Eight Android apps on the Google Play Store, downloaded by millions, contain the Android.FakeApp trojan, stealing user data…

Eight Android apps on the Google Play Store, downloaded by millions, contain the Android.FakeApp trojan, stealing user data – Here’s the complete list, delete the NOW!

Russian cybersecurity firm Dr. Web has exposed several Android apps on the Google Play Store that contain a sophisticated trojan, Android.FakeApp.1669 (also known as Android/FakeApp).

These apps, which claim to provide practical functions like financial tools, planners, and recipe books; contain a hidden payload that redirects users to unwanted websites, compromising their data. What’s worse, more than **2 million users** have downloaded these infected apps from Google Play, unaware of the threat.

Malware on the official Google Play Store is nothing new. In fact, reports from last month indicate a rise in malicious apps on both the Apple App Store and Google Play Store.

One of the infected apps, with over 1 million downloads, has recent user comments expressing frustration with its functionality (Screenshot credit: Hackread.com).

**Android.FakeApp.1669**

Android.FakeApp.1669 is part of the Android.FakeApp trojan family, a group of malware that usually redirects users to different websites, disguised as legitimate apps. However, this variant is especially notable due to its reliance on a modified **dnsjava library** that allows it to receive commands from a malicious DNS server, which, in turn, supplies a target link. Rather than the app’s advertised function, this target link is displayed on the user’s screen, often pretending to be an online casino or an unrelated website.

According to Dr. Web’s report, the malware activates only under specific conditions. If the infected device is connected to the Internet through designated mobile data providers, the DNS server will send a configuration to the app, containing a link that loads within the app’s WebView interface. When not connected to targeted networks, the app functions as expected, making detection difficult for users.

In January 2018, the Android.FakeApp trojan was first discovered in a fake Uber app for Android. Later, in March 2018, the same malware targeted Facebook users to steal data. In May 2020, a fake mobile version of the game Valorant was spreading the Android.FakeApp trojan just as the official version was set to release that summer.

**Infected Apps and Download Counts**

These apps claimed to be useful tools, from personal finance and productivity applications to cooking and recipe collections. However, once launched, the apps would connect to the DNS server to retrieve a configuration containing the website link to display.

Dr. Web’s investigation revealed several apps on the Google Play Store, some with high download counts, infected by Android.FakeApp.1669. While Google has removed some of these apps, millions of users had already installed them before the removal. Below is a list of apps identified by Dr. Web’s malware analysts, with their respective download counts:

**App Name**

**Number of Downloads**

Split it: Checks and Tips

1,000,000+ (On Google Play at the time of writing)

FlashPage parser

500,000+ (On Google Play at the time of writing)

BeYummy – your cookbook

100,000+ (On Google Play at the time of writing)

Memogen

100,000+ (Deleted)

Display Moving Message

100,000+ (On Google Play at the time of writing)

WordCount

100,000+ (On Google Play at the time of writing)

Goal Achievement Planner

100,000+ (On Google Play at the time of writing)

DualText Compare

100,000+ (On Google Play at the time of writing)

Travel Memo

100,000+ (Deleted)

DessertDreams Recipes

50,000+ (On Google Play at the time of writing)

Score Time

10,000+ (Deleted)

**How Android.FakeApp.1669 Operates**

Once downloaded, the trojan gathers specific data from the user’s device, such as:

*   Screen size
*   Device model and brand
*   Battery charge percentage
*   Developer settings status
*   Device ID, which includes the installation time and a random number.

This data, coded into a unique sub-domain name, allows the server to customize its response to each infected device. When the device meets the connection criteria, Android.FakeApp.1669 retrieves and decrypts data from the DNS server, eventually loading a link that redirects to an unwanted website, typically an online casino.

The decryption process involves reversing and decoding Base64 data and decompressing it, revealing sensitive configuration details.

****Recommendations for Users****

Given the high download count, Android users should take immediate steps to protect themselves. First, it’s crucial to delete any infected apps. Uninstall any app from the list provided or other similar apps that display suspicious behaviour to minimize potential security risks.

Additionally, read the comments on these apps; many users have left negative reviews, noting that the apps spam ads and cause their devices to freeze, a behaviour that allows the malware to operate in the background.

Next, use **trusted security software**, regularly checking app permissions is another vital step. Users should review the permissions requested by apps, avoiding any unnecessary access that could compromise device security. Additionally, updating both the device and applications frequently can help prevent certain types of malware infections, as updates often include important security patches.

Nevertheless, download with caution, even when using official sources like Google Play. Reviewing app permissions and reading user feedback before downloading can help spot potential red flags and avoid risky apps.

_Hackread.com_ has reached out to Google, and this article will be updated with any new developments or if Google removes the app. Stay tuned.

1.  **First Mobile Crypto Drainer on Google Play Steals $70K**
2.  **Spyware Found in Google Play Store Apps, 2m Downloads**
3.  **Malware infected Minecraft modpacks hit Google Play Store**
4.  **35 malicious apps found on Google Play, installed by 2m users**
5.  **Google Removes Swing VPN Android App Exposed as DDoS Botnet**

These 8 Apps on Google Play Store Contain Android/FakeApp Trojan

Cloud service providers are getting better at protecting data, pushing adversaries to develop new cloud ransomware scripts to target PHP applications, a new report says.

Instead of solely leaning on leaky buckets and cloud service provider (CSP) vulnerabilities to exfiltrate sensitive data, a fresh crop of cloud-targeting ransomware is aimed instead at exploiting unprotected Web applications to drop encryptors and lock up victims' data.

The pivot to focusing on PHP applications demonstrates the success that CSPs have had in shoring up their environments with policies like AWS's Key Management Service, according to a new report from SentinelOne on the state of cloud ransomware landscape in 2024. CSPs can now ensure that almost no data is really lost, thanks to policies that require a waiting period and confirmation before data can be deleted. There are some fairly exotic malicious workarounds for some of these protections, but attacks can easily be blocked by implementing service control policies, the report said.

**Cloud Ransomware's New Look at Web Applications**

Cloud ransomware operators have started to mine Web applications for opportunities in increasing volumes, according to SentinelOne.

"Web applications are often run via cloud services," SentinelOne's report explained. "Their more minimal nature makes cloud environments a natural hosting point where the applications are easier to manage and require less configuration and upkeep than running on a full operating system. However, Web applications themselves are vulnerable to extortion attacks."

Related:5 Ways to Save Your Organization From Cloud Security Threats

Analysis uncovered new ransomware scripts specifically developed to attack PHP applications — such as a Python script named "Pandora," and another attributed to Indonesian-based threat actor IndoSec group.

"The Pandora script uses AES encryption to target several types of systems, including PHP servers, Android, and Linux," the report added. "The PHP ransom functions encrypt files using AES via the OpenSSL library. The Pandora Python script runs on the Web server, writing the PHP code output to the path pandora/Ransomware with a file name provided as an argument at runtime and appended with the php extension."

The ransom script targeting PHP applications developed by IndoSec uses a PHP backdoor to manage and delete files, according to the report. It searches through directories, reads, and then encodes the file contents using a Web service's API.

"This is an interesting approach because the encryption is provided through a remote service, rather than using native functionality like many other tools," the report noted.

**Using Legitimate Cloud-Native Functions to Steal Data**

Aside from trying to breach them, adversaries have also figured out how to use these cloud services themselves to exfiltrate stolen data, the report explained. SentinelOne offers the example of September Rhysdia and BianLian cloud ransomware attacks that abandoned their historical exfiltration tools like MEGAsync and rclone, and instead used Azure Storage Explorer to download the data. The following month, the LockBit ransomware group was discovered using Amazon's S3 storage to exfiltrate data from Windows and macOS systems, SentinelOne added.

Related:Google AI Platform Bugs Leak Proprietary Enterprise LLMs

In keeping with the trend, the SentinelOne research identified a new Python script on VirusTotal it named "RansomES." This code is designed to infiltrate a Windows system, look for files with extensions that indicate the file contains data, including .doc, .xls, .jpg, .png, or .txt. Once those files have been identified, the RansomES code allows the ransomware attacker to exfiltrate those files to an S3 storage bucket or an FTP site, and encrypt the local versions.

"RansomES is a simple script, and we do not believe it has been used in the wild," the report noted. "The author included an Internet connectivity check to the WannaCry killswitch domain, which may suggest the script was developed by a researcher or someone with an interest in threat intelligence."

Related:2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit

The key to protecting data against Web application cloud ransomware attacks is to assess the overall cloud environment to protect against misconfigurations and overly permissive storage buckets, the report concluded.

"Additionally, always enforce good identity management practices such as requiring MFA on all admin accounts, and deploy runtime protection against all cloud workloads and resources," according to SentinelOne.

Cloud Ransomware Flexes Fresh Scripts Against Web Apps

Red Hat Security Advisory 2024-9571-03 - Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal. Issues addressed include denial of service and man-in-the-middle vulnerabilities.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9571.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Streams for Apache Kafka 2.8.0 release and security updateAdvisory ID:        RHSA-2024:9571-03Product:            Streams for Apache KafkaAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:9571Issue date:         2024-11-13Revision:           03CVE Names:          CVE-2024-7254====================================================================Summary: Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributedbackbone that allows microservices and other applications to share data withextremely high throughput and extremely low latency.This release of Red Hat AMQ Streams 2.8.0 serves as a replacement for Red HatAMQ Streams 2.7.0, and includes security and bug fixes, and enhancements.Security Fix(es):* Zookeeper, Kafka, Cruise Control: org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-st-2] \"(CVE-2024-8184)\"* Zookeeper, Kafka : org.eclipse.jetty/jetty-servlets: Jetty DOS vulnerability on DosFilter [amq-st-2] \"(CVE-2024-9823)\"* Zookeeper, Kafka, Drain Cleaner, Cruise Control: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader \"(CVE-2024-47554)\"* Kafka: (com.google.protobuf:protobuf-java@3.23.4). Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users \"(CVE-2024-7254)\"\"Drain Cleaner: Awaiting Analysis(CVE-2024-29025)\"* Kroxylicoius: When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. \"(CVE-2024-8285)\"Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-7254References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2272907https://bugzilla.redhat.com/show_bug.cgi?id=2308606https://bugzilla.redhat.com/show_bug.cgi?id=2313454https://bugzilla.redhat.com/show_bug.cgi?id=2316271https://bugzilla.redhat.com/show_bug.cgi?id=2318564https://bugzilla.redhat.com/show_bug.cgi?id=2318565https://issues.redhat.com/browse/ASUI-91https://issues.redhat.com/browse/ENTMQST-2632https://issues.redhat.com/browse/ENTMQST-3288https://issues.redhat.com/browse/ENTMQST-4019https://issues.redhat.com/browse/ENTMQST-5199https://issues.redhat.com/browse/ENTMQST-5669https://issues.redhat.com/browse/ENTMQST-5674https://issues.redhat.com/browse/ENTMQST-5740https://issues.redhat.com/browse/ENTMQST-5789https://issues.redhat.com/browse/ENTMQST-5843https://issues.redhat.com/browse/ENTMQST-5850https://issues.redhat.com/browse/ENTMQST-5863https://issues.redhat.com/browse/ENTMQST-5865https://issues.redhat.com/browse/ENTMQST-5915https://issues.redhat.com/browse/ENTMQST-6028https://issues.redhat.com/browse/ENTMQST-6032https://issues.redhat.com/browse/ENTMQST-6129https://issues.redhat.com/browse/ENTMQST-6183https://issues.redhat.com/browse/ENTMQST-6205https://issues.redhat.com/browse/ENTMQST-6225https://issues.redhat.com/browse/ENTMQST-6341https://issues.redhat.com/browse/ENTMQST-6421https://issues.redhat.com/browse/ENTMQST-6422https://issues.redhat.com/browse/ENTMQSTPR-43

Red Hat Security Advisory 2024-9571-03

Google has revealed that bad actors are leveraging techniques like landing page cloaking to conduct scams by impersonating legitimate sites.
"Cloaking is specifically designed to prevent moderation systems and teams from reviewing policy-violating content which enables them to deploy the scam directly to users," Laurie Richardson, VP and Head of Trust and Safety at Google, said.
"The landing

Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes

Cisco Talos discovered a new information stealing campaign operated by a Vietnamese-speaking threat actor targeting government and education entities in Europe and Asia.

New PXA Stealer targets government and education sectors for sensitive information

Alan Filion, believed to have operated under the handle “Torswats,” admitted to making more than 375 fake threats against schools, places of worship, and government buildings around the United States.

In perhaps the largest swatting case to ever be prosecuted, an 18-year-old from Lancaster, California, has pleaded guilty to federal charges stemming from a nationwide spree of hundreds of shooting and bomb threat hoaxes that sent police scrambling to high schools, courthouses, and the homes of law enforcement officials and prominent politicians.

Alan Winston Filion now faces a maximum penalty of five years in prison for each of four counts of making interstate threats to injure the person of another, according to the United States Department of Justice.

Early this year, Filion was arrested and extradited to Seminole County, Florida. At the time, state prosecutors charged Filion with four state-level felony counts stemming from a single incident in which, prosecutors allege, Filion told a Sanford Police Department dispatcher that he was armed with pipe bombs and an AR-15 rifle and was walking into Masjid Al Hayy Mosque to kill everyone he saw.

Filion, whom authorities believe operated online as “Torswats,” has been in jail without a trial for nearly a year. He entered a plea of not guilty to the state charges.

The federal charges announced on Wednesday, along with interviews from people connected to the investigation—and Filion himself—allege his swatting activities reached far beyond Florida’s borders.

Between approximately August 2022 to January 2024 Filion made more than 375 swatting calls, according to the plea agreement. These included incidents where he claimed to have planted bombs or threatened to conduct mass shootings at targeted locations that included religious institutions, high schools, and historically black colleges and universities.

“This prosecution and today’s guilty plea reaffirm the Justice Department’s commitment to using all tools to hold accountable every individual who endangers our communities through swatting and hoax threats,” deputy attorney general Lisa Monaco said in a statement. “For well over a year, Alan Filion targeted religious institutions, schools, government officials, and other innocent victims with hundreds of false threats of imminent mass shootings, bombings, and other violent crimes. He caused profound fear and chaos and will now face the consequences of his actions.”

According to court records, Filion was also part of a high-profile international swatting group that targeted several prominent figures between December 2023 and January 2024. Among the victims were US Homeland Security secretary Alejandro Mayorkas, Cybersecurity and Infrastructure Security Agency director Jen Easterly, Republican US representative Marjorie Taylor Greene of Georgia, and Republican senator Rick Scott of Florida. Investigators say they linked the scheme to roughly 100 calls, one of which targeted an unnamed former president of the United States.

In August, the Department of Justice charged two European men, Tomasz Szabo and Nemanja Radovanovic, in connection with the widespread swatting operation, which led to at least one car accident with injuries. During interviews with the US Secret Service in January and February, both men admitted their roles in the scheme. Radovanovic, however, claimed that he was directed by a third party who provided detailed scripts and selected the targets.

According to the plea agreement, Filion admitted to orchestrating the operation, supplying the names, addresses, and phone numbers of many of the targeted individuals.

“I shot my wife in the head with my AR-15,” a man identifying himself as "James" said in one such call. He told dispatchers in Georgia that he caught his wife sleeping with another man and, after killing her, had taken the man hostage. “I’ll release him for $10,000 in cash,” he added, threatening to detonate pipe bombs and blow up the house if his demands weren’t met. This call targeted the home of Georgia state senator John Albers.

The case against Filion, first reported by WIRED, was built on a trail of digital evidence left across platforms like Telegram, YouTube, and Discord, and pieced together by Brad “Cafrozed” Dennis, a private investigator. Dennis had been hired by two high-profile Twitch stars, both victims of Torswats’ calls, to find the person responsible.

For months, Dennis had posed online as a vengeful ex-husband looking to troll and harass his former wife. He used this persona to infiltrate private Discord servers and Telegram groups where Torswats and affiliates hung out. These were chats dedicated to extortion plots and racist memes; channels filled with child sexual abuse material, self-harm, and animal abuse—some of the worst content he'd ever seen, Dennis told WIRED.

On New Year's Eve 2022, Dennis sent Torswats a private message on Telegram: “You wanna make some real cash? Add me on Tox,” he wrote, referring to the peer-to-peer messaging service, under the pretense of arranging a swatting.

Using network monitoring tools, Dennis then captured the IP address linked to the Torswats account and uncovered a new username: "Paimon Arnum." In January 2023, Dennis handed this critical piece of evidence, along with other usernames and active Discord servers he had tracked over several months, over to the FBI.

According to emails reviewed by WIRED, that information was central to how the FBI broke the case and was the basis of subpoenas sent to Discord and Google in April of 2023 seeking information on accounts Dennis had identified. By early May, the FBI had successfully pinpointed Torswats’ identity and location.

That month, Torswats privately took responsibility for swatting incidents in Telegram chats reviewed by WIRED. These incidents affected up to 25 schools in Washington state, impacting approximately 18,116 students and costing taxpayers an estimated $271,173 in lost instructional time, according to Don Beeler, CEO of TDR Technology Solutions, a company specializing in school surveillance and threat analysis.

Additionally, 911 audio and other police records obtained by WIRED corroborate that the same individual made the calls for more than a dozen of these swatting incidents. In some instances, the caller told dispatchers he had been commanded by Satan to kill students. In others, he said he had been mistreated because he was gay. In others, he seemed to have become bored enough with the game that he didn’t bother to make up a reason.

On July 12, the Torswats handle announced a new swatting operation dubbed the “Grand Offensive,” targeting a dozen senators. Three days later, the FBI raided Filion’s home and seized his electronic devices.

But the raid didn’t stop the swatting.

On November 6, 2023, someone using the Torswats handle took responsibility for a bomb threat aimed at North Beach High School in Ocean Shores, Washington, through a Telegram message. According to police reports and call records obtained by WIRED, the caller impersonated a drug dealer who wanted to report his client to the police because he had said he had placed pipe bombs around the school and was planning a mass shooting. That same month, a person going by Torswats also admitted to swatting an investigator and cybercrime expert named Keven Hendricks in private Telegram communications.

Both threats could be attributed to the same individual, according to a law enforcement official who reviewed the recordings for WIRED but requested anonymity because they were unauthorized to speak to the press.

Details about Filion’s life outside his online activities remain sparse. Enrollment records from Lancaster’s Antelope Valley Community College show that Filion began pursuing a degree in mathematics in the fall of 2022. A former classmate, who requested anonymity due to fears of retaliation, described Filion as quiet and “forgettable.”

“He didn’t appear to have many friends,” they said.

In January 2024, an individual affiliated with the Torswats Telegram account and claiming to be a friend of Filion suggested that he was part of a group aiming to incite racial violence and that he sought money to “buy weapons and commit a mass shooting.” The allegation aligns with a written tip, placed to the FBI’s Internet Crime Complaint Center in April 2023 and obtained by WIRED, alleging that the person behind the Torswats account was involved in a neo-Nazi cult known as the Order of Nine Angles.

“He believes he is doing his part to bring about the end of days by ‘bleeding the finances and man hours of the system,’” the tipster wrote.

Filion’s family could not be immediately reached for comment. A sentencing date for the teenager has not yet been set.

_Updated at 10:45 am EST, November, 2024: Added additional details about Filion’s involvement in swatting attacks against prominent US government officials and others._

Teen Behind Hundreds of Swatting Attacks Pleads Guilty to Federal Charges

The tech giant fixed privilege-escalation and model-exfiltration vulnerabilities in Vertex AI that could have allowed attackers to steal or poison custom-built AI models.

Source: Krot Studio via Alamy Stock Photo

Google has fixed two flaws in Vertex AI, its platform for custom development and deployment of large language models (LLMs), that could have allowed attackers to exfiltrate proprietary enterprise models from the system. The flaw highlights once again the danger that malicious manipulation of artificial intelligence (AI) technology present for business users.

Researchers at Palo Alto Networks Unit 42 discovered the flaws in Google's Vertex AI platform, a machine learning (ML) platform that allows enterprise users to train and deploy ML models and AI applications. The platform is aimed at allowing for custom development of LLMs for use in an organization's AI-powered applications.

Specifically, the researchers discovered a privilege escalation flaw in the "custom jobs" feature of the platform, and a model exfiltration flaw in the "malicious model" feature, Unit 42 revealed in a blog post published on Nov. 12.

\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_

Don't miss the upcoming free Dark Reading Virtual Event, "Know Your Enemy: Understanding Cybercriminals and Nation-State Threat Actors," Nov. 14 at 11 a.m. ET. Don't miss sessions on understanding MITRE ATT&CK, using proactive security as a weapon, and a masterclass in incident response; and a host of top speakers like Larry Larsen from the Navy Credit Federal Union, former Kaspersky Lab analyst Costin Raiu, Ben Read of Mandiant Intelligence, Rob Lee from SANS, and Elvia Finalle from Omdia. Register now!

Related:Cloud Ransomware Flexes Fresh Scripts Against Web Apps

\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_

The first bug allowed for exploitation of custom job permissions to gain unauthorized access to all data services in the project. The second could have allowed an attacker to deploy a poisoned model in Vertex AI, leading to "the exfiltration of all other fine-tuned models, posing a serious proprietary and sensitive data exfiltration attack risk," Palo Alto Networks researchers wrote in the post.

Unit 42 shared its findings with Google, and the company has "since implemented fixes to eliminate these specific issues for Vertex AI on the Google Cloud Platform (GCP)," according to the post.

While the imminent threat has been mitigated, the security vulnerabilities once again demonstrate the inherent danger that occurs when LLMs are exposed and/or manipulated with malicious intent, and how quickly the issue can spread, the researchers said.

"This research highlights how a single malicious model deployment could compromise an entire AI environment," the researchers wrote. "An attacker could use even one unverified model deployed on a production system to exfiltrate sensitive data, leading to severe model exfiltration attacks."

Related:5 Ways to Save Your Organization From Cloud Security Threats

**Poisoning Custom LLM Development**

The key for exploiting the flaws that were discovered lies within a feature of Vertex AI called Vertex AI Pipelines, which allow users to tune their models using custom jobs, also referred to as "custom training jobs." "These custom jobs are essentially code that runs within the pipeline and can modify models in various ways," the researchers explained.

However, while this flexibility is valuable, it also opens the door to potential exploitation, they said. In the case of the vulnerabilities, Unit 42 researchers were able to abuse permissions within what's called a "service agent" identity of a "tenant project" — connected through the project pipeline to the "source project," or fine-tuned AI model created within the platform. A service agent has excessive permissions to many permissions within a Vertex AI project.

From this position, the researchers could either inject commands or create a custom image to create a backdoor that allowed them to gain access to the custom model development environment. They then deployed a poisoned model for testing within Vertex AI that allowed them to gain further access to steal other AI and ML models from the test project.

Related:2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit

"In summary, by deploying a malicious model, we were able to access resources in the tenant projects that allowed us to view and export all models deployed across the project," the researchers wrote. "This includes both ML and LLM models, along with their fine-tuned adapters."

This method presents "a clear risk for a model-to-model infection scenario," they explained. "For example, your team could unknowingly deploy a malicious model uploaded to a public repository," the researchers wrote. "Once active, it could exfiltrate all ML and fine-tuned LLM models in the project, putting your most sensitive assets at risk."

**Mitigating AI Cybersecurity Risk**

Organizations are just beginning to have access to tools that can allow them to build their own in-house, custom LLM-based AI systems, and thus the potential security risks and solutions to mitigate them are still very much uncharted territory. However, it's become clear that gaining unauthorized access to LLMs created within an organization is one surefire way to expose that organization to compromise.

At this stage, key to securing any custom-built models is to limit the permissions of those in the enterprise that have access to it, the Unit 42 researchers noted. "The permissions required to deploy a model might seem harmless, but in reality, that single permission could grant access to all other models in a vulnerable project," they wrote in the post.

To protect against such risks, organizations also should implement strict controls on model deployments. A fundamental way to do this is to ensure an organization's development or test environments are separate from its live production environment.

"This separation reduces the risk of an attacker accessing potentially insecure models before they are fully vetted," Balassiano and Shaty wrote. "Whether it comes from an internal team or a third-party repository, validating every model before deployment is vital."

Don't miss the upcoming free Dark Reading Virtual Event, "Know Your Enemy: Understanding Cybercriminals and Nation-State Threat Actors," Nov. 14 at 11 am ET. Don't miss sessions on understanding MITRE ATT&CK, using proactive security as a weapon, and a masterclass in incident response; and a host of top speakers like Larry Larsen from the Navy Credit Federal Union, former Kaspersky Lab analyst Costin Raiu, Ben Read of Mandiant Intelligence, Rob Lee from SANS, and Elvia Finalle from Omdia. Register now!

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Google AI Platform Bugs Leak Proprietary Enterprise LLMs

Three technologists in India used a homemade Faraday cage and a microwave oven to get around Apple’s location blocks.

When Apple released a software update at the start of November that enabled its new hearing aid features in AirPods Pro 2 earbuds, Rithwik Jayasimha immediately went out with his dad to buy a pair for his grandma. “We came back home, we took them out of the case, and I was looking for the feature and it was just missing,” Jayasimha says. India, where Jayasimha and his family live, is not one of the many countries where Apple’s hearing aid features are available. “It was a huge bummer,” Jayasimha says.

Instead of abandoning the headphones, Jayasimha and two friends, Arnav Bansal and Rithvik Vibhu—both of whom say they have grandmas who use hearing aids as well—hacked a way to bypass Apple’s location restrictions and enable their hearing aids in Bangalore.

To dodge Apple’s geolocation restrictions, the trio built a rudimentary, signal-blocking Faraday cage on top of a microwave with aluminum foil, which ultimately allowed them to enable the hearing aid settings. “We don’t even think it’s Apple’s fault. The feature is amazing,” Jayasimha says.

One of the older hearing aids that was replaced with an Apple’s AirPods Pro 2.Photograph: Lagrange Point/Rithwik Jayasimha

The group members, who have a mix of hardware and software skills and first detailed their hack as part of a technology collective called Lagrange Point, say a couple of dozen people have contacted them asking for help with their AirPods. “We’ve got a huge amount of interest from folks in India who have these AirPods or whose grandparents need them and they’ve not been able to use them,” Jayasimha says. Others have documented the same issue in social media posts.

The researchers demonstrated that they could bypass Apple’s geographic restrictions with a set of AirPods Pro 2 connected to a 10th generation Wi-Fi-only iPad. They note that it would be possible to do the workaround on an iPhone or iPad connected to a mobile carrier as well, but it would be more involved.

To find the workaround, the researchers first looked at the different ways that iOS establishes where a device is in the world. For Wi-Fi-only devices, there are a few checks. The server looks at which Apple Store region the device is connected to, as well as the time zone, language, and region the device is set to. Additionally, the operating system sends a simple web request to an Apple web service that then responds with the country code of the country the device appears to be in based on the location associated with its IP address.

The researchers first tried manually changing the time zone and region settings for the iPad, but it ultimately wasn’t clear whether this impacted their ability to hide the iPad’s true location. When masking the iPad’s IP address so it would appear to be connected in the United States didn’t work, the researchers assessed other metrics the device might be using to establish its geographic location. It turns out that iOS also examines Wi-Fi “service set identifiers,” or SSIDs, that help devices connect to the right Wi-Fi network when there are many network signals in the air—like in an apartment building or at a coffee shop.

The operating system also uses GPS triangulation and device identifier “MAC addresses” of nearby devices, including routers, to establish a device’s location. In other words, even if a person in Bangalore uses a proxy to make it seem like their iPad has a US-based IP address, all the nearby routers and devices are associated with India-located IP addresses that give the real location away.

To deal with this, the researchers rigged up a Faraday cage, which blocks electromagnetic signals, to isolate the iPad from the other devices and wireless networks around it. They built their aluminum-foil-clad enclosure on top of a regular kitchen microwave and then turned on the microwave whenever they wanted to block signals to the iPad. The setup worked because consumer microwaves heat food using electromagnetic waves that are at the same frequency as Wi-Fi signals—2.4 GHz. Essentially, the researchers had turned their microwave oven into a Wi-Fi jammer.

The hackers first built a Faraday cage using a cardboard box and several sheets of aluminum foil, and placed it on top of a microwave to further block wireless signals.Photograph: Lagrange Point/Rithwik Jayasimha

“We put several layers of aluminum inside and outside \[a cardboard box\] and we’d see some signal strength drop,” Bansal says. “Of course, it’s not going to be great, but combined with the microwave, it worked.”

Ultimately, the researchers designed a less ingenious, but simpler and more reliable Faraday cage to make their manipulation more practical. With the iPad placed in its own shielded bubble, the researchers used an open source Wi-Fi location database and Wi-Fi SSID cycling tool to trick iOS into locating the iPad in California. With this complete, the AirPods could work as hearing aids in India.

Apple offers the hearing aid features in more than 100 countries, and it has great promise as a tool for making hearing aid tech more accessible—and more palatable—to millions of people around the world. But the company isn’t able to offer the feature everywhere and restricts access in certain countries, like India, likely because of regulatory hurdles related to medical devices. The fact that it’s possible to circumvent these restrictions may offer a solution, at least temporarily, for people in blocked countries who are looking for a workaround.

Apple did not return WIRED’s request for comment about the findings, but the researchers note that it seems like it would be possible for Apple to close the loophole they discovered fairly easily. They say they haven’t heard from the company.

Alan Woodward, a cybersecurity professor at the University of Surrey, says their work is “very interesting” and demonstrates how there may often be ways around “safeguards” put in place by Big Tech. “It shows that those with the technical understanding can bypass the geofencing of apps relatively simply,” Woodward says. “Not that everyone could do it, but they probably know someone that can.”

“I’m not sure how many people realize the number of variants in something like iOS even on what is apparently the same version—the build number is what really matters,” Woodward says. “It’s more a lesson to people that you have more than you realize on your phone.”

The second version of the Faraday cage, which the researchers plan to use to run more experiments.Photograph: Lagrange Point/Rithwik Jayasimha

Services offered by Big Tech companies such as Apple and Google often have had staggered launches around the world as lawmakers have introduced regulations to control technology companies’ power and protect people’s rights. In the EU, for instance, several AI products have been delayed or not launched due to strict privacy laws. Apple has also been required to allow alternative App Stores due to EU rules. At the same time, right-to-repair movements have grown in popularity, and people have increasingly been hacking into the products they buy.

While the three researchers in India believe that it is likely Apple’s hearing aid features will officially come to the country in the coming months, they plan in the meantime to help the dozens of people they say have reached out to them about their own headphones. They also plan on using the second version of the Faraday cage to set up people’s AirPods. From their own grandmas’ experiences, the hearing aid features appear to be valuable in their everyday lives.

Bansal says his grandma has some hearing loss and other health challenges, but has typically worn hearing aids while watching television. “She used to wear her old clunky hearing aids, and they were really problematic because they had these tiny little buttons on them,” Bansal says. “But now she uses the AirPods, we’ve set it up with her hearing profile, and she can use it to watch the TV just fine and it’s a lot nicer. She doesn’t feel like a patient wearing it.”

These Guys Hacked AirPods to Give Their Grandmas Hearing Aids

Where there’s a gift to be bought, there’s also a scammer out to make money. Here's how to stay safe this shopping season.

It’s that time of year again. Thanksgiving will pass just as quickly as it arrived, and the festive season will soon hit full swing as countless people go online for some gift shopping. But where there’s a gift to be bought, there’s also a scammer out to make money.

And make money they do. In the last five years, the Internet Crime Complaint Center (IC3) said it has received 3.79 million complaints for a wide range of internet scams, resulting in $37.4 billion in losses. 

Today, we’re warning of several online threats that could target you over the next few weeks and months: brand impersonation and fakes, credit card skimming, and malvertising. 

**1\. **Brand impersonation scams** **

This Black Friday and beyond, you’re likely to see scammers ripping off big name brands. Here are a few fakes you should look out for. 

****Temu ads offer discounted PS5s** **

Scrolling through Facebook, we were presented with a couple of posts advertising discounted PS5s. 

> “Quit overspending on PS5! This one I got off TEMU is AWESOME and is much cheaper. I’d highly recommend picking this up!” 

Of course, it’s tempting to get a discount on high-value items like a PlayStation 5, but Temu doesn’t actually sell PS5s.

If you click the play button on the “video,” you are instead redirected to a Temu page selling various PlayStation accessories that are not official or in any way approved by Sony.  

****Fake Amazon offers you great deals this Black Friday** **

Amazon is relatively low cost, it’s convenient, and you can look at someone’s wish list on there. Except in this scam we caught online, the website isn’t really Amazon—check out the URL. 

Fake online stores like this use Amazon’s branding to sell counterfeit products. Even if you take the risk and buy a knock off product (which we think is a bad idea), you have no guarantee of receiving the merchandise, and definitely no buyer protection. 

****Walmart makes it easy for you to buy gift cards** **

Nothing says “I saw this and thought of you” like a Walmart gift card on Christmas day. But make sure you are buying from the right website.  

Again, in this example, check out the URL—this website might look Walmart, but it’s a fake that will happily take your money in exchange for nothing. 

****“USPS” now delivers you fraud** **

If you’re taking advantage of Black Friday sales and buying many things at once, it can be tricky to keep track of what you’ve ordered. Even if you do know what’s coming, you often don’t know which package service will deliver it to your door. Scammers take advantage of this and will send fake delivery notice emails that encourage you to click on them. 

With this fake USPS site, you are asked to pay a small fee to have your delivery processed. However, once you hand over your card details the scammers can take whatever amount they like and sell your details to other criminals. 

These scams are very common. In fact, when we looked, we saw 50 fake USPS sites set up in only a day: 

**2\. **Credit card skimmers** **

We’re seeing a lot of online stores hosting credit card skimmers, especially smaller retailers.  

A credit card skimmer is a piece of malware that is injected into a website, often through vulnerabilities in the content management system (CMS) or the plugins that the site owner uses. 

When visiting a site that has a card skimmer on it, you’ll likely have no idea it’s even there. However, a single script injection is enough to steal your credit card data. 

Last year, we saw a large uptick in card skimmers just before the holiday season. One particular campaign that we tracked peaked in April 2023, but then really slowed down during the summer months. Across months, cybercriminals had infected multiple websites and built custom templates to trick victims into handing over their credit card details. By October, the same campaign had increased to its highest volume yet, and it is highly likely that this year will be the same. 

When looking at compromised websites, it can be hard to tell what—if anything—is wrong. However, if a site looks like it hasn’t been maintained in a while (for example, it displays outdated information, such as ‘Copyright 2022′) you should avoid entering in your card details. Most compromises happen because a website’s CMS and its plugins are outdated and vulnerable. 

Our free browser extension Malwarebytes Browser Guard blocks credit card skimmers by default. If you visit a compromised store you’ll be shown a warning like this: 

Access to the store isn’t blocked, we just block the skimmer code so it can’t load. And while you could in theory still shop safely, we’d still advise you to avoid buying anything from there. 

Malvertising—or malicious advertising—is a favorite of scammers, who use online ads and sponsored search results to deliver malware to their unsuspecting victims.  

Malvertising doesn’t require that criminals know a victim’s email address, login credentials, or personal information to deliver them malware. All the scammers need to do is fool someone into clicking on an ad that looks legitimate.  

Last fall, Malwarebytes tracked a 42% increase month-over-month in malvertising incidents in the US. This year we’re seeing a similar uptick, with a 41% increase from July to September as we head into the holiday shopping season. 

In terms of the actual advertiser accounts that are used in malvertising campaigns, most are based in the US and are set up using a combination of fake identities or hijacked accounts. However, according to our research findings, ads originating in Pakistan and Vietnam account for 90% of the fraud. 

Most (77%) of the accounts are used once only—created quickly and then burned. Once that account is dead, cybercriminals spin up the next one and on it goes.  

No brand is safe from malvertisers. We’ve tracked campaigns that spoof Google, Amazon, eBay, Walmart, Lowe’s—and even Malwarebytes.  

Our advice: It’s not always easy to tell a real ad from a scam, so it’s best to avoid clicking on sponsored ads at all. Use genuine search results or navigate directly to the site yourself. 

****How to shop safely this holiday season**  **

*   **Remember: If it’s too good to be true then it probably is.** Discounted items are tempting—especially at a time of year when lots of spending takes place—but these offers often amount to nothing. Instead, research the best deal at reputable retailers. 

*   **Don’t get rushed into making decisions.** Scammers will use a sense of urgency to pressure you into performing quick actions before you can properly think things through. Take your time before doing anything like clicking links or entering card details. 

*   **Get an ad and malicious content blocker like** **Malwarebytes Browser Guard.** If you’re blocking ads then you can’t be tricked into clicking on them. Browser Guard (which is free!) also protects against credit card skimming and other online threats. 

*   **Keep an eye on your financial statements:** An uptick in online shopping deserves an uptick in vigilance with checking online bank accounts, credit card statements, investment portfolios—in fact, any financial account data. Flag anything that seems suspicious with your provider. 

*   **Protect your online accounts.** Use a different password for every account (a password manager is super helpful in generating and storing all your passwords), and set up multi-factor authentication (MFA) wherever you can.  

*   **Protect your devices:** Most security products offer some kind of web protection that detects malicious domains and IP addresses, including Malwarebytes Premium which offers web and phishing protection. 

*   **Clean up your personal data online:** Cybercriminals use publicly available information in their scams, so check what information is available about you online using our free Digital Footprint scan. You can also take the first step in removing your personal information from the network of data brokers online with our Personal Data Remover. 

_Thanks to Jerome Segura for his research on this piece._

 Warning: Online shopping threats to avoid this Black Friday and Cyber Monday  

The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack.

Source: Rix Pix Photography via Shutterstock

Attackers are already actively exploiting two vulnerabilities for which Microsoft issued patches on Nov. 12 as part of its monthly security update. And they could soon begin targeting two other publicly disclosed, but as yet unexploited, flaws.

The four zero-day bugs are among a set of 89 common vulnerabilities and exposures (CVEs) that Microsoft addressed in November's Patch Tuesday. The batch contains a substantially high percentage of remote code execution (RCE) vulnerabilities, in addition to the usual collection of elevation of privileges flaws, spoofing vulnerabilities, security bypass, denial-of-service issues, and other vulnerability classes. Microsoft identified eight of the flaws as issues that attackers are more likely to exploit, though researchers pointed to other flaws as well that are of likely of high interest to adversaries.

**Microsoft Adopts CSAF Standard**

Along with the November security update, Microsoft also announced its adoption of Common Security Advisory Framework (CSAF), an OASIS standard for disclosing vulnerabilities in machine-readable form. "CSAF files are meant to be consumed by computers more so than by humans," Microsoft said in a blog post. It should help organizations accelerate their vulnerability response and remediation processes, the company noted.

"This is a huge win for the security community and a welcome addition to Microsoft’s security pages," said Tyler Reguly, associate director of security R&D at Fortra, via email. "This is a standard that has been adopted by many software vendors and it is great to see that Microsoft is following suit."

**Zero-Day Bugs Under Active Exploit**

One of the zero-day bugs that attackers are already actively exploiting is CVE-2024-43451 (CVSS 6.5 out of 10), a flaw that discloses a user's NTLMv2 hash for validating credentials in Windows environments. The hashes allow attackers to authenticate as legitimate users, and access applications and data to which they have permissions. The vulnerability affects all Windows versions and requires minimal user interaction to exploit. Merely selecting or inspecting a file could trigger the vulnerability, Microsoft warned.

\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_

Don't miss the upcoming free Dark Reading Virtual Event, "Know Your Enemy: Understanding Cybercriminals and Nation-State Threat Actors," Nov. 14 at 11 a.m. ET. Don't miss sessions on understanding MITRE ATT&CK, using proactive security as a weapon, and a masterclass in incident response; and a host of top speakers like Larry Larsen from the Navy Credit Federal Union, former Kaspersky Lab analyst Costin Raiu, Ben Read of Mandiant Intelligence, Rob Lee from SANS, and Elvia Finalle from Omdia. Register now!

\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_

"To my knowledge, it's the third such vulnerability that can disclose a user's NTLMv2 hash that was exploited in the wild in 2024," Satnam Narang, senior staff engineer at Tenable, wrote in an emailed comment. The other two are CVE-2024-21410 in Microsoft Exchange Server from February, and CVE-2024-38021 in Microsoft Office from July.

"One thing is certain," according to Narang. "Attackers continue to be adamant about discovering and exploiting zero-day vulnerabilities that can disclose NTLMv2 hashes."

The second bug under active exploit in Microsoft's latest update is CVE-2024-49039 (CVSS 8.8), a Windows Task Scheduler elevation of privilege bug that allows an attacker to execute remote procedure calls (RPC) normally available only to privileged accounts.

"In this case, a successful attack could be performed from a low privilege AppContainer," Microsoft said. "The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment."

The fact that it was Google's Threat Analysis Group that discovered and reported this flaw to Microsoft suggests that the attackers currently exploiting the flaw are either a nation-state-backed group or other advanced persistent threat actor, Narang said.

"An attacker can perform this exploit as a low-privileged AppContainer and effectively execute RPCs that should be available only to privileged tasks," added Ben McCarthy, lead cybersecurity engineer at Immersive Labs, via email. "It is unclear what RPCs are affected here, but it could give an attacker access to elevate privileges and execute code on a remote machine, as well as the machine in which they are executing the vulnerability."

**Previously Disclosed but Unexploited Zero-Days**

One of the two already disclosed — but not yet exploited — zero-days is CVE-2024-49019 (CVSS 7.8), an elevation-of-privilege vulnerability in Active Directory Certificate Services that attackers could use to gain domain administrator access. Microsoft's advisory listed several recommendations for organizations to secure certificate templates, including removing overly broad enrollment rights for users or groups, removing unused templates, and implementing additional measures to secure templates that allow users to specify a subject in the request.  

Microsoft is tracking the other publicly disclosed but unexploited flaw as CVE-2024-49040 (CVSS 7.5), a Windows Exchange Server spoofing flaw. "The primary issue lies in how Exchange processes ... headers, enabling attackers to construct emails that falsely appear to be from legitimate sources," Mike Walters, president and co-founder of Action1, wrote in a blog post. "This capability is particularly useful for spear phishing and other forms of email-based deception."

**RCE Security Bugs Have a Big Month**

Nearly 60% of the bugs — 52 of 89 — that Microsoft disclosed in its November update are RCE vulnerabilities that allow remote attackers to execute arbitrary code on vulnerable systems. Some allow for unauthenticated RCE, while others require an attacker to have authenticated access to exploit the bug. Most of the RCEs in Microsoft's latest update affect various versions of MS SQL Server. Other impacted technologies include MS Office 2016, MS Defender for iOS, MS Excel 2016, and Windows Server 2012, 2022, and 2025, said Will Bradle, security consultant at NetSPI, in an emailed statement.

Among the most critical of the RCEs, according to Walters, is CVE-2024-43639 in Windows Kerberos. The bug has a near-maximum CVSS severity score of 9.8 of 10 because, among other things, an unauthenticated attacker can exploit it remotely. Microsoft itself has assessed the bug as something that attackers are less likely to exploit. But putting it on the back burner for that reason could be a mistake.

"Kerberos is a fundamental component of Windows environments, crucial for authenticating user and service identities," Walters added. "This vulnerability turns Kerberos into a high-value target, allowing attackers to exploit the truncation flaw to craft messages that Kerberos fails to process securely, potentially enabling the execution of arbitrary code."

Bradle pointed to CVE-2024-49050 in Visual Studio Code Python Extension as another RCE in this month's set that merits priority attention. "The extension currently has over 139 million downloads and is affected by an RCE vulnerability with a base CVSS score of 8.8," he said. "Microsoft has patched the VSCode extension, and updates should be installed immediately."

Immersive Labs' McCarthy also identified multiple other flaws that organizations would do well to address quickly. They include the critical CVE-2024-43498 (CVSS 9.8), an RCE in .NET and Visual Studio; CVE-2024-49019 (CVSS 7.8), an Active Directory privilege escalation flaw; CVE-2024-49033 (CVSS 7.5), a Microsoft Word security bypass flaw; and CVE-2024-43623 (CVSS 7.8), a privilege escalation flaw in the Windows NT OS kernel that enables attacker to gain system level access on affected systems. Importantly, Microsoft has assessed the latter vulnerability as one that attackers are more likely to exploit.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Tag

#google