Latest news with #HumanSecurity
Forbes
03-07-2025
- Forbes
Google Play Store Warning—Find And Delete All Apps On This List
Delete all these apps from your smartphone Here we go again. A list of malicious apps has just been published and smartphone users are being urged to root out and delete any still on their devices. The latest report outs more than 350 apps responsible for more than a billion ad bid requests per day. This latest report comes courtesy of Human Security's Satori team, which says it has 'disrupted IconAds, a massive fraud operation involving hundreds of deceptive mobile apps that hide their presence and deliver unwanted ads.' this app campaign has been under investigation for some time, but is growing its viral presence. Satori says this 'highlights the evolving tactics of threat actors,' and that the scale of threats such as this are similar to BADBOX 2.0, the major IOT threat flagged by the FBI and Google, in which millions of smart TVs and other devices Here is the list of IconAds issued by Human; and here is the list of previously known apps flagged by other researchers before this latest report was published. This AdWare follows on the HiddenAds threat, but on a much larger scale. The malware takes over devices with unwanted fullscreen ads, generating revenue for its handlers. It even changes app icons top avoid detection and removal. Global IconAds campaign 'While these apps often have a short shelf life before they're removed from Google's Play Store,' Sartorial says, 'the continued new releases demonstrate the threat actors' commitment to further adaptation and evolution. Google has now deleted all of apps in the report fromPlay Store, and users with Play Protect enabled will be protected from those apps. But apps are not automatically deleted from devices, and so you should do this manually. In Satori's technical report, it warns that such is the scale of this operation it deployed a dedicated domain for every malicious app, which helped the team compile their list. 'These domains consistently resolve to a specific CNAME and return a specific message; this means that while the domains were different, they very likely shared the same back-end infrastructure or second-level C2. These and other unique parameters allowed Satori researchers to find more of these domains and associate them back to IconAds.' The team also warns that the app obfuscation was highly deceptive. In one instance, an app 'used a variation of the Google Play Store's own icon and name. When opened, it automatically redirects into the official app while working in the background.' Satori says 'the IconAds operation underscores the increasing sophistication of mobile ad fraud schemes. Ongoing collaboration across the digital advertising ecosystem is essential to disrupting these and future fraud operations.'
Digital Trends
08-06-2025
- Digital Trends
Check your gadgets: FBI warns millions of streaming devices infected by malware
The FBI issued a public warning last week about a massive cybercrime operation exploiting everyday internet-connected devices. The botnet, dubbed BADBOX 2.0, has quietly infiltrated millions of TV streaming boxes, digital projectors, tablets, car infotainment systems, and other smart gadgets commonly found in homes across the U.S. What BADBOX 2.0 actually does Once compromised, these devices don't just underperform or crash, they secretly enlist your home internet connection into a residential proxy network. That means cybercriminals can hide behind your IP address to commit crimes like ad fraud, data scraping, and more. All of it happens behind the scenes, without the victim's knowledge. Recommended Videos 'This is all completely unbeknownst to the poor users that have bought this device just to watch Netflix or whatever,' said Gavin Reid, chief information security officer at cybersecurity firm Human Security, in an interview with Wired. What devices are affected? According to the FBI, BADBOX 2.0 has infected: TV streaming boxes Digital projectors Aftermarket vehicle infotainment systems Digital picture frames Most of these devices are manufactured in China and marketed under generic or unrecognizable brand names. Security researchers estimate at least 1 million active infections globally, with the botnet potentially encompassing several million devices overall. The worst offenders belong to the 'TV98' and 'X96' families of Android-based devices, both of which are currently available for purchase on Amazon. In the example below, one of the potentially problematic devices is advertised as 'Amazon's Choice.' How the infections happens There are two primary sources for infection: Pre-installed malware: Some devices arrive already compromised, having been tampered with before reaching store shelves. Malicious app installs: During setup, users are often prompted to install apps from unofficial marketplaces, where malware-laced software opens backdoors. This marks an evolution from the original BADBOX campaign, which relied primarily on firmware-level infections. The new version is more nimble, using software tricks and fake apps to broaden its reach. How to tell is your device is infected Here are the red flags to watch for: The device asks you to disable Google Play Protect It comes from an unfamiliar or no-name brand It's advertised as 'unlocked' or able to stream free content It directs you to download apps from unofficial app stores You notice unexplained internet traffic on your home network How to protect your home network To stay safe, the FBI recommends the following precautions: Avoid unofficial app stores . Stick to the Google Play Store or Apple's App Store. . Stick to the Google Play Store or Apple's App Store. Don't chase suspicious bargains . Extremely inexpensive, unbranded gadgets are often too good to be true. . Extremely inexpensive, unbranded gadgets are often too good to be true. Monitor your network . Keep an eye on unusual internet usage patterns or devices that you don't recognize. . Keep an eye on unusual internet usage patterns or devices that you don't recognize. Stay updated. Regularly update your devices and router with the latest firmware and security patches. If you suspect a device on your network may be infected, disconnect it immediately and consider filing a report with the FBI at Be skeptical of bargain gadgets If seems too good to be true, it probably is. Fyodor Yarochkin, a senior threat research at Trend Micro said it best, 'There is no free cheese unless the cheese is in a mousetrap.'
