SpyAgent Android Malware Steals Your Crypto Recovery Phrases From Images

SpyAgent is a new Android malware that uses optical character recognition (OCR) to steal cryptocurrency wallet recovery phrases from screenshots stored on mobile devices, allowing attackers to hijack wallets and steal funds. The malware primarily targets South Korea but poses a growing threat as it expands to other regions and possibly iOS. BleepingComputer reports: A malware operation discovered by McAfee was traced back to at least 280 APKs distributed outside of Google Play using SMS or malicious social media posts. This malware can use OCR to recover cryptocurrency recovery phrases from images stored on an Android device, making it a significant threat. […] Once it infects a new device, SpyAgent begins sending the following sensitive information to its command and control (C2) server:

– Victim’s contact list, likely for distributing the malware via SMS originating from trusted contacts.
– Incoming SMS messages, including those containing one-time passwords (OTPs).
– Images stored on the device to use for OCR scanning.
– Generic device information, likely for optimizing the attacks.

SpyAgent can also receive commands from the C2 to change the sound settings or send SMS messages, likely used to send phishing texts to distribute the malware. McAfee found that the operators of the SpyAgent campaign did not follow proper security practices in configuring their servers, allowing the researchers to gain access to them. Admin panel pages, as well as files and data stolen from victims, were easily accessible, allowing McAfee to confirm that the malware had claimed multiple victims. The stolen images are processed and OCR-scanned on the server side and then organized on the admin panel accordingly to allow easy management and immediate utilization in wallet hijack attacks.

Read more of this story at Slashdot.

US, UK, EU Sign ‘Legally Binding’ AI Treaty

The United States, United Kingdom and European Union have signed the first “legally binding” international AI treaty on Thursday, the Council of Europe human rights organization said. Called the AI Convention, the treaty promotes responsible innovation and addresses the risks AI may pose. Reuters reports: The AI Convention mainly focuses on the protection of human rights of people affected by AI systems and is separate from the EU AI Act, which entered into force last month. The EU’s AI Act entails comprehensive regulations on the development, deployment, and use of AI systems within the EU internal market. The Council of Europe, founded in 1949, is an international organization distinct from the EU with a mandate to safeguard human rights; 46 countries are members, including all the 27 EU member states. An ad hoc committee in 2019 started examining the feasibility of an AI framework convention and a Committee on Artificial Intelligence was formed in 2022 which drafted and negotiated the text. The signatories can choose to adopt or maintain legislative, administrative or other measures to give effect to the provisions.

Francesca Fanucci, a legal expert at ECNL (European Center for Not-for-Profit Law Stichting) who contributed to the treaty’s drafting process alongside other civil society groups, told Reuters the agreement had been “watered down” into a broad set of principles.
“The formulation of principles and obligations in this convention is so overbroad and fraught with caveats that it raises serious questions about their legal certainty and effective enforceability,” she said. Fanucci highlighted exemptions on AI systems used for national security purposes, and limited scrutiny of private companies versus the public sector, as flaws. “This double standard is disappointing,” she added.

Read more of this story at Slashdot.

Telegram Allows Private Chat Reports After Founder’s Arrest

Android Earthquake Alerts Now Available Across All 50 States, 6 US Territories

Google’s Android Earthquake Alerts System, initially launched in 2020, is now available in all 50 U.S. states and 6 territories. Droid Life reports: For users in California, Oregon and Washington, users will continue to have their alerts powered by the ShakeAlert system, utilizing traditional seismometers to detect earthquakes. For all out states and supported territories, “this expansion uses the built-in accelerometers in Android phones to bring another layer of preparedness and potentially life-saving information to people across every state,” the company explained in a blog post.

Using the accelerometer to sense vibrations and an apparent earthquake, the system quickly analyzes the crowdsourced data to determine if an earthquake is occurring. Google says it has been working with many experts to continue the system’s improvement. Depending on the severity of the earthquake, you’ll get two types of notifications. A little pop up on your screen if it’s pretty weak with light shaking or a complete screen takeover for moderate to extreme shaking. These are called Take Action alerts, complete with the classic drop, cover, and hold instructions.

Read more of this story at Slashdot.

Volvo Backtracks On 2030 EV-Only Pledge

Volvo now says it will push back its deadline to sell only electric vehicles by 2030, citing the need for stronger government support. “The new plans call for 90 to 100% of global sales to be electrified, including EVs and plug-in hybrids (PHEVs),” reports Electrek. “The other up to 10% will be “a limited number of hybrids” if needed. By 2025, Volvo expects 50 to 60% of sales to be electrified.” From the report: Volvo was one of the first automakers to set a 100% EV sales goal by 2030. The announcement was made over three years ago in March 2021. The plan was to sell only fully electric cars while phasing out “any car in its global portfolio with an internal combustion engine, including hybrids.” […]

Volvo has already launched five all-electric models: the EX40, EC40, EX30, EM90, and the EX90. After delivering its first model in January, the Volvo EX30 is already the third best-selling EV in Europe. Another five EVs are in development. However, Volvo said the shift comes as the charging infrastructure rollout has been out slower than expected, and government incentives have been withdrawn. Volvo is calling for stronger and more stable government policies to support the transition to EVs.

Volvo also adjusted its CO2 reduction goal. The company aims to reduce CO2 emissions per car by 65% to 75% by 2030 (using 2018 as a baseline). That’s down from the previous 75% reduction target. Next year, Volvo aims for a 30 to 35% reduction (with 2018 as a baseline), down from 40%. The company is still working with suppliers to cut CO2 emissions across its value chain. “We are resolute in our belief that our future is electric,” said Volvo Cars CEO Jim Rowan. “An electric car provides a superior driving experience.”

Despite this, “it is clear that the transition to electrification will not be linear, and customers and markets are moving at different speeds of adoption,” Rowan explained.

Read more of this story at Slashdot.