Google Play Store’s Malware Problem, and More Security News This Week

Credit to Author: Emily Dreyfuss| Date: Sat, 30 Mar 2019 13:00:00 +0000

This week started off with one of tech’s biggest events of the year: an Apple product release. One of the most inter­esting launches to come out of Cupertino was rectangular, incredibly thin, and made of metal. But it isn't a gadget, it’s a credit card—the Apple Card—which the company says will have better security than any other. WIRED's own Lily Hay Newman dug into that claim and has some tips on how to get those security benefits now, before the card is even released.

Newman had a busy week. On Monday she explained how to check for a tainted software update that installed malicious backdoors on thousands of Asus computers, a sophisticated hack first reported by Motherboard. She was first to reveal new details about Mastercard's plan for a digital identity, a useful idea that has proved tricky to implement in practice. By Thursday, she found that HTTPS encryption may not be, well, all that secure all the time. Finally, Newman closed out the week with a report on the British government's finding that Huawei, the Chinese telecom equipment maker, has major security flaws in its product code.

Andy Greenberg wrote a guide to LockerGoga, the ransomware that’s been crippling industrial firms. Ideas contributor Zeynep Tufekci argued that machine learning shouldn’t have to spy on you in order to learn. I told you the story of how walkie-talkie app Zello has become a lifeline to Venezuelans amid a humanitarian crisis. Garrett Graff explained why attorney general William Barr’s four-page letter summarizing the Mueller report raises more questions than it answers.

And we took you on the trail of the “robocall king,” with a fascinating story written by Alex Palmer.

Of course, there was more! Each week we round up all the news we didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.

Working together with security researchers, a Motherboard investigation found that more than 20 Android apps in the Google Play Store were actually spyware that may have been developed for the Italian government. The apps were disguised as offering promotions from cell phone providers, but installed malware to steal data from devices and also left phones vulnerable to additional hacking. Legal experts and law enforcement sources told Motherboard that the apps appear to have flouted Italian laws permitting the use of spyware in certain circumstances. After being alerted by the researchers, Google took the apps off the Play Store. The company says it found 25 different versions of the spyware dating back to 2016, and that fewer than 1,000 Italians were affected. The specifics of the spyware are alarming, but there’s a larger takeaway from the story, too. As Motherboard writes, “This new case once again highlights the limits of Google’s filters that are intended to prevent malware from slipping onto the Play Store.”

Roskomnadzor, Russia’s media and telecom regulator, has notified 10 popular VPNs that they must start blocking sites on the government blacklist. According to TorrentFreak, the notice cites a 2017 law requiring services like VPNs to enforce the blacklist; the companies have 30 days to comply or risk getting blocked themselves. Since that law was passed, the VPNs have demurred, continuing to host the banned sites, but now experts are not sure what will happens if the companies refuse this time. One of the VPNs, TorGuard, told TorrentFreak it had already shut down its Russian operations and left the country in response to the notices, which also demanded the company hand over information on its business practices.

In what may mark the end of an era, the dark-web marketplace Dream Market announced this week that it’s shutting down on April 30. Dream Market has been around since 2013. It emerged as a dark-web leader after Silk Road shut down, followed shortly by its three biggest competitors. But its time on top would be brief. The news of the shutdown broke on the same day that law enforcement announced major arrests for dark-web drug trafficking. As ZDNet reports, that has worried Dream Market users and observers, who fear the site may have been compromised , and that any activity that takes place on there in its final month may be part of a honeypot operation. If it were true, it wouldn’t be the first sting in the dark-web world.

Iranian hacking group Phosphorus has 99 problems, and Microsoft is all of them. The company announced on Wednesday that it had taken down over 99 domains operated by the nation-state hackers. Microsoft followed a playbook it has honed over 15 similar cases: It challenged Phosphorus in a US civil court, arguing that it was illegal for the group to mimic Microsoft websites in order to attack people. The court ruled in Microsoft’s favor and gave the company the right to seize the domains. Microsoft’s Digital Crimes Unit and its Intelligence Center have been tracking the group since 2013, according to its announcement. The company believes the group was using the sites to spear-phish for passwords, contact information, or even control of people’s computers.

https://www.wired.com/category/security/feed/