Unlike the tradition of 7 links, today, we have just 4 that are worthy of your time. We can have more next week, who knows!
Introduction
This week's review is about malware and software vulnerabilities. Also, if you're an active reader of this series, drops some comments and let me know what you feel about this edition.
Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection
Be careful of the application that you install on your mobile. Don't worry, it seems they are not from the official Google Play store 😊. Here is why:
The APK files use "a technique that limits the possibility of decompiling the application for a large number of tools, reducing the possibilities of being analyzed," security researcher Fernando Ortega said. "In order to do that, the APK (which is in essence a ZIP file), is using an unsupported decompression method."
Google Chrome to warn when installed extensions are malware
Nothing is better than good system security with little user interaction. I mean: the system detects a threat and boom! Removes it and says "Here you go, it's all good! That's a good summary, I think. Anyway, here is more for you:
An unending supply of unwanted browser extensions is published on the Chrome Web Store and promoted through popup and redirect ads. These extensions are made by scam companies and threat actors who use them to inject advertisements, track your search history, redirect you to affiliate pages, or in more severe cases, steal your Gmail emails and Facebook accounts.
WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April
A zero-day since April 2023? I mean it's August 25 😱. It's scary and involves money 😒. Trust me, I am not making that up
Here is why (emphasis mine):
By exploiting a vulnerability within this program, threat actors were able to craft ZIP archives that serve as carriers for various malware families,” Group-IB Malware Analyst Andrey Polovinkin wrote. “Weaponized ZIP archives were distributed on trading forums. Once extracted and executed, the malware allows threat actors to withdraw money from broker accounts. This vulnerability has been exploited since April 2023.”
New "Whiffy Recon" Malware Triangulates Infected Device Location via Wi-Fi Every Minute
Ping, ping. You there? That might be funny, but it's no joke. The excerpt? Here you go:
The SmokeLoader malware is being used to deliver a new Wi-Fi scanning malware strain called Whiffy Recon on compromised Windows machines. "The new malware strain has only one operation. Every 60 seconds it triangulates the infected systems' positions by scanning nearby Wi-Fi access points as a data point for Google's geolocation API
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.