Over 300,000 Android Users Have Downloaded These Banking Trojan Malware Apps, Say Security Researchers

Over 300,000 Android smartphone users have downloaded what turned out to be banking trojans after falling victim to malware that has bypassed detection by the Google Play app store. ZDNet reports: Detailed by cybersecurity researchers at ThreatFabric, the four different forms of malware are delivered to victims via malicious versions of commonly downloaded applications, including document scanners, QR code readers, fitness monitors and cryptocurrency apps. The apps often come with the functions that are advertised in order to avoid users getting suspicious. In each case, the malicious intent of the app is hidden and the process of delivering the malware only begins once the app has been installed, enabling them to bypass Play Store detections.

The most prolific of the four malware families is Anatsa, which has been installed by over 200,000 Android users — researchers describe it as an “advanced” banking trojan that can steal usernames and passwords, and uses accessibility logging to capture everything shown on the user’s screen, while a keylogger allows attackers to record all information entered into the phone. […] The second most prolific of the malware families detailed by researchers at ThreatFabric is Alien, an Android banking trojan that can also steal two-factor authentication capabilities and which has been active for over a year. The malware has received 95,000 installations via malicious apps in the Play Store. […] The other two forms of malware that have been dropped using similar methods in recent months are Hydra and Ermac, which have a combined total of at least 15,000 downloads. ThreatFabric has linked Hydra and Ermac to Brunhilda, a cyber-criminal group known to target Android devices with banking malware. Both Hydra and Ermac provide attackers with access to the device required to steal banking information. ThreatFabric has reported all of the malicious apps to Google and they’ve either already been removed or are under review.

Read more of this story at Slashdot.

Browser Extension Shows How Many Brands On Amazon Are Actually Just Amazon

A new browser extension promises to show you which products in your Amazon search results are sold by brands that are either owned by or are exclusive to Amazon, giving you a better idea of who’s selling what you’re buying. The Verge reports: It’s called Amazon Brand Detector, and it uses a list of Amazon brands created by The Markup, along with filters and other techniques (detailed here) to detect and highlight products that are a part of Amazon’s Our Brands program. The Markup created this extension after its investigation into how Amazon ranks its in-house brands in search results and says the tool (available for Chrome-like browsers and Firefox) is designed to make searches more transparent. When we tested it, it obviously highlighted Amazon Basics and Essentials products, but it also drew attention to results that were otherwise indistinguishable from ones not affiliated with Amazon: a dog leash labeled as being made by Panykoo, socks by Teebulen, a sweater by Ofeefan.

While Amazon marked some of those results as “featured from our brands,” that wasn’t the case for all of them. That advisory text is also small and grey, making it easy to miss if you’re casually browsing (especially since there may not be any notice of the affiliation on the actual product page), and it didn’t show up on every result the tool highlighted. Amazon isn’t necessarily shadowy about these brands: it has a page that lists its “private and select exclusive brands,” many of which have legit-sounding names: Happy Belly, Wag, Nature’s Wonder. Some are private labels owned by Amazon, where some are “curated selections” sold exclusively on Amazon but not necessarily operated by the company. According to The Markup, the extension “does not collect any data” and should be compatible with other extensions.

Read more of this story at Slashdot.

‘Massive’ Startup Wants To Rent Your Spare Compute Power To Pay For Apps

What if users could pay for apps or services not with money or attention, but with their spare compute power? A startup called “Massive” is working to take this concept “into the modern world as an alternative to charging users or pounding them with advertisements to generate revenue,” writes TechCrunch’s Alex Wilhelm. From the report: Massive announced an $11 million round this morning, led by Point72 Ventures with participation from crypto-themed entities, including CoinShares Ventures and Coinbase Ventures. Several angels also participated in the funding event. The model is interesting, and Massive’s funding round is an indication that it has found some market traction. So, we get the company on the horn to learn more.

Massive co-founder and CEO Jason Grad described the startup’s work as something akin to an Airbnb or Turo for users’ computers, comparing its service to some of the more popular consumer-sharing startups that folks already know. It’s a reasonable comparison. Some 50,000 desktop computer users — nodes, in the company’s parlance — have opted into its service. Which is white hat, it goes without saying. Given that Massive is asking for compute power, it will have constant work to do to ensure that it is a good steward of user trust and partner selection; no one wants their spare CPU cycles to go to something illegal. The company has a good early stance toward caring for its nascent compute exchange, with a hard requirement of getting users to opt into its service before joining.

To start, Massive is working with crypto-focused companies. They have an obvious need for compute power, and the work they execute — running blockchain calculations — is monetized through block rewards and other fees, making them easy choices for partnerships. You can now see why the company’s investor list includes a number of crypto-focused venture capital firms. The startup’s goal is broader, however. It wants to build a two-sided marketplace for compute power, Grad explained. That means lots more users offering up a slice of their computing power, future acceptance of mobile devices, and a broader partner list. Part of the company’s perspective is rooted in the belief that the dominant business models of the internet today are lacking. “Shit,” to quote Grad directly.

Read more of this story at Slashdot.

Microsoft Edge’s Latest Feature Called a ‘Shameless Cash Grab’ by Critics

Microsoft Edge recently gained a feature that allows people to pay for online purchases in installments. It’s known as buy now, pay later (BNPL), and it’s currently in testing on Microsoft Edge Dev and Canary. The option drew criticism from fans and users of the browser that expressed frustration in the comments section of the post announcing the feature. From a report: The center of most complaints is the belief that Microsoft Edge is becoming bloated with shopping features rather than delivering a pure browsing experience. BNPL is optional, but its detractors are against the concept of Edge having shopping features built in. “It’s impressive how quickly you can throw away years of hard work and good will with a ridiculous feature like this,” said vyrotek. “The Edge teams need to pause and think how they possibly thought this was a good idea. Even the Bing features are getting too aggressive.” Cameron_Bush states asks for Microsoft to reconsider the addition. “This sounds like an awful idea that will only be seen as a shameless cashgrab are/or bloat by media outlets. I beg you reconsider pushing this to live. The negative press this feature is going to receive isn’t worth it.”

Read more of this story at Slashdot.

Israel and Iran Broaden Cyberwar To Attack Civilian Targets

Iranians couldn’t buy gas. Israelis found their intimate dating details posted online. The Iran-Israel shadow war is now hitting ordinary citizens. From a report: Millions of ordinary people in Iran and Israel recently found themselves caught in the crossfire of a cyberwar between their countries. In Tehran, a dentist drove around for hours in search of gasoline, waiting in long lines at four gas stations only to come away empty. In Tel Aviv, a well-known broadcaster panicked as the intimate details of his sex life, and those of hundreds of thousands of others stolen from an L.G.B.T.Q. dating site, were uploaded on social media. For years, Israel and Iran have engaged in a covert war, by land, sea, air and computer, but the targets have usually been military or government related. Now, the cyberwar has widened to target civilians on a large scale. In recent weeks, a cyberattack on Iran’s nationwide fuel distribution system paralyzed the country’s 4,300 gas stations, which took 12 days to have service fully restored.

That attack was attributed to Israel by two U.S. defense officials, who spoke on the condition of anonymity to discuss confidential intelligence assessments. It was followed days later by cyberattacks in Israel against a major medical facility and a popular L.G.B.T.Q. dating site, attacks Israeli officials have attributed to Iran. The escalation comes as American authorities have warned of Iranian attempts to hack the computer networks of hospitals and other critical infrastructure in the United States. As hopes fade for a diplomatic resurrection of the Iranian nuclear agreement, such attacks are only likely to proliferate. Hacks have been seeping into civilian arenas for months. Iran’s national railroad was attacked in July, but that relatively unsophisticated hack may not have been Israeli. And Iran is accused of making a failed attack on Israel’s water system last year. The latest attacks are thought to be the first to do widespread harm to large numbers of civilians. Nondefense computer networks are generally less secure than those tied to state security assets.

Read more of this story at Slashdot.

Notifications Are Driving Us Crazy.

We’re on alert overload. Stray comments and offhand requests once shouted across the office now blink and buzz at us from Microsoft Teams and Slack. Our communication has grown fragmented, spread across myriad apps we have to learn, conform to, remember to check. From a report: Meanwhile, personal texts and social-media mentions have bled into the workday after all this time at home, adding another layer of distraction to our time on the clock. Why put your phone on silent if the boss isn’t hovering over you? Our culture has evolved to accommodate rapid communication, says Gloria Mark, a professor of informatics at the University of California, Irvine, and it can be mentally taxing. Many of us struggle to conjure up that brilliant thought that hit right before the notification burst in. “Your memory is just overflowing with information,” she says.

It doesn’t make for great circumstances for getting work done, but there are ways individuals, managers and organizations can contend with the onslaught. Dr. Mark’s research finds people switch screens an average of 566 times a day. Half the time we’re interrupted; the other half we pull ourselves away. Breaks — even mindless ones like scrolling Facebook — can be positive, replenishing our cognitive resources, Dr. Mark says. But when something external diverts our focus, it takes us an average of 25 minutes and 26 seconds to get back to our original task, she has found. (Folks often switch to different projects in between.) And it stresses us out. Research using heart monitors shows that the interval between people’s heart beats becomes more regular when they’re interrupted, a sign they’re in fight-or-flight mode. The onus is on teams and organizations to create new norms, Dr. Mark says. If individuals just up and turn off their notifications they’ll likely be penalized for missing information. Instead, managers should create quiet hours where people aren’t expected to respond. “It’s a matter of relearning how to work,” she says.

Read more of this story at Slashdot.

EU Complaint Accuses Microsoft of Anticompetitive Bundling of OneDrive, Teams in Windows

“Remember how Microsoft spent years in hot water in the late ’90s and early ’00s by forcing Internet Explorer on its customers?” asks ZDNet.

“European open-source cloud company Nextcloud does.”

Now, with a coalition of other European Union (EU) software and cloud organizations and companies called the “Coalition for a Level Playing Field,” Nextcloud has formally complained to the European Commission about Microsoft’s anti-competitive behavior by aggressively bundling its OneDrive cloud, Teams, and other services with Windows 10 and 11.

Nextcloud claims that by pushing consumers to sign up and hand over their data to Microsoft, the Windows giant is limiting consumer choice and creating an unfair barrier for other companies offering competing services. Specifically, Microsoft has grown its EU market share to 66%, while local providers’ market share declined from 26% to 16%. Microsoft has done this not by any technical advantage or sales benefits, but by heavily favoring its own products and services, self-preferencing over other services. While self-preferencing is not illegal per se under EU competition laws, if a company abuses its dominant market position, it can break the law. Nextcloud states that Microsoft has outright blocked other cloud service vendors by leveraging its position as gatekeeper to extend its reach in neighboring markets, pushing users deeper into its ecosystems. Thus, more specialized EU companies can’t compete on merit, as the key to success is not a good product but the ability to distort competition and block market access….

So, Nextcloud is asking the European Commission’s Directorate-General for Competition to prevent this kind of abusive behavior and keep the market competitive and fair for all players. Nextcloud is doing this by filing an official complaint with this body. In addition, Nextcloud has also filed a request with the German antitrust authorities, the Bundeskartellamt, for an investigation against Microsoft. With its partners, it’s also discussing filing a similar complaint in France.

Nextcloud is being joined in its complaint by several open-source, non-profit organizations. These include the European DIGITAL SME Alliance; the Document Foundation, LibreOffice’s backing organization; and the Free Software Foundation Europe (FSFE)… Numerous businesses are also supporting Nextcloud’s legal action. This includes Abilian, an open-source software publisher; DAASI, an open-source identity management company; and Mailfence.

Read more of this story at Slashdot.

‘Malicious Actors’ are Compromising Google Cloud Accounts, Installing Cryptocurrency Miners

CNBC reports:

Cryptocurrency miners are using compromised Google Cloud accounts for computationally-intensive mining purposes, Google has warned. The search giant’s cybersecurity team provided details in a report published Wednesday. The so-called “Threat Horizons” report aims to provide intelligence that allows organizations to keep their cloud environments secure. “Malicious actors were observed performing cryptocurrency mining within compromised Cloud instances,” Google wrote in an executive summary of the report…

Google said 86% of 50 recently compromised Google Cloud accounts were used to perform cryptocurrency mining. In the majority of cases, cryptocurrency mining software was downloaded within 22 seconds of the account being compromised, Google said.

Read more of this story at Slashdot.

Raspberry Pi Trading Could Go Public This Spring

“According to a report in The Telegraph, Raspberry Pi Trading, the arm responsible for the creation of the Raspberry Pi 4, Raspberry Pi Pico and the new Raspberry Pi Zero 2 W could soon be listed with a value of more than £370m ($493m),” reports Tom’s Hardware:

Raspberry Pi Trading has hired advisors from two investment banks, Stifel and Liberum to advise on floating the company in spring 2022. The news comes just a few months after Raspberry Pi received a £45m ($60m) investment from Lansdowne Partners and the Ezrah Charitable Trust which was used to fund the development of new products as demand increased during the global pandemic. A source close to The Telegraph has valued Raspberry Pi at a premium of $500m…

“Obviously, the $45m we raised in September takes away some of the urgency around figuring out how we fund the future. On the other hand, we have great plans for what we are going to do over the next five years.” Eben Upton, talking to The Telegraph.

Read more of this story at Slashdot.

Breakthrough By McMaster PhD Student Creates Laser In Silicon

Long-time Slashdot reader thisisnotreal writes: Long sought-after, and previously thought impossible — a McMaster University PhD student in Hamilton Canada demonstrates a cost-effective and simple laser in silicon.

This could have dramatic consequences for the SiP (Silicon Photonics) — a hot topic for those working in the field of integrated optics. Integrated optics is a critical technology involved in advanced telecommunications networks, and showing increasing importance in quantum research and devices, such as QKD (Quantum Key Distribution) and in various entanglement type experiments (involved in Quantum Compute).

“This is the holy grail of photonics,” says Jonathan Bradley, an assistant professor in the Department of Engineering Physics (and the student’s co-supervisor) in an announcement from McMaster University. “Fabricating a laser on silicon has been a longstanding challenge.”

Bradley notes that Miarabbas Kiani’s achievement is remarkable not only for demonstrating a working laser on a silicon chip, but also for doing so in a simple, cost-effective way that’s compatible with existing global manufacturing facilities. This compatibility is essential, as it allows for volume manufacturing at low cost. “If it costs too much, you can’t mass produce it,” says Bradley.

Read more of this story at Slashdot.