It’s common to find all sorts of malware lurking under what seem to be harmless apps on the official Google Play store. Unfortunately, even if the platform is policed carefully, moderators can’t always catch these apps before they’re posted. One of the most popular variations of this kind of malware is Trojan subscribers, which sign up for paid services without the user’s … [Read more...] about The Harly Trojan subscriber in Google Play apps
Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability
Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validating in Mojo, which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process … [Read more...] about Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability
Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts
The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts. Dubbed HYPERSCRAPE by Google Threat Analysis Group (TAG), the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the … [Read more...] about Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts
Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware
A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with banking malware. These 17 dropper apps, collectively dubbed DawDropper by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code readers, VPN services, and call recorders, among others. All these apps in … [Read more...] about Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware
Google Bringing the Android App Permissions Section Back to the Play Store
Google on Thursday said it's backtracking on a recent change that removed the app permissions list from the Google Play Store for Android across both the mobile app and the web. "Privacy and transparency are core values in the Android community," the Android Developers team said in a series of tweets. "We heard your feedback that you find the app permissions section in Google … [Read more...] about Google Bringing the Android App Permissions Section Back to the Play Store
Google Removes “App Permissions” List from Play Store for New “Data Safety” Section
Following the launch of a new "Data safety" section for the Android app on the Play Store, Google appears to be readying to remove the app permissions list from both the mobile app and the web. The change was highlighted by Esper's Mishaal Rahman earlier this week. The Data safety section, which Google began rolling out in late April 2022, is the company's answer to Apple's … [Read more...] about Google Removes “App Permissions” List from Play Store for New “Data Safety” Section
Google Improves Its Password Manager to Boost Security Across All Platforms
Google on Thursday announced a slew of improvements to its password manager service aimed at creating a more consistent look and feel across different platforms. Central to the changes is a "simplified and unified management experience that's the same in Chrome and Android settings," Ali Sarraf, Google Chrome product manager, said in a blog post. The updates are also expected … [Read more...] about Google Improves Its Password Manager to Boost Security Across All Platforms
Google Blocks Dozens of Malicious Domains Operated by Hack-for-Hire Groups
Google's Threat Analysis Group (TAG) on Thursday disclosed it had acted to block as many as 36 malicious domains operated by hack-for-hire groups from India, Russia, and the U.A.E. In a manner analogous to the surveillanceware ecosystem, hack-for-hire firms equip their clients with capabilities to enable targeted attacks aimed at corporates as well as activists, journalists, … [Read more...] about Google Blocks Dozens of Malicious Domains Operated by Hack-for-Hire Groups
Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel
Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The issue relates to a case of use-after-free in the instruction optimization component, successful exploitation of which could "allow an attacker to execute arbitrary code in the context of the … [Read more...] about Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel
Google Created ‘Open-Source Maintenance Crew’ to Help Secure Critical Projects
Google on Thursday announced the creation of a new "Open Source Maintenance Crew" to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine "whether a vulnerability in a dependency might affect your code." "With this … [Read more...] about Google Created ‘Open-Source Maintenance Crew’ to Help Secure Critical Projects