Trend Micro makes popular apps for cleaning up systems and guarding against malware infection. At least one of its offerings in the Mac App Store uploads user data for reasons unknown, including web browsing history. This is very much like last week's Adware Doctor case, and suggests that the practice is widespread.
Read the rest
When you give an app access to your home directory on macOS, even if it’s an app from the Mac App Store, you should think twice about doing it. It looks like we’re seeing a trend of Mac App Store apps that convince users to give them access to their home directory with some promise such as virus scanning or cleaning up caches, when the true reason behind it is to gather user data – especially browsing history – and upload it to their analytics servers.
Today, we’re talking specifically about the apps distributed by a developer who claims to be “Trend Micro, Inc.”, which include Dr. Unarchiver, Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by this “Trend Micro, Inc.” account on the Mac App Store collect and upload the user’s browser history from Safari, Google Chrome and Firefox to their servers. The app will also collect information about other apps installed on the system. All of this information is collected upon launching the app, which then creates a zip file and uploads it to the developer’s servers.
I’m now the proud owner of a Microsoft Surface Go with 8GB of RAM and a 128GB SSD. It’s by no means a power house (I’ll have a review for you sometime next week that addresses my user experience,) but it’s more than capable of allowing me to get work done in coffee shops, on an airplane tray table or in the bathroom.
You’ll never know if I wrote this in the middle of a poop. You must live with this.
I have a list of software that I install before on a Windows 10 machine before I dare to put it to work: Firefox, ProtonMail Bridge and ProtonVPN, TripMode and, so I can easily move my work from one device to another, SpiderOak and Dropbox. But none of these is as important to my peace of mind than a piece of software called ShutUp10, from O&O Software.
The annoying shit that Windows 10 does that makes using it a security nightmare and a bloatware ridden pain in the ass to use? ShutUp10 kills it all. It’s an application that collects all of Windows 10’s security, privacy and update options in one easy to manage UI. If you’re new to securing your information and tweaking out a Microsoft-powered rig, O&O has your back: ShutUp10’s comes with a list of recommendations for the ‘features’ that most people will want to and, in many cases, should turn off. For more experienced users, it’s also possible to address each of the options in ShutUp10 on a granular level. Read the rest
As you might imagine, Spyfone is a company that offers to spy on other peoples' phones for you: its major market is parents and bosses who infect and surveil the phones their kids/minions use, peeking on their texts, emails, Facebook messages, passwords, photos, browsing history, etc.
Read the rest
The game Civilization VI contained Red Shell, a spyware application that tracks what ads players are looking at, among other things. It's now gone after a new patch -- and other game publishers have been scrambling to do likewise after being caught with their spyglasses up and their pants down.
Read the rest
Developers and publishers behind games including Conan Exiles, The Elder Scrolls Online, Hunt: Showdown, and Total War have vowed to remove Red Shell – or already removed it.
“Whilst Red Shell is only used to measure the effectiveness of our advertising, we can see that players are clearly concerned about it and it will be difficult for us to entirely reassure every player,” said Total War devs Creative Assembly, for example. “So, from the next update we will remove the implementation of Red Shell from those Total War games that use it.”
Other statements were broadly the same: a defence along the lines of “it’s not spyware as bad as you might think but yeah we get you’re skeezed out and we will remove it.”
When Grey Heron surfaced this month selling anti-Signal and anti-Telegram surveillance tools at a UK trade show for cyber-arms-dealers, sharp-eyed journalists at Motherboard immediately noticed that the company's spokesman was last seen fronting for Hacking Team, a disgraced Italian cyber-arms-dealer that provided surveillance weapons to some of the world's cruelest dictators.
Read the rest
It's been less than a year since a public-spirited hacker broke into the servers of Florida stalkerware vendor Retina-X, wiping out all the photos and data the company's customers had stolen from other peoples' phones (including their kids' phones) by installing the spying apps Phonesheriff on them.
Read the rest
Flexispy is the creepy stalkerware advertised to abusive spouses and exes that Motherboard's Joseph Cox has been relentlessly tracking; when he acquired a leaked trove of the company's files, he started to mine it to see who was buying the potentially illegal app.
Read the rest
Researchers from the University of Toronto's amazing Citizen Lab (previously) have published a new report detailing the latest tactics from the autocratic government of Ethiopia, "the world's first turnkey surveillance state" whose human rights abuses have been entirely enabled with software and expertise purchased on the open market, largely from companies in western countries like Finfisher and Hacking Team.
Read the rest
The Federal Trade Commission has announced a settlement with Lenovo over the 2015 revelation that the company pre-installed malware called "Superfish" on its low-end models, which allowed the company to spy on its customers, and also left those customers vulnerable to attacks from third parties, who could exploit Superfish's weakened security. Read the rest
On the one hand, if you let an untrusted stranger install hardware in your electronic device, you're opening yourself up to all kinds of potential mischief; on the other hand, an estimated one in five smartphones has a cracked screen and the easiest, most efficient and cheapest way to get that fixed is to go to your corner repair-shop. Read the rest
In 2014, 43 students from Mexico's Ayotzinapa Rural Teachers' College went missing in Iguala, in the state of Guerrero: they had been detained by police, who turned them over to a criminal militia, who are presumed to have murdered them. Read the rest
Comparitech commissioned a survey of 2,000 people in the US and UK to ask whether they thought "it is legal to install a program on a partner's phone to snoop on their activity?" and whether they would "ever consider adding a program to your child's phone that allows you to listen to their conversations and spy on their messages?" Read the rest
Motherboard's Joseph Cox continues his excellent reporting on Flexispy, a company that make "stalkerware" marketed to jealous spouses through a network of shady affiliates who feature dudes beating up their "cheating girlfriends" after catching them by sneaking spyware onto their devices. Read the rest
Two hackers supplied Motherboard with 130,000 account details hacked from Retina-X and FlexiSpy, who market covert surveillance tools to jealous spouses and nervous parents -- tools that are intended to be covertly installed on their laptops and mobile devices in order to tap into their keystrokes, mics, calls, stored photos and other capabilities. Read the rest
A factory refurbished Thinkpad shipped with Windows 7 and a scheduler app that ran once a day, collecting usage data about what you do with your computer and exfiltrating it to an analytics company. Read the rest
My search for an easy way to generate strong passwords and passphrases led me to the "Diceware" method Cory wrote about on Boing Boing. This was no game. I needed serious dice.
The spyware that Impero supplies to UK schools -- which searches kids' Internet use for "jihadi" terms -- uses "password" as its default password, and the company has threatened brutal legal reprisals against the researcher who repeatedly demonstrated their total security negligence. Read the rest