HACKING NEWS
Fortnite and the Dangers of Sideloading
Fortnite and the Dangers of Sideloading. Unlike apps from the Apple App Store (unless jailbroken), Android apps can be installed by other means aside from Google Play. They can be installed from other ‘app stores’ or can be directly installed on Android devices through the process of sideloading where the apps can be downloaded directly from the developers’ websites and saved on the devices or onto MicroSD cards and loaded from there.
This is the route that the developers of the highly popular game Fortnite, Epic Games, took and didn’t release their game via Google Play. Because of the popularity of Fortnite and the innate dangers of sideloading, Google warns that there could be disastrous effects for doing this.
Earlier, Epic Games announced that they won’t be distributing the Android version of their game at the Google Play Store which has been considered an unwise move. Ditching the walled garden approach and going back to the old way of installing things like in Windows forgoes the additional layer of walled garden security.
Though it can be debated that neither Apple or Google actively curate the millions of apps on their respective app stores and have time for the hundreds more that come in every day.
Epic’s motivations to not release Fortnite on Google Play include a more direct relationship with their customers and not to pay Google their 30 percent. They don’t have much of a choice with iOS but given Google’s more open nature, they decided to skip the latter. Kind of greedy on Epic’s part but…
Epic wants to have a direct relationship with our customers on all platforms where that’s possible… The great thing about the Internet and the digital revolution is that this is possible, now that physical storefronts and middlemen distributors are no longer required… 30 percent is disproportionate to the cost of the services these stores perform, such as payment processing, download bandwidth, and customer service…
–Tim Sweeney, CEO, Epic Games, Email to The Verge
Now Google might have sour grapes on this but the company continues on its job at monitoring security threats from its own products or otherwise. For one thing, Google warns players that it indeed doesn’t have Fortnite: Battle Royale in Google Play. Players should be careful not to download fake Fortnite apps that are actually malware.
So much for walled garden curating as there are thousands of fake and low quality apps within Google Play that include fake battery monitors and me-too apps that coast on the popularity of the mainstream; much like putting a dash (-) between Spider and Man to escape copyright problems.
Another seemingly sour grape reaction, and one that everyone interested in Fortnite needs to take seriously, is that Google’s security researchers evaluated Epic’s Android Fortnite Installer and found a serious security flaw, and much to Epic Games’ dismay disclosed it publicly.
So instead of the Fortnite APK, attackers could punch through the security hole to manipulate the installation process and install something else. Fornite’s popularity makes it an attractive candidate to become a vector for malicious attacks. Installers in the wild, not directly downloaded from Epic’s site can also be manipulated much like any other pirated app installer.
So there are no hard feelings, Google demonstrated a proof-of-concept that the installer is indeed vulnerable via the man-in-the-disk method that allow malicious apps to manipulate the data of other apps held in the unprotected external storage before the data is read, allowing for the installation of malicious apps instead of the real app or its updates.
Google doesn’t recommend sideloading since any app on a device with the WRITE_EXTERNAL_STORAGE permission could intercept the installation and replace installation file with another malicious APK, possibly including full permissions to SMS, call history, GPS, and others.
Epic Games acknowledged the problem, fixed it and thanked Google for their efforts but criticized the company at the same time via Twitter.
We asked Google to hold the disclosure until the update was more widely installed. They refused, creating an unnecessary risk for Android users in order to score cheap PR points… But why the rapid public release of technical details? That does nothing but give hackers a chance to target unpatched users
–Tim Sweeney, Twitter
Fortnite players need to update their Android installers to the new version or they’ll have more than zombies to worry about.
HACKING NEWS
The APT attacks hitting East Asia
The APT attacks hitting East Asia
East Asia have been targeted by a stream of cyber-attacks carried about by an advanced persistant threat (APT) group. The group goes by several names such as Tick, Brzone Butler and Redbaldknight.
The APT group’s main targets are South Korea and Japan. This current wave of Datper malware attacks is written in Delphi and is capable of executing shell commands to gain information from the infected machine, such as hostnames and drive information.
Security researchers from Cisco Talos have stated It is not yet known how the attacks are being conducted since command and control (C2) servers in question are not active. However, they say it’s possible the malware is being delivered using web-based attacks such as drive-by downloads, or by watering hole attack. Watering hole attacks is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit.
Could this signal the re-emergence of Comment Crew
A fresh wave of APT cyber-attacks has hit South Korea, but also US and Canada, causing some to believe this could spell the re-emergence of Chinese government backed hacking group Comment Crew. Security company McAfee claimed they have discovered a new hacking campaign that focuses on cyberespionage and data reconnaissance.
Comment Crew or otherwise known as Shanghai Group or APT1 is thought to be responsible for the majority of China’s cyber-attacks since 2006. In 2013 they were linked to the successful hacks of over 100 US companies, but vanished soon after the exposure, along with hundreds of terabytes of data. The Chinese government maintains that they do not sponsor hacking and claim to be a victim to hacking campaigns themselves.
McAfee has found malware that reuses some of the code that was uses in a campaign called Seasalt that was introduced by APT1 around 2010. The reason this is interesting is because this code was never released publicly, lending authority to McAffee’s claims.
A recent campaign, named Operation Oceansalt has been linked to Comment crew. Operation Onceansalt started in May this year and was seen to be targeting Korean speaker with a data reconnaissance implant. Four more waves have since been detected, aimed against companies in South Korea, the United States and Canada.
The Oceansalt implant gives attackers full control of any system or network it is connected to, however, is mainly used for espionage activity. McAffee acknowledged that the implant allows for information to be sent to a control server and commands can also be executed on infected machines, however the full extent of its purpose is not known.
The waves of attacks
The first wave of attacks happened when a South Korean website was compromised, allowing for a spear-phishing campaign to take place. This was done through Microsoft excel email attachments.
For the first two waves of the attack the targets were South Korean public infrastructure officials. The third round of malware documents was distributed from another compromised South Korean website, and the content related to the financials of the Inter-Korean Cooperation Fund.
In the fourth wave involved the targeting of investment, healthcare, banking and agriculture industries in the US and Canada. There are few details around the extent or damage of this wave.
The fifth wave primarily targeted South Korea and the United States using Oceansalt implant.
Although the full motive of the attack is unclear, there is speculation that it could be financial, or a small part of a much larger attack.
BREAKING NEWS
Ad Clicker Disguised as a Google Photos App has been Hosted on Microsoft Store.
Ad Clicker Disguised as a Google Photos App has been Hosted on Microsoft Store.
A malicious app called “Album by Google Photos” was found to be hosted on the Microsoft store. The app was pretending to be part of Google Photos, but was in fact an ad clicker that generates hidden adverts within the Windows 10 Operating System.
The ad clicker app seemed credible to users because of its name, and also the fact it claimed to be created by Google LLC, Google’s actual Microsoft store account is Google Inc, but it looks unsuspecting to users. Microsoft came under some criticism for not realising the app was actually malicious software since the user reviews did highlight that the app was fake, with plenty of 1* reviews. One review states “ My paid Anti-malware solution detected several attempts to download malware by this app. Watch out”. The App was first released on the Microsoft store in May.
What did the application do?
The “Album by Google Photos” app is a Progressive Web Application (PWA), which acts as the front end for Google Photos and includes a legitimate login screen. Hidden in the app bundle is also an ad clicker which runs in the background and generates income for the app developers.
The app connects to ad URLS, and the ads were very similar to what users would see from typical adware, including tech support scams, random chrome extensions, fake flash and java installs and general low-quality sites.
Microsoft haven’t commented how this app managed to pass the Microsoft review process before ending up on the store. This is somewhat concerning since it could mean other malicious apps of a similar nature have flown under the radar and are still infecting user’s computers. We are waiting for Microsoft to comment on the issue.
HACKING NEWS
How to guide: Check if your Facebook Account has been hacked?
How to guide: Check if your Facebook Account has been hacked?
At the end of September, it was revealed that a Facebook security flaw allowed the access tokens of over 50 Million accounts to be stolen. Access tokens allow users to stay signed in on devices, rather than signing in every time they interact with a Facebook app. On Friday 12 October, after weeks of investigation, Facebook reported that the actual number of accounts affected was 30 million, not 50.
The investigation into how this was made possible, and the extent of the data stolen is still ongoing, but Facebook have said there is no need for users to log out or change their password. Facebook forced 90 million users to log out when the breach was discovered.
Users can use this page to check if they were one of the accounts affected in the incident, as well as read any recent findings from the investigation. When you visit page, if you are not one of the affected users it will tell you this in a statement towards the bottom of the page, and there is no further action required from you other than remaining security conscious when it comes to passwords and such. You will also see a message saying your account hasn’t been compromised if you are one of the one million users to who their tokens stolen but information remained safe.
If you fall into the other 29 million users camp, then you will see one of two messages, depending on the level of your information that was stolen. Fifteen million users had their name, email addresses and phone numbers compromised by hackers. While this is serious enough itself, the other 14 million have a more serious data breach problem.
The other 14 million have had the above information stolen, as well as their username, date of birth, devices you use, gender, language settings and possibly more data such as religious and political views. It’s also possible that they accessed your 10 most recent locations and 15 most recent searches, giving a detailed window into your online presence.
There is currently no evidence that hackers used the vulnerability to attack third-party apps and services to gather more information, which was technically possible. Facebook also continues to report that no passwords of credit card information has been compromised. We are yet to see the full fallout from the breach, but there is also evidence that Facebook logins are being sold on the dark web.
While that data is now out there in the hands of attackers, Facebook has used their support page to offer some advice on avoiding phishing schemes. This is a good move from Facebook, but it doesn’t make up for the grievous level of the data breach and the users it has left vulnerable to tailored phishing attacks now their data is out there.
Photo by Glen Carrie on Unsplash
-
GAME REVIEW6 years ago
Top Hacking Simulator Games Every Aspiring Hacker Should Play: Part 1
-
DEALS6 years ago
Great Ethical Hacking Courses for Beginners
-
GAME REVIEW6 years ago
Hacknet Review
-
DEALS6 years ago
3 Reasons To Kickstart A Career As An Ethical Hacker
-
HOW TO6 years ago
How To Become an Ethical Hacker – Beginners Guide
-
GAME REVIEW6 years ago
Top Hacking Simulator Games Every Aspiring Hacker Should Play: Part 2
-
HACKING NEWS6 years ago
How to guide: Check if your Facebook Account has been hacked?
-
BREAKING NEWS6 years ago
US Online Retail Company suffered a data breach affecting 6.5 million customers