Weekly Cybersecurity News

This week we bring you the latest Cybersecurity News with a focus on Mobile Security to help you stay alert and to safeguard you from various cyber threats and frauds. A new Phishing technique involving the use of Progressive Web Apps (PWAs) to disguise malicious applications as safe is being used by cybercriminals on Android and iOS, primarily to target banking customers in Czechia. A new Android Malware called NGate exploits NFC Technology to facilitate unauthorized ATM withdrawals. Do you know that users tricked into using screensharing apps over malicious phone calls by cybercriminals can lead to financial losses? Google is going to introduce a new Privacy feature for Chrome browser on Android which will hide sensitive information like Passwords when users share or record their screens. To know more about these latest developments in Cybersecurity, read the below article.

Novel technique allows malicious apps to escape iOS and Android guardrails:

A new Phishing technique threatens iOS and Android users by evading established security measures designed to prevent unauthorized app installations. Cybercriminals are exploiting Progressive Web Apps (PWAs) to disguise malicious applications as legitimate ones, tricking users into installing them without the usual security warnings. This method allows stolen bank account credentials to be transmitted directly to the attackers, using real-time communication methods. Reports indicate that this technique has primarily targeted banking customers in Czechia, with similar threats anticipated as attackers refine their methods, highlighting vulnerabilities in the systems of both mobile platforms.

Source: Ars Technica

Android malware uses NFC to steal money at ATMs:

Researchers have discovered a novel Android malware called NGate, which exploits NFC technology to facilitate unauthorized ATM withdrawals by relaying data from victims' payment cards via a malicious app on their compromised Android devices. Victims are lured into downloading the malware through deceptive SMS messages, believing they are interacting with their bank. Once installed, NGate captures sensitive banking information and requests victims to enable NFC and position their cards near their smartphones for data extraction. This method marks a concerning innovation in cybercrime. Researchers emphasizes the need for proactive security measures to combat such attacks, including vigilance against phishing and social engineering tactics.

Source: Help Net Security

Typing these four characters could crash your iPhone:

A newly discovered bug in iPhones and iPads can cause the devices to crash by typing just four specific characters, "::," into certain search bars, such as the Settings app or the App Library. When triggered, the interface, known as Springboard, briefly crashes and then reloads, sometimes resulting in a black screen flash. Researchers like Ryan Stortz noted that it is not a security vulnerability, as it requires manual input from the device owner, unlike a previous bug that affected app users passively. Apple has not commented on the issue.

Source: Tech Crunch

Google Play will no longer pay to discover vulnerabilities in popular Android apps:

Google has announced the winding down of its Google Play Security Reward Program (GPSRP), which provided financial incentives to security researchers for identifying and responsibly disclosing vulnerabilities in popular Android apps since its inception in 2017. The decision, effective August 31, 2024, comes after a decrease in actionable vulnerabilities reported, attributed to improved security measures and hardening efforts in the Android operating system. While the program had expanded significantly over the years to cover many high-profile apps and increased payout amounts, its closure raises concerns that the lack of monetary incentives may deter researchers from reporting future vulnerabilities, potentially impacting app security and user safety.

Source: Android Authority

Chrome for Android Will Soon Censor Private Data When You Share Your Screen:

Google is introducing a new privacy feature for Chrome Browser on Android that will automatically block out sensitive information, like passwords and credit card numbers, when users share or record their screens. This feature, discovered in the experimental Chrome Canary version, works by redacting sensitive form fields during screen sharing, enhancing privacy for users. Although still in testing, users can enable this feature via the flags menu in Chrome Canary, ensuring their confidential information is protected when displayed.

Source: Life Hacker

New WhatsApp Update Should Stop You Using RCS On Your iPhone:

WhatsApp is set to introduce a major update that enhances user privacy by allowing users to adopt usernames instead of phone numbers for messaging, a feature already seen in platforms like Telegram and Signal. This innovation aims to protect phone numbers from being publicly visible and limit exposure to spam and scam messages, addressing a significant security gap in messaging. As Apple and Google push for the adoption of RCS (Rich Communication Services), WhatsApp’s user name feature and its upcoming PIN protection for these usernames could distinguish it from RCS, which still requires phone numbers for functionality. With iOS 18 on the horizon, this privacy enhancement from WhatsApp may position it advantageously in the evolving landscape of secure messaging.

Source: Forbes

New Google Play Store Warning—Do Not Make This Expensive Mistake:

As Google prepares for a significant overhaul of its Play Store aimed at enhancing app quality and removing malicious apps, it faces legal challenges related to existing fraudulent applications, including a recent lawsuit from a user who lost cryptocurrency after downloading a deceptive crypto app. Despite ongoing efforts to clean up the Play Store, the prevalence of such scams continues, with new threats emerging regularly, particularly in the crypto space. Recent reports highlight critical vulnerabilities within the Android OS, further complicating users' efforts to navigate app safety, while Google plans to implement live threat detection in the upcoming Android 15. However, the winding down of its bug bounty program raises concerns about the platform's ongoing security posture. Users are advised to exercise caution and assume that financial apps from unverified developers may be scams.

Source: Forbes

Telegram scams up 137.5% in Singapore as overall scam cases rise in first half of 2024:

Scam cases in Singapore surged by 16.3% in the first half of 2024, with Telegram scams increasing by a staggering 137.5%, according to the police. A total of 26,587 scams were reported, resulting in over S$385.6 million (US$295 million) lost, predominantly impacting individuals under 50 years old. Investment scams were the most prevalent, and government impersonation scams caused significant financial losses per case. The police highlighted the need for enhanced public education and proactive measures to prevent scams, including new features in the ScamShield app to detect malicious content. Collaborative efforts with local and international law enforcement have led to arrests of over 100 suspects linked to transnational scams.

Source: CNA

WhatsApp to help users block messages sent by strangers: All you need to know:

WhatsApp is enhancing user privacy by testing a feature that allows users to block messages from unknown accounts, aimed at addressing concerns related to spam and unwanted communications. This feature, named 'Block Unknown Account Messages,' is currently in beta testing on the Android platform and will be accessible through the Privacy settings once officially released. Users will be able to toggle the feature on or off, which is expected to improve privacy and potentially enhance device performance. This move responds to criticism of WhatsApp's previous openness that allowed unsolicited messages and calls, particularly affecting vulnerable users, as it seeks to align itself with privacy-focused competitors like Signal.

Source: India TV News