Category Archives: Google

After EU ruling, Google CEO Pichai hints Android may not remain free

Google warns that Android may not be free in the future

We reported yesterday that Google has been imposed a record $5 billion (4.34 billion euros) fine by the European Union Commission on Wednesday for illegally abusing the dominance of its Android operating system.

Reacting to the EU ruling, Google’s CEO Sundar Pichai in a lengthy blog post said that “the decision rejects the business model that supports Android, which has created more choice for everyone, not less.”

The EU wants Google to stop pre-loading its Chrome browser and its search engine to Android. However, Google countered this statement by saying that the search giant doesn’t force anyone to use either of them and allows phone makers and developers to easily disable or delete pre- loaded apps on the phone and choose other apps instead.

According to Pichai, the free distribution of the Android platform, and of Google’s suite of applications, is “not only efficient” for phone makers and operators but is also of “huge benefit” for developers and consumers. He also added that “if phone makers and mobile network operators couldn’t include our apps on their wide range of devices, it would upset the balance of the Android ecosystem.” In other words, Pichai said that the phone makers will no longer be forced to bundle these apps but can still choose to do so.

However, Pichai warned that its Android business model could now change due to the EU ruling. “So far, the Android business model has meant that we haven’t had to charge phone makers for our technology or depend on a tightly controlled distribution model. We’ve always agreed that with size comes responsibility. A healthy, thriving Android ecosystem is in everyone’s interest, and we’ve shown we’re willing to make changes. But we are concerned that today’s decision will upset the careful balance that we have struck with Android, and that it sends a troubling signal in favor of proprietary systems over open platforms,” Pichai said.

Pichai also added that Google would be appealing against the EU decision. The search giant has 90 days to change its practices or face penalty payments of up to five percent of the worldwide average daily revenue of its parent company, Alphabet.

With Google’s CEO hinting that the free distribution of its own apps earns the company revenue required to maintain the development of the expensive platform, we could very soon see Google start charging phone makers for using the Android platform.

Source: The Verge

The post After EU ruling, Google CEO Pichai hints Android may not remain free appeared first on TechWorm.

Google, Which Owns, Confuses Users Searching For Its Rival DuckDuckGo and Redirects Them Back To Google

Commenting on the record $5 billion fine on Google by the European Commission, privacy focused search engine DuckDuckGo said this week it welcomes the decision as it has "felt [Google's] effects first hand for many years and has led directly to us having less market share on Android vs iOS and in general mobile vs desktop." The company said: Up until just last year, it was impossible to add DuckDuckGo to Chrome on Android, and it is still impossible on Chrome on iOS. We are also not included in the default list of search options like we are in Safari, even though we are among the top search engines in many countries. The Google search widget is featured prominently on most Android builds and is impossible to change the search provider. For a long time it was also impossible to even remove this widget without installing a launcher that effectively changed the whole way the OS works. Their anti-competitive search behavior isn't limited to Android. Every time we update our Chrome browser extension, all of our users are faced with an official-looking dialogue asking them if they'd like to revert their search settings and disable the entire extension. Google also owns and points it directly at Google search, which consistently confuses DuckDuckGo users. "If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is google," wrote security researcher Mikko Hypponen, summing up the story.

Read more of this story at Slashdot.

GoogleUserContent CDN Hosting Images Infected with Malware

By Waqas

The malware targets trusted Google sites. The metadata fields of images uploaded on trusted Content Delivery Network (CDN) of Google have been embedded with malicious code by hackers to compromise websites. This approach is indeed damaging because users never scan images for malware. The injected malware uses EXIF (Exchangeable Image File) format to hide the […]

This is a post from Read the original post: GoogleUserContent CDN Hosting Images Infected with Malware

EU slaps Google with record $5 billion fine in Android Antitrust Case

Google fined $5 billion fine for illegal restrictions on Android use

The European Union Commission on Wednesday imposed on Google a record $5 billion (4.34 billion euros) fine for illegally abusing the dominance of its Android operating system.

Margrethe Vestager, EU Antitrust Chief who is in charge of the competition policy, said that the U.S. tech giant has been unlawfully using Android’s near-monopoly since 2011 to improve usage of its own search engine and browser and to strengthen its dominant position in general Internet search.

“Today the commission has decided to fine Google 4.34 billion euros (USD 5 billion) for breaching EU antitrust rules,” Vestager told a press conference in Brussels. “Google has used Android as a vehicle to cement the dominance of its search engine. These practices have denied rivals the chance to innovate and compete on the merits. They have denied European consumers the benefits of effective competition in the important mobile sphere.”

Vestager said Google “must put an effective end to this conduct within 90 days or face penalty payments” of up to five percent of the worldwide average daily revenue of its parent company, Alphabet.

“Our case is about three types of restrictions that Google has imposed on Android device manufacturers and network operators to ensure that traffic on Android devices goes to the Google search engine,” said Vestager.

Particularly, Google required manufacturers to pre-install the Google Search app and browser app (Chrome), as a condition for licensing Google’s app store (the Play Store).

The search giant ultimately gave “financial incentives” to manufacturers and mobile network operators, if they exclusively pre-installed the Google Search app on their devices, the commission said.

The Commission also found that Google used the so-called anti-fragmentation agreements to stop phone makers from selling modified versions of Android.

Google said it would be appealing against the fine imposed by EU. “Android has created more choice for everyone, not less. A vibrant ecosystem, rapid innovation, and lower prices are classic hallmarks of robust competition. We will appeal the Commission’s decision,” a Google spokesperson said in a statement.

This statement was backed by Google’s CEO Sundar Pichai on Twitter, who said that Android’s existence has led to robust competition in a blog post on the subject.

It would be interesting to see how does the EU’s decision affect Google’s advertising business, as well as mobile phone manufacturers and app developers.

The post EU slaps Google with record $5 billion fine in Android Antitrust Case appeared first on TechWorm.

GV, Formerly Known as Google Ventures, For Years Has Used an Algorithm That Effectively Permits or Prohibits Both New and Follow-on Investments

Dan Primack, reporting for Axios: When most venture capitalists want approval to make a new investment, they go to their partners. When venture capitalists at GV do it, they go to something called "The Machine." Axios has learned that the firm, formerly known as Google Ventures, for years has used an algorithm that effectively permits or prohibits both new and follow-on investments. Staffers plug in all sorts of deal details into "The Machine" -- which is programmed with all sorts of market data, and returns traffic signal-like outputs. Green means go. Red means stop. Yellow means proceed with caution, but sources say it's usually the practical equivalent of red. It was initially designed and used as a due diligence assistant that could be overruled but, according to three sources, it has evolved into a de facto investment committee.

Read more of this story at Slashdot.

Automated money-laundering scheme found in free-to-play games

The scammers automatically created iOS accounts with valid email accounts, then automatically used stolen cards to buy and resell stuff.

Smashing Security #087: How Russia hacked the US election

Smashing Security #087: How Russia hacked the US election

Regardless of whether Donald Trump believes Russia hacked the Democrats in the run-up to the US Presidential election or not, we explain how they did it. And Carole explores some of the creepier things being done in the name of surveillance.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Google Fined $5.05 Billion By EU: Android Illegally Used Dominate Search

The European Commission has imposed a fine of $5.05 Billion for violating EU antitrust rules stating that Google has imposed

Google Fined $5.05 Billion By EU: Android Illegally Used Dominate Search on Latest Hacking News.

What’s the real value—and danger—of smart assistants?

You’ve heard them called virtual assistants, digital personal assistants, voice assistants, or smart assistants. Operated by artificial intelligence, technologies such as Siri, Alexa, Google Assistant, and Cortana have become ubiquitous in our culture. But what exactly do they do? And how seriously should we take them? While all the tech giants want us to use their smart assistants all the time, what do they offer us in return? And how do we keep our information and conversations safe?

Each of these smart assistants is limited by the platform and the devices they are running on. I shouldn’t expect Amazon’s Echo to give me step-by-step directions to the nearest pizza place…or should I?

Here’s what you need to know about smart assistants and the real value (and danger) they provide.

Getting started

If you’re looking to purchase a smart assistant, it’s best to take a beat and think about what it is you really need from it. Do you want to be able to control appliances or other devices in your home at the sound of your voice? Do you want to be able to look up valuable information without having to reach for your phone or boot up your computer? Are you looking for some virtual company for yourself or your kids?

While all these virtual assistants have a wealth of information at their disposal, it requires some getting used to in order to make optimal use of their possibilities. In addition, they each have their specialties, so take a good hard look at which technology is the best fit for your needs. And while you are shopping around, do not ignore the security implications—both what’s possible today and what could come to pass.

Understanding voice commands

While smart assistants have come a long way since the early days of Siri, they all have a common flaw: a less-than-accurate reading of voice commands. When the smart assistant is unable to understand the voice command, its AI experiences a dilemma between being sure of the received instructions and the danger of annoying the owner by having to ask to repeat the question or instructions too many times. This brings with it the risk of the assistant misunderstanding the given instructions and taking unwanted actions as a result.

We have covered this subject before, focusing on some of the vulnerabilities that researchers were able to uncover in smart assistants’ voice commands. The possible consequences can range from slightly annoying mistakes to ridiculous behavior, such as sending a recorded conversation to all your contacts.

Improvements in voice command technology are being made each year, as more precise algorithms are created to better adapt to complex vocal signals. Machine learning is being credited with significantly improving voice recognition, but there’s a long way to go before smart assistants can hear and process requests with the accuracy of human beings.

Kids and smart assistants

Do you let your kids/grandchildren play with your phone? Notwithstanding the fact that at a certain age our grandchildren probably have a better understanding of the phone than we do, we must warn against unsupervised usage of smart devices by young children. This absolutely extends to smart assistants, who can be accessed by children in the house alone, by simple voice command.

Parental controls are available for most of these devices, and some smart assistants have even been developed specifically for kids and allow for parents to easily access search history. Unlike phones and other screen devices, smart assistants are screen-less and encourage more human-like interactions. Experts are cautiously optimistic of the effects of smart assistants on children, but we hesitate to fully endorse the technology’s safety for kids, especially considering some of the security vulnerabilities inherent in the software, which we will cover below.

Read: Parenting in the Digital World: a review


Most of us, and I’m including myself here, love to show off what our latest gadgets can do. So we may be tempted, without thinking it through, to give control over our IoT devices to our smart assistants. Under normal circumstance,s this shouldn’t be a problem—but circumstances are not always normal. Devices get lost, stolen, hacked into, and otherwise compromised by less-than-well-meaning individuals, which can be troublesome, to say the least, when they are in control of your domestic devices.

One such abnormal circumstance is a cybersecurity attack method that researchers have investigated called “dolphin attacks.” These are ultrasonic audio waves that are hard to hear for humans, but that the smart assistant would interpret as a command. To protect yourself from these types of attacks, you would have to turn the smart assistant off until you need it or introduce a confirmation protocol for certain commands, which would alert the human to the fact that the assistant has received a command of some sort. For convenience, the protocol could be set to work only in the case of sensitive operations. One could compare this to a 2FA for a certain subset of commands.

By using virtual assistants to do our online shopping, we also run the risk of these technologies and their parent companies learning facts about us that could be potentially sensitive, such as payment information and product ordering history. Consequently, this information is stored in the cloud, where security would be in the hands of the operator of the smart assistant or their cloud provider.

And with the growth of smart assistant usage, you can imagine this grows the interest of malware authors looking for associated vulnerabilities and bugs they can abuse for personal gain. In fact, the weaponization of IoT is just starting, but we expect it to grow quickly as there is little security in place to stop it.

Other concerns

Paying attention

Another important thing to keep in mind is that we humans are not as good as multi-tasking as we like to think. Even as your virtual assistant reads out your email to you, your brain gets distracted enough to avoid performing tasks that require your full attention. You could end up either missing the point of the mail or spicing up your family dinner with something inedible.


Even though this study showed no conclusive results about apps listening in on our conversations, we should realize that by using voice-activated assistants, we have implicitly given them permission to eavesdrop on us. They are designed to pat attention and wait for an activation command. And how often do we realize this, and turn them off when we don’t want or need them to listen? (My guess would be close to never.) If we are honest with ourselves, we don’t think to do this—plus how inconvenient is it to constantly boot up a device every time you want to use it, especially one designed to interact seamlessly with your life? As a consequence, they are always on standby and therefore always listening.

At least it’s funny

On the bright side, we have been introduced to a whole new dimension of humor, thanks to the snarky writers behind smart assistants’ programmed responses.

  • We can let the virtual assistants talk to each other and see what develops.
  • We can introduce smart assistants as guest stars in comedy TV shows. Who remembers The Big Bang Theory’s Raj meeting Siri “in the flesh”?
  • We can even try to make them tell us jokes.

If the story develops to our liking, maybe in a few years we’ll only remember the fun parts—leaving the security woes behind us. But if it develops in much the same way as many new “smart” applications have over the last few years, it will be more like: We thought it was fun at the time.

Don’t become a victim of your smart assistant. Use the parts of it that give personal value to you and your quality of life, and tighten up security on parts you don’t need. Think about what information you trust your assistant with and who could be behind the scenes. And remember: just because it’s a new, fun technology doesn’t mean you have to have it.

The post What’s the real value—and danger—of smart assistants? appeared first on Malwarebytes Labs.

EU Fines Google Record $5 Billion in Android Antitrust Case

Google has been hit by a record-breaking $5 billion antitrust fine by the European Union regulators for abusing the dominance of its Android mobile operating system and thwarting competitors. That's the largest ever antitrust penalty. Though Android is an open-source and free operating system, device manufacturers still have to obtain a license, with certain conditions, from Google to

EU Regulators Fine Google Record $5 Billion in Android Case

The European Union hit Alphabet's Google with a record antitrust fine of $5.06 billion on Monday, a decision that could loosen the company's grip on its biggest growth engine: mobile phones. From a report:The European Commission ordered Google to end the illegal conduct within 90 days or face additional penalties of up to 5 percent of parent Alphabet's average daily worldwide turnover. The EU enforcer also dismissed Google's arguments citing Apple as a competitor to Android devices, saying the iPhone maker does not sufficiently constrain Google because of its higher prices and switching costs for users. The European Commission finding is the most consequential decision made in its eight-year antitrust battle with Google. The fine significantly outstrips the $2.8B charge Brussels imposed on the company last year for favoring its own site in comparison shopping searches. The decision takes aim at a core part of Google's business strategy over the past decade, outlawing restrictions on its Android operating system that allegedly entrenched Google's dominance in online search at a time when consumers were moving from desktop to mobile devices. Android is the operating system used in more than 80 per cent of the world's smartphones and is vital to the group's future revenues as more users rely on mobile gadgets for search services. Google has denied wrongdoing. The European Commission took issues with the following practices: In particular, Google: 1. has required manufacturers to pre-install the Google Search app and browser app (Chrome), as a condition for licensing Google's app store (the Play Store); 2. made payments to certain large manufacturers and mobile network operators on condition that they exclusively pre-installed the Google Search app on their devices; and 3. has prevented manufacturers wishing to pre-install Google apps from selling even a single smart mobile device running on alternative versions of Android that were not approved by Google (so-called "Android forks"). Update: Google has announced that it would be appealing against the record fine. In a statement, the company said, "Android has created more choice for everyone, not less. A vibrant ecosystem, rapid innovation and lower prices are classic hallmarks of robust competition. We will appeal the Commission's decision." Update 2: In a blog post, Sundar Pichai, CEO of Google, said, the European Commission's decision ignores and misses several facts. He wrote: Today, the European Commission issued a competition decision against Android, and its business model. The decision ignores the fact that Android phones compete with iOS phones, something that 89 percent of respondents to the Commission's own market survey confirmed. It also misses just how much choice Android provides to thousands of phone makers and mobile network operators who build and sell Android devices; to millions of app developers around the world who have built their businesses with Android; and billions of consumers who can now afford and use cutting-edge Android smartphones. Today, because of Android, there are more than 24,000 devices, at every price point, from more than 1,300 different brands, including Dutch, Finnish, French, German, Hungarian, Italian, Latvian, Polish, Romanian, Spanish and Swedish phone makers. [...] The free distribution of the Android platform, and of Google's suite of applications, is not only efficient for phone makers and operators -- it's of huge benefit for developers and consumers. If phone makers and mobile network operators couldn't include our apps on their wide range of devices, it would upset the balance of the Android ecosystem. So far, the Android business model has meant that we haven't had to charge phone makers for our technology, or depend on a tightly controlled distribution model. [...] Rapid innovation, wide choice, and falling prices are classic hallmarks of robust competition and Android has enabled all of them. Today's decision rejects the business model that supports Android, which has created more choice for everyone, not less. We intend to appeal. Update 3: The French government said on Wednesday that it welcomes the record fine imposed on Google by European Union regulators, with a government spokesman describing it as an "excellent decision."

Read more of this story at Slashdot.

Google brings free MLCC Study Jam Series to India

Google gets the Machine Learning Crash Course (MLCC) Study Jam series to India

In May 2018, Google and National Institution for Transforming India (NITI) Aayog had jointly signed a Statement of Intent (SoI) with an objective of developing growth in India’s Artificial Intelligence (AI) and Machine Learning (ML) ecosystem through a variety of initiatives across the country.

Now, almost two months later, Google has brought the free Machine Learning Crash Course (MLCC) Study Jam series to India. According to Google, AI has helped farmers detect the onset of crop infections, enables doctors to identify the occurrence of diabetic blindness among millions and many more. Through this course, the company aims to enhance developers’ technical proficiency in ML, enabling them to apply cutting-edge methods to help take on a range of practical challenges.

Chetan Krishnaswamy, Director of Public Policy at Google India, in a blog post said that “In India, the AI ecosystem is nascent but is developing rapidly. With companies of all sizes adopting AI in their solutions, there is a clear and present need for trained and technically-equipped developers to drive these AI-related challenges and projects.”

He further added, “MLCC covers numerous machine learning fundamentals, from basic concepts such as loss function and gradient descent, then building through more advanced theories like classification models and neural networks.”

MLCC is Google’s flagship machine learning course, initially created for Google engineers and was taken up by more than 18,000 Googlers. The tech giant will train Indian developers in the field of ML with the same course as part of the program. Recently, the course was made available to the public with a view towards “making AI and its benefits accessible to everyone”. MLCC offers exercises, interactive visualizations, and instructional videos that anyone can use to learn and practice ML concepts.

Since this is a free course, MLCC is intended for those who wish to learn about ML from a practical, applied perspective that will enable them to understand TensorFlow and incorporate best practices into their everyday projects. Further, this course is also suitable for developers with basic machine learning knowledge, who are eager to gain experience in ML and TensorFlow.

For more details regarding the free course, you can visit the website and apply for a study jam here.

Source: Google

The post Google brings free MLCC Study Jam Series to India appeared first on TechWorm.

Google Maps API Becomes ‘More Difficult and Expensive’

Government Technology reports: On July 16, Google Maps is going to make it more difficult and expensive to use its API, which could make custom maps that rely on the service less sustainable or even unfeasible for the people who made them... First, Google Maps is requiring all projects to have an official API key in order to work. If a user doesn't have a key, the quality of the map will likely be reduced, or it could simply stop working. Second, API keys will only work if they are attached to somebody's credit card. Google will charge that card if users exceed a certain number of API requests, which is different for different services. Google will provide users a free $200 credit toward those costs each month... There are a couple places where the changes might have more of an impact. One is in the civic hacking space, where people often work with government data to create niche projects that aim for low costs, or are free so that as many people as possible can use them... "I think that's what scares people a little bit, it certainly scares me, this thought of having this API out there and not knowing how many people are going to use it," said Derek Eder, founder of the civic tech company DataMade. "I don't want to suddenly get a bill for $1,000." There's at least three Open Source alternatives, and lists nine more. Slashdot reader Jiri_Komarek also points out that Google's move was good news for its competitor, MapTiler. "Since Google announced the pricing change the number of our users increased by 200%," said Petr Pridal, head of the MapTiler team. "We expect more people to come as they get their first bill from Google."

Read more of this story at Slashdot.

Google’s Chrome RAM usage increases due to Spectre fixes

Google Chrome will now consume more RAM, thanks to Spectre fix

Although Google’s Chrome started out as one of the least memory hungry browsers in the market, the web browser has started using up a lot of RAM space over a period of time.

To make matters worse, Google has pushed out a major security update to the latest version of Chrome, the 67, that will increase Chrome’s RAM usage by over 10%. However, this time around, it is done to reduce any future security threats posed by the highly-publicized system vulnerabilities like Spectre and Meltdown that shook the technology industry in January. This was due to the design flaw that affected every CPU in the market, enabled hackers to launch attacks such as stealing sensitive information when victims visit malicious websites.

In an official security blog post, Google’s software engineer Charlie Reis announced that it has enabled a security feature called Site Isolation on Chrome 67 to improve stability and make the web browser more resistant to attacks such as Spectre. The Site Isolation feature is enabled on Windows, Mac, Linux, and Chrome OS platforms that are running Chrome 67.

By enabling Site Isolation, websites that are opened in separate tabs on Google Chrome will be treated as different processes instead of a single one.

“This means that even if a Spectre attack were to occur in a malicious web page, data from other websites would generally not be loaded into the same process, and so there would be much less data available to the attacker. This significantly reduces the threat posed by Spectre,” Reis said.

However, the disadvantage of this feature is that users will have to trade increased RAM consumption and performance slowdown for some added security.

“Site Isolation does cause Chrome to create more renderer processes, which comes with performance tradeoffs: on the plus side, each renderer process is smaller, shorter-lived, and has less contention internally, but there is about a 10-13% total memory overhead in real workloads due to the larger number of processes. Our team continues to work hard to optimize this behavior to keep Chrome both fast and secure.”, Reis added.

The Site Isolation has been enabled on 99% of Chrome 67 users on all platforms. However, the search giant has reserved 1% to monitor and improve performance considering the large scope of this change. Further, the feature is expected to be available on an experimental basis in Chrome 68 for Android later this month. Users will be able to find out if Site Isolation is running by typing “chrome://process-internals” into the address bar. Additionally, Site Isolation will also be added as a stable security feature on Chrome for Android to handle similar security threats.

The post Google’s Chrome RAM usage increases due to Spectre fixes appeared first on TechWorm.

Chrome users get Site Isolation by default to ward off Spectre attacks

Site Isolation, the optional security feature added to Chrome 63 late last year to serve as protection against Spectre information disclosure attacks, has been enabled by default for all desktop Chrome users who upgraded to Chrome 67. How Site Isolation mitigates risk of Spectre attacks “In January, Google Project Zero disclosed a set of speculative execution side-channel attacks that became publicly known as Spectre and Meltdown. An additional variant of Spectre was disclosed in May. … More

The post Chrome users get Site Isolation by default to ward off Spectre attacks appeared first on Help Net Security.

Smashing Security #086: Elon Musk submarine scams and 2FA bypass

Smashing Security #086: Elon Musk submarine scams and 2FA bypass

Crypto scamming Thai cave scoundrels! $25 million to make anti-fake news videos! TimeHop data breach! Phone number port out scams!

All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by B J Mendelson.

CoinImp Cryptominer and Fully Qualified Domain Names

CoinImp Cryptominer and Fully Qualified Domain Names

We are all familiar with the conventional domain name notation, where different levels are concatenated with the full stop character (period).

E.g. “”, where “www” is a subdomain, “example” is a second level domain, and “com” is a top-level domain.

However, very few know that there is also a DNS root domain and it can be also specified in the fully qualified domain names.

Continue reading CoinImp Cryptominer and Fully Qualified Domain Names at Sucuri Blog.

Google and Facebook Used in Phishing Campaigns

Google and Facebook Used in Phishing Campaigns

We’ve all seen sketchy looking emails or texts with malicious links to click on. There are still people who fall for these more obvious types of scams, however, phishing scam messages are designed to be deceiving. They use methods that appear valid or of some urgent matter, encouraging its victim to hand over their data.

Phishing Campaigns

Phishing attempts happen in many ways, such as:

  • deceptive email campaigns,
  • suspicious SMS alerts (called smishing),
  • fake websites designed to look and sound authentic, and more.

Continue reading Google and Facebook Used in Phishing Campaigns at Sucuri Blog.

How to Improve Website Resilience for DDoS Attacks – Part I

How to Improve Website Resilience for DDoS Attacks – Part I

Denial of Service (Dos) and Distributed Denial of Service (DDoS) attacks are unforgiving. They test the limits of your web server and application resources by sending spikes of fake traffic to your website. It is also notoriously difficult to conduct forensics on a DDoS attack, making the source of the attack a mystery.

DDoS attacks are getting cheaper, more sophisticated and more readily accessible every day. As a result, they have become an instrument of war for both commercial and political purposes.

Continue reading How to Improve Website Resilience for DDoS Attacks – Part I at Sucuri Blog.

Malware on Google Play Targets North Korean Defectors

Earlier this year, McAfee researchers predicted in the McAfee Mobile Threat Report that we expect the number of targeted attacks on mobile devices to increase due to their ubiquitous growth combined with the sophisticated tactics used by malware authors. Last year we posted the first public blog about the Lazarus group operating in the mobile landscape. Our recent discovery of the campaign we have named RedDawn on Google Play just a few weeks after the release of our report proves that targeted attacks on mobile devices are here to stay.

RedDawn is the second campaign we have seen this year from the “Sun Team” hacking group. In January, the McAfee Mobile Research Team wrote about Android malware targeting North Korean defectors and journalists. McAfee researchers recently found new malware developed by the same actors that was uploaded on Google Play as “unreleased” versions. We notified both Google, which has removed the malware from Google Play, and the Korea Internet & Security Agency.

Our findings indicate that the Sun Team is still actively trying to implant spyware on Korean victims’ devices. (The number of North Korean defectors who came to South Korea exceeded 30,000 in 2016, according to Radio Free Asia.) Once the malware is installed, it copies sensitive information including personal photos, contacts, and SMS messages and sends them to the threat actors. We have seen no public reports of infections. We identified these malwares at an early stage; the number of infections is quite low compared with previous campaigns, about 100 infections from Google Play.

Malware on Google Play

Malware uploaded on Google Play (now deleted).

We found three apps uploaded by the actor we named Sun Team, based on email accounts and Android devices used in the previous attack. The first app in this attack, 음식궁합 (Food Ingredients Info), offers information about food; the other two apps, Fast AppLock and AppLockFree, are security related. 음식궁합 and Fast AppLock secretly steal device information and receive commands and additional executable (.dex) files from a cloud control server. We believe that these apps are multi-staged, with several components. AppLockFree is part of the reconnaissance stage we believe, setting the foundation for the next stage unlike the other two apps. The malwares were spread to friends, asking them to install the apps and offer feedback via a Facebook account with a fake profile promoted 음식궁합.

Links to Previous Operations

After infecting a device, the malware uses Dropbox and Yandex to upload data and issue commands, including additional plug-in dex files; this is a similar tactic to earlier Sun Team attacks. From these cloud storage sites, we found information logs from the same test Android devices that Sun Team used for the malware campaign we reported in January. The logs had a similar format and used the same abbreviations for fields as in other Sun Team logs. Further, the email addresses of the new malware’s developer are identical to the earlier email addresses associated with the Sun Team. The relationship among email addresses and test devices is explained in the following diagram.

The use of identical email addresses ties the two malware campaigns to the same attacker.

About the Actors

After tracking Sun Team’s operations, we were able to uncover different versions of their malware. Following diagram shows the timeline of the versions.

Timeline of different malware versions of Sun Team.

Timeline shows us that malwares became active in 2017. Sun Team’s only purpose is to extract information from devices as all of the malwares are spywares. Malwares on Google Play stayed online for about 2 months before being deleted.

In our post of the earlier attack by this actor, we observed that some of the Korean words found on the malware’s control server are not in South Korean vocabulary and that an exposed IP address points to North Korea. Also, Dropbox accounts were names from South Korean drama or celebrities.

In the new malware on Google Play, we again see that the Korean writing in the description is awkward. As in the previous operation, the Dropbox account name follows a similar pattern of using names of celebrities, such as Jack Black, who appeared on Korean TV. These features are strong evidence that the actors behind these campaigns are not native South Koreans but are familiar with the culture and language. These elements are suggestive though not a confirmation of the nationality of the actors behind these malware campaigns.

Sun Team’s test devices originate from various countries.

Moreover, we uncovered information about the attacker’s Android test devices and exploits they tried to use. The devices are manufactured in several countries and carry installed Korean apps, another clue that the threat actors can read Korean. The exploits codes were found uploaded on one of the cloud storages used by Sun Team which are modified versions of publicly available sandbox escape, privilege escalation, code execution exploits that added functions to drop their own Trojans on victims’ devices. The modified exploits suggest that the attackers are not skillful enough to find zero days and write their own exploits. However, it is likely just a matter of time before they start to exploit vulnerabilities.

Modified exploits installing the Sun Team’s Trojan.

The most concerning thing about this Sun Team operation is that they use photos uploaded on social network services and identities of South Koreans to create fake accounts. We have found evidence that some people have had their identities stolen; more could follow. They are using texting and calling services to generate virtual phone numbers so they can sign up for South Korean online services.


This malware campaign used Facebook to distribute links to malicious apps that were labeled as unreleased versions. From our analysis, we conclude that the actor behind both campaigns is Sun Team. Be cautious when installing unreleased or beta versions of any app. Also, check the number of downloads to see if an app is widely installed; avoid obscure apps.

McAfee Mobile Security detects this malware as Android/RedDawn.A, B. Always keep your mobile security application updated to the latest version.

The post Malware on Google Play Targets North Korean Defectors appeared first on McAfee Blogs.

ThreatSTOP Incorporates Google, YouTube & Bing Safe Search as New Content Filtering Policies

We are happy to announce that we have incorporated Google, YouTube and Bing Safe Search option simply by adding the new targets to your policy. Safe Search is a feature that acts as an automated filter of pornography and potentially offensive content. It is possible to enforce safe search filters by modifying DNS queries so, for instance, safe search will be always on for YouTube. Using that Safe Search is now available via the ThreatSTOP platform. To enable it on your DNS all you have to do is add the relevant list to your policy and the DNS Defense Will automatically do the rest for you. The new targets available to add are:

Safer Internet Day: 4 Things You Might Not Realise Your Webfilter Can Do

Since it's Safer Internet Day today, I thought i'd use it as an excuse to write a blog post. Regular readers will know I don't usually need an excuse, but I always feel better if I do.

Yesterday, I was talking to our Content Filter team about a post on the popular Edugeek forum, where someone asked "is it possible to block adult content in BBC iPlayer?". Well, with the right web filter, the answer is "yes", but how many people think to even ask the question? Certainly we hadn't thought much about formalising the answer. So I'm going to put together a list of things your web filter should be capable of, but you might not have realised...

1. Blocking adult content on "TV catch up" services like iPlayer. With use of the service soaring, it's important that any use in education is complemented with the right safeguards. We don't need students in class seeing things their parents wouldn't want them watching at home. There's a new section of the Smoothwall blocklist now which will deal with anything on iPlayer that the BBC deem unsuitable for minors.

2. Making Facebook and Twitter "Read Only". These social networks are great fun, and it can be useful to relax the rules a bit to prevent students swarming for 4G. A read-only approach can help reduce the incidence of cyber-bullying and keep users more focused.

3. Stripping the comments out of YouTube. YouTube is a wonderful resource, and the majority of video is pretty safe (use Youtube for Schools if you want to tie that down further — your filter can help you there too). The comments on videos, however, are often at best puerile and at worst downright offensive. Strip out the junk, and leave the learning tool - win win!

4. Busting Google searches back down to HTTP and forcing SafeSearch. Everybody appreciates a secure service, but when Google moved their search engine to HTTPS secure traffic by default, they alienated the education community. With SSL traffic it is much harder to vet search terms, log accesses in detain, and importantly force SafeSearch. Google give you DNS trickery to force the site back into plain HTTP - but that's a pain to implement, especially on a Windows DNS server. Use your web filter to rewrite the requests, and have the best of both.

Analyzing [Buy Cialis] Search Results

A few days ago I was updating the spammy word highlighting functionality in Unmask Parasites results and needed to test the changes on real websites. To find hacked websites with spammy content I would normally google for [viagra] or [cialis], which are arguably the most targeted keywords used in black hat SEO hacks. However after the Google’s June update in how they rank web pages for spammy queries, I didn’t have much expectation of seeing hacked sites on the first page of search results for my usual [buy cialis] query and was ready to check a few more pages.

Indeed, for queries like [payday loans] I can see quite relevant results on the first three pages. All sites are specialized and don’t look like doorways on hacked sites. That’s really good. For [viagra] I found only one result on the first page pointing to a doorway on a hacked site. Still good.

However, when I entered a really spammy combination [buy viagra], the search results were less than optimal — 5 out of 10 led to hacked sites. And at least 2 out of the rest 5 specialized sites were promoted using hidden links on hacked sites. Not good. And the worst results (although ideal for testing my update) were for the [buy cialis] query — 100% of results on the first page (10 out of 10) led to doorways on hacked sites or simply spammy web pages. Not a single result from websites that really have anything to do with cialis.

buy cialis results

Results analysis

Here is the breakdown of the first 10 results (links go to real time Unmask Parasites reports for these pages and at the moment of writing they all reveal spammy content. However this may change over time):

  1. www.epmonthly .com/advertise/ — doorway on a hacked site
  2. werenotsorry .com/ — strange spammy site with a rubbish content like this “The car buy cialis in your car is the ultimate well source of electrical amazing power in your car.
  3. incose .org/dom/ — doorway on a hacked site.
  4. www.deercrash .org/buy/cialis/online/ — doorway on a hacked site
  5. jon-odell .com/?p=54 — doorway on a hacked site
  6. www.goodgrief .org .au/Cialis/ — doorway on a hacked site
  7. www.asm .wisc .edu/buy-cialis — doorway on a hacked site
  8. www.mhfa .com .au/cms/finance-home/ — doorway on a hacked site
  9. www .plowtoplate .org/library/51.html — doorway on a hacked site
  10. john-leung .com/?p=16 — doorway on a hacked site

Over the course of the past week the results slightly fluctuated and sometimes I saw the following links on the first SERP.

Out of 18 links that I encountered on the first page for [buy cialis] 15 point to doorways on hacked sites, 1 to a site with unreadable machine-generated text (still not sure whether it’s some SEO experiment or a backdoor with a tricky search traffic processing procedure) and 2 specialized sites relevant to the query but with quite bad backlink profiles. Overall 0% of results that follow Google’s quality guidelines.

So the Google’s update for spammy queries doesn’t seem to work as it should at least for some über spammy queries. It’s sad. And the reason why I’m sad is not that I worry about people who use such queries on Google to buy some counterfeit drugs. My major concern is this situation justifies the huge number of sites (many thousands) that cyber-criminals hack in order to put a few of their doorways to the top for relevant queries on Google.

Behind the scenes

The above 15 hacked sites that I found on the first Google’s SERP are actually only a tip of the iceberg. Each of them is being linked to from many thousands (if not millions) pages from similarly hacked sites. Here you can see a sample list of sites that link to the above 15 (you might need a specialized tool like Unmask Parasites to see hidden and cloaked links there).

Many of the hacked web pages link to more than one doorway page, which maximizes changes that one of them will be finally chosen by Google to be displayed on the first page for one of the many targeted keywords. And at the same time this helps to have a pool of alternative doorways in case some of them will be removed by webmasters or penalized by Google. As a result, the networks of doorways, landing pages and link pages can be very massive. Here you can see a list with just a small part of spammy links (338 unique domains) that can be found on hacked web pages.

.gov, .edu and .org

Among those hacked sites you can find sites of many reputable organizations, which most likely greatly help to rank well on Google. There are many compromised sites of professional associations, universities and even governmental sites, for example (as of August 19th, 2013):

Volume of spammy backlinks

If you take some of the top results and check their backlink profiles (I used Majestic SEO Site Explorer), you’ll see how many domains can be compromised (or spammed) just in one black hat SEO campaign. And we know that there are many ongoing competing campaigns just for “cialis” search traffic, so you can imaging the overall impact.

backlink profile

On the above screenshot you can see that thousands of domains linking to “www .epmonthly .com/advertise/” using various “cialis” keywords.

The situation with “www. epmonthly .com/advertise/” is quite interesting. If you google for [“www.epmonthly .com/advertise/”] you’ll see more than a million results pointing to web pages where spammers used automated tools to post spammy links (including this one) in comments, profiles , etc. but failed to verify whether those sites accept the HTML code they were posting (still many sites, while escaping the HTML code, automatically make all URLs clickable, so those spammers finally achive their goal) .

Typical black hat SEO tricks

In addition to annoying but pretty harmless comment spamming, forum spamming and creating fake user profiles, black hats massively hack websites with established reputation and turn them into their SEO assets.

The most common use for a hacked site is injecting links pointing to promoted resources (it can be a final landing page, or a doorway, or an intermediary site with links). Here is what such web pages may look like in Unmask Parasites reports:

spammy keyword highlighting

To hide such links from site owners, hackers make them hidden. For example, they can place them in an off-screen <div>

<div style="position:absolute; left:-8745px;">...spammy links here...</div>

Or put them in a normal <div> and add a JavaScript to make this <div> invisible when a browser loads the page

<div id='hideMe'> ... spammy links here.... </div>
<script type='text/javascript'>if(document.getElementById('hideMe') != null){document.getElementById('hideMe').style.visibility = 'hidden';document.getElementById('hideMe').style.display = 'none';}</script>

The JavaScript can be encrypted.

e v a l(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('2.1(\'0\').5.4="3";',6,6,'bestlinks|getElementById|document|none|display|style'.split('|'),0,{}))

which translates to


where “bestlinks” is the id of the <div> with spammy links.

Sometimes, encrypted JavaScript can be coupled with dynamic HTML generation of the link container. After decryption it looks like this:

document.w ri t e('<style><!-- .read {display:none} --></style><address class="read">');
...spammy links here...
document.wri te('</address>');

Of course, it’s only a client-side representation of the problem. On the server side, it’s rarely this straightforward. Most times it involves obfuscated (usually PHP) code in sneaky places (e.g. themes, plugins, DB, etc.)


Sites that rely on black hat SEO techniques get penalized by Google soon enough so the can’t expect much search traffic directly from search engines. Instead they try to promote many disposable doorways on other reputable sites that would redirect search traffic to them.

The typical approach is to hack a website and use cloaking tricks (generating a specialized version with spammy keywords specifically for search engines while leaving the original content for normal visitors) to make search engines think that its pages are relevant for those spammy queries. E.g. check the title of the “www.epmonthly .com/advertise/” when you visit it in a browser (“Advertise“) and when you check it in Unmask Parasites or in Google’s Cache (“Buy Cialis (Tadalafil) Online – OVERNIGHT Shipping“). Then they add some functionality to distinguish visitors coming from search engines and redirect them to third party sites that pay hackers for such traffic.

The redirects may be implemented as .htaccess rules, client-side JavaScript code, or server-side PHP code.

Sometimes, instead of using cloaking, hackers simply create a whole spammy section in a subdirectory of a legitimate site, or a standalone doorway page. Example from our cialis search results: www .asm .wisc .edu/buy-cialis .

To Webmasters

It might be tricky to determine whether your site fell victim to a black hat SEO hack since hackers do their best to hide evidence from site owners and regular visitors. At the same time antivirus tools won’t help you here since links and redirects (in case they can actually see them) are not considered harmful. Nonetheless, a thoughtful webmaster is always equipped with proper tools and tricks (click here for details) to determine such issues. They range from specialized Google search queries and and reports in Webmaster Tools to log analysis and server-side integrity control.

In addition to the tricks that I described here, you can try to simply load your site with JavaScript turned off. Sometimes this is all it takes to find hidden links whose visibility is controlled by a script.

Fighting black hat SEO hacks

Of course, site owners are responsible for what happens with their sites, should protect them and clean them up in case of hacks. Doorways on hacked sites would never appear in search results if all webmasters would quickly mitigate such issues.

But let’s take a look at this from a different perspective. The main goal of all black hat SEO hacks is to put their doorways to the top on Google for relevant keywords and get a targeted search traffic. And 80% (or even more) massive campaigns target a very narrow set of keywords and their modification. If Google actively monitor the first pages of search results for such keywords and penalize doorways, this could significantly reduce efficacy of such campaigns leaving very few incentive to hack website to put spammy links there. And you don’t have to monitor every possible keyword combination. In my experience, most of them will finally point to the same doorways.

I can see Google moving in this direction. The description of the above mentioned ranking algorithm update is very promising. However, as the [buy cialis] query with 0% of relevant search results on the first page shows — a lot should be improved.

P.S Just before posting this article, I checked results for [buy cialis] once more and … surprise!.. found a link to a Wikipedia article about Tadalafil at the 4th position. Wow! Now we have 1 result that doesn’t seem to have anything to do with hacked sites.

Related posts

Are we all RoboCops in the future?

7457645618_1c7dcd0523_oInternet together with small and inexpensive digital cameras have made us aware of the potential privacy concerns of sharing digital photos. The mobile phone cameras have escalated this development even further. Many people are today carrying a camera with ability to publish photos and videos on the net almost in real-time. Some people can handle that and act in a responsible way, some can’t. Defamatory pictures are constantly posted on the net, either by mistake or intentionally. But that’s not enough. Now it looks like the next revolution that will rock the privacy scene is around the corner, Google Glass.

Having a camera in your phone has lowered the threshold to take photos tremendously. It’s always with you and ready to snap. But you still have to take it out of the pocket and aim it at your object. The “victim” has a fair chance to notice that you are taking photos, especially if you are working at close distance.

Google Glass is a smartphone-like device that is integrated in a piece of headgear. You wear it all the time just like ordinary glasses. The screen is a transparent piece in your field of view that show output as an overlay layer on top of what’s in front of you. No keyboard, mouse or touchscreen. You control it by voice commands. Cool, but here comes the privacy concern. Two of the voice commands are “ok, glass, take a picture” and “ok, glass, record a video”. Yes, that’s right. It has a camera too.

Imagine a world where Google Glasses are as common as mobile phones today. You know that every time you talk to someone, you have a camera and microphone pointed at you. You have no way of knowing if it is recording or not. You have to take this into account when deciding what you say, or run the risk of having an embarrassing video on YouTube in minutes. A little bit like in the old movie RoboCop, where the metallic law enforcement officer was recording constantly and the material was good to use as evidence in court. Do we want a world like that? A world where we all are RoboCops?

We have a fairly clear and good legislation about the rules for taking photos. It is in most countries OK to take photos in public places, and people who show up there must accept to be photographed. Private places have more strict rules and there are also separate rules about publishing and commercial use of a photo. This is all fine and it applies to any device, also the Google Glass. The other side of the coin is peoples’ awareness of these laws, or actually lack thereof. In practice we have a law that very few care about, and a varying degree of common sense. People’s common sense do indeed prevent many problems, but not all. It may work fairly OK today, but will it be enough if the glasses become common?

I think that if Google Glass become a hit, then it will force us to rethink our relationship to photo privacy. Both as individuals and as a society. There will certainly be problems if 90% of the population have glasses and still walk around with only a rudimentary understanding about how the law restricts photography. Some would suffer because they broke the law unintentionally, and many would suffer because of the published content.

I hope that our final way to deal with the glasses isn’t the solution that 5 Point Cafe in Seattle came up with. They became the first to ban the Google Glass. It is just the same old primitive reaction that has followed so many new technologies. Needless to say, much fine technology would be unavailable if that was our only way to deal with new things.

But what will happen? That is no doubt an interesting question. My guess is that there will be a compromise. Camera users will gradually become more aware of what boundaries the law sets. Many people also need to redefine their privacy expectation, as we have to adopt to a world with more cameras. That might be a good thing if the fear of being recorded makes us more thoughtful and polite against others. It’s very bad if it makes it harder to mingle in a relaxed way. Many questions remain to be answered, but one thing is clear. Google Glass will definitively be a hot topic when discussing privacy.


PS. I have an app idea for the Glass. You remember the meteorite in Russia in February 2013? It was captured by numerous car cameras, as drivers in Russia commonly use constantly recording cameras as measure against fraudulent accusations. What if you had the same functionality on your head all the time? There would always be a video with the last hour of your life. Automatically on all the time and ready to get you out of tricky situations. Or to make sure you don’t miss any juicy moments…

Photo by zugaldia @ Flickr