Connect with us

Technology

macOS Has A Malware Gateway And Apple Is Not Doing Anything About It

Cyber researcher found a vulnerability that opens a gateway for malware to be sneak in a computer system but Apple has not patched the problem yet. Click To Tweet

Published

on

Cyber researcher found a vulnerability that opens a gateway for malware to be sneak in a computer system but 90 days after notification, Apple has not patched the problem yet.
Apple is yet to patch up a security vulnerability in macOS. Photo: ThoroughlyReviewed | Flickr | CC BY 2.0

Apple computers pride itself to be one of the most secure consumer computer out there, but it seems like malware engineers and cybercriminals are catching up with Mac’s security features. A cybersecurity researcher has found a loophole in MacOS’ security mechanisms that could potentially be used to sneak in infectious malware in the computer. And amidst being told by the researcher, Apple is yet to patch the vulnerability.

According to Filippo Cavallarin, a security researcher, through his website, he discovered a vulnerability in MacOS’ security mechanism, Gatekeeper, that could be used by hackers to sneak in malware to the Apple computers. He detailed his discovery in his website, wearesegment.com, that while it is hard for hackers to infiltrate the system by sending a program to run in an Apple device, they can still do it with a workaround.

He said that malware could get around Gatekeeper – the feature that prompts users to confirm if they want an “unknown” application to be installed in the system especially if they are from outside of the Mac App store – by sending the malware through a zip file archive to disguise the malicious software. In theory, it becomes possible for hackers to run whatever code they like.

Usually, a malware infection happens when an unsuspecting target opens and installs an application – commonly from an unidentified email – but in this case, installing an app is hard to do as Apple’s Gatekeeper provides enough security for users. Instead, the researcher said, the hacker can just essentially send a zip file archive to the target and have him/her to trust the content of the zip file archive for them to extract it.

Cavallarin says that following his discovery of the said vulnerability, he immediately contacted Apple to report his results and have them patch the problem. However, the latest macOS 10.14.5 update remains vulnerable.

Apple was given by the researcher 90 days to patch the vulnerability. Otherwise, Cavallarin would go public with his discovery. And it seems like Apple did not treat his warning seriously.

“This issue was supposed to be addressed, according to the vendor, on May 15th, 2019 but Apple started dropping my emails,” says Cavallarin. “Since Apple is aware of my 90 days disclosure deadline, I make this information public.”

Malware persists amidst efforts to stop them

Malware has become one of the world’s most infectious computer virus with attacks that were successful in shutting down businesses and city governments for days in the past. While white-hat hackers, those who hack for the common good (i.e., report vulnerabilities, fix bugs, etc.), have been able to protect systems against malware, the hackers are also getting bolder and more creative in their methodologies.

In one instance, a Linux version of the malicious malware called Winnti has been discovered by Google’s Chronicle while they are investigating the cyberattack against Bayer, a multinational pharmaceutical company. Winnti is the malware strain that was said to be used in the high-profile cyber attack against a Vietnamese gaming company in 2015.

Furthermore, tech researchers have suggested that the use of Winnti malware is linked to an organized and coordinated Chinese intelligence network that aims to siphon not only money but also has an ulterior political agenda.

Furthermore, amidst governments and private entities’ fervent and strengthened crackdown against malware and cybercriminals, the underground operations seem to persist still. Last week, the United States government indicted more than ten individuals linked to multiple malware attacks that have affected different companies across all sectors. The victims of the malware attacks included a Washington law firm, a church in Texas, a furniture business in California and a casino in Mississippi.

The ten people who were charged were allegedly involved in the malicious software attacks that infected tens of thousands of computers and caused more than $100 million in financial losses. The announcement reveals that the charged individuals came from six countries and several are already awaiting prosecution in Europe. Another defendant in a related case was already extradited to the U.S. from Bulgaria in 2016 and pleaded guilty last month in federal court in Pittsburgh, where Thursday’s case was brought. The charged individuals are now facing conspiracy to commit computer fraud, conspiracy to commit wire and bank fraud and conspiracy to commit money laundering.

A consumer tech and cybersecurity journalist who does content marketing while daydreaming about having unlimited coffee for life and getting a pet llama.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology

Facebook Live Fail: Pakistan Minister In Cat Filter

Another Facebook Live fail: Pakistan’s Minister of Information and three other officials turned into cartoonish cats when volunteer accidentally turns on Facebook’s Camera Effects feature.

Published

on

Facebook Live
Facebook Live was used to document Pakistani Minister's Press Briefing last June 14, 2019. Photo: Sticker Mule | Unsplash.com

A serious government press meeting has turned into the newest internet meme. Last Friday, Shaukat Ali Yousafzai, 10th Khyber Pakhtunkhwa Assembly’s Minister of Information conducted a press briefing looking like a cat. Accidentally, a cat filter was applied on Press Trust India’s (PTI) Facebook Live session coverage.

Viewers saw various government officials with pink cat ears and cartoonish whiskers. It took a few minutes before the representatives of PTI realized the mistake, despite prompts from viewers via comments on the video. After the press briefing, PTI immediately deleted the video. However, screenshots of the incident have now gone viral.

Mr. Yousafzai addressed the amusing event through a statement to the AFP news agency. He says, “I wasn’t the only one – two officials sitting along me were also hit by the cat filter.”

PTI has since released a statement through Twitter, identifying that the mistake was done by a hardworking volunteer.

In Facebook Live, applying filters is one click away. Clicking on the magic wand at the lower left corner of your phone’s screen will enable different kinds of templated masks, borders, and other effects to your video. The first option on the screen would be the most recent filters you have used.

Facebook Live on Important Events

According to a report, there are nearly two billion users per month who watched Facebook Live sessions in 2017 from its launch in 2016. It has since then become a tool favored by users. Since then, users have used Facebook Live to share important events such as weddings, birthday parties, and family reunions.  

With this kind of user engagement, governments are also noticing Facebook Live’s potential in reaching out to their voters. The Pakistan Government is not the only one using Facebook Live to stream official proceedings. Local and National governments use this tool to engage with their constituents through broadcasting events such as the signing of a bill into law and debate proceedings in the US Senate, to name a few.  

Facebook has since then developed additional tools related to public policies. This is what Katie Harbath, Facebook’s Public Policy Director, presented in the 2016 Government Social Media Conference held in Reno, Nevada. During the event, Harbath also shared that a good number of viewers in a Facebook Live session about Canada’s budgetary hearings; something that wasn’t expected at that time. In the 2016 US elections, the live-streaming video of the Presidential race (Hillary vs. Trump) had 47 million live views reaching 1.7 million viewers

Facebook Live Fails

Going viral has been a big part of internet culture. The more you have a “fail,” the more infamous you can be. Pakistan Minister’s cat filter fail is not the only incident of Facebook Live fails that has turned into a meme. In 2018, Ted Cruz broadcasted a Facebook Live with his video in portrait mode with his camera phone set up horizontally.  

Brands, even with their social media teams, are also not immune to the internet fails. Buzzfeed had a major fail back in 2016 when they had a Facebook Live interview with the then-president Barack Obama. After a lengthy introduction by host Chris Geidner, while waiting for the President, their live video feed stalled and failed to capture the interview which disappointing 35,000 Facebook viewers. The live stream of the event on Youtube, however, went well.

Consequently, there are now Youtube tutorials to help guide users on how to optimize Facebook Live and avoid these fails.

Aside from Facebook Live fails, the social media giant has been under fire since due to violent or disturbing live streams that are surfacing in the platform. Facebook has issued stricter restrictions to lessen the spreading of such videos.

CEO Mark Zuckerberg has called for support through his opinion piece in the Washington Post last May 30. He shared that Facebook, in collaboration with French officials, is creating an independent body that can help improve their content review systems. Through this initiative, Zuckerberg hopes that they can lessen, and in the future, eradicate harmful content.

Continue Reading

Editors' Pick

AMCA Breach: 20 Million Victims, 19 Class Actions

AMCA previously reported that there were only 200,000 victims in the recent breach, but their partner labs said there were more than 20 million. Click To Tweet

Published

on

AMCA previously reported that there were only 200,000 victims in the recent breach but the company, but their partner labs said there were more than 20 million.
AMCA previously reported that there were only 200,000 victims in the recent breach but the company, but their partner labs said there were more than 20 million. Photo: cbgrfx123 | Flickr | CC BY-SA 2.0

More than 20 million and not 200,000 have fallen victim to a massive data breach that has seen medical clients using the services of healthcare billing company, American Medical Collection Agency (AMCA), to pay for their laboratory tests in different blood testing labs across the U.S. were confirmed by the SEC filings of affected medical institutions amidst the earlier claims of AMCA that there were fewer victims.

The data breach was a result of a cyber attack that aims to phish for financial information from the website of the AMCA. The exposed data belongs to Americans who paid laboratory services at several clinical and blood testing labs and institutions and used the AMCA billing portal.

What happened in the AMCA breach?

Data that were stolen from the victims include their names, phone numbers, dates of birth, home addresses, social security numbers, credit card numbers, and other bank details. The said information was auctioned off by the hacker in several financial hacking forums.

According to DataBreaches.net, the organization who first reported about the incident, AMCA officials, following the notification of the breach confirmed that their system has been compromised and has remained undetected for more than eight months. AMCA corroborated that the breach took place between August 1, 2018, and March 30, 2019.

Notifications have been sent by several of AMCA’s corporate partners and clients to their customers following the disclosure of the security breach that has seen information from millions of Americans compromised.

Related: Hospitals Only Spend 5% Of Its Budget For Cybersecurity Amidst 82% Of Them Reporting To Have Been Attacked

The list of impacted testing laboratories includes Quest Diagnostics (11.9 million patients), LabCorp (7.7 million patients), BioReference Laboratories (Opko Health subsidiary, 422,600 patients), Carecentrix (500,000 patients), and Sunrise Laboratories (undisclosed number of patients).

However, neither the AMCA nor its five clients have yet to notify ALL impacted citizens by the breach making them vulnerable to a lot of cyber crimes and their financial data could be used by anyone who gets hold of the information against the persons of those who still don’t know that their financial information is floating around the internet.

The companies involved in the breach are facing several lawsuits

Appropriately, the lawsuit came into the direction of AMCA, Quest, and LabCorp regarding the incident. More than 11 class-suite actions have been filed against the three companies for their inability to protect consumer data. The 11 lawsuits were recorded at The United States Judicial Panel on Multidistrict Litigation (JPML) on June 3. Since then, eight more lawsuits were filed against the companies in federal courts from New Jersey, New York, and California.

According to litigation experts, “If many cases are filed in federal court, any of the lawyers on any of those cases can file a motion with the JPML [..] to centralize the various federal cases that have been filed by sending all of them to a single judge for coordinated pre-trial proceedings.”

“Healthcare companies are especially susceptible to data breaches not only because they aggregate a tremendous amount of important and sensitive data, but also because they tend to be less focused on cybersecurity protection than other industries,” said John Yanchunis of Morgan and Morgan, one of the firms who filed lawsuits against Quest Diagnostics.

“These companies, like Quest Diagnostics, know they are at an increased risk and yet have not taken the proper steps to protect their patients’ data. We will fight for justice on behalf of those impacted by this breach,” added Yanchunis.

Lawmakers are demanding an explanation

The U.S. government, led by attorneys general from Connecticut and Illinois has also opened an investigation on the matter. Furthermore, lawmakers and other politicians have sent letters to the responding companies to ask for an explanation of why an eight-month data breach remained undetected and to demand accountability from them.

In Washington, US Sen. Mark Warner (D-VA) also sent a letter to Quest Laboratories demanding the company explain its vetting process for selecting AMCA as a billing vendor, and what requirements a third-party vendor has to pass. Democratic New Jersey Sens. Cory Booker and Bob Menendez also sent letters to AMCA, Quest, and LabCorp, seeking official answers on how a breach of this severity went undetected for eight months.

“The months-long leak leaves sensitive personal and financial information vulnerable in the hands of criminal enterprises. Moreover, such breaches force victims to contend with identity theft that may lead to irreparable harm to their credit reports and financial future,” said the letter sent by the NJ senators.

Continue Reading

Technology

A Malware Has Been Pre-Installed In Some Cheap Android Devices, Google Confirms

Google confirms that some cheap Android devices have been found to have pre-installed malware known as Triada, which exploitis device root options. Click To Tweet

Published

on

Google confirms that some cheap Android devices have been found to have pre-installed malware known as Triada.
Cheap Android devices found out to have pre-installed malware. Photo: Rob Bulmahn | Flickr | CC By 2.0

In every purchase, sometimes you can get your money’s worth, sometimes you get something more. In a recent confirmation from Google, purchase of cheap and low-end Android devices also comes with pre-installed malware and has run undetected for a couple of years.

In a press release, Google, for the first time in history, has discussed in detail the malware that is called Triada, which the tech company has confirmed have been pre-installed in several low-end Android devices including Cherry Mobile, Leagoo, and Doogee. The malware, which was first discovered and published by Kaspersky Lab back in 2016 have been pre-installed in the affected devices, meaning, the malware already existed in the device even before someone buys it.

It was believed previously that the malware was added and installed to the affected devices at some point in the supply chain process. Now, Google has revealed that cybercriminals indeed managed to compromise Android smartphones and installed a backdoor while the supply chain process of the phones was underway.

Back in 2016, Triada was simply a rooting trojan that tried to exploit the device, and after getting elevated privileges, it performed a host of different actions. To hide these actions from analysts, Triada used a combination of dynamic code loading and additional app installs. According to the press release from Google, “Triada’s first action was to install a type of superuser (su) binary file. This (su) binary allowed other apps on the device to use root permissions.”

According to Google, Triad’s purpose is to install spam apps on a device by gaining root access. However, as Google’s security feature, Google Play Protect, improves in detecting malware, Triada was able to evolve to adapt to the new challenges posed by updated security firewalls by Google. Triada is known for downloading additional Trojan components on an infected device which then steals sensitive data from banking apps, intercepts chats from messengers and social media platforms, and there are also cyber-espionage modules on the device.

“The binary accepted two passwords, od2gf04pd9 and ac32dorbdq. This is illustrated in the IDA screenshot below. Depending on which one was provided, the binary either 1) ran the command given as an argument as root or 2) concatenated all of the arguments, ran that concatenation preceded by sh, then ran them as root. Either way, the app had to know the correct password to run the command as root,” Google said.

“This Triada rooting trojan was mainly used to install apps and display ads. This trojan targeted older devices because the rooting exploits didn’t work on newer ones. Therefore, the trojan implemented a weight-watching feature to decide if old apps needed to be deleted to make space for new installs.”

Affected devices

According to recent reports, the malware has affected over 40 devices. These devices include:

  • Leagoo M5
  • Leagoo M5 Plus
  • Leagoo M5 Edge
  • Leagoo M8
  • Leagoo M8 Pro
  • Leagoo Z5C
  • Leagoo T1 Plus
  • Leagoo Z3C
  • Leagoo Z1C
  • Leagoo M9
  • ARK Benefit M8
  • Zopo Speed 7 Plus
  • UHANS A101
  • Doogee X5 Max
  • Doogee X5 Max Pro
  • Doogee Shoot 1
  • Doogee Shoot 2
  • Tecno W2
  • Homtom HT16
  • Umi London
  • Kiano Elegance 5.1
  • iLife Fivo Lite
  • Mito A39
  • Vertex Impress InTouch 4G
  • Vertex Impress Genius
  • myPhone Hammer Energy
  • Advan S5E NXT
  • Advan S4Z
  • Advan i5E
  • STF AERIAL PLUS
  • STF JOY PRO
  • Tesla SP6.2
  • Cubot Rainbow
  • EXTREME 7
  • Haier T51
  • Cherry Mobile Flare S5
  • Cherry Mobile Flare J2S
  • Cherry Mobile Flare P1
  • NOA H6
  • Pelitt T1 PLUS
  • Prestigio Grace M5 LTE
  • BQ-5510 Strike Power Max 4G (Russia)

Reportedly, Leagoo and Cubot have already removed the malware from their affected devices since March 2018. Cherry Mobile also confirmed that they removed the malware from the affected devices in 2018.

Google also said that they worked with OEMs to remove the malware from devices and rolled out the fix through OTA updates.

“By working with the OEMs and supplying them with instructions for removing the threat from devices, we reduced the spread of preinstalled Triada variants and removed infections from the devices through the OTA updates,” said Lukasz Siewierski, Android Security & Privacy Team.

“The Triada case is a good example of how Android malware authors are becoming more adept. This case also shows that it’s harder to infect Android devices, especially if the malware author requires privilege elevation.”

Continue Reading

Trending