Another popular privacy app in the Mac App Store caught stealing users' browser history

Trend Micro makes popular apps for cleaning up systems and guarding against malware infection. At least one of its offerings in the Mac App Store uploads user data for reasons unknown, including web browsing history. This is very much like last week's Adware Doctor case, and suggests that the practice is widespread.

When you give an app access to your home directory on macOS, even if it’s an app from the Mac App Store, you should think twice about doing it. It looks like we’re seeing a trend of Mac App Store apps that convince users to give them access to their home directory with some promise such as virus scanning or cleaning up caches, when the true reason behind it is to gather user data – especially browsing history – and upload it to their analytics servers.

Today, we’re talking specifically about the apps distributed by a developer who claims to be “Trend Micro, Inc.”, which include Dr. Unarchiver, Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by this “Trend Micro, Inc.” account on the Mac App Store collect and upload the user’s browser history from Safari, Google Chrome and Firefox to their servers. The app will also collect information about other apps installed on the system. All of this information is collected upon launching the app, which then creates a zip file and uploads it to the developer’s servers.

Read the rest

ShutUp10 makes using Windows 10 a whole lot more pleasant

I’m now the proud owner of a Microsoft Surface Go with 8GB of RAM and a 128GB SSD. It’s by no means a power house (I’ll have a review for you sometime next week that addresses my user experience,) but it’s more than capable of allowing me to get work done in coffee shops, on an airplane tray table or in the bathroom.

You’ll never know if I wrote this in the middle of a poop. You must live with this.

I have a list of software that I install before on a Windows 10 machine before I dare to put it to work: Firefox, ProtonMail Bridge and ProtonVPN, TripMode and, so I can easily move my work from one device to another, SpiderOak and Dropbox. But none of these is as important to my peace of mind than a piece of software called ShutUp10, from O&O Software.

The annoying shit that Windows 10 does that makes using it a security nightmare and a bloatware ridden pain in the ass to use? ShutUp10 kills it all. It’s an application that collects all of Windows 10’s security, privacy and update options in one easy to manage UI. If you’re new to securing your information and tweaking out a Microsoft-powered rig, O&O has your back: ShutUp10’s comes with a list of recommendations for the ‘features’ that most people will want to and, in many cases, should turn off. For more experienced users, it’s also possible to address each of the options in ShutUp10 on a granular level. Read the rest

The company you hired to snoop on your kids' phones uploaded all their data to an unprotected website

As you might imagine, Spyfone is a company that offers to spy on other peoples' phones for you: its major market is parents and bosses who infect and surveil the phones their kids/minions use, peeking on their texts, emails, Facebook messages, passwords, photos, browsing history, etc. Read the rest

Patches remove spyware from Civilization VI, other games

The game Civilization VI contained Red Shell, a spyware application that tracks what ads players are looking at, among other things. It's now gone after a new patch -- and other game publishers have been scrambling to do likewise after being caught with their spyglasses up and their pants down.

Developers and publishers behind games including Conan Exiles, The Elder Scrolls Online, Hunt: Showdown, and Total War have vowed to remove Red Shell – or already removed it.

“Whilst Red Shell is only used to measure the effectiveness of our advertising, we can see that players are clearly concerned about it and it will be difficult for us to entirely reassure every player,” said Total War devs Creative Assembly, for example. “So, from the next update we will remove the implementation of Red Shell from those Total War games that use it.”

Other statements were broadly the same: a defence along the lines of “it’s not spyware as bad as you might think but yeah we get you’re skeezed out and we will remove it.”

Read the rest

Cyber-arms-dealer Grey Heron really, really doesn't want you to know about the connections between them and the disgraced Hacking Team

When Grey Heron surfaced this month selling anti-Signal and anti-Telegram surveillance tools at a UK trade show for cyber-arms-dealers, sharp-eyed journalists at Motherboard immediately noticed that the company's spokesman was last seen fronting for Hacking Team, a disgraced Italian cyber-arms-dealer that provided surveillance weapons to some of the world's cruelest dictators. Read the rest

Once again, a stalkerware company's had its servers pwned and wiped by a hacker who thinks they're selling an immoral product

It's been less than a year since a public-spirited hacker broke into the servers of Florida stalkerware vendor Retina-X, wiping out all the photos and data the company's customers had stolen from other peoples' phones (including their kids' phones) by installing the spying apps Phonesheriff on them. Read the rest

Motherboard files legal complaint against London police to force it to explain why an officer bought creepy, potential illegal stalkerware

Flexispy is the creepy stalkerware advertised to abusive spouses and exes that Motherboard's Joseph Cox has been relentlessly tracking; when he acquired a leaked trove of the company's files, he started to mine it to see who was buying the potentially illegal app. Read the rest

Israeli firm Cyberbit illegally spied on behalf of Ethiopia's despots, then stored all their stolen data on an unencrypted, world-readable website

Researchers from the University of Toronto's amazing Citizen Lab (previously) have published a new report detailing the latest tactics from the autocratic government of Ethiopia, "the world's first turnkey surveillance state" whose human rights abuses have been entirely enabled with software and expertise purchased on the open market, largely from companies in western countries like Finfisher and Hacking Team. Read the rest

FTC settles with Lenovo over selling laptops deliberately infected with Superfish spyware

The Federal Trade Commission has announced a settlement with Lenovo over the 2015 revelation that the company pre-installed malware called "Superfish" on its low-end models, which allowed the company to spy on its customers, and also left those customers vulnerable to attacks from third parties, who could exploit Superfish's weakened security. Read the rest

Hiding malware in boobytrapped replacement screens would undetectably compromise your mobile device

On the one hand, if you let an untrusted stranger install hardware in your electronic device, you're opening yourself up to all kinds of potential mischief; on the other hand, an estimated one in five smartphones has a cracked screen and the easiest, most efficient and cheapest way to get that fixed is to go to your corner repair-shop. Read the rest

Investigators into mass murder of Mexican student teachers were attacked with NSO's government spyware

In 2014, 43 students from Mexico's Ayotzinapa Rural Teachers' College went missing in Iguala, in the state of Guerrero: they had been detained by police, who turned them over to a criminal militia, who are presumed to have murdered them. Read the rest

Survey: nearly half think it may be legal to install spyware on a family member's devices

Comparitech commissioned a survey of 2,000 people in the US and UK to ask whether they thought "it is legal to install a program on a partner's phone to snoop on their activity?" and whether they would "ever consider adding a program to your child's phone that allows you to listen to their conversations and spy on their messages?" Read the rest

A look inside the shady world of Flexispy, makers of "stalkerware" for jealous spouses

Motherboard's Joseph Cox continues his excellent reporting on Flexispy, a company that make "stalkerware" marketed to jealous spouses through a network of shady affiliates who feature dudes beating up their "cheating girlfriends" after catching them by sneaking spyware onto their devices. Read the rest

Hackers shut down stalkerware companies that spy for spouses and parents, delete and dump their files

Two hackers supplied Motherboard with 130,000 account details hacked from Retina-X and FlexiSpy, who market covert surveillance tools to jealous spouses and nervous parents -- tools that are intended to be covertly installed on their laptops and mobile devices in order to tap into their keystrokes, mics, calls, stored photos and other capabilities. Read the rest

Yet another pre-installed spyware app discovered on Lenovo computers

A factory refurbished Thinkpad shipped with Windows 7 and a scheduler app that ran once a day, collecting usage data about what you do with your computer and exfiltrating it to an analytics company. Read the rest

When online security is literally a roll of the dice, which dice do you use?

My search for an easy way to generate strong passwords and passphrases led me to the "Diceware" method Cory wrote about on Boing Boing. This was no game. I needed serious dice.

UK schools' "anti-radicalisation" software lets hackers spy on kids

The spyware that Impero supplies to UK schools -- which searches kids' Internet use for "jihadi" terms -- uses "password" as its default password, and the company has threatened brutal legal reprisals against the researcher who repeatedly demonstrated their total security negligence. Read the rest

More posts