ESET researchers have reported finding mic-snooping hidden malware in the legitimate Android iRecorder – Screen Recorder (screen-and-audio recorder) app while it was still available in the Google Play Store. The malware was added as an update, and it’s thought that tens of thousands of people may have downloaded the app before Google was alerted and the app was removed from its online store.
Security Stop-Press : Phishing-as-a-Service Warning
Cisco Talos researcher, Tiago Pereira, has warned of the dangers of a new phishing-as-a-service (PaaS) tool called “Greatness.” The Greatness tool has been designed to compromise Microsoft 365 users and can make phishing pages especially convincing and effective against businesses. Greatness incorporates many advanced features including multi-factor authentication (MFA) bypass, IP filtering and integration with Telegram bots.
Since the attack starts with a malicious email, the advice is to implement robust email security solutions that include spam filters, antivirus software, firewalls plus keep antivirus and other software updates and patches up to date, not to open any unsolicited and/or suspicious emails, and to make sure there is employee education and awareness regarding spotting, reporting, and dealing with phishing attacks.
Security Stop-Press : 10 Ways To Keep Your Screen Or Passwords Hidden When In A Public Place (e.g. a train)
1-Use a screen privacy filter. Use a privacy filter that fits over your screen, limiting the viewing angle and making it difficult for others to see your screen from the side.
2-Position your device strategically. Sit or stand in a corner or against a wall to minimize the chance of someone looking over your shoulder.
3-Adjust screen brightness and contrast. Lower your screen brightness and increase contrast to make it harder for others to view your screen from a distance.
4-Use a virtual keyboard. Use an on-screen virtual keyboard for entering passwords and sensitive information to prevent keyloggers from capturing your keystrokes.
5-Use a password manager with auto-fill. Use a trusted password manager that can auto-fill your login credentials, reducing the need to type passwords in public.
6-Be aware of your surroundings. Stay vigilant and keep an eye on people around you, ensuring that no one is attempting to view your screen or passwords.
7-Tilt your screen. Adjust the angle of your device’s screen to make it harder for others to see, especially when entering passwords or sensitive information.
8-Use a physical barrier. Place a bag, coat, or another object around your device to create a physical barrier, making it more difficult for others to see your screen.
9-Sit with your back against a wall. If possible, choose a seat with your back against a wall, which will minimise the chances of someone walking up behind you and viewing your screen.
10-Password masking. Enable password masking on your device, which will show asterisks or dots instead of actual characters when entering passwords, making it harder for onlookers to guess your password.
Security Stop-Press : Meta Warns Of Rise In ChatGPT-Related Malware Across Its Platforms
Facebook’s parent company Meta has warned of a rise in ChatGPT-related malware across its platforms, designed to lure users into downloading malicious apps and browser extensions. Meta says that since March it has found around 10 malware families and more than 1,000 malicious links being promoted as tools featuring ChatGPT.
Meta’s Chief Information Security Officer Guy Rosen said: “This is not unique to the generative AI space. As an industry, we’ve seen this across other topics popular in their time, such as crypto scams fuelled by the interest in digital currency. The generative AI space is rapidly evolving and bad actors know it, so we should all be vigilant.”