Author: admin

Google Improving Security And Transparency For Android Apps

Google recently announced some additional details relating to their “Safety Section” feature of the Google Play store. This is part of an ongoing effort to make the Play Store a safer and more transparent place.

At the center of this plan is a new requirement that app developers must share details about what information their apps collect, how the collected data is being utilized, what privacy and security features the app in question offers, and what features of the device that the app resides on gains access to. Google has now announced a firm date for when that information must be made available to the consuming public: April 2022.

At that time the Google Play Store will be updated to include a new “Safety Section” where all of the information described above will be listed. This will increase transparency on the Play Store, give users added peace of mind, and play an important role in holding app developers accountable. It will also allow users to make better and more informed choices about what apps they install on their devices.

Google shared an overview of the types of questions that app developers will be required to answer in order to comply with the new policy.

These include:

  • Is data collected or shared by your app encrypted in transit? You’ll have the opportunity to disclose this on your label.
  • Do you provide a way for users to request deletion of their data? You’ll have the opportunity to disclose this on your label.
  • Does your app’s data collection practices comply with Google Play’s Families Policy?
  • Are you interested in taking your app through an external security review based on a global standard? You’ll have the opportunity to have this displayed on your label.
  • Is data collection optional or required to use the app?

Privacy advocates around the world have come out strongly in favor of the changes Google is making. This is very good news indeed. The Play Store will be safer than ever when the new policy is fully implemented.

Malware Named Xloader Targeting Macs And Stealing Information

XLoader is a newly discovered strain of malware designed to infect systems running macOS. This new strain was built from a malware strain called FormBook which was designed to steal passwords from Windows-based machines. The new strain is currently being offered on at least one forum on the Dark Web. It is being billed as a botnet loader service which can “recover” passwords from a variety of web browsers and email clients.


New Malware Called MosaicLoader Is Being Delivered Via Ads

Security company BitDefender has recently discovered a new strain of malware you should be aware of. They have dubbed the new threat MosaicLoader.

According to the company it is currently being distributed via ads displayed in search results when an internet user searches for links to cracked versions of popular software.

It is designed to steal passwords, deliver other forms of malware, and install cryptocurrency miners. This means that if it winds up on your system it can cause all manner of problems for you.

Most malware we see today is delivered via phishing attacks or by exploiting unpatched software. MosaicLoader’s method of delivery makes it markedly different and thus noteworthy.

Bogdan Botezatu of BitDefender had this to say about the recent discovery:

“Most likely, attackers are purchasing adverts with downstream ad networks – small ad networks that funnel ad traffic to larger and larger providers. They usually do this over the weekend when manual ad vetting is impacted by the limited staff on call.”

Most up to date antivirus software would spot and prevent the installation of MosaicLoader. Unfortunately many people who are looking for cracked versions of popular software turn their antivirus software off. Hackers around the world are well aware of this and are seeking to take advantage.

Bogdan Botezatu continues:

From what we can tell, this new MosaicLoader attempts to infect as many devices as possible, likely to build up market share and then sell access to infected computers to other threat actors. We advise users to never turn off their security solution when it blocks the installation of software downloaded from the internet, as attackers have become adept at bundling legitimate apps with malware.”

It’s good advice. Make sure all of your employees are aware and on their guard. That’s not a perfect solution but it is a very good start.