GPs Archives - Iran News Daily

Android Phones Bug Targeting Bank Accounts

reporter 1222 — Tue, 03 Dec 2019 10:06:10 +0000

TEHRAN (Iran News) – A vulnerability in millions of fully patched Android phones is the bug being actively exploited by malware that’s designed to drain the bank accounts of infected users, researchers said on Monday.

The vulnerability allows malicious apps to masquerade as legitimate apps that targets have already installed and come to trust, researchers from security firm Promon reported in a post. Running under the guise of trusted apps already installed, the malicious apps can then request permission to carry out sensitive tasks, such as recording audio or video, taking photos, reading text messages or phishing login credentials. Targets who click yes to the request are then compromised, ArsTechnica reported.

Researchers with Lookout, a mobile security provider and a Promon partner, reported last week that they found 36 apps exploiting the spoofing vulnerability. The malicious apps included variants of the BankBot banking trojan. BankBot has been active since 2017, and apps from the malware family have been caught repeatedly infiltrating the Google Play Market.

The vulnerability is most serious in versions 6 through 10, which (according to Statista) account for about 80% of Android phones worldwide. Attacks against those versions allow malicious apps to ask for permissions while posing as legitimate apps. There’s no limit to the permissions these malicious apps can seek. Access to text messages, photos, the microphone, camera, and GPS are some of the permissions that are possible. A user’s only defense is to click “no” to the requests.

An affinity for multitasking

The vulnerability is found in a function known as TaskAffinity, a multitasking feature that allows apps to assume the identity of other apps or tasks running in the multitasking environment. Malicious apps can exploit this functionality by setting the TaskAffinity for one or more of its activities to match a package name of a trusted third-party app. By either combining the spoofed activity with an additional allowTaskReparenting activity or launching the malicious activity with an Intent. The malicious apps will be placed inside and on top of the targeted task.

“Thus the malicious activity hijacks the target’s task,” Promon researchers wrote. “The next time the target app is launched from Launcher, the hijacked task will be brought to the front and the malicious activity will be visible. The malicious app then only needs to appear like the target app to successfully launch sophisticated attacks against the user. It is possible to hijack such a task before the target app has even been installed.”

Promon said Google has removed malicious apps from its Play Market, but, so far, the vulnerability appears to be unfixed in all versions of Android. Promon is calling the vulnerability “StrandHogg,” an old Norse term for the Viking tactic of raiding coastal areas to plunder and hold people for ransom. Neither Promon nor Lookout identified the names of the malicious apps. That omission makes it hard for people to know if they are or were infected.

Google representatives didn’t respond to questions about when the flaw will be patched, how many Google Play apps were caught exploiting it, or how many end users were affected. The representatives wrote only:

“We appreciate the researchers’ work and have suspended the potentially harmful apps they identified. Google Play Protect detects and blocks malicious apps, including ones using this technique. Additionally, we’re continuing to investigate in order to improve Google Play Protect’s ability to protect users against similar issues.”

StrandHogg represents the biggest threat to less-experienced users or those who have cognitive or other types of impairments that make it hard to pay close attention to subtle behaviors of apps. Still, there are several things alert users can do to detect malicious apps that attempt to exploit the vulnerability. Suspicious signs include:

– An app or service that you’re already logged into is asking for a login.

– Permission popups that don’t contain an app name.

– Permissions asked from an app that shouldn’t require or need the permissions it asks for. For example, a calculator app asking for GPS permission.

– Typos and mistakes in the user interface.

– Buttons and links in the user interface that does nothing when clicked on.

– The back button does not work as expected.

Tip-off from a Czech bank

Promon researchers said they identified StrandHogg after learning from an unnamed Eastern European security company for financial institutions that several banks in the Czech Republic reported money disappearing from customer accounts. The partner gave Promon a sample of suspected malware. Promon eventually found that the malware was exploiting the vulnerability. Promon partner Lookout later identified the 36 apps exploiting the vulnerability, including BankBot variants.

Monday’s post didn’t say how many financial institutions were targeted in total.

The malware sample Promon analyzed was installed through several droppers apps and downloaders distributed on Google Play. While Google has removed them, it’s not uncommon for new malicious apps to make their way into the Google-operated service. Update: In an email sent after this post went live, a Lookout representative said none of the 36 apps it found was available in Google Play.

Readers are once again reminded to be highly suspicious of Android apps available both in and outside of Google Play. People should also pay close attention to permissions requested by any app.

The post Android Phones Bug Targeting Bank Accounts appeared first on Iran News Daily.

Don’t Ask GPs for Antibiotics, New Health Campaign Urges

reporter 1222 — Tue, 24 Oct 2017 16:30:01 +0000

TEHRAN – People are being urged not to ask their doctor for antibiotics as part of a new campaign aimed at tackling growing resistance to the drugs.

An estimated 5,000 people die every year in England because antibiotics no longer work for some infections, according to Public Health England (PHE), which has launched the Keep Antibiotics Working campaign.

England’s chief medical officer, Professor Dame Sally Davies, has previously warned of a “post-antibiotic apocalypse”, where antibiotics no longer work for serious infections, the Guardian reported.

Davies said: “Without effective antibiotics, minor infections could become deadly and many medical advances could be at risk – surgery, chemotherapy and Caesareans could become simply too dangerous.

“But reducing inappropriate use of antibiotics can help us stay ahead of superbugs.

“The public has a critical role to play and can help by taking collective action.

“I welcome the launch of the Keep Antibiotics Working campaign, and remember that antibiotics are not always needed so always take your doctor’s advice.”

The government wants to see a further drop in the number of antibiotic prescriptions issues by GPs to tackle the threat from resistance. Antimicrobial resistance occurs when bacteria change in such a way that the medication used to treat them – in this case antibiotics – becomes ineffective.

The PHE’s new campaign tells people to always trust their doctor, nurse or pharmacist on when to take antibiotics. It says that if they are prescribed, they should be taken as directed and never saved for later or shared with others.

Antibiotics do not work on many common conditions, such as colds, flu, earache, sore throats and some chest infections. However, people should see their GP if they have prolonged symptoms and develop other issues such as a sickness, a very high temperature or shortness of breath.

Melissa Mead, whose son William died from sepsis due to a chest infection that could have been treated with antibiotics, said she backed the campaign but warned there should be “less of a taboo” about prescribing antibiotics when needed.

William, from Cornwall, had been ill for six to eight weeks before he died. He had been seen by GPs six times before his death.

The doctors failed to diagnose a chest infection and eventual pneumonia which led to the sepsis that killed him. A report into his death said there was pressure on GPs to reduce antibiotic prescribing.

Mead said: “I think it’s right that we don’t use antibiotics flippantly. Over-use would prevent serious infections such as sepsis responding to treatment.

“I do, however, believe there should be less of a taboo about prescribing antibiotics when it is clinically evident to do so. Earlier intervention with antibiotics would have saved William’s life. It was clinically evident he needed them.”

Professor Paul Cosford, medical director at PHE, said: “Antibiotic resistance is not a distant threat, but is in fact one of the most dangerous global crises facing the modern world today.

“Taking antibiotics when you don’t need them puts you and your family at risk of developing infections which in turn cannot be easily treated with antibiotics.

“Without urgent action from all of us, common infections, minor injuries and routine operations will become much riskier.”

Experts have suggested that, in just over 30 years, antibiotic resistance will kill more people globally than cancer and diabetes combined.

Health minister Steve Brine said: “This government is firmly committed to combating drug-resistant infections and refuses to allow modern medicine to grind to a halt – simple steps can make a huge difference.”

Justine Roberts, founder of Mumsnet, said: “Many parents will know the anxiety and frustration that comes with worrying about a poorly child, while also fretting about missed days of school and work.

“The temptation to lobby for antibiotics can be overwhelming, so this Public Health England advice is welcome. The risks that come with the inappropriate use of antibiotics are just too great.”

The post Don’t Ask GPs for Antibiotics, New Health Campaign Urges appeared first on Iran News Daily.