Many developers don’t know what instrumentation really is, and those who do don’t really understand the black magic that takes an application and makes it emit telemetry, especially when automatic instrumentation is involved. On top of that, each programming language has its own tricks. I wanted to unwrap this loaded topic on my podcast, OpenObservability Talks. For this topic … [Read more...] about Where Are My App’s Traces? Instrumentation in Practice
apps
The Harly Trojan subscriber in Google Play apps
It’s common to find all sorts of malware lurking under what seem to be harmless apps on the official Google Play store. Unfortunately, even if the platform is policed carefully, moderators can’t always catch these apps before they’re posted. One of the most popular variations of this kind of malware is Trojan subscribers, which sign up for paid services without the user’s … [Read more...] about The Harly Trojan subscriber in Google Play apps
Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware
A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with banking malware. These 17 dropper apps, collectively dubbed DawDropper by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code readers, VPN services, and call recorders, among others. All these apps in … [Read more...] about Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware
These 28+ Android Apps with 10 Million Downloads from the Play Store Contain Malware
As many as 30 malicious Android apps with cumulative downloads of nearly 10 million have been found on the Google Play Store distributing adware. "All of them were built into various programs, including image-editing software, virtual keyboards, system tools and utilities, calling apps, wallpaper collection apps, and others," Dr.Web said in a Tuesday write-up. While … [Read more...] about These 28+ Android Apps with 10 Million Downloads from the Play Store Contain Malware
Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms
A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them. The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two dozen NPM packages that include obfuscated JavaScript, which comes with malicious code … [Read more...] about Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms
Microsoft Warns About Evolving Capabilities of Toll Fraud Android Malware Apps
Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its "complex multi-step attack flow" and an improved mechanism to evade security analysis. Toll fraud belongs to a category of billing fraud wherein malicious mobile applications come with hidden subscription fees, roping in unsuspecting users to premium content without their … [Read more...] about Microsoft Warns About Evolving Capabilities of Toll Fraud Android Malware Apps
10 Most Prolific Banking Trojans Targeting Hundreds of Financial Apps with Over a Billion Users
10 of the most prolific mobile banking trojans have set their eyes on 639 financial applications that are available on the Google Play Store and have been cumulatively downloaded over 1.01 billion times. Some of the most targeted apps include Walmart-backed PhonePe, Binance, Cash App, Garanti BBVA Mobile, La Banque Postale, Ma Banque, Caf - Mon Compte, Postepay, and BBVA … [Read more...] about 10 Most Prolific Banking Trojans Targeting Hundreds of Financial Apps with Over a Billion Users
Auto-Instrumenting NestJS Apps with OpenTelemetry
In this tutorial, we will go through a working example of a NestJS application auto-instrumented with OpenTelemetry. In our example we will use a simple application that outputs “Hello World!” when we call it in the browser.We will instrument this application with OpenTelemetry’s Node.js client library to generate trace data and send it to an OpenTelemetry Collector. The … [Read more...] about Auto-Instrumenting NestJS Apps with OpenTelemetry
Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices
Four high severity vulnerabilities have been disclosed in a framework used by pre-installed Android System apps with millions of downloads. The issues, now fixed by its Israeli developer MCE Systems, could have potentially allowed threat actors to stage remote and local attacks or be abused as vectors to obtain sensitive information by taking advantage of their extensive system … [Read more...] about Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices
Security of third-party apps for connected cars
Any modern car is basically a computer on wheels. And many are also connected to the internet. As a result, in addition to the vehicles themselves, automakers are now developing apps to control them remotely. These can be used to check the car’s location, turn on the heating or air conditioning in advance, lock and unlock the doors, and so on. However, different users have very … [Read more...] about Security of third-party apps for connected cars