Thursday, November 25, 2021

BLEEPING COMPUTER

ANOTHER WARNING ALERT

Over nine million Android devices infected by info-stealing Trojan

Bill Toulas

BleepingComputer

A large-scale malware campaign on Huawei's AppGallery has led to approximately 9,300,000 installs of Android trojans masquerading as over 190 different apps.

The trojan is detected by Dr.Web as 'Android.Cynos.7.origin' and is a modified version of the Cynos malware designed to collect sensitive user data.

The discovery and report come from researchers at Dr. Web AV, who notified Huawei and helped them remove the identified apps from their store.

However, those who installed the apps on their devices will still have to remove them from their Android devices manually.

Trojan disguised as game apps

The threat actors hid their malware in Android apps pretending to be simulators, platformers, arcades, RTS strategy, and shooting games for Russian-speaking, Chinese, or international (English) users.

As they all offered the advertised functionality, users were unlikely to remove them if they enjoyed the game.

The list of the Cynos malware apps is too extensive to share here, but some notable examples that stand out due to having a large number of installations are listed below:

快点躲起来 (Hurry up and hide) – 2,000,000
Cat adventures – 427,000
Drive school simulator – 142,000

**One of the trojanized apps.**
*Source: Dr. Web*

Since it's impractical to compare your list of installed apps to the full list of 190 malicious apps, the more straightforward solution would be to run an AV tool that can detect Cynos trojans and their variants.

Powerful malware

The functionality of this Cynos trojan variant can perform various malicious activities, including spying on SMS texts and downloading and installing other payloads.

"The Android.Cynos.7.origin is one of the modifications of the Cynos program module. This module can be integrated into Android apps to monetize them. This platform has been known since at least 2014," explained Doctor Web malware analysts in their report.

"Some of its versions have quite aggressive functionality: they send premium SMS, intercept incoming SMS, download and launch extra modules, and download and install other apps."

"The main functionality of the version discovered by our malware analysts is collecting the information about users and their devices and displaying ads."

The aggressive nature of the trojan becomes apparent right from the installation phase when it asks for permission to perform activities that are not generally associated with a game, such as making phone calls or detecting users' locations.

**Risky permission request from a laced game**
*Source: Dr. Web*

If the user grants the permission requests, the malware can exfiltrate the following data to a remote server:

User mobile phone number
Device location based on GPS coordinates or the mobile network and Wi-Fi access point data
Various mobile network parameters, such as the network code and mobile country code; also, GSM cell ID and international GSM location area code
Various technical specs of the device
Various parameters from the trojanized app’s metadata

In addition to the above, Cynos trojans can potentially download and install extra modules or apps, send premium service SMS, and intercept incoming SMS.

As such, these apps can lead to unexpected charges from subscribing to premium services, and they can also drop even stealthier spyware payloads.

Update Nov. 24 - A Huawei spokesperson has shared the following comment with Bleeping Computer:

"AppGallery’s built-in security system swiftly identified the potential risk within these apps. We are now actively working with affected developers to troubleshoot their apps. Once we can confirm that the apps are all clear, they will be re-listed on AppGallery so consumers can download their favorite apps again and continue enjoying them.

Protecting network security and user privacy is Huawei's priority. We welcome all third-party oversight and feedback to ensure we deliver on this commitment. We will continue to collaborate closely with our partners, and at the same time, employ the most advanced and innovative technologies to safeguard our users’ privacy."

Y Tu Mamá También: Narrating Identities

How To Learn Anything, Anywhere - Elon Musk

EYES IN THE SKIES: Mis-Uses of Technology

While "Maintaining-the-Peace" There are several reasons a law enforcement agency might find anti-police brutality protests more "worthy" of extended surveillance than other protests over other issues. Very few of those reasons are excusable.

The footage obtained here says what police officials are unwilling to confront:

that cops go after minorities whenever possible and still feel very comfortable singling them out for whatever form of surveillance they happen to have on hand.

At best, it would be safe to assume that anti-police protests are more volatile because they historically have been.

But when no criminal activity is observed, the CHP should maintain its distance When it's clear it's a peaceful protest, the CHP has no business targeting individual protesters.

Helicopter Footage Obtained By The ACLU Shows Pervasive Surveillance Of Peaceful Anti-Police Violence Protests

(Mis)Uses of Technology

from the because-of-course-it-does dept

Wed, Nov 24th 2021 3:30am — Tim Cushing

Intro ". . .Thanks to a trove of public records, the ACLU can provide some insight on how the California Highway Patrol engaged in surveillance of anti-police brutality protests.

While one would expect police helicopters to fly over protests to keep an eye out for any illegal activity, it appears the officers manning the surveillance cameras were more interested in trying to identify protesters who weren't breaking any laws.

Some lowlights of the aerial footage can be seen in this video produced by the ACLU:

Here's how the ACLU describes what it observed in the recordings liberated from from the CHP:

In Sacramento, CHP closely zooms in on a protester as they sit alone on a fountain next to a Black Lives Matter poster. An hour later, when people peacefully assemble in front of the fountain to hear an organizer speak, CHP continues to hover and record, zooming in closely on people’s faces and signs.
In Placerville, CHP captures detailed footage of several dozen protesters peacefully assembled in front of the El Dorado County courthouse. The video captures an organizer thanking and hugging participants as they hold up signs. CHP also recorded a Riverside County courthouse protest described as a “vigil... so quiet that the loudest sound was helicopters overhead.” In the CHP recordings, police cameras zoom in on faces and linger over people speaking at vigils, handing out water, making signs, participating in die-ins, and even dancing.

This is the Press-Enterprise's recounting of the peaceful protest in Riverside not-so-quietly observed by CHP helicopters:

The demonstration ended peacefully in the mid-afternoon, after protesters took a symbolic nine-minute knee in front of the Riverside Historic Courthouse. The vigil was so quiet that the loudest sound was helicopters overhead.
Then they returned to the park and dispersed, with some demonstrators cleaning up the streets as they went.
There were no arrests. “Very peaceful. No issues reported,” Riverside Police spokesman Officer Ryan Railsback said.

But despite there being no signs of criminal activity, the helicopters continued to circle the protest while camera operators zoomed in on faces for reasons that went undocumented in the reports obtained by the ACLU. That lack of information implies the apparent attempts to photograph or identify protesters fell outside the stated purpose of the surveillance and was deliberately left out of CHP reports.

That's not the only troubling aspect of the CHP surveillance footage. It also appears the CHP took particular interest in anti-police protests, allowing other large protests to go unobserved by its eyes in the sky.

We asked CHP whether it had any surveillance footage of other protests last year, including those related to the COVID-19 pandemic and associated shelter-in-place orders. But in hour after hour of footage provided by CHP, what we saw were protests against police violence, not protests of pandemic policy.

[...] The CHP targeted the protests because the protests targeted law enforcement. A majority of protesters in these protests (as compared to COVID-related protests) were persons of color. The eyes in the sky weren't so much about keeping the peace as reminding protesters law enforcement is omnipresent and its eyes can be pretty much anywhere at all times. Circling over peaceful protests with police helicopters is a form of intimidation. Destroying a nine-minute silent tribute to a black man killed by a white cop with whirling rotors and engine noise is a feature, not a bug, of this form of surveillance.

This implicit ugliness will, of course, be denied by law enforcement officials. Just like they've denied all sorts of evidence of biased policing pretty much since the inception of their respective law enforcement agencies. But everyone can see it's still there.

The footage obtained here says what police officials are unwilling to confront: that cops go after minorities whenever possible and still feel very comfortable singling them out for whatever form of surveillance they happen to have on hand."

Filed Under: blm, california, chp, helicopter, protests, surveillance

Wednesday, November 24, 2021

GIZMODO: This is all good news. But it's a bit crazy that it's Gizmodo doing all this work

There are a number of issues here in this post taken from a report by Mike Masnick yesterday afternoon appearing in TechDirt

HERE'S THE TAKE-AWAY BEFORE THE STORY

The fact that it took a month for any of the members, let alone one of the smaller ones, to actually decide to put together the effort to release the papers is a damning statement on how many members of the consortium see their role in the media to be a gatekeeper to information, rather than providing the public access to information.

"While I've been skeptical of some of the framing of the reporting on the papers, I still do generally believe it was a good thing to get this research out to the world -- even if I have little confidence that the media could ever do a good job conveying the story. . ."

Lots Of Big Media Companies Had Access To The Facebook Files; Only Gizmodo Decided To Put In The Work To Make Them Public

Journalism

from the good-for-them dept

Good For Them Peter Hermann GIF - Good For Them Peter Hermann Charles Brooks GIFs

Tue, Nov 23rd 2021 12:05pm — Mike Masnick

As news of the consortium broke, many people called out the fact that all of these big journalism organizations weren't actually releasing the documents they were going through themselves, often only describing them or quoting parts of them.

=========================================================================

INSERT

We’re Making the Facebook Papers Public. Here’s Why and How

Gizmodo

1 day ago · Subsequently, Gizmodo and some 300 other mostly Western journalists obtained access. We believe there's a strong public need in making as...

=======================================================================

"Given that in a few cases where we've been able to see the full documents, it has appeared that some of the reporting was misleading or confused, this was a concern. And, of course, there were other concerns about the makeup of the consortium, and the fact that it was entirely based in the US.

There are plenty of reasonable concerns about privacy when you have a giant cache of internal documents. That's why it's a good thing to find out that Gizmodo has now taken on the task of making the Facebook Papers public, and doing so in partnership with a bunch of independent experts who will help Gizmodo's reporters sift through the documents and make sure that they're okay to be released:

> Today, we see a strong public need can be served by making as many of the documents public as possible, as quickly as possible. To that end, we’ve partnered with a small group of independent monitors who are joining us to guide our work in preparing the papers for public release. The mission is to minimize any costs to individuals’ privacy or the furtherance of other harms while ensuring the responsible disclosure of the greatest amount of information in the public interest.

As Gizmodo notes, there are many reasons to carefully review the documents before releasing them:

More than for privacy, the documents require extra review to ensure we aren’t just handing groups of criminals and spies a roadmap to undermining the controls Facebook does have in place to detect propaganda aimed at spreading lies, hate, and fear. That would undermine any benefit the world stands to reap from this act of whistleblower justice.
The work is just beginning but we’re eager to start releasing documents as as possible. The first batch will likely consist of documents that warrant the least amount of redactions, just to get the ball rolling.

This is all good news. But it's a bit crazy that it's Gizmodo doing all this work. Gizmodo wasn't even a member of the original consortium and only joined after the first batch of stories went out. Also, Gizmodo is way smaller and with way fewer resources than many of the other members of the consortium, which includes the flush NY Times, the Washington Post, NBC, CNN, the Associated Press, Politico, Wired and more.

Filed Under: facebook files, facebook papers, reporting, transparency
Companies: facebook, gizmodo

Elon Musk JUST REVEALED SpaceX's Insane New Planetary Defense System!

SPACE JUNK + JUNK VISUALIZATIONS: Anti-Satellite Kinetic On-Orbit Weapons Testing in Space Warfare

There's a competing counter-narrative propaganda war over a recent incident that clearly shows three divergent perspectives - the first two are thick with conditional vague language alleging threats from the successful destruction of an old outdated Russian satellite to demonstrate the success of a new system.

There's already a huge amount of junk in orbit, so let's take the time to observe some media influence junk in the first two inserts and a very clear non-speculative statement.

A graphical depiction of all of the objects currently orbiting the Earth.

Here

Russian Anti-Satellite Test Produces Dangerous Debris Cloud In Orbit (Updated)

U.S. Space Command has confirmed a "debris-generating event," which now presents a potential risk to the International Space Station.

By Joseph Trevithick November 15, 2021

"Russia may have just conducted an anti-satellite weapon test. These reports are based on the apparent breakup of a satellite known as Kosmos-1408, part of a long-defunct Soviet-era electronic intelligence constellation, which has now created a cloud of debris that could threaten the International Space Station.

It's unclear exactly when this test may have occurred, but the first reports began to appear online earlier today. There has been no official word so far from Russian authorities. When reached for comment, U.S. Space Force redirected us to U.S. Space Command, which has issued press releases after Russian anti-satellite (ASAT) weapon tests in the past.

However, experts and observers have said that there are indications that this was an ASAT test.

"ASAT missile strike now suspected. Seradata SpaceTrak database orbital data had Cosmos 1408 in a 487 x 461 km orbit - a bit higher than ISS but not much," read a Tweet from the official Twitter account for Seradata, a private space data-analysis company. "The ASAT strike on Cosmos 1408 would cause some debris to be fired below it ... threatening ISS with a crossing debris cloud."

[...] Space Command accused the Kremlin of carrying out two "direct-ascent" ASAT tests, typically understood to involve ground-launched interceptors, in 2020. Last year, Space Force separately disclosed that it had observed at least one on-orbit ASAT test. That revelation came after reports, including from The War Zone, that a small Russian satellite had maneuvered very closely to an American intelligence satellite and was shadowing it.

That satellite "behaved similar to previous Russian satellites that exhibited characteristics of a space weapon, conducted maneuvers near a U.S. Government satellite that would be interpreted as irresponsible and potentially threatening in any other domain," according to a press release from Space Command in April 2020. A subsequent statement from that command in December 2020 described the event as having actually "demonstrated an on-orbit kinetic [ASAT] weapon."

If Russia did indeed deliberately destroy Kosmos-1408 in an ASAT test, it would only further underscore how real this threat is now and how it will only become more of an issue as time goes on. Earlier this month, Russian Defense Minister Sergei Shoigu announced that President Vladimir Putin had ordered the development of new air and missile defense system known as the S-550. . ."

============================================================================

This

A screengrab of a visualization, created by Hugh Lewis

Visualizations show the extensive cloud of debris Russia’s anti-satellite test created

It’s going to be a problem for years, if not decades

By Loren Grush@lorengrush Nov 19, 2021, 11:55am EST

The Verge

<div class=__reading__mode__extracted__imagecaption>A screengrab of a visualization, created by Hugh Lewis

"Satellite trackers have been working overtime to figure out just how much dangerous debris Russia created when it destroyed one of its own satellites early Monday — and the picture they’ve painted looks bleak. Multiple visual simulations of Russia’s anti-satellite, or ASAT, test show a widespread cloud of debris that will likely menace other objects in orbit for years.

Early this week, Russia launched a missile that destroyed the country’s Kosmos 1408 satellite, a large spacecraft that orbited the Earth roughly 300 miles up. The breakup of the satellite created at least 1,500 pieces of trackable fragments, according to the US State Department, as well as thousands of smaller pieces that cannot be tracked. All of those pieces are still in low Earth orbit, moving at thousands of miles an hour and posing a threat to any objects that might cross their path. Initially, that even included the International Space Station, with crew members on board forced to take shelter in their spacecrafts as the debris cloud from the satellite passed by the ISS a couple of times. . .

And there’s one thing the visualizers agree on: this snake of debris isn’t going anywhere anytime soon. “There will be some potential collision risk to most satellites in [low Earth orbit] from the fragmentation of Cosmos 1408 over the next few years to decades,” LeoLabs, a private space tracking company in the US, wrote in a blog post.

> Two visualizations created by the European Union’s Space Surveillance and Tracking (SST) network and space software company AGI reveal what likely happened in the first moment of impact when Russia’s missile intercepted Kosmos 1408. They both show how the debris cloud grew instantly and spread throughout space. AGI’s simulation also shows just how close the cloud comes to intersecting with the International Space Station, validating NASA’s concerns and the agency’s decision to have the astronauts shelter in place.

[...] For now, Lewis’ visualization relies on simulations based on where we think these pieces of debris might be, given the size of Kosmos 1408 and the physics of a missile striking a satellite. However, the visualization will become more realistic as real-world data from the test trickles in. US Space Command is responsible for tracking objects in space, but it has yet to make any of the tracks from the ASAT test available to the public.

Our best hope for tracking this material comes from a mixture of different sensors — from ground-based radar stations to optical telescopes. However, it’s probably going to be some time before even the most sophisticated trackers know where everything is. . .And as all of these satellites pieces decay in orbit over time, they will continue to pose a risk for the space station and other satellites. All it takes is just one collision with a fast-moving piece of debris to potentially knock out a functioning satellite. . ."

===========================================================================

Russia’s top brass reports on successfully striking defunct satellite in tests

Its fragments will not pose any threat to orbital stations, satellites and space activity, the Russian Defense Ministry reported

Russian Defense Ministry Valery Sharifulin/TASS

"MOSCOW, November 16. /TASS/. Russia’s Defense Ministry reported on Tuesday that a defunct Russian satellite was successfully struck during tests.

As Russia’s defense agency emphasized, the US new space strategy aims "to create an all-out military advantage in outer space and, therefore, the Russian Defense Ministry is carrying out planned measures to strengthen the country’s defense capability.

"On November 15, the Defense Ministry of Russia successfully conducted a test, in which the Russian defunct Tselina-D satellite in orbit since 1982 was struck," the statement says.

As the ministry pointed out, the fragments emerging after the defunct Tselina-D Soviet-era satellite was destroyed during the tests will not pose any threat to orbital stations, satellites and space activity.

"The United States knows for certain that the emerging fragments at the time of the test and in terms of the orbit’s parameters did not and will not pose any threat to orbital stations, satellites and space activity," the ministry said.

The satellite’s fragments were entered into the chief catalog of the Russian space control system and immediately placed under surveillance until they cease to exist," the statement says.

"Earlier, such tests in outer space were already conducted by the United States, China, and India," the Defense Ministry of Russia said."

MesaZona > Table of Contents : Here's The Menu. Enjoy

Thursday, November 25, 2021

BLEEPING COMPUTER