Category Archives: APPS

This Android hummingbad malware has infected 85 million devices and makes its creators $300,000 a month

Gang behind malware make money from fraudulent apps — but if they choose to use their reach for theft, corporations could be put at risk.

3d render

On top of that, experts have warned that the spread of the malicious HummingBad software could be used to do even worse damage by stealing victims’ data.

Android Trojan malware makes hackers $500,000

The irremovable Hummer is now the number one Trojan in the world, with over one million current victims.

The mobile malware has been analysed by security researchers at Check Point after it was found on Android devices belonging to two employees at “a large financial institution”. In-depth findings on the malware are laid out in the company’s ‘From HummingBad to Worse’ report. The gang behind the malware — thought to be located in China — are estimated to generate around $1m every quarter from fraudulent ad revenue and the installation of bogus apps.

Initially discovered in February, HummingBad infects Android devices via two methods: drive-by downloads and malicious payloads delivered by websites distributing adult content.

Once the attack is underway, HummingBad attempts to gain root access to the device using a rootkit, which if successful gives attackers full access to the infected phone. If that attack method fails, Hummingbad will also use a fake system update notification to trick users into giving it access to the entire Android system.

No matter which method of attack is used, a successful installation of HummingBad will see it install as many fraudulent apps on the infected device as possible, which is how the scheme generates revenue.

Researchers suggest that a total of 85 million Android devices across the globe have been infected in this way, with victims in China, India, the Phillipines, and Indonesia accounting for over half of those successfully targeted.

It’s estimated that 10 million victims are unwittingly using malicious apps, which in total deliver over 20 million advertisements a day, resulting in 2.5 million clicks every 24 hours. Engagement with these pop-up ads deliver around $10,000 per day, totalling about $300,000 each month.


Henry Sapiecha

Rogue Android app holds devices to ransom

The dodgy ransom Android app image

An Android phone app that takes a photo of the user and holds their device ransom for $US500 ($A722) has been discovered by a computer security company.

The app, called Adult Player, appears to offer users pornographic images but instead secretly takes pictures with the front facing camera, the security company ZScaler said in a blog post.

The app then holds the phone hostage and forces users to pay a $US500 ransom through PayPal.

The security company says the app will still be on the device after a reboot if the user tries to delete it and has included a step-by-step process to remove it.

To avoid being victim of such ransomware, ZScaler says it is always best to download apps only from trusted app stores, such as Google Play.

This can be enforced by unchecking the option of “Unknown Sources” under the “Security” settings of your device.

AAP and Fairfax Media


Henry Sapiecha


See everything you’ve ever Googled with this little-publicised web tool

google logo sign image

Take a peek into your own personal Google vault, if you’re so brave. Photo: Tamara Voninski

You probably don’t remember what you Googled 10 minutes ago, let alone the myriad inane and fleeting things you’ve searched since the engine’s beginnings.

But unless you’re browsing in incognito mode or have tweaked your account settings, Google remembers those things. Not only that: Google logs all of your searches, analyzes them, and uses them to individually personalise the search results you see – which has pretty profound implications for both literacy and privacy.

Now, the search giant has created a way for users to better understand that process. In a feature quietly rolled out last January, and surfaced by a Google blog over the weekend, users can download their search histories from Google, including things they’ve searched across computers and phones.

These histories aren’t 100-percent comprehensive: They only include searches you’ve made while signed in on your Google account. (Admittedly, if you have Gmail, this is probably more or less most of the time.)

Google also delivers them as JSON files, which aren’t the most human-readable things. But if you download your search history from the little drop-down in the top right corner of this page, open it in your computer’s notepad or other plain-text editing app, and search for the term “query_text,” you’ll get a rundown of everything you’ve ever searched.  I downloaded my archive to make this GIF of every phrase I’ve Googled in the past seven days. (No, I didn’t edit anything out; yes, you want to see Skateboarding Taco for yourself.)

google-gif image

So what’s the point of this, exactly, besides the novelty? The stated purpose of Google Takeout, a four-year-old user data program to which this feature belongs, is to give people an easier way to transfer their data from Google to other services. If I wanted to switch my email from Gmail to AOL, for instance, I could use Google Takeout’s email archive to port all my old messages over.

But there’s a really critical literacy purpose here, as well: By seeing what data Google has on you – and in what quantities – you can also begin to understand the decisions it makes about what you do and do not see.

Google search results are famously variable: What you see when you search “ice cream” is different from what I see, or what the person next to you on the subway sees, or even what you’ll see an hour from now. That’s because Google’s pagerank algorithm is designed to surface the results that it thinks you’ll find most relevant; everything else effectively gets buried.

That’s obviously a really useful service, particularly when you’re searching something like ice cream. (At the top of my Google results right now: The best ice cream places in D.C.) But when it comes to heftier topics – say, the 2016 election or gender equality – what Google terms “personal relevance” could really slant the type of information you receive.

“Web & App Activity makes searches faster and enables customised experiences in Search, Maps, Now, and other Google products,” is how Google explains itself.

It’s worth checking out your search history for another reason, too: As the Electronic Frontier Foundation warned in 2012, this kind of data can tell extremely intimate things about you, from your sexual orientation to your health problems. All of that data can theoretically be subpoened from Google. (Or hacked, if it’s on your hard drive – so be careful.)

You can control how much of this information Google receives: turning off the “save search history” feature is an option through your Google Account History settings. While you’re there, you may also want to stop Google from logging where you go, who your phone contacts are, and what you watch on YouTube. Then again, this is how Google knows to tell you things like the best nearby ice cream. That trade-off’s up to you.

The Washington Post


Henry Sapiecha

Mobile phone apps still collect data on kids

game playing image

WASHINGTON (AP) — Worried that toy stores, fast food chains, and other retailers are tracking your kids online this holiday season? A landmark 2013 law aimed at protecting the privacy of America’s youngest mobile consumers hasn’t stopped app developers from collecting vast amounts of data, including a person’s location and even recordings of their voice, according to privacy researchers and consumer advocates.

Whether mobile app developers seek parental consent first – as required by law – or pass the information on to advertisers isn’t entirely clear. But if you prefer to stay anonymous, your options are limited: Wade through each mobile app’s privacy policies to make sure you are OK with the terms, or stick the phone on “airplane mode” to shut off the wireless connection and risk losing functionality.

“Kids are such a lucrative market, especially for apps,” said Jeff Chester, executive director of the Center for Digital Democracy. “Unfortunately, there are still companies out there that are more concerned about generating revenue than protecting the privacy of kids.”

Americans have traded vast amounts of personal data in exchange for the ease and functionality of fun mobile applications on their phones. But how is industry using that information? Chester and other consumer advocates allege that fast food chains are increasingly focusing advertising dollars on digital media, targeting blacks and Hispanics. They also warn that data from phones can be combined with offline information like home prices, race or income in ways that could violate fair lending laws. And a new site,, found that many popular kids’ apps like Talking Tom and Fruit Ninja collect information in ways parents wouldn’t necessarily expect.

Concerned in particular about industries’ focus on kids online, the Federal Trade Commission in July 2013 expanded the Child Online Privacy Protection Act, or COPPA, to require app developers to get parental consent before collecting personal data on anyone younger than 13. That includes information like the unique identifying device on a phone, a person’s phone number or a device’s location.

“It’s upped the ante for companies deciding whether they are going to market to kids,” said Michelle De Mooy of the Center for Democracy and Technology. “And that’s a good thing.”

But with the number of smartphones expected to reach 3.5 billion in the next five years, according to Forrester Research, the mobile app and advertising industry has exploded. Regulators don’t have an easy, automated way of analyzing the hundreds of mobile apps popping up each day.

Since the updated regulation went into effect, the FTC has brought about only two enforcement actions against mobile apps. Last September, the commission announced that Yelp Inc. agreed to pay $450,000 and TinyCo. $300,000 to settle separate charges that their companies knowingly collected information on young children through their mobile apps.

“Our ultimate goal is compliance,” said Kandi Parsons, an attorney in the FTC’s Bureau of Consumer Protection. But “that doesn’t undermine our desire to bring cases against companies that violate COPPA … where we find violations, we will bring cases against mobile apps.”

According to, which is run by computer scientists at Carnegie Mellon University, scores of apps that collect information are still aimed at kids.

For example, Fruit Ninja collects a phone’s location, which could be passed on to advertisers. And Talking Tom, where kids can talk to and “tickle” an alley cat using the touch screen, collects a child’s audio recordings along with other information that can uniquely identify a phone.

Whether these apps would violate COPPA would depend on a number of factors, including whether and how they seek parental consent. But because these apps collect information in surprising ways, gave them both D grades.

Outfit7, the developer behind Talking Tom, said in a statement that personal information and recordings are never shared with advertisers. The developer says its app also complies with COPPA by providing “appropriate gate protections … to distinguish adults from minors and restrict sharing on social media,” according to the statement.

Halfbrick Studios, which developed Fruit Ninja, said in a statement that it planned to release updates to Fruit Ninja and other apps to increase privacy protections.

“Parents and players are understandably cautious about the privacy aspects of online games, and the way their data is handled,” said company CEO Shainiel Deo. “Creating a safe and secure app is no longer enough to answer consumers’ needs for assurance. Developers must also ensure that permissions are clearly explained and easy to access at every applicable point in a game.”

Henry Sapiecha


DNA scanning in the palm of your hand


Inked fingerprints on paper forms. We’ve come a long way from the days when that was the height of forensic technology.

GE is light years ahead after launching a breakthrough portable DNA scanner at the 25th World Congress of the International Society for Forensic Genetics in Melbourne in early September.

The scanner uses a new process called microfluidics to present a DNA analysis and database match in only 85 minutes – a process that used to take at least 48 hours.

Long delays in DNA tests can cause frustrating delays in police criminal investigations, with some results taking four days to return from forensic laboratories.

“We have miniaturised a forensic laboratory and put it on a single chip, which contains in a dried form all of the chemistry needed to do DNA extraction and identification,” said Dr Brian Hood, General Manager of GE Life Science in Australia and New Zealand.

The chip is only used for a one-off analysis within the scanner and is designed to be disposable. Dr Hood said it resolves issues which plague forensic laboratories like service engineering and calibration of chemicals and consumables.

Up to five DNA samples can be processed at once, and can be instantly matched to a central database if there’s an internet connection available.

Australia’s national criminal DNA database, operated by the government agency Crimtrac, holds around 700,000 DNA profiles. These can be matched to convicted criminals, suspects, or to other crime scenes.

“This will give the police what they need – an answer, in a very short amount of time, on whether a person is a possible match to the database,” Dr Hood said.

The scanner is designed to be portable and will withstand the shocks and vibrations felt in regular forms of transport. The machine can be used after just a few hours training.

The DNA scanner will also be very useful for disaster victim identification after events like the 2004 Indian Ocean tsunami, which killed over 230,000 people.

“Every accredited forensics laboratory in the world contributed to identify the vast numbers of people involved in the Tsunami disaster,” Dr Hood said.

“Something like this that’s portable and fast could have been a huge benefit to that sort of work.”

Henry Sapiecha