in full or to leave a comment, please click here

The strange new world of hiring and employee tracking

Your employer wants to hire top salespeople and is counting on HR to deliver the best.

There's the old-fashioned way: collect resumes, sort for keywords, check on social networks, get referrals and interview.But what about geotagging?[ Download the ...

Bloke is paid to scour hashtags for threats, spots civil rights...

State investigator, Oregon DoJ attorney lash out in lawsuits A chap whose job was to investigate threats on social networks is suing the Oregon Department of Justice – for allegedly retaliating against him after his online sleuthing led him to the agency's own director of civil rights.…

Facebook, Microsoft target faster services with new AI server designs

Facebook on Wednesday rolled out some staggering statistics related to its social networks.

Each day, users watch 100 million hours of video, 400 million people use Messenger, and more than 95 million photos and videos are posted on Instagram.That puts a heavy load on Facebook’s servers in data centers, which help orchestrate all these services to ensure timely responses.
In addition, Facebook’s servers use machine learning technologies to improve services, with one visible example being image recognition.[ Roundup: TensorFlow, Spark MLlib, Scikit-learn, MXNet, Microsoft Cognitive Toolkit, and Caffe machine learning and deep learning frameworks. | Get a digest of the day's top tech stories in the InfoWorld Daily newsletter. ]The story is similar for Microsoft, which is continually looking to balance the load on its servers.

For example, Microsoft’s data centers apply machine learning for natural language services like Cortana.To read this article in full or to leave a comment, please click here

Breaking The Weakest Link Of The Strongest Chain

Around July last year, more than a 100 Israeli servicemen were hit by a cunning threat actor.

The attack compromised their devices and exfiltrated data to the attackers’ C&C.
In addition, the compromised devices were pushed Trojan updates.

The operation remains active at the time of writing this post.

Google Maps makes your favorite places social with launch of shareable...

In an effort to make Maps more of a social tool than a directional tool.

How to succeed in online investigations and digital forensics

Maltego, the tool best known for deep data mining and link analysis, has helped law enforcement, intelligence agencies and others in security-related work since it was released in 2008.

To benefit from using Maltego, come to SAS 2017 for intensive Digital Intelligence Gathering training from the experts who created the tool from scratch: there won’t be any questions that they can’t answer.

Fitbit may be cutting up to 10 percent of its workforce...

The company is turning to software and may be developing its own app store.

Ransomware app hosted in Google Play infects unsuspecting Android user

Aurich Lawsonreader comments 33 Share this story Google Play, the official market for Android apps, was caught hosting a ransomware app that infected at least one real-world handset, security researchers said Tuesday. The ransomware was dubbed Charger and was hidden inside an app called EnergyRescue, according to a blog post published by security firm Check Point Software. Once installed, Charger stole SMS contacts and prompted unsuspecting users to grant it all-powerful administrator rights.
If users clicked OK, the malicious app locked the device and displayed the following message: You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes. WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT. WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER! TURNING OFF YOUR PHONE IS MEANINGLESS, ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS! WE STILL CAN SELLING IT FOR SPAM, FAKE, BANK CRIME etc… We collect and download all of your personal data.

All information about your social networks, Bank accounts, Credit Cards. We collect all data about your friends and family. The app sought 0.2 Bitcoin, currently worth about $180.
In an e-mail, Check Point researchers said the app was available in Google Play for four days and had only a "handful" of downloads. "We believe the attackers only wanted to test the waters and not spread it yet," the researchers told Ars.

The infection was detected by Check Point's mobile malware software, which the company sells to businesses.

Google officials have since removed the app and have thanked Check Point for raising awareness of the issue. Hiding in plain sight An analysis showed that Charger checked the local settings of an infected device and wouldn't execute the app's malicious payload if the device was located in Ukraine, Russia, or Belarus.

The behavior was likely an attempt to prevent the developers from facing legal actions in those countries.
In the blog post, Check Point researchers added: Most malware found on Google Play contains only a dropper that later downloads the real malicious components to the device.

Charger, however, uses a heavy packing approach which [makes] it harder for the malware to stay hidden, so it must compensate with other means.

The developers of Charger gave it everything they had to boost its evasion capabilities and so it could stay hidden on Google Play for as long as possible. The malware uses several advanced techniques to hide its real intentions and makes it harder to detect. It encodes strings into binary arrays, making it hard to inspect them. It loads code from encrypted resources dynamically, which most detection engines cannot penetrate and inspect.

The dynamically-loaded code is also flooded with meaningless commands that mask the actual commands passing through. It checks whether it is being run in an emulator before it starts its malicious activity. PC malware first introduced this technique which is becoming a trend in mobile malware having been adopted by several malware families including Dendroid. In 2012, Google unveiled a cloud-based scanner dubbed bouncer that was billed as a way for the company to detect malicious apps before they were made available in Play.

Five years later, discovery of malicious apps like Charger are a regular occurrence.

Google makes little reference to the tool these days. The incident is the latest to underscore the risks posed by apps hosted on Google servers. On Monday, Check Point documented the return of the virulent family of Android malware known as HummingBad, which managed to get from 2 million to 12 million downloads from the marketplace before the 20 affected apps were detected and removed.

Do web injections exist for Android?

Web injection attacks There’s an entire class of attacks that targets browsers – so-called Man-in-the-Browser (MITB) attacks. These attacks can be implemented using various means, including malicious DLLs, rogue extensions, or more complicated malicious code injected into pages in the browser by spoofing proxy servers or other ways. The purpose of an MITB attack may vary from relatively innocuous ad spoofing on social networks or popular websites to stealing money from user accounts – the latter is what happened in the Lurk case. A malicious app masquerades as a Kaspersky Lab product in an MITB attack Web injection is used in most cases when an MITB-class attack targets online banking. This type of web injection attack involves malicious code being injected into an online banking service webpage to intercept the one-time SMS message, harvest information about the user, spoof banking details, etc. For example, our Brazilian colleagues have long reported about barcode spoofing attacks performed when users print out Boletos – popular banking documents issued by banks and all kind of businesses in Brazil. Meanwhile, the prevalence of MITB attacks in Russia is decreasing – cybercriminals are opting for other methods and attack vectors to target banking clients. For the average cybercriminal, it is much easier to use readily available tools than develop and implement web injection tools. Despite this, we’re often asked if there are any web injection attacks for Android devices. This is our attempt to investigate and give as full an answer as possible. Web injection on Android Despite the term ‘inject’ being used in connection with mobile banking Trojans (and sometimes used by cybercriminals to refer to their data-stealing technologies), Android malware is a whole different world. In order to achieve the same goals pursued by web injection tools on computers, the creators of mobile Trojans use two completely different technologies: overlaying other apps with a phishing window, and redirecting the user from a banking web page to a specially crafted phishing page. Overlaying apps with phishing windows This is the most popular technology with cybercriminals and is used in practically all banking Trojans. 2013 was when we first encountered a piece of malware overlaying other apps with its phishing window – that was Trojan-Banker.AndroidOS.Svpeng. Today’s mobile banking Trojans most often overlay the Google Play Store app with their phishing window – this is done in order to steal the user’s bank card details. The Marcher malware Besides this, Trojans often overlay various social media and instant messaging apps and steal the passwords to them. The Acecard malware However, mobile banking Trojans typically target financial applications, mostly banking apps. Three methods of MITB attacks for mobile OS can be singled out: 1. A special Trojan window, crafted beforehand by cybercriminals, is used to overlay another app’s window. This method was used, for example, by the Acecard family of mobile banking Trojans. Acecard phishing windows 2. Apps are overlaid with a phishing web page located on a malicious server. This way, the cybercriminals can modify its contents any time they need to. This method is used by the Marcher family of banking Trojans. Marcher phishing page 3. A template page is downloaded from a malicious server, to which the icon and the name of the attacked application is added. This is how one of the Trojan-Banker.AndroidOS.Faketoken modifications manages to attack over 2,000 financial apps. FakeToken phishing page It should be noted that starting from Android 6, for the above attack method to work, the FakeToken Trojan has to request the privilege of displaying its window on top of other app windows. It’s not alone though: as new versions of Android are gaining popularity, a growing number of mobile banking Trojans are beginning to request such privileges. Redirecting the user from the bank’s page to a phishing page We were only able to identify the use of this technology in the Trojan-Banker.AndroidOS.Marcher family. The earliest versions of the Trojan that redirected the user to a phishing page are dated late April 2016, and the latest are from the first half of November 2016. Redirecting the user from a bank’s webpage to a phishing page works as follows. The Trojan subscribes to modify browser bookmarks, which includes changes in the current open page. This way the Trojan knows which webpage is currently open, and if it happens to be one of the targeted pages, the Trojan opens the corresponding phishing page in the same browser and redirects the user there. We were able to find over a hundred web pages belonging to financial organizations that were targeted by the Marcher family of Trojans. However, two points need to be raised: All new modifications of the Marcher Trojan that we were able to detect no longer use this technology. Those modifications that used this technology also used a method of overlaying other apps with their phishing window. Why then was the method of redirecting the user to a phishing page used by only one family of mobile banking Trojans, and why is this technology no longer used in newer modifications of the family? There are several reasons: In Android 6 and later versions, this technology no longer works, meaning the number of potential victims is decreasing every day. For example, around 30% of those using Kaspersky Lab’s mobile security solutions now use Android 6 or a later version; The technology only worked on a limited number of mobile browsers; The user can easily spot that they are being redirected to a phishing site and they may also notice that the URL of the webpage has changed. Attacks launched using root privileges With superuser privileges, Trojans can perform any attack, including real malicious injections into browsers. Although we were unable to find a single case of this happening, the following should be noted: Some modules of Backdoor.AndroidOS.Triada can substitute websites in certain browsers, using superuser privileges. All the attacks we found were launched with the purpose of making some money from advertising only, and did not result in the theft of banking information. The banking Trojan Trojan-Banker.AndroidOS.Tordow, using superuser privileges, can steal passwords saved in browsers, which may include passwords to financial websites. Conclusions We can state that, despite all the available technical capabilities, cybercriminals that target banks do not make use of malicious web injections in mobile browsers or injections in mobile apps. Sometimes they use these technologies to spoof adverts, but even then that requires highly sophisticated malicious software. So why do cybercriminals ignore the available opportunities? Most probably it is because of the diversity of mobile browsers and apps. Malware writers would have to adapt their creations to a long list of programs, which is rather costly, while simpler and more versatile attacks involving phishing windows do not require so much effort to target a larger number of users. Nonetheless, the Triada and Tordow examples suggest that similar attacks may well take place in the future as malware creators gain more expertise.