Google

Today, Google announced new security features coming to Android 15 and Google Play Protect that will help block scams, fraud, and malware apps on users’ devices. Announced at Google I/O 2024, the new features are designed not only to help end users but also to warn developers when their apps have been tampered with. “Today, we’re announcing more new fraud and scam protection features coming in Android 15 and Google Play services updates later this year to help better protect users around the world,” reads a Google blog post from Dave Kleidermacher, VP Engineering, Android Security and Privacy. “We’re also sharing new tools and policies to help developers build safer apps and keep their users safe.” Protecting against spyware, banking malware Google is introducing numerous new features in Android 15 that are aimed at blocking banking trojans and spyware from stealing your information. Android banking trojans are used to steal users banking credentials by displaying fake login overlays, stealing MFA codes from notifications/messages, and allowing threat actors to remotely control devices. Over the years, researchers have illustrated how Android malware commonly steals one-time passcodes from messages and notifications. Last year, a new version of the Xenomorph Android malware took it a step further by allowing MFA codes to be stolen from Google Authenticator. Google has announced new security features that cause one-time passcodes to be hidden from notifications so that malware cannot steal them. The company is also expanding its restricted settings feature to include additional permissions that users must explicitly grant apps to prevent them from stealing data. Google says they are also introducing new features that protect against screen-sharing attacks conducted via social engineering. When Android is in screen-sharing mode, the operating system will automatically block sensitive information from appearing in notifications so that it cannot be stolen by remote threat actors. “During screen sharing, private notification content will be hidden, preventing remote viewers from seeing details in a user’s notifications,” explains Kleidermacher. “Apps that post OTPs in notifications will be automatically protected from remote viewers when you’re screen sharing, helping thwart attempts to steal sensitive data.” This new feature will also prevent your screen from being shown to attackers when entering credentials and credit card information during a screen-share session. A feature rolling out later this year will display more prominent indicators when screen sharing is active. Finally, Google is rolling out notifications alerting you when connected to an unencrypted cellular network to block Stingray attacks. “We’ll notify you if your cellular network connection is unencrypted, potentially exposing voice and SMS traffic to radio interception, and potentially visible to others. This can help warn users if they’re being targeted by criminals who are trying to intercept their traffic or inject a fraud SMS message,” Kleidermacher further shared. “We’ll help at risk-users like journalists or dissidents by alerting them if a potential false cellular base station or surveillance tool is recording their location using a device identifier.” Bringing AI to Google Play Google says they are introducing a new feature called Google Play Protect live threat detection, which uses on-device artificial intelligence to detect when an Android app performs suspicious behavior. The app is then sent back to Google for review, and users are warned to disable it until it can be determined if it is malicious. For developers, Google has updated its Play Integrity API to allow developers to check if apps are running in secure environments. The API has now been updated to allow dev to check the following in-app signals: Risk From Screen Capturing or Remote Access: Developers can check if there are other apps running that could be capturing the screen, creating overlays, or controlling the device. This is helpful for apps that want to hide sensitive information from other apps and protect users from scams. Risk From Known Malware: Developers can check if Google Play Protect is active and the user device is free of known malware before performing sensitive actions or handling sensitive data. This is particularly valuable for financial and banking apps, adding another layer of security to protect user information. Risk From Anomalous Devices: Developers can also opt-in to receive recent device activity to check if a device is making too many integrity checks, which could be a sign of an attack. Google says all these features will be rolling out to Android users via Google Play services updates and Android 15 later this year.    

A new version of the Drinik Android trojan targets 18 Indian banks, masquerading as the country’s official tax management app to steal victims’ personal information and banking credentials. Drinik has been circulating in India since 2016, operating as an SMS stealer, but in September 2021, it added banking trojan features that target 27 financial institutes by directing victims to phishing pages. Analysts at Cyble have been following the malware and report that its developers have evolved it into a full Android banking trojan with screen recording, keylogging, abuse of Accessibility services, and the ability to perform overlay attacks. Stealing credentials from real sites The latest version of the malware comes in the form of an APK named ‘iAssist,’ which is supposedly India’s Income Tax Department’s official tax management tool. Upon installation, it requests permissions to receive, read, and send SMS, read the user’s call log, and read and write to external storage. Next, it requests the user the allow the app to (ab)use the Accessibility Service. If granted, it disables Google Play Protect and uses it to perform navigation gestures, record the screen, and capture key presses. Eventually, the app loads the actual Indian income tax site via WebView instead of phishing pages like past variants and instead steals user credentials by recording the screen and using a keylogger. Drinik will also check if the victim ended up on a URL that indicates a successful login to ensure that the exfiltrated details (user ID, PAN, AADHAR) are valid. At this stage, the victim is served a fake dialogue box saying that the tax agency found they’re eligible for a refund of Rs 57,100 ($700) due to previous tax miscalculations and are invited to tap the “Apply” button to receive it. This action takes the victims to a phishing page that is a clone of the real Income Tax Department site, where they are directed to enter financial information, including account number, credit card number, CVV, and card PIN. Targeting banks To target the eighteen banks, Drinik constantly monitors the Accessibility Service for events related to the targeted banking apps, such as their apps. The targeted banks include SBI (State Bank of India), one of the largest banks in the world, serving 450,000,000 people via a massive network of 22,000 branches. If there’s a match, the malware collects keylogging data that contain user credentials and siphons them to the C2 server. During this attack, Drinik abuses the “CallScreeningService” to disallow incoming calls that may interrupt the login and, by extension, the data-stealing process. Drinik evolving While Drinik isn’t as sophisticated or advanced as other banking trojans, its authors appear determined to make it more powerful, constantly adding features that make it harder to detect. Going after Indian taxpayers and banking customers means that Drinik has a massive targeting pool, so every new successful feature potentially translates to substantial financial gains for the malware’s operators. To avoid this threat, always avoid APK downloads from outside the Play Store and enable biometric authentication, such as 2FA, for logging in to e-banking portals. NOTE: This article is copyright by bleepingcomputer.com and we are using it for educational or Information purpose only    

Google announced today that the Google Chrome web browser will likely drop support for Windows 7 and 8.1 starting February 2023. After support is discontinued for these two Windows versions, the company says Chrome users must ensure that their devices are running at least Windows 10. “With the release of Chrome 110 (tentatively scheduled for February 7th, 2023), we’ll officially end support for Windows 7 and Windows 8.1,” Google Chrome Support Manager revealed. “You’ll need to ensure your device is running Windows 10 or later to continue receiving future Chrome releases.” Google’s decision to drop support for these platforms matches Microsoft’s Windows lifecycle policy, which lists the Extended Security Update (ESU) program for Windows 7 and the Windows 8.1 end of support on January 10, 2023. Currently, Windows 7 is still running on over 10% of all Windows systems worldwide, while Windows 8.1 is just 2.7%, according to Statcounter GlobalStats. The Google Chrome web browser has a market share of over 65%, followed by Safari with roughly 18% and Microsoft Edge with 4.32% (which uses the Chrome rendering engine with enhancements from Microsoft). Users advised to upgrade Even though older Google Chrome versions will work even after support is dropped on Windows 7 / 8.1, Google advises users to upgrade their systems to keep receiving security updates. This matches Microsoft’s advice for customers with systems running Windows versions out of support which no longer receive technical assistance or software updates, exposing their computers and data to security risks. “Older versions of Chrome will continue to work, but there will be no further updates released for users on these operating systems,” the Google employee added. “If you are currently on Windows 7 or Windows 8.1, we encourage you to move to a supported Windows version before that date to ensure you continue to receive the latest security updates and Chrome features.” NOTE:: This article is copyright by bleepingcomputer.com and we are using it for educational or Information purpose only  

Google has apologized for a wave of emails warning Google Cloud Platform, Firebase, or API customers that their accounts may be suspended for a past due balance. Users began receiving these emails on September 22nd, which warned that their account was “past due or does not have valid payment information”. Action required Dear Google customer,  You are receiving this email because you are a Google Cloud Platform, Firebase, or API customer.  Our records indicate that your billing account: [account_id] is past due or does not have valid payment information associated with it. This may happen if your credit card has expired or was cancelled, and we haven’t received valid payment information from you. Please update your billing account with valid payment information. Failure to make payments may result in suspension and/or termination of your billing account and the related Project(s) or Service(s). If you have already updated your payment information, please disregard this message. Other users reported similar emails even though they had valid payment information configured. Google apologizes for the emails Today, Google sent another email to Google Cloud Platform users apologizing for the previous past due notices. “You may have received a notification from us yesterday or earlier today indicating that your billing account is past due or your payment information is invalid and must be updated. That notification was provided in error due to a technical issue,” explained today’s email from Google. “The issue has been resolved, and no action is required on your part.” “We apologize for any inconvenience this may have caused.” According to an incident report on the Google Workspace Status Dashboard, the issue began on September 22nd at 5:10 PM EST and lasted through September 23rd at 4:30 AM. Google states an update to their payment configuration for the Google Cloud Platform caused these erroneous emails to go out. “Google Workspace customers received a warning message on the Admin console user interface and an email regarding an issue with processing their account payment. Impacted customers were redirected to update payment information. Attempts to update the primary payment method caused the admin console to become unresponsive,” explains Google in an incident report. “Initial investigation of this issue revealed the impact was triggered after an update to the payment configuration was released during the impact time frame.” Users who have received these emails should ensure that they have accurate payment information in the console and that there is no past due balance. All others can simply ignore the emails. NOTE:: This article is copyright by bleepingcomputer.com and we are using it for educational or Information purpose only.  

Google Chrome will no longer show whether a site you are visiting is secure and only show when you visit an insecure website. For years, Google has been making a concerted effort to push websites into using HTTPS to provide a more secure browsing experience. To further push web developers into only using HTTPS on their sites, Google introduced the protocol as a ranking factor. Those not hosting a secure site got a potentially minor hit in their Google search results rankings. It has appeared to have worked as according to the ‘HTTPS encryption on the web’ of Google’s Transparency Report, over 90% of all browser connections in Google Chrome currently use an HTTPS connection. Currently, when you visit a secure site, Google Chrome will display a little locked icon indicating that your communication with the site is encrypted, as shown below. As most website communication is now secure, Google is testing a new feature that removes the lock icon for secure sites. This feature is available to test in Chrome 93 Beta, and Chrome 94 Canary builds by enabling the ‘Omnibox Updated connection security indicators‘ flag. With this feature enabled, Google Chrome will only display security indicators when the site is not secure. For businesses who wish to have continued HTTPS security indicators, Google has added an enterprise policy for Chrome 93 named ‘LockIconInAddressBarEnabled’ that can be used to enable the lock icon again on the address bar. How to disable Chrome’s security indicators For those who want to test out the disabling of Chrome security indicators feature, you can enable it in Chrome Beta or Chrome Canary using these instructions. Enter chrome://flags in the address bar and press enter. Search for ‘security indicators.’ When the ‘Omnibox Updated connection security indicators‘ flag is shown, click on ‘Default‘ and select ‘Enabled.’   Now relaunch the browser when prompted. Google will no longer show you if a site is secure and only show an indicator when you visit an insecure site.      

Google Chrome has suddenly started crashing yesterday for many Windows users worldwide making the browser unusable. Google released Chrome 90.0.4430.212 on May 10th, and for the most part, there have been no reported issues with the release until yesterday. As first reported by Windows Latest, starting yesterday morning, users began reporting that Google Chrome extensions and tabs suddenly began crashing while using the browser. Due to these crashes, the Chrome subreddit and Chrome product forums have begun filling up with posts from people experiencing these issues.   “Seemingly out of nowhere ~15 minutes ago, Google Chrome stopped working for me. My extensions crashed and all pages (including Chrome pages like settings) refuse to load. The screen is completely blank, and the tab is simply labeled “Untitled” with a frowning folder next to it,” a user posted yesterday to Reddit. Furthermore, users are reporting that these crashes happen in both the regular and Incognito browsing modes. It is believed that the crashes are caused by an issue with the Google Chrome ‘%UserProfile%\AppData\Local\Google\Chrome\User Data’ folder, which is used to store your data, extensions, and configuration settings for the browser. A Google Product Expert recommends that users create a backup of the ‘User Data’ folder and then perform one of the following steps to fix the crashes: As this only seems to be happening on Windows I will provide such instructions, but this will be operating system dependent:  Ensure your Sync data is accurate at https://chrome.google.com/sync and passwords appear at https://passwords.google.com (If you have a passphrase they will not but they should be reflected in the sync data link) Close any open Chrome instance Open File Explorer and navigate to: %LOCALAPPDATA%\Google\Chrome\User Data Delete the “Local State” file from the directory (ensure you have a backup!) Re-Open Chrome If the above steps don’t resolve the problem then try the following Open File Explorer and navigate to: %LOCALAPPDATA%\Google\Chrome\User Data Take a copy of everything in this directory and store it somewhere such as your desktop Rename the “User Data” folder to something other than User Data Re-Open Chrome Some users have reported that after performing these steps, the Google Chrome crashes have stopped. Others state that once you restart Google Chrome the issue occurs again. It is not clear what is causing the crashes, but it is likely a change pushed out to some users by Google since the latest browser release. It is common for Google to push out configuration changes or new features to Google Chrome users in limited tests. One of these tests or configuration changes may be causing the issues seen by so many users. NOTE:: This article is copyright by bleepingcomputer.com and we are using it for educational or Information purpose only

Google Chrome will switch to choosing HTTPS as the default protocol for all URLs typed in the address bar, starting with the web browser’s next stable version. This feature entered testing last month, and it rolled out as part of a limited experiment for users of Chrome Canary, Dev, or Beta. The change will be rolling out to Chrome Desktop and Chrome for Android stable versions after updating to version 90 (to be released on  April 13), with an iOS rollout scheduled for later this year.  This move is part of a larger effort to defend users from attackers attempting to intercept their unencrypted web traffic and speed up the loading of websites served over HTTPS.   “Chrome will now default to HTTPS for most typed navigations that don’t specify a protocol,” Chrome team’s Shweta Panditrao and Mustafa Emre Acer said. “In addition to being a clear security and privacy improvement, this change improves the initial loading speed of sites that support HTTPS, since Chrome will connect directly to the HTTPS endpoint without needing to be redirected from http:// to https://. “For sites that don’t yet support HTTPS, Chrome will fall back to HTTP when the HTTPS attempt fails (including when there are certificate errors, such as name mismatch or untrusted self-signed certificate, or connection errors, such as DNS resolution failure).” How to test it right now Google Chrome users who want to test this new feature before it reaches the stable channel can do so by enabling an experimental flag. To do that, you will have to go to chrome://flags/#omnibox-default-typed-navigations-to-https and enable HTTPS as the default navigation protocol. You also have the option to choose a 3 or 10-second timeout to give the browser enough time to determine the availability of the HTTPS URL. If Chrome cannot find an HTTPS version for the website you entered in the address bar, it will automatically fall back to the HTTP URL. “For sites that don’t yet support HTTPS, Chrome will fall back to HTTP when the HTTPS attempt fails (including when there are certificate errors, such as name mismatch or untrusted self-signed certificate, or connection errors, such as DNS resolution failure),” they said. “HTTPS protects users by encrypting traffic sent over the network, so that sensitive information users enter on websites cannot be intercepted or modified by attackers or eavesdroppers,” Panditrao and Acer added. “Chrome is invested in ensuring that HTTPS is the default protocol for the web, and this change is one more step towards ensuring Chrome always uses secure connections by default.” NOTE:: This article is copyright by bleepingcomputer.com and we are using it for educational or Information purpose only Comparison b/w SSL Brands at Glance