A previously undocumented strain of Android spyware with extensive information gathering capabilities has been found disguised as a book likely designed to target the Uyghur community in China.
The malware comes under the guise of a book titled "The China Freedom Trap," a biography written by the exiled Uyghur leader Dolkun Isa.

"In light of the ongoing conflict between the

A previously undocumented strain of Android spyware with extensive information gathering capabilities has been found disguised as a book likely designed to target the Uyghur community in China.

The malware comes under the guise of a book titled "The China Freedom Trap," a biography written by the exiled Uyghur leader Dolkun Isa.

"In light of the ongoing conflict between the Government of the People's Republic of China and the Uyghur community, the malware disguised as the book is a lucrative bait employed by threat actors (TAs) to spread malicious infection in the targeted community," cybersecurity firm Cyble said in a report published Monday.

The existence of the malware samples, which come with the package name "com.emc.pdf," was first disclosed by researchers from the MalwareHunterTeam late last month.

Distributed outside of the official Google Play Store, the app, once installed and opened, displays a few pages of the book, including the cover page, an introduction, and a letter purportedly sent by Michael Kozak and Sam Brownback to Isa on June 15, 2018, condoling his mother's death.

In reality, however, the malicious APK file is engineered to:

*   hide the app icon,
*   steal device and SIM information,
*   steal SMS messages, contacts and call logs,
*   identify neighboring cell information (received signal strength, Cell ID location),
*   make calls and send SMSes on behalf of victims,
*   delete SMS and call logs, and
*   take pictures from the infected device's camera and capture its screen.

"TAs are leveraging various methods, including regional and biogeographical conflicts, to fulfill their malicious intentions," the researchers said. "In this case, they are seen taking advantage of the Uyghur-Chinese conflict to target unsuspecting individuals."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Researchers Find New Android Spyware Campaign Targeting Uyghur Community

Categories: News
The most important and interesting computer security stories from the last week.



(Read more...)




The post A week in security (August 29 - September 4) appeared first on Malwarebytes Labs.

twitter

facebook

linkedin

Youtube

instagram

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Cyberprotection for every one.

FOR PERSONAL

Windows

Mac

iOS

Android

Privacy VPN

SEE ALL

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

FOR BUSINESS

Small Businesses

Mid-size Businesses

Large Enterprise

Endpoint Protection

Endpoint Detection & Response

MY ACCOUNT

Sign In

SOLUTIONS

Free Rootkit Scanner

Free Trojan Scanner

Free Virus Scanner

Free Spyware Scanner

Anti Ransomware Protection

SEE ALL

ADDRESS

3979 Freedom Circle  
12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay  
2nd Floor  
Cork T12 X8N6  
Ireland

LEARN

Malware

Hacking

Phishing

Ransomware

Computer Virus

Antivirus

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

MY ACCOUNT

Sign In

ADDRESS

3979 Freedom Circle, 12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay, 2nd Floor  
Cork T12 X8N6  
Ireland

A week in security (August 29 - September 4)

The notorious Android banking trojan known as SharkBot has once again made an appearance on the Google Play Store by masquerading as antivirus and cleaner apps.
"This new dropper doesn't rely on Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware," NCC Group's Fox-IT said in a report. "Instead, this new version asks the victim to install the

The notorious Android banking trojan known as SharkBot has once again made an appearance on the Google Play Store by masquerading as antivirus and cleaner apps.

"This new dropper doesn't rely on Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware," NCC Group's Fox-IT said in a report. "Instead, this new version asks the victim to install the malware as a fake update for the antivirus to stay protected against threats."

The apps in question, Mister Phone Cleaner and Kylhavy Mobile Security, have over 60,000 installations between them and are designed to target users in Spain, Australia, Poland, Germany, the U.S., and Austria -

*   Mister Phone Cleaner (com.mbkristine8.cleanmaster, 50,000+ downloads)
*   Kylhavy Mobile Security (com.kylhavy.antivirus, 10,000+ downloads)

The droppers are designed to drop a new version of SharkBot, dubbed V2 by Dutch security firm ThreatFabric, which features an updated command-and-control (C2) communication mechanism, a domain generation algorithm (DGA), and a fully refactored codebase.

Fox-IT said it discovered a newer version 2.25 on August 22, 2022, that introduces a function to siphon cookies when victims log in to their bank accounts, while also removing the ability to automatically reply to incoming messages with links to the malware for propagation.

By eschewing the Accessibility permissions for installing SharkBot, the development highlights that the operators are actively tweaking their techniques to avoid detection, not to mention find alternative methods in the face of Google's newly imposed restrictions to curtail the abuse of the APIs.

Other notable information stealing capabilities include injecting fake overlays to harvest bank account credentials, logging keystrokes, intercepting SMS messages, and carrying out fraudulent fund transfers using the Automated Transfer System (ATS).

It's no surprise that malware poses an evolving and omnipresent threat, and despite continued efforts on the part of Apple and Google, app stores are vulnerable to unknowingly being abused for distribution, with the developers of these apps trying every trick in the book to dodge security checks.

"Until now, SharkBot's developers seem to have been focusing on the dropper in order to keep using Google Play Store to distribute their malware in the latest campaigns," researchers Alberto Segura and Mike Stokkel said.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Fake Antivirus and Cleaner Apps Caught Installing SharkBot Android Banking Trojan

Plus: An unsecured database exposed face recognition data in China, ‘Cuba’ ransomware knocks out Montenegro, and more.

As summer winds down, researchers warned this week about systemic vulnerabilities in mobile app infrastructure, as well as a new iOS security flaw and one in TikTok. And new findings about ways to exploit Microsoft’s Power Automate tool in Windows 11 show how it can be used to distribute malware, from ransomware to keyloggers and beyond.

The anti-Putin media network February Morning, which runs on the communication app Telegram, has taken on a crucial role in the underground resistance to the Kremlin. Meanwhile, the “California Age-Appropriate Design Code” passed the California legislature this week with major potential implications for the online privacy of kids and everyone.

Plus, if you’re ready to take a more radical step to protect your privacy on mobile, and feel like a badass while doing it, we’ve got a guide to setting up and using burner phones.

But wait, there’s more! Each week, we highlight the news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

The data broker Fog Data Science has been selling access to what it claims are billions of location data points from over 250 million smartphones to local, state, and federal law enforcement agencies around the US. The data comes from tech companies and cell phone towers and is collected in the Fog Reveal tool from thousands of iOS and Android apps. Crucially, access to the service is cheap, often costing local police departments less than $10,000 per year, and investigations by the Associated Press and Electronic Frontier Foundation found that law enforcement sometimes pulls location data without a warrant. The EFF conducted its investigation through more than 100 public records requests filed over several months. “Troublingly, those records show that Fog and some law enforcement did not believe Fog’s surveillance implicated people’s Fourth Amendment rights and required authorities to get a warrant,” the EFF wrote.

An unprotected database containing information on millions of faces and license plates was exposed and publicly accessible in the cloud for months until it was finally protected in mid-August. TechCrunch linked the data to Xinai Electronics, a tech company based in Hangzhou in eastern China. The company develops authentication systems for accessing spaces like parking garages, construction sites, schools, offices, or vehicles. It also touts additional services related to payroll, employee attendance and performance tracking, and license plate recognition. The company has a massive network of cameras deployed across China that record face and license plate data. Security researcher Anurag Sen alerted TechCrunch to the unprotected database, which also exposed names, ages, and resident ID numbers in face data. The exposure comes just months after an enormous database from the Shanghai police leaked online. 

Montenegro authorities said on Wednesday that a gang called “Cuba” targeted its government networks with a ransomware attack last week. The gang also claimed responsibility for the attack on a dark-web site. Montenegro’s National Security Agency (ANB) said the group is linked to Russia. The attackers reportedly deployed a malware strain dubbed “Zerodate” and infected 150 computers in 10 Montenegrin government agencies. It is unclear whether the attackers exfiltrated data as part of the hack. The United States Federal Bureau of Investigation is sending investigators to Montenegro to aid in analyzing the attack.

On Monday, the US Federal Trade Commission announced it is suing the data broker Kochava for selling geolocation data harvested from apps on “hundreds of millions of mobile devices.” The data could be used, the FTC said, to track people’s movements and reveal information about where they go, including showing visits to sensitive locations. “Kochava’s data can reveal people’s visits to reproductive health clinics, places of worship, homeless and domestic violence shelters, and addiction recovery facilities,” the agency wrote. “The FTC alleges that by selling data tracking people, Kochava is enabling others to identify individuals and exposing them to threats of stigma, stalking, discrimination, job loss, and even physical violence.” The lawsuit aims to stop Kochava from selling sensitive location data, and the agency is requesting that the company delete what it already has.

In August, the prolific ransomware gang Cl0p hacked South Staff Water, a water supply company in the UK. The gang said it even had access to SSW’s industrial control network, which handles things like water flow. The hackers published screenshots allegedly showing their access to water supply control panels. Experts told Motherboard that it appears the hackers really could have meddled with the water supply, underscoring the risks when critical infrastructure networks aren’t adequately siloed from regular business networks. “Yes, there was access, but we made only screenshots,” Cl0p told Motherboard. “We do not harm people and treat critical infrastructure with respect. … We didn’t really go into it because we didn’t want to harm anyone.” SSW said in a statement, “This incident has not affected our ability to supply safe water.”

Police Across US Bypass Warrants With Mass Location-Tracking Tool

New web targets for the discerning hacker

New web targets for the discerning hacker

The otherwise typically low-key month of August also brings infosec’s most renowned conference: Black Hat USA, which this year brought a word of warning for bug bounty hunters.

Dylan Ayrey, CEO of Truffle Security, cited a number of cases in which poor research and shoddy data governance has led to the leak of users’ personally identifiable information. In some cases, the data is still available long after the corresponding ticket has been closed, he warned.

“These privacy leaks in bug bounties are really common, and for every example that we can share publicly there are 100 examples that can’t be shared publicly,” said Ayrey.

In another, alleged example of suboptimal bug bounty practices CrowdStrike came under fire recently over its vulnerability disclosure process.

Pascal Zenker, a partner of Swiss security analyst service Modzero AG, claimed the Texas-based cybersecurity firm’s bug bounty program, run through HackerOne, is “NDA-ridden”, while the disclosure process “turned unprofessional in the end”.

CrowdStrike, however, defended its actions and countered that Modzero had not responded to attempts to “continue the dialogue” until six weeks had elapsed.

Among the most notable new bug bounty programs this month is Google’s latest VRP, this time focused on its open source projects, such as Golang, Angular, and Fuchsia.

Announced on August 30, the Open Source Software Vulnerability Rewards Program (OSS VRP) is designed to stem the rising tide of attacks against the software supply chain.

There were several notable payouts on existing Google VRPs, most notably when Alesandro Ortiz netted $20,000 from the tech giant – giving $4,000 to a collaborator – for unearthing a bug in the Chromium project. This allowed attackers to bypass site isolation protection through iFrames and popup windows to steal private information, read and modify cookies, and gain access to microphone and camera feeds, among other exploits.

Meanwhile, researcher ‘NDevT’ discovered two XSS vulnerabilities in Google Cloud, DevSite, and Google Play that could lead to account hijacks. They won $3,000 and $5,000 in bug bounties for their pains.

And there was a $5,000 payout for a third Google issue, with Adi Cohen discovering an XSS in AMP for Email that involved tricking Gmail’s dynamic email feature into a rendering context that the browser would not use to render a given piece of code.

Finally, in non-Google payout news, there were $4,000 and $5,000 rewards respectively for serious GitHub Pages and Reddit issues, while a Yahoo hackathon paid out $218,121 for 218 bug submissions related to its text search engine tool Vespa.

**The latest bug bounty programs for September 2022**

The past month saw the arrival of several new bug bounty programs. Here’s a list of the latest entries:

**Abraxas VOTING**

**Program provider:  
**Bug Bounty Switzerland

**Program type:  
**Semi-public

**Max reward:  
**$10,000

**Outline:  
**VOTING will be used to manage ballots and aggregate tallied votes in Swiss elections.

**Notes:  
**The maximum reward is around 10,000 Swiss francs, which equates to roughly the same amount in US dollars.

Apply to hack on the program via Bug Bounty Switzerland

**Airlock**

**Program provider:  
**Bug Bounty Switzerland

**Program type:  
**Semi-public

**Max reward:  
**Undisclosed

**Outline:  
**Airlock’s Secure Access Hub, a web application firewall (WAF), protects more than 30,000 web applications worldwide.

**Notes:  
**“This program is built in the style of a CTF competition,” said the company.

Apply to hack on the program via Bug Bounty Switzerland

**Cornershop by Uber**

**Program provider:  
**HackerOne

**Program type:  
**Public

**Max reward:  
**$2,500

**Outline:  
**Uber’s on-demand grocery delivery service is offering $2,500 for critical vulnerabilities and $1,000 for high severity flaws.

**Notes:  
**Seven assets in scope: the .cornershopapp.com website, iOS and Android apps, source code, two domains containing internal assets, and QA environment.

Check out the Cornershop bug bounty page for more details

**Ethereum – Enhanced**

**Program provider:  
**Independent

**Program type:  
**Public

**Max reward:  
**$1m

**Outline:  
**Bug bounty rewards for the Ethereum blockchain have quadrupled for a two-week period – ending September 8 – when related to the network’s transition to proof-of-stake.

**Notes:  
**The application of a fourfold multiplier to payouts means ethical hackers could earn up to $1 million for the submission of valid critical vulnerabilities.

Check out our earlier coverage for more details

**Google OSS VRP**

**Program provider:  
**Independent

**Program type:  
**Public

**Max reward:  
**$31,337

**Outline:  
**Google’s Open Source Software Vulnerability Rewards Program (OSS VRP) focuses on the public repositories of Google-owned GitHub organizations such as GoogleAPIs and GoogleCloudPlatform, as well as their third-party dependencies.

**Notes:  
**Ranging from $100 to $31,337, rewards will typically be higher for particularly sensitive projects – such as Bazel, Angular, Golang, Protocol buffers, and Fuchsia – and vulnerabilities that can lead to supply chain compromise.

Check out the Google OSS VRP bug bounty page for more details

**Pogo**

**Program provider:  
**HackerOne

**Program type:  
**Public

**Max reward:  
**$2,000

**Outline:  
**Pogo is a mobile app that offers users a way to leverage their personal data online in order to access earn credits and discounts for shopping, finances, and more.

**Notes:  
**In scope are the platform’s production Android and iOS apps and API endpoint used by the mobile apps.

Check out the Pogo bug bounty page for more details

**Proton**

**Program provider:  
**Bug Bounty Switzerland

**Program type:  
**Semi-public

**Max reward:  
**$30,000

**Outline:  
**If you are accepted onto the program, privacy-preserving email service Proton “will give you early and exclusive access to not published versions of the applications and their source code”.

**Notes:  
**Swiss platform also promises attractive bounties, “a constructive dialogue, fair rules and a legal safe harbor”.

Apply to hack on the program via Bug Bounty Switzerland

**Secure Open Source Rewards**

**Program provider:  
**Independent

**Program type:  
**Public

**Max reward:  
**$10,000

**Outline:  
**Developers and security researchers have been invited to suggest ways to “harden critical open source projects” by the Linux Foundation, with Google’s open source security team providing initial sponsorship.

**Notes:  
**Rewards range from $505 for minor improvements up to $10,000 or more for “complicated, high-impact, and lasting improvements that almost certainly prevent major vulnerabilities”.

Check out our earlier coverage for more details

**Starbucks – Enhanced**

**Program provider:  
**HackerOne

**Program type:  
**Public

**Max reward:  
**$6,000

**Outline:  
**Bug reports that include a unique Nuclei Template to validate the finding will now earn researchers a $250 bonus.

**Notes:  
**Launched in 2016, the Starbucks program has 36 assets in scope, approaching 1,500 resolved reports, and average payouts of $250-$500 at the time of writing.

Check out the Starbucks bug bounty page for more details

**Trendyol**

**Program provider:  
**HackerOne

**Program type:  
**Public

**Max reward:  
**$3,000

**Outline:  
**Trendyol Group, Turkey’s largest ecommerce platform, has launched an ongoing bug bounty program after what it said was a successful, time-limited HackerOne Challenge.

**Notes:  
**Critical bugs will command rewards ranging between $2,000-$3,000, while high severity issues will net bug hunters between $750-$1,250.

Check out the Trendyol bug bounty page for more details

**Other bug bounty and VDP news this month**

*   Switzerland’s National Cyber Security Centre has announced the launch, later this year, of a new bug bounty program for the Swiss federal government following a 2021 pilot
*   Staying in Switzerland, federal postal service Swiss Post offered rewards up to 30,000 francs ($30,530) during a four-week bug bounty program that concludes today (September 2)
*   New or improved bug bounty or penetration testing tools showcased at Black Hat USA 2022 included pen test management platform AttackForge, open source recon framework ReNgine, and pen testing tools AWSGoat and AzureGoat

Curated by Adam Bannister. Introduction by Emma Woollacott.

**PREVIOUS EDITION** Bug Bounty Radar // The latest bug bounty programs for August 2022

Bug Bounty Radar // The latest bug bounty programs for September 2022

Thousands of corporate mobile apps developed by businesses for use by their customers contain hardcoded AWS tokens that can be easily extracted and used to access the full run of corporate data stored in cloud buckets.

Thousands of customer-facing Android and iOS mobile apps — including banking apps — have been found to contain hardcoded Amazon Web Services (AWS) credentials that would allow cyberattackers to steal sensitive information from corporate clouds.

Symantec researchers uncovered 1,859 business apps that use hardcoded AWS credentials, specifically access tokens. Of these, three-quarters (77%) contain valid AWS access tokens for logging into private AWS cloud services; and close to half (47%) contain valid AWS access tokens that also crack open millions of private files housed in Amazon Simple Storage Service (Amazon S3) buckets.

That means that a malicious-minded user of the app could easily extract the tokens and be off to the data-theft races, tapping into the cloud resources of the businesses that created the applications.

**Thanks, Mobile Software Supply Chain**

This unfortunate state of affairs is thanks to a mobile code supply chain issue, Symantec researchers said — vulnerable components that allow developers to embed hardcoded access tokens.

"We discovered that over half (53%) of the apps were using the same AWS access tokens found in other apps," they said in an analysis on Sept. 1. "Interestingly, these apps were often from different app developers and companies. \[Eventually\] the AWS access tokens could be traced to a shared library, third-party SDK, or other shared component used in developing the apps."

The firm found that these shared, hardcoded AWS tokens are used by in-house app developers for a variety of reasons, including downloading or uploading large media files, recordings, or images from the company cloud; accessing configuration files for the app; collecting and storing user-device information; or accessing individual cloud services that require authentication, such as translation services. However, the tokens' reach into the cloud is often far greater than the developer may realize.

"The problem is, often the same AWS access token exposes all files and buckets in the Amazon S3 cloud, often corporate files, infrastructure files and components, database backups, etc.," according to the analysis. "Not to mention cloud services beyond Amazon S3 that are accessible using the same AWS access token."

As an example, one of the apps uncovered by the analysis was created by a B2B company that offers an intranet and communication platform. It also provides a mobile software-development kit (SDK) for customers to use to access the platform.

"Unfortunately, the SDK also contained the B2B company's cloud infrastructure keys, exposing all of its customers' private data on the B2B company's platform," Symantec researchers noted, adding that they notified all organizations using vulnerable apps of the issue. "Their customers' corporate data, financial records, and employees' private data was exposed. All the files the company used on its intranet for over 15,000 medium-to-large-sized companies were also exposed."

The same situation held true for a collection of mobile banking apps on iOS that rely on the AI Digital Identity SDK for authentication. The SDK embeds AWS tokens that could be used to access private authentication data and keys belonging to every banking and financial app using it, as well as 300,000 banking users' biometric digital fingerprints used for authentication, and other personal data (names, dates of birth, and more).

"Apps with hardcoded AWS access tokens are vulnerable, active, and present a serious risk," Symantec researchers concluded. "\[And\] this is not an uncommon occurrence."

****Avoiding Cloud Compromise via Mobile Apps****

Organizations can take steps to ensure that the apps they build for their customers don't unwittingly offer a path to cyberespionage, according to Scott Gerlach, co-founder and CSO at StackHawk.

"Adding DevSecOps tools, like secret scanning, to continuous integration/continuous development pipelines (CI/CD) can help ferret out these types of secrets when building software," he noted in a statement. "And it's critical that you understand how to manage and securely provision AWS and other API keys/tokens to prevent unwarranted access."

From a design perspective, developers can also replace hardcoded credentials with API calls to a repository or software as-a-service (SaaS) vault, or to use temporary tokens, according to Tony Goulding, cybersecurity evangelist at Delinea.

"\[That way\] they can pull a credential or key down in real-time that doesn't persist on the device, in the app, or a local config file," he said in a statement. "An alternative approach is to use the AWS STS service to provision temporary tokens to grant access to AWS resources. They're similar to their long-term brethren except they have a short lifespan that's configurable — as little as 15 minutes. Once they expire, AWS won't recognize them as valid, preventing an illicit API request using that token."

AWS Tokens Lurking in Android, iOS Apps Crack Open Corporate Cloud Data

Microsoft disclosed the flaw in the Android app’s deep link verification process, which has since been fixed.

Microsoft said on August 31 that it recently identified a vulnerability in TikTok's Android app that could allow attackers to hijack accounts when users did nothing more than click on a single errant link. The software maker said it notified TikTok of the vulnerability in February and that the China-based social media company has since fixed the flaw, which is tracked as CVE-2022-28799.

The vulnerability resided in how the app verified what’s known as deep links, which are Android-specific hyperlinks for accessing individual components within a mobile app. Deep links must be declared in an app’s manifest for use outside of the app—so, for example, someone who clicks on a TikTok link in a browser has the content automatically opened in the TikTok app.

An app can also cryptographically declare the validity of a URL domain. TikTok on Android, for instance, declares the domain m.tiktok.com. Normally, the TikTok app will allow content from tiktok.com to be loaded into its WebView component but forbid WebView from loading content from other domains.

“The vulnerability allowed the app’s deep link verification to be bypassed,” the researchers wrote. “Attackers could force the app to load an arbitrary URL to the app’s WebView, allowing the URL to then access the WebView’s attached JavaScript bridges and grant functionality to attackers.”

The researchers went on to create a proof-of-concept exploit that did just that. It involved sending a targeted TikTok user a malicious link that, when clicked, obtained the authentication tokens that TikTok servers require for users to prove ownership of their account. The link also changed the targeted user’s profile bio to display the text "!! SECURITY BREACH !!"

“Once the attacker’s specially crafted malicious link is clicked by the targeted TikTok user, the attacker’s server, https://www.attacker\[.\]com/poc, is granted full access to the JavaScript bridge and can invoke any exposed functionality,” the researchers wrote. “The attacker’s server returns an HTML page containing JavaScript code to send video upload tokens back to the attacker as well as change the user’s profile biography.”

Microsoft said it has no evidence the vulnerability was actively exploited in the wild.

_This story originally appeared on_ _Ars Technica__._

TikTok Users Were Vulnerable to a Single-Click Attack

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Ward MP3 jPlayer plugin <= 2.7.3 at WordPress.

CVE-2022-36373: MP3-jPlayer

By Waqas
There are many different parental control apps available, so it is important to research which one will best fit the needs of your family.
This is a post from HackRead.com Read the original post: What is a parental control app and what are your options

A parental control app is a software application that parents can use to monitor their children’s activities on their smartphones. SMS, or short message service, is a way for parents to track their children’s text messages and see who they are communicating with. Smartphone parental control apps can also track the child’s location, restrict access to certain websites, and set time limits for app usage.

While some parents may feel comfortable trusting their children with a smartphone, others may want to have more control over what their children can do on their devices. For parents who want to monitor their child’s smartphone usage, a parental control app can be a helpful tool.

There are many different parental control apps available, so it is important to research which one will best fit the needs of your family. Here is a list of some of the parental control apps popular among users worldwide.

When it comes to keeping tabs on their children, parents have a lot of options these days. One such option is the mSpy parental control app. This app allows parents to track their child’s SMS messages, phone calls, and location. It can also be used to block certain apps and websites.

mSpy is a reliable and affordable option for parents who want to keep a close eye on their children’s activities. The app is easy to use and can be installed on most smartphones. Parents can also set up alerts so they’re notified if their child attempts to access something they’re not supposed to.

If you’re concerned about your child’s safety or want to make sure they’re not spending too much time on their phone, the mSpy parental control app is definitely worth considering.

**Google Family Link**

Did you know there is a parental control app offered by Google? Yes, Google Family Link is an app that helps parents manage their children’s online activity. It lets parents set up restrictions on what apps and websites their children can use, and also allows them to see how much time their children are spending on their devices.

Google Family Link can be a helpful tool for parents who want to make sure their children are staying safe online. The app is available for Android and iOS devices. Parents can also control the app on their web browser.

**Kidslox**

Kidslox is a parental control app that helps parents manage their children’s screen time. It allows parents to set limits on how much time their children can spend on devices, as well as what apps and websites they can access. Kidslox also has features that allow parents to monitor their children’s activity and whereabouts.

Kidslox is available for Android and iOS devices.

**Boomerang**

Boomerang is a parental control app that helps parents manage their children’s screen time. Boomerang lets parents set limits on how much time their children can spend on their devices, as well as track their child’s activity and internet usage.

Boomerang also provides parents with insights into their child’s online activity, helping them to better understand what their child is doing online. The app is available on App Store for iOS devices, on Google Play Store for Android devices, and on Galaxy Store as well.

**eyeZy**

The eyeZy parental app is a great way for parents to keep track of their children’s whereabouts and activities. The app is simple to use and easy to navigate, making it a great choice for anyone who wants to stay organized while they are away from home. The app includes features like an activity log, location history, and a message board where parents can communicate with each other.

**XNSPY**

The focus of the XNSPY application is mainly on parental control or monitoring a group of employees. It has a control panel designed to monitor various devices easily. Available in a version without root and with root; as well as without jailbreak and with jailbreak.

Seeing the functionality of this application, the general impression is that its developers designed it so that the user can monitor their company’s devices at the same time. Moreover, its control panel allows you to easily switch between all the devices added to the account.

**Choosing The Best Parental Control App**

When it comes to choosing parental control app, there are a few things you need to take into consideration. Here are some factors that you should look for:

*   **Ease of use**: The app should be easy to use and understand. Even if you’re not tech-savvy, you should be able to use it with ease.
*   **Reliability**: The app should be reliable and provide accurate information. You don’t want a parental control app that provides inaccurate information.
*   **Customer support**: If you run into any problems while using the app, you’ll want to ensure that customer support is available to help you.
*   **Value for money**: Make sure you’re getting an app worth the price. Some apps are expensive but don’t offer desired features. Choose an app that has an excellent price-to-feature ratio.
*   **Sharing Data:** Make sure that the app you are about to use does not store your data or sell it to the advertisement of malicious third parties. You must ensure your child’s data does not end up with an outsider.

1.  5 Ways to Ensure Your Child’s Online Safety
2.  Parents lose custody of kids after YouTube pranks
3.  Teen “Hackers” on Discord Selling Malware for Quick Cash
4.  Germany bans kids smartwatches, asks parents to destroy them
5.  Parental control spyware app Family Orbit hacked; 281 GB of data exposed

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

What is a parental control app and what are your options

The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control (C2) infrastructure this month, a development that alludes to an increase in the group's operational tempo.
BianLian, written in the Go programming language, was first discovered in mid-July 2022 and has claimed 15 victim organizations as of September 1, cybersecurity firm [redacted] said in

The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control (C2) infrastructure this month, a development that alludes to an increase in the group's operational tempo.

BianLian, written in the Go programming language, was first discovered in mid-July 2022 and has claimed 15 victim organizations as of September 1, cybersecurity firm \[redacted\] said in a report shared with The Hacker News.

It's worth noting that the double extortion ransomware family has no connection to an Android banking trojan of the same name, which targets mobile banking and cryptocurrency apps to siphon sensitive information.

Initial access to victim networks is achieved via successful exploitation of the ProxyShell Microsoft Exchange Server flaws, leveraging it to either drop a web shell or an ngrok payload for follow-on activities.

"BianLian has also targeted SonicWall VPN devices for exploitation, another common target for ransomware groups," \[redacted\] researchers Ben Armstrong, Lauren Pearce, Brad Pittack, and Danny Quist said.

Unlike another new Golang malware called Agenda, the BianLian actors exhibit dwell times of up to six weeks from the time of initial access and the actual encryption event, a duration that's well above the median intruder dwell time of 15 days reported in 2021.

Besides leveraging living-off-the-land (LotL) techniques for network profiling and lateral movement, the group is also known to deploy a custom implant as an alternative means for maintaining persistent access to the network.

The main goal of the backdoor, per \[redacted\], is to retrieve arbitrary payloads from a remote server, load it into memory, and then execute them.

BianLian, similar to Agenda, is capable of booting servers in Windows safe mode to execute its file-encrypting malware while simultaneously remaining undetected by security solutions installed on the system.

Other steps taken to defeat security barriers include deleting shadow copies, purging backups, and running its Golang encryptor module via Windows Remote Management (WinRM) and PowerShell scripts.

The earliest known C2 server associated with BianLian is said to have appeared online in December 2021. But the infrastructure has since witnessed a "troubling explosion" to surpass 30 active IP addresses.

According to Cyble, which detailed the modus operandi of the ransomware earlier this month, targeted companies span several industry sectors such as media, banking, energy, manufacturing, education, healthcare, and professional services. A majority of the companies are based in North America, the U.K., and Australia.

BianLian is yet another indication of cybercriminals' dedicated efforts to continue hopping tactics so as to avoid detection. It also adds to a growing number of threats using Go as the foundational language, enabling adversaries to make swift changes in a single codebase that can then be compiled for multiple platforms.

"BianLian have shown themselves to be adept with the Living of the Land (LOL) methodology to move laterally, adjusting their operations based on the capabilities and defenses they encountered in the network," the researchers said.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#android