Why Russia’s cyber arms transfers are poor threat predictors

Read Time:35 Second

The history of international cyber conflict is remarkably long and storied. The timeline of major cyber threat events stretches back nearly four decades, but it is really only the last decade that has seen the widespread proliferation of national cyber forces. As of 2007, only 10 countries had operational cyber commands, three of which were members of the NATO alliance. Just eight years later, that figure jumped to 61 nations, a full two-thirds of which were outside of the NATO alliance. Clearly, national governments have become more willing to see cybersecurity as a key responsibility. States are also cooperating and sharing the burden of securing cyberspace.

To read this article in full, please click here

Read More

HiddenAds Spread via Android Gaming Apps on Google Play

Read Time:5 Minute, 31 Second

Authored by Dexter Shin 

Minecraft is a popular video game that can be played on a desktop or mobile. This is a sandbox game developed by Mojang Studios. Players create and break apart various kinds of blocks in 3-dimensional worlds and they can select to enjoy Survivor Mode to survive in the wild or Creative Mode to focus on being creative. 

Minecraft’s popularity has led to many attempts to recreate similar games. As a result, there are so many games with the same concept as Minecraft worldwide. Even on Google Play, we can easily search for similar games. McAfee Mobile Research Team recently discovered 38 games with hidden advertising. These HiddenAds applications discovered on the Google Play Store and installed by at least 35 million users worldwide, have been found to send packets stealthily for advertising revenue in bulk.  

McAfee, a member of the App Defense Alliance, focused on protecting users by preventing threats from reaching their devices and improving app quality across the ecosystem. reported the discovered apps to Google, which took prompt action and the apps are no longer available on Google Play. Android users are protected by Google Play Protect, which can warn users of identified malicious apps on Android devices, and McAfee Mobile Security detects this threat as Android/HiddenAds.BJL. For more information, and to get fully protected, visit McAfee Mobile Security. 

How is it distributed to users? 

They were officially uploaded to Google Play under various titles and package names. Many games have already been downloaded by users, including apps with 10M+ downloads. 

Figure 1. 10M+ downloaded app being one of them 

Also, because they can play the game, users can’t notice the large amount of advertising packets being generated on their devices. 

Figure 2. Game screen that can be played 

What does it do?

After the game is running, the user can play without any problems in the block-based world, only like Minecraft-type games. However, advertisement packets of various domains continuously occur on the device. For example, the four packets shown in the picture are questionable packets generated by the ads libraries of Unity, Supersonic, Google, and AppLovin. Unfortunately, nothing is displayed on the game screen. 

Figure 3. Continuous advertising packets 

What’s even more interesting is the initial network packets of these games. The structure of the initial packet is very similar. All domains are different. But using 3.txt as the path is equivalent. That is, packets in the form of https://(random).netlify.app/3.txt commonly occur first. The picture below is an example of the first packet extracted from three different apps. 

Figure 4. Similarity of the initial packet form 

Users affected worldwide 

This threat has been detected in various countries around the world. Indicated by our telemetry, the threat has been most prominently detected in the United States, Canada, South Korea, and Brazil.

 

Figure 5. Users around the world who are widely affected 

 

As we featured in the McAfee 2023 Consumer Mobile Threat Report, one of the most accessible content for young people using mobile devices is games. Malware authors are also aware of this and try to hide their malicious features inside games. Not only is it difficult for general users to find these hidden features, but they can easily trust games from official stores such as Google Play. 

 

We first recommend that users thoroughly review user reviews before downloading applications from the store. And users should install security software on their devices and always keep up to date. 

 

Indicators of Compromise 

 

Package Name 
Application Name 
SHA256 
GooglePlay 

Downloads 

com.good.robo.game.builder.craft.block 
Block Box Master Diamond 
300343e701afddbf32bca62916fd717f2af6e8a98fd78cc50d11f1154971d857 
10M+ 

com.craft.world.fairy.fun.everyday.block 
Craft Sword Mini Fun 
72fa914ad3460f9e696ca2264fc899cad20b06b640a7adf8cfe87dd0ea19e137 
5M+ 

com.skyland.pet.realm.block.rain.craft 
Block Box Skyland Sword 
d15713467be2f60b2bc548ddb24f202eb64f2aed3fb8801daec14e708f5cee5b 
5M+ 

com.skyland.fun.block.game.monster.craft 
Craft Monster Crazy Sword 
cadbc904e77feaaf4294d218808f43d50809a87202292e78b0e6a3e164de6851 
5M+ 

com.monster.craft.block.fun.robo.fairy 
Block Pro Forrest Diamond 
08429992bef8259e3011af36ad9d3c2a61b8df384860fd2a007a32a1e4d634af 
1M+ 

com.cliffs.realm.block.craft.rain.vip 
Block Game Skyland Forrest 
34ef407f2bedfd8485f6a178f14ee023d395cb9b76ff1754e8733c1fc9ce01fb 
1M+ 

com.block.builder.build.clever.craft.boy 
Block Rainbow Sword Dragon 
23aa3cc9481591b524a442fa8df485226e21da9d960dc5792af4ae2a096593d5 
1M+ 

com.fun.skyland.craft.block.monster.loki 
Craft Rainbow Mini Builder 
88fa7de264c5880e65b926df4f75ac6a2900e3718d9d3576207614e20f674068 
1M+ 

com.skyland.craft.caves.game.monster.block 
Block Forrest Tree Crazy 
010c081e5fda58d6508980528efb4f75e572d564ca9b5273db58193c59987abf 
1M+ 

com.box.block.craft.builder.cliffs.build 
Craft Clever Monster Castle 
11c5e2124e47380d5a4033c08b2a137612a838bc46f720fba2a8fe75d0cf4224 
500K+ 

com.block.sun.game.box.build.craft 
Block Monster Diamond Dragon 
19ad0dc40772d29f7f39b3a185abe50d0917cacf5f7bdc577839b541f61f7ac0 
500K+ 

com.builder.craft.diamond.block.clever.robo 
Craft World Fun Robo 
746e2f552fda2e2e9966fecf6735ebd5a104296cde7208754e9b80236d13e853 
500K+ 

com.block.master.boy.craft.cliffs.diamond 
Block Pixelart Tree Pro 
25b22e14f0bb79fc6b9994faec984501d0a2bf5573835d411eb8a721a8c2e397 
500K+ 

com.fun.block.everyday.boy.robo.craft 
Craft Mini Lucky Fun 
9fdddf4a77909fd1d302c8f39912a41483634db66d30f89f75b19739eb8471ff 
500K+ 

com.builder.craft.block.sun.game.mini 
Block Earth Skyland World 
b9284db049c0b641a6b760e7716eb3561e1b6b1f11df8048e9736eb286c2beed 
500K+ 

com.dragon.craft.world.pixelart.block.vip 
Block Rainbow Monster Castle 
d6984e08465f08e9e39a0cad8da4c1e405b3aa414608a6d0eaa5409e7ed8eac1 
500K+ 

com.craft.vip.earth.everyday.block.game 
Block Fun Rainbow Builder 
f3077681623d9ce32dc6a9cbf5d6ab7041297bf2a07c02ee327c730e41927c5f 
500K+ 

com.block.good.mini.craft.box.best 
Craft Dragon Diamond Robo 
e685fb5a426fe587c3302bbd249f8aa9e152c1de9b170133dfb492ed5552acc9 
500K+ 

com.lucky.robo.craft.loki.block.good 
Block World Tree Monster 
06c3ba10604c38006fd34406edd47373074d57c237c880a19fb8d3f34572417d 
100K+ 

com.caves.robo.craft.dragon.block.earth 
Block Diamond Boy Pro 
122406962c303eaeb9839d767835a82ae9d745988deeef4c554e1750a5106cf0 
100K+ 

com.tree.world.city.block.craft.crazy 
Block Lucky Master Earth 
e69fe06cb77626be76f2c92ad4229f6eb04c06c73e153d5424386a1309adbd15 
100K+ 

com.game.skyland.craft.monster.block.best 
Craft Forrest Mini Fun 
e5fc2e6e3749cb4787a8bc5387ebb7802a2d3f9b408e4d2d07ee800056bb3e16 
100K+ 

com.everyday.vip.caves.house.block.craft 
Craft Sword City Pro 
318165fd8d77a63ca221f5d3ee163e6f2d6df1f2df5c169aca6aca23aef2cf25 
100K+ 

com.cell.rain.block.craft.loki.fairy 
Block Loki Monster Builder 
4f22be2ce64376f046ca180bd9933edcd62fd36f4a7abc39edf194f7170e2534 
100K+ 

com.block.good.sun.boy.craft.fun 
Block Boy Earth Mini 
3b0cf56fb5929d23415259b718af15118c44cf918324cc62c1134bf9bc0f2a00 
100K+ 

com.fairy.builder.sun.skyland.craft.block 
Block Crazy Builder City 
537638903f31e32612bddc79a483cb2c7546966cca64c5becec91d6fc4835e22 
100K+ 

com.monster.house.good.block.earth.craft 
Craft Sword Vip Pixelart 
5f85f020eb8afc768e56167a6d1b75b6d416ecb1ec335d4c1edb6de8f93a3cad 
100K+ 

com.block.best.boy.craft.sword.cell 
Block City Fun Diamond 
698544a913cfa5df0b2bb5d818cc0394c653c9884502a84b9dec979f8850b1e7 
100K+ 

com.crazy.clever.city.block.caves.craft 
Craft City Loki Rainbow 
ba50dc2d2aeef9220ab5ff8699827bf68bc06caeef1d24cb8d02d00025fcb41c 
100K+ 

com.cliffs.builder.craft.block.lucky.earth 
Craft Boy Clever Sun 
77962047b32a44c472b89d9641d7783a3e72c156b60eaaec74df725ffdc4671b 
100K+ 

com.lucky.best.block.game.diamond.craft 
Block City Dragon Sun 
ac3d0b79903b1e63b449b64276075b337b002bb9a9a9636a47fdd1fb7a0fe368 
100K+ 

com.build.craft.boy.loki.master.block 
Craft Loki Forrest Monster 
a2db1eba73d911142134ee127897d5857c521135a8ee768ae172ae2d2ee7b1d4 
100K+ 

com.build.lokicrafts.master.forest 
Lokicraft: Forrest Survival 3D 
0f53996f5e3ec593ed09e55baf1f93d32d891f7d7e58a9bf19594b235d3a8a84 
50K+ 

com.sun.realm.craft.lucky.dragon.block 
Craft Castle Sun Rain 
1e74e73bc29ce1f55740e52250506447b431eb8a4c20dfc75fd118b05ca18674 
50K+ 

com.block.craft.vip.sun.game.box 
Craft Game Earth World 
7483b6a493c0f4f6309e21cc553f112da191b882f96a87bce8d0f54328ac7525 
50K+ 

com.rain.crazy.lucky.pro.block.craft 
Craft Lucky Castle Builder 
de5eb8284ed56e91e665d13be459b9a0708fa96549a57e81aa7c11388ebfa535 
50K+ 

com.JavaKidz.attacksnake 
Craftsman: Building City 2022 
e19fcc55ec4729d52dc0f732da02dc5830a2f78ec2b1f37969ee3c7fe16ddb37 
50K+ 

com.skyland.house.block.craft.crazy.vip 
Craft Rainbow Pro Rain 
a7675a08a0b960f042a02710def8dd445d9109ca9da795aed8e69a79e014b46f 
50K+ 

 

The post HiddenAds Spread via Android Gaming Apps on Google Play appeared first on McAfee Blog.

Read More

Smashing Security podcast #319: The CEO who also ran IT, Strava strife, and TikTok tall tales

Read Time:23 Second

A boss is bitten in the bottom after being struck by one of the worst crimes in Finnish history, Strava’s privacy isn’t so private, and a private investigator uncovers some TikTok tall tales. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham … Continue reading “Smashing Security podcast #319: The CEO who also ran IT, Strava strife, and TikTok tall tales”

Read More

Iranian cyberspies deploy new malware implant on Microsoft Exchange Servers

Read Time:38 Second

A cyberespionage group believed to be associated with the Iranian government has been infecting Microsoft Exchange Servers with a new malware implant dubbed BellaCiao that acts as a dropper for additional payloads. The malware uses DNS queries to receive commands from attackers encoded into IP addresses.

According to researchers from Bitdefender, the attackers appear to customize their attacks for each particular victim including the malware binary, which contains hardcoded information such as company name, custom subdomains and IP addresses. Debugging information and file paths from compilation that were left inside the executable suggest the attackers are organizing their victims into folders by country code, such as IL (Israel), TR (Turkey), AT (Austria), IN (India), or IT (Italy).

To read this article in full, please click here

Read More

USN-6017-2: Ghostscript vulnerability

Read Time:14 Second

USN-6017-1 fixed vulnerabilities in Ghostscript. This update provides the
corresponding updates for Ubuntu 23.04.

Original advisory details:

Hadrien Perrineau discovered that Ghostscript incorrectly handled certain
inputs. An attacker could possibly use this issue to cause a denial of
service, or possibly execute arbitrary code.

Read More