Kategorie

When people ask me why I prefer Android over that (cough, cough) other mobile platform, the answer is a little complicated.

Sure, I like the diversity and different options Android affords me in terms of hardware — both with the more mundane, standard sorts of choices and the cutting-edge, adventurous form possibilities. And yes, as someone who very much lives and works within Google’s ecosystem, I enjoy the tighter integration of those services and the better all-around experience I have with them on Android.

I’ve generally never been a fan of Apple’s design style, either, and I find lots of things about the iOS interface to be clunky and awkward.

More than anything, though, these and other similar factors point to the same underlying principle — and what I think really gets at why I’ve been enamored with Android as both a writer and a user for some 16 years now: I appreciate the ability to make my phone work the way I want and the way that makes sense for my own personal style of working. From the hardware to the software and the rich app ecosystem around it, that’s something Android has always embraced and Apple has always resisted.

For me, the most important practical piece of that puzzle is having the ability to change defaults, install advanced efficiency apps, and customize practically every facet of my phone’s interface to make it as personalized and effective as possible for me — and, again, for my specific style of getting stuff done. And there’s no place where that advantage is more apparent than in my phone’s home screen and the associated elements that control how I get around my device each and every day.

[Psst: Love time-savers as much as I do? My Android Shortcut Supercourse will teach you tons of efficiency-enhancing secrets for your phone. Sign up now for free!]

I’m always thinking about ways I can optimize and improve my smartphone setup even further — because Android grants me endless opportunities to do so, and the platform’s community of creative developers embraces that ability and constantly comes out with clever new concepts.

And recently, dear reader, I had a revelation. It’s completely changed the way I use and get around my phone and eliminated tons of inefficiencies. And I’ve got a sneaking suspicion it might just do the same for you.

My Android app drawer epiphany

So first things first: You know about Android launchers, right?

Android launchers are a special category of apps on Android that let you replace your entire home screen environment with a totally different interface. It might be simpler, it might be more customizable, or it might just be a completely different and maybe even unusual kind of concept. There are all sorts of interesting options out there, and the power to choose and find a setup that makes sense for you is entirely in your hands.

For years now, I’ve been partial to a thoughtful and unconventional Android launcher called Niagara Launcher. It’s all about ergonomic efficiency, and I’ve found its model for helping you find what you need quickly and without distractions to be incredibly effective for the way I like to work.

A key part of that comes down to Niagara’s simple vertical lists for opening up apps. Your favorite apps are always in a single column at the left side of your home screen — a spot that’s extremely ergonomic for me, since I tend to hold my phone in my left hand and thus can access all of that easily even during single-handed use — and you then just swipe your finger up or down on either side of your screen to scroll through all of your installed apps whenever you need to find anything else.

My revelation is actually two-fold, all related to that Niagara app access concept. The first part is a totally new take on my home screen involving a different launcher where I’ve recreated that same core Niagara setup and injected a bunch of other advanced efficiency-enhancers into the equation — most of which are hidden out of sight, to maintain a minimal and distraction-free vibe, and accessible via a series of carefully conceived on-screen gestures.

The author’s highly optimized custom Android home screen, complete with a lovely ocean view.

JR Raphael, IDG

It’s quite the zesty stew of creative customization, every last detail of which I’ve shared in my Intelligence Insider Community for my fellow uber-nerds to enjoy and optionally even implement on their own (whether entirely or in selected bits and pieces) — including all of the uncommon touches and out-of-sight efficiency-optimizers I’ve worked weeks to refine and perfect.

Here, though, I want to focus on the second part of that revelation, and that’s all about the app drawer, specifically, and how I’m now finding and opening apps without the time-wasting traipsing that typically accompanies that.

My appreciation of the Niagara scrolling-letter-list model, y’see, led me to have the thought: “Hmm — what if I could recreate this same concept and take it up a notch by making it available not just on my home screen but from anywhere on my phone?”

After all, the most common action most of us take throughout the day is heading back to our home screen to open something. So what if I could cut out that middle-man step entirely and simply swipe along the side of my screen from anywhere to find and open what I want next — whether I’m in my email, my browser, my messages, whatever — without having to first head back to my home screen time and time again?

Being that this is Android and we’re granted the power to make our phones work the way we want them to work, that’s not only possible but also quite easy to accomplish. And — oh, yes — I’ve found the perfect way to make it happen.

The Android app drawer, unshackled

If you’ve been following my Android-scented ramblings for long, you’ve probably heard me rave about the sheer awesomeness of an app called Panels before.

Panels is the kind of app that could only exist on Android. As its name suggests, it lets you create custom panels that pop up when you perform specific gestures along the edges of your phone’s display — like swiping up or down in that area.

I’ve traditionally used Panels to provide easily accessible pop-ups for accessing Android widgets from anywhere. One swipe in a certain preset place, and boom: I can glance at the latest emails in my inbox or access my two-factor authentication codes no matter what else I’m in the midst of doing and without having to waste time going back to my home screen and then opening the associated app from there.

But Panels has another ability beyond those custom widget panels, and that’s giving you an on-demand app drawer you can summon from anywhere on your device.

It works a lot like my trusty old Niagara app list, too, with a simple swiping up and down to move through the list and find the exact app you need at any given moment.

But with Panels, critically, you don’t have to be on your home screen to access that interface. You can set up the app to show you the list as an overlay and effectively give you super-efficient access to your entire Android app drawer universally — with a simple side-of-screen swiping gesture that works on your home screen as well as within any other app or process.

Just one swipe up or down the side of your screen, aaaaand poof: There’s your entire Android app drawer — available in a neatly organized, efficiency-optimized list. You can swipe or tap to reach the letter you want or lean on the favorites to find apps you open often. And, most significantly, again: You can get to all of that from anywhere, without having to first fumble your way back to your home screen and waste countless seconds throughout the day. It essentially extends that part of your home screen throughout your entire device, which is a pretty awesome power to have.

The Android app drawer, optimized for efficiency and available from anywhere.

JR Raphael, IDG

Setting it up is surprisingly simple — and something you’ll only have to do one time:

• First, download and install Panels from the Play Store.
• Open the app and follow the prompts to allow it to send notifications and to display over other apps (two innocuous permissions that are legitimately required for the app to do what it needs to do).
• Now, on the app’s main setup screen, tap “View.”
• Tap the circular blue pencil icon in the lower-right corner of the screen that comes up next and tap “Delete / Reposition / Rename.”
• Tap the trash can icon next to both “Apps and shortcuts” and “Widgets” — two sample panels that are present in the app by default but that you won’t need for these purposes.
• That should leave you with only one remaining panel, called “App list.”

The all-important “App list” option within the Panels Android app.

JR Raphael, IDG

At this point, all that’s left is to think about if you want to have your on-demand app drawer available via a swipe on the left or the right side of your screen. I tend to hold my phone in my left hand, personally, so for me, swiping on the left side of the screen with my thumb is the easiest and most ergonomic gesture. If you hold your phone in your right hand, you might prefer using the right side.

Whichever you choose, make sure the “App list” item is in the appropriate place within that same menu we were just looking at. If you need to move it, press and hold on the right side of its line to drag it into whichever position you want, then tap “Apply.”

And take a deep breath: We’re almost done! At this point, all that’s left are the little details and some opportunities for even more advanced customization.

Some things to consider:

• In the main “Panels” menu on that same settings screen, you may want to extend the length of the “Rows” option to make the list longer and allow it to take up the entire height of your screen without wrapping over to a second line.
• Within that same menu, tapping “List settings” will reveal a series of options for determining if your on-demand app drawer shows recently opened apps, recently installed apps, and recently updated apps along with specific links to different sections of your system settings. You can also manually hide certain apps from the list and prevent ’em from showing up in the list at all, if you have some apps you don’t anticipate ever needing to access.
• If you tap “Trigger” in the main menu selector at the bottom of the screen, you can change the width, height, and precise positioning of the part of your screen where the swipe gesture will be recognized. This may require a bit of experimentation to figure out the optimal placement for you. I like to keep the trigger zone fairly high up on the side of my screen, where (a) I’m unlikely to activate it on accident and (b) it’s easy to reach effortlessly near the spot where my thumb already tends to rest.
• In that same “Trigger” menu, take note of the “Visible width” and “Invisible width” options. By default, Panels will put a thin colored line on the side of your screen to remind you where you can swipe to summon your app drawer. That’s fine if you like it — or if you want to have it there for a little while, until you get used to the idea of using this — but personally, I prefer setting that value to zero and leaving only the “Invisible width” present (meaning there’s no line or visible indication of the panel’s presence on my screen, and I just know where to swipe to find it).
• And note, too, the “Prioritize the back gesture over the trigger” option. If you use Android’s gesture navigation, you’ll almost certainly want to activate that to avoid any conflicts.
• Last but not least, under the “Colors” menu, you can customize the appearance of your panel, if you ever want to play around with that and do something different than the default.

And that, my fellow Android-adoring animal, is about it! Panels doesn’t require any manner of eyebrow-raising permissions, nor does the app collect any kind of personal data. It’s free to use with an optional in-app upgrade to remove some limitations, unlock extra options, and eliminate ads within the configuration interface (and note, if you’re a member of my Intelligence Insider club, you actually have a free lifetime upgrade to the full premium version of Panels as part of your Insider Perk Pack).

I hope you enjoy your new on-demand app drawer as much as I’m enjoying mine — and I hope its presence gives you a renewed appreciation for the choice, flexibility, and genuine practical benefits Android’s approach allows us, just as it has for me.

Get six full days of advanced Android knowledge with my free Android Shortcut Supercourse. You’ll learn tons of time-saving tricks for your phone!

Android, Google, Mobile Apps, Productivity Software

Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That's according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the start of April 2024. OpenMetadata is an open-source platform that operates as a

Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That's according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the start of April 2024. OpenMetadata is an open-source platform that operates as a Newsroomhttp://www.blogger.com/profile/[email protected]

A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell. "The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads to push these domains to the top of search engine results targeting specific search keywords, thereby

A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell. "The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads to push these domains to the top of search engine results targeting specific search keywords, thereby Newsroomhttp://www.blogger.com/profile/[email protected]

While Apple didn’t rush to embrace sideloading, developers can get ready for it in the EU, as support for this is now live in the latest iOS 17.5 beta.

This is the first big improvement Apple has made to its originally stated plans to bring its business in line with Europe’s Digital Markets Act (DMA). Web Distribution lets authorized developers distribute their iOS apps to users in the European Union (EU) directly from a website owned by the developer.

Apple announced its initial approach to DMA compliance in March, spoke in Europe about its plans a little later, and received lots of feedback, which it is now acting on. Europe has also begun looking into its compliance with the DMA, suggesting Apple’s tweaks reflect the company’s ongoing dialog with EU regulators.

The basic idea is that developers can choose to offer their own apps to customers through their websites, though they must agree to various checks and must also handle customer support, tech support, taxation and more. In some cases, a fee may be payable. But users will want to know how the change will impact them.

What is the user experience?

Customers have become accustomed to the App Store, so it seems likely most people will want to keep using it. However, as developers peel away from the App Store, it’s possible some important apps will become solely available via independent portals, including developer websites. We must wait and see the extent to which this will complicate the user experience and dilute platform integrity. 

But, when it comes to web distribution, we can at least see how the system works by considering the customer journey Apple has described. That journey is far from being the miserable experience some of the company’s big-mouthed critics have said it is; it has been designed to inform and protect customers, as I see it.

According to Apple, when a customer chooses to download an iOS app from a developer’s website:

• The first time they choose to download an app from a new developer they must navigate a series of prompt screens in which the significance of the decision is explained.
• They then authenticate with Face ID to agree to give the developer permission to install apps on their device.
• They go through a three-step process to install the app itself.
• And those who want to download other apps from that developer’s website will go directly to the last three steps, as permission will already have been provided. 

Apple’s app notarization process actually benefits all parties in this. It does so by requiring the developer to provide clear information and screenshots to explain what the app does and how it works. That means customers should know what they are installing, while notarization means they can be reasonably secure the app has at least received some security vetting — albeit not to the same extent as the App Store.

Who can distribute apps on the web?

To distribute apps via their websites, developers must live in or be registered in the EU, or have a subsidiary incorporated there. They must also have been a member of the Apple Developer Program for two continuous years or more and have an app that had more than a million first annual installs on iOS in the EU in the preceding 12 months.

If they qualify, developers must agree to Apple’s new business terms. Among other things, this includes taking responsibility for customer support and refunds and agreeing to the Alternative Terms Addendum for Apps in the EU.

What about the small print?

With all that in place, developers must:

• Only offer apps from their developer account.
• Respond in timely fashion to questions from Apple concerning distributed apps, particularly around fraud, malware, or anything that could impact the safety and security of users or the platforms.
• Agree to submit their apps to Apple’s notarization process, which aims to protect the company’s platform and its customers.
• Publish transparent data collection policies and offer users control over how their data is collected and used.
• Follow applicable laws, such as GDPR, taxation, and government enquiries.

What support does Apple provide?

Once a qualified developer has set up for business this way, Apple will supply the following resources to enable web distribution of apps:

• Access to a series of APIs Apple has built to enable web distribution, integrate with system functionality, and back-up and restore apps.
• Developers can only sell their apps via App Store Connect registered sites.
• They must also agree to pay Apple a Core Technology Fee of €0.50 for each first annual install of an app once installations exceed one million in 12 months. (Most developers don’t move apps at that scale.)
• A free exemption to non-profits, educational institutions, or government entities based in the EU that have been approved for a fee waiver.

Once set up, developers can download signed binary assets that they can then host for sale and distribution through their own website.

What else has changed?

Changes to Apple’s original proposals include:

• Web distribution of iOS apps. 
• A loosening of the rules so larger corporate developers don’t need to handle quite as much bureaucracy.
• The ability of developers who want to build their own app marketplace to qualify without providing a stand-by letter of credit. 
• Allowing developers to switch back to Apple’s traditional App Store business model one time. This is designed to protect developers against unexpected business changes, such as in the event a developer’s app sees downloads increase faster than expected.

What else is new?

Apple has promised a range of additional changes to bring its App Store business into strong compliance with the DMA. Among other things, the company will make it possible to delete Safari in favor of other browsers and will provide solutions to make it easier to migrate to other smartphone platforms.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Apple, Apple App Store, iOS

A previously undocumented "flexible" backdoor called Kapeka has been "sporadically" observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022. The findings come from Finnish cybersecurity firm WithSecure, which attributed the malware to the Russia-linked advanced persistent threat (APT) group tracked as Sandworm (aka APT44 or

A previously undocumented "flexible" backdoor called Kapeka has been "sporadically" observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022. The findings come from Finnish cybersecurity firm WithSecure, which attributed the malware to the Russia-linked advanced persistent threat (APT) group tracked as Sandworm (aka APT44 or Newsroomhttp://www.blogger.com/profile/[email protected]

The introduction of Open AI’s ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing,

The introduction of Open AI’s ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing,The Hacker Newshttp://www.blogger.com/profile/[email protected]

The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security enthusiasts, and sysadmins. The SPDX community, in collaboration with the Linux Foundation , has evolved the widely used Software Bill of Materials (SBOM) communication format with a comprehensive set of updates, introducing new features and enhancements tailored to modern system use cases.

Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker to reset Confluence and create an administrator account. Armed with this access, a

Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker to reset Confluence and create an administrator account. Armed with this access, a Newsroomhttp://www.blogger.com/profile/[email protected]

Cybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads. The activity entails the exploitation of CVE-2023-48788 (CVSS score: 9.3), a critical SQL injection flaw that could permit an unauthenticated attacker to execute unauthorized code or

Cybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads. The activity entails the exploitation of CVE-2023-48788 (CVSS score: 9.3), a critical SQL injection flaw that could permit an unauthenticated attacker to execute unauthorized code or Newsroomhttp://www.blogger.com/profile/[email protected]

The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception. As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very popular among malicious actors who attack mobile devices. That said, we recently discovered a new banker, SoumniBot, which targets Korean users and is notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest.

SoumniBot obfuscation: exploiting bugs in the Android manifest extraction and parsing procedure

Any APK file is a ZIP archive with AndroidManifest.xml in the root folder. This file contains information about the declared components, permissions and other app data, and helps the operating system to retrieve information about various app entry points. Just like the operating system, the analyst starts by inspecting the manifest to find the entry points, which is where code analysis should start. This is likely what motivated the developers of SoumniBot to research the implementation of the manifest parsing and extracion routine, where they found several interesting opportunities to obfuscate APKs.

Technique 1: Invalid Compression method value

This is a relatively well-known technique used by various types of malware including SoumniBot and associated with the way manifests are unpacked. In libziparchive library, the standard unarchiving function permits only two Compression method values in the record header: 0x0000 (STORED, that is uncompressed) и 0x0008 (DEFLATED, that is compressed with deflate from the zlib library), or else it returns an error.

libziparchive unarchiving algorithm

Yet, instead of using this function, the developers of Android chose to implement an alternate scenario, where the value of the Compression method field is validated incorrectly.

Manifest extraction procedure

If the APK parser comes across any Compression method value but 0x0008 (DEFLATED) in the APK for the AndroidManifest.xml entry, it considers the data uncompressed. This allows app developers to put any value except 8 into Compression method and write uncompressed data. Although any unpacker that correctly implements compression method validation would consider a manifest like that invalid, the Android APK parser recognizes it correctly and allows the application to be installed. The image below illustrates the way the technique is executed in the file b456430b4ed0879271e6164a7c0e4f6e.

Invalid Compression method value followed by uncompressed data

Technique 2: Invalid manifest size

Let’s use the file 0318b7b906e9a34427bf6bbcf64b6fc8 as an example to review the essence of this technique. The header of AndroidManifest.xml entry inside the ZIP archive states the size of the manifest file. If the entry is stored uncompressed, it will be copied from the archive unchanged, even if its size is stated incorrectly. The manifest parser ignores any overlay, that is information following the payload that’s unrelated to the manifest. The malware takes advantage of this: the size of the archived manifest stated in it exceeds its actual size, which results in overlay, with some of the archive content being added to the unpacked manifest. Stricter manifest parsers wouldn’t be able to read a file like that, whereas the Android parser handles the invalid manifest without any errors.

The stated size of the manifest is much larger than its actual size

Note that although live devices interpret these files as valid, apkanalyzer, Google’s own official utility for analyzing assembled APKs, cannot handle them. We have notified Google accordingly.

Technique 3: Long namespace names

The SoumniBot malware family, for example the file fa8b1592c9cda268d8affb6bceb7a120, has used this technique as well. The manifest contains very long strings, used as the names of XML namespaces.

Very long strings in the manifest…

…used as namespace names

Manifests that contain strings like these become unreadable for both humans and programs, with the latter may not be able to allocate enough memory to process them. The manifest parser in the OS itself completely ignores namespaces, so the manifest is handled without errors.

What’s under the obfuscation: SoumniBot’s functionality

When started, the application requests a configuration with two parameters, mainsite и mqtt, from the server, whose address being a hardcoded constant.

Parameter request

Both parameters are server addresses, which the malware needs for proper functioning. The mainsite server receives collected data, and mqtt provides MQTT messaging functionality for receiving commands. If the source server did not provide these parameters for some reason, the application will use the default addresses, also stored in the code.

After requesting the parameters, the application starts a malicious service. If it cannot start or stops for some reason, a new attempt is made every 16 minutes. When run for the first time, the Trojan hides the app icon to complicate removal, and then starts to upload data in the background from the victim’s device to mainsite every 15 seconds. The data includes the IP address, country deduced from that, contact and account lists, SMS and MMS messages, and the victim’s ID generated with the help of the trustdevice-android library. The Trojan also subscribes to messages from the MQTT server to receive the commands described below.

# Description Parameters 0 Sends information about the infected device: phone number, carrier, etc., and the Trojan version, followed by all of the victim’s SMS messages, contacts, accounts, photos, videos and online banking digital certificates. – 1 Sends the victim’s contact list. – 2 Deletes a contact on the victim’s device. data: the name of the contact to delete 3 Sends the victim’s SMS and MMS messages. – 4 A debugging command likely to be replaced with sending call logs in a new version. – 5 Sends the victim’s photos and videos. – 8 Sends an SMS message. data: ID that the malware uses to receive a message to forward. The Trojan sends the ID to mainsite and gets message text in return. 24 Sends a list of installed apps. – 30 Adds a new contact on the device. name: contact name; phoneNum: phone number 41 Gets ringtone volume levels. – 42 Turns silent mode on or off. data: a flag set to 1 to turn on silent mode and to 0 to turn it off 99 Sends a pong message in response to an MQTT ping request. – 100 Turns on debug mode. – 101 Turns off debug mode. –

The command with the number 0 is worth special mention. It searches, among other things, external storage media for .key and .der files that contain paths to /NPKI/yessign.

public static List getAllBankingKeys(Context context) { List list = new ArrayList(); Cursor cursor = context.getContentResolver().query(MediaStore.Files.getContentUri("external"), new String[]{"_id", "mime_type", "_size", "date_modified", "_data"}, "(_data LIKE \'%.key\' OR _data LIKE \'%.der\')", null, null); int index = cursor == null ? 0 : cursor.getColumnIndexOrThrow("_data"); if (cursor != null) { while (cursor.moveToNext()) { String s = cursor.getString(index); If (!s.contains("/NPKI/yessign")) { continue; } Logger.log("path is:" + s); list.add(s); break; } cursor.close(); } return list; }

If the application finds files like that, it copies the directory where they are located into a ZIP archive and sends it to the C&C server. These files are digital certificates issued by Korean banks to their clients and used for signing in to online banking services or confirming banking transactions. This technique is quite uncommon for Android banking malware. Kaspersky security solutions detect SoumniBot despite its sophisticated obfuscation techniques, and assign to it the verdict of Trojan-Banker.AndroidOS.SoumniBot.

Conclusion

Malware creators seek to maximize the number of devices they infect without being noticed. This motivates them to look for new ways of complicating detection. The developers of SoumniBot unfortunately succeeded due to insufficiently strict validations in the Android manifest parser code.

We have detailed the techniques used by this Trojan, so that researchers around the world are aware of the tactics, which other types of malware might borrow in the future. Besides the unconventional obfuscation, SoumniBot is notable for stealing Korean online banking keys, which we rarely observe in Android bankers. This feature lets malicious actors empty unwitting victims’ wallets and circumvent authentication methods used by banks. To avoid becoming a victim of malware like that, we recommend using a reliable security solution on your smartphone to detect the Trojan and prevent it from being installed despite all its tricks.

Indicators of compromise

MD5
0318b7b906e9a34427bf6bbcf64b6fc8
00aa9900205771b8c9e7927153b77cf2
b456430b4ed0879271e6164a7c0e4f6e
fa8b1592c9cda268d8affb6bceb7a120

C&C
https[://]google.kt9[.]site
https[://]dbdb.addea.workers[.]dev

Let’s get real for a minute: Much as the companies that create productivity apps would like to think otherwise, most of us don’t work and live entirely within any single software ecosystem.

Sure, maybe you use Google Workspace for your email, word processing, and file storing. Or maybe you consider Microsoft 365 (formerly known as Office) to be your home base.

If you’re anything like me, though, neither of those environments is where your virtual office ends. Perhaps that’s because you use Slack for your professional communication. Perhaps you rely on tools like Trello, Notion, or ClickUp — or, heck, even some combination of ’em! — for more advanced info organizing and project management.

Whatever the case may be, by the time you sprinkle in a pinch of WordPress, a dash of Todoist, and a healthy dusting of Miro, you’ve got yourself quite the cross-platform collaboration cocktail.

And here’s what’s really wild: For as often as many of us work that way, our virtual environments almost seem designed to make it difficult. That’s true even as an individual, as anyone who’s ever juggled two dozen browser tabs across seven different services can tell you. And once you add a team into the equation, it becomes an even greater exercise in frustration to keep track of all the different pieces connected to a typical project puzzle.

A service called Workona might have found the answer. Workona, founded in 2017, has slowly been chipping away at the gap between how we actually work these days and the types of work our desktops are designed to handle. With its latest improvements in tow, the service has created a deceptively simple solution for a complex-seeming and maddeningly common problem.

The core Workona concept

It’s easy to think of Workona as a mere tab manager for your browser. In fact, it is also that — via a free extension you can install into Chrome, Edge, or Firefox. (The company says a Safari extension is planned.)

But while that tab manager nomenclature may be the fastest way for an average user to wrap their head around Workona’s offering, it’s really just the very outer layer of what the service represents.

At its core, Workona is all about organizing workspaces within your browser, based on either project or purpose. It’s designed for people who spend their time working across a range of different and typically disconnected-from-each-other web apps. And while it could be useful for just about anyone, it has some supremely effective tools for team-centric collaboration in particular.

In fact, that’s how its founders describe their inspiration for creating the service in the first place. After working together as early employees of Lucid Software (the since-acquired company behind the web-based publishing program formerly known as Lucidpress), Quinn Morgan and Alma Madsen realized that the browser was a pretty lousy framework for the purposes it had evolved to handle.

Plain and simple, pulling up a bunch of disparate services and web pages every time you start working on a project just isn’t efficient. Toggling among all those elements as you’re working wastes time. And trying to keep your co-workers on the same wavelength with all those perpetually shifting pieces is a disaster waiting to happen.

So instead of trying to force you into using only a single productivity platform — an answer that just isn’t practical for most businesses at this point — Workona tames the chaos by acting as a connective tissue that ties all your productivity puzzle pieces together.

Notably, that approach won’t make sense if you’re in an organization that leans heavily on traditional local programs instead of their web-based equivalents. Workona works entirely within your web browser, so if, for instance, you prefer or are required to use the locally installed versions of Microsoft’s productivity apps and all of your work is contained within that one platform, it probably wouldn’t be the right fit for you. But as long as you’re willing and able to open projects on the web at least some of the time, it could go a long way in making those projects more cohesive.

And a more cohesive-feeling, efficient work process is ultimately what Workona is all about.

Filling in the missing spaces

Workona’s chaos-taming philosophy revolves around the concept of spaces. At their simplest level, spaces are centralized work canvases for every project you’re working on, and they exist right within your browser by way of the Workona extensions on the desktop front or the companion iOS app for iPhones and iPads and the mobile website (no dedicated app yet — grumble, grumble…) for Android.

Certain services can also be connected via a direct API-level integration so that they’re accessible in your spaces regardless of whether they’re actively open in a browser tab. This manner of integration is available for Google Drive, Docs, Sheets, and Slides as well as for Slack, Asana, ClickUp, Monday, and Trello. But beyond that, so long as something can be opened in your browser — as most of Microsoft 365 services can, to provide one particularly high-profile example — it can be brought into Workona and associated with your spaces.

You might, for instance, create a space called “Website Redesign.” Within that space, you could store Google Docs with in-progress copy for different pages, Word files from a client with thoughts and feedback, Drive folders with assorted design assets, Figma files with under-development visual mockups, and collections of live web pages from a private staging site.

That same space could have natively stored notes about goals and timing, lists of specific tasks around different priorities, and even an embedded Slack channel for website-related discussion right within that same area.

A sample space created in Workona with a shareable mix of documents, files, folders, web pages, notes, tasks, and chat.

A sample space created in Workona with a shareable mix of documents, files, folders, web pages, notes, tasks, and chat.

JR Raphael / IDG

A sample space created in Workona with a shareable mix of documents, files, folders, web pages, notes, tasks, and chat.

JR Raphael / IDG

JR Raphael / IDG

Anyone with access to the space sees the same view, in real time. You can search across all the connected elements right then and there, too, as well as create new elements in any associated app with a couple quick clicks.

Workona even autosaves progress as everyone within a space works, so the canvas is always complete and current and can also be restored to any earlier point as needed. You can open all tabs from a space with a single click, if you’re so inclined, or you can just use a space as a launching pad and selectively fire up individual items as you need ’em.

It’s a lot like the same-named “spaces” feature within the buzzy new browser Arc, only it works on any platform and with any browser you want — no awkward (and often impossible, especially in an enterprise setting) switching required. And it’s much more robust in the possibilities it allows, particularly when it comes to collaboration.

To wit: Workona’s latest innovation is its introduction of automatically created unified spaces for teams. That option, rolled out earlier this year, allows teams to create consistent templates that then instantly populate new spaces with specific sets of folders, documents, task lists, and other relevant resources — with the idea being that companies working on projects with clients tend to use the same basic starting points over and over again. And this way, they can create an organized, ready-to-roll workspace involving all their pertinent browser-based tools with a single click and about seven seconds of effort.

Workona is available in a limited free individual plan. For a fully featured experience without any limitations, you’ll be looking at $7 per month for its pro plan, $10 per user per month for its collaboration-ready team plan, or $20 per user per month for its admin-friendly enterprise arrangement.

Hosted on Google Cloud, Workona is SOC 2 compliant and uses 256-bit TLS and AES encryption to protect data in transit and at rest. Read more about Workona’s security practices.

It’s no stretch to say that the web has become the bedrock for much of our modern work. And Workona really does feel like the unifying layer that’s traditionally been missing from that framework. It’s the operating system you never knew you needed, within your browser — and you might just be surprised by how much easier it makes your web of virtual puzzle pieces to manage.

Collaboration Software, Productivity Software

Is someone watching your PC’s webcam? Modern laptops are packed with webcam LEDs, privacy shutters, and even switches that physically disconnect the webcam to ensure you have control. Windows has a variety of useful settings, too — but those software options aren’t perfect.

This is complicated on Windows 11 and Windows 10 PCs because Windows software was designed to have deep access to the operating system. It’s not like on a modern Android phone or iPhone, where the apps have to request access to your camera. No, applications on your system can generally just start using your webcam whenever they like. That’s fine with well-behaved software you trust, but it’s a problem if your computer is infected with remote access Trojans (RATs) or other types of malware.

Modern laptop webcam privacy solutions

Modern laptops — especially business laptops and premium consumer laptops — have built-in webcam privacy solutions:

• Webcam LEDs are common on most laptops with webcams. A physical LED light will appear on or near the webcam when it’s activated. If the LED is on and you’re not using the webcam, that’s a clue something is up.
• Privacy shutters are becoming more common, too. You physically slide a shutter in front of the webcam, and the shutter blocks it from recording.
• Physical webcam shutoff switches are also popping up. You flip a physical switch somewhere on your laptop — perhaps on the side, near the power button or ports — and the laptop disconnects the webcam. It no longer appears as a connected device to Windows, and software on your PC can’t access it until you flip that switch and reconnect it.

If webcam privacy is important to you, be sure you buy a laptop with a shutter that physically blocks the webcam or a switch that disconnects it. Some laptops have function keys that turn off their webcam on the keyboard, but these don’t generally disconnect the webcam — they just send a signal to the operating system to turn it off. Malware running on your PC could reactivate the webcam if you disable it in this way.

Business laptops often have physical privacy shutters — no taping over your webcam necessary.

Chris Hoffman, IDG

How to see which apps have used your PC’s webcam

Windows 10 and 11 both will tell you which applications recently used your PC’s webcam.

[Boost your Windows IQ with my free Windows Intelligence newsletter — three things to know and try every Friday and a free Windows Field Guide to start!]

Unfortunately, this convenience isn’t foolproof. Microsoft’s own documentation points out that some applications might not appear in this list. While this access log is nice to have, sophisticated malware running on your PC could certainly dodge it.

To find the list of apps that recently accessed your webcam:

• On Windows 11, open the Settings app and select “Privacy & security” in the left pane. Scroll down and click “Camera” under App permissions. Scroll down again and click “Recent Activity” to see which applications have used your camera in the last seven days.
• On Windows 10, open the Settings app and select “Privacy.” Choose “Camera” under App permissions in the left pane. Examine the list of apps, especially the desktop apps at the bottom — Windows will show you the date and time each app last accessed your webcam.

Windows has a lot of options for seeing and controlling webcam access. But they’re not foolproof, and malware can get around them.

Chris Hoffman, IDG

You might see your web browser here, too. Websites can access your webcam, but only if you let them — your web browser controls which sites have access to it. You can check which sites in your browser’s settings:

• In Google Chrome, click menu > Settings. Select “Privacy and security, “ click “Site settings,” and click “Camera.” Look at the “Allowed to use your camera” list here — you can remove sites if you don’t want them to have access to your camera.
• In Microsoft Edge, click menu > Settings. Select “Cookies and site permissions,” and click “Camera” under All Permissions. Look at the list of sites in the “Allow” list — these are the sites that have access to your webcam.
• In Mozilla Firefox, click menu > Settings. Select “Privacy & Security.” Scroll down to the Permissions section and click “Settings” to the right of Camera. You’ll see a list of sites that have been given access to your webcam here.

Your web browser gives you complete control over which websites get access to your PC’s camera.

Chris Hoffman, IDG

How to see if your webcam is being used right now

Windows relies on the camera’s status LED to turn on to indicate your camera is being used. For devices without physical camera LEDs, Windows will show on-screen “Camera on” and “Camera off” messages.

You can activate these on-screen messages on any Windows PC with the “NoPhysicalCameraLED” registry hack, if you like.

Other ways to disable your PC’s webcam

While many modern laptops have great solutions for disabling your webcam — all those shutters and switches — some don’t. You still have options:

• Unplug your webcam: If you use an external webcam, you can just unplug its USB cable from your computer when you aren’t using it.
• Turn it off in the UEFI or BIOS: If your laptop has a built-in webcam you’re not using, you could boot into its UEFI firmware settings screen — this is the modern replacement for the traditional BIOS settings screen. You can boot to this interface from the Windows Recovery Menu. From here, you can usually find an option to deactivate the webcam. It won’t function again until someone reboots into this screen and activates it once again — that’s inconvenient if you frequently use the webcam, but it’s a nice privacy upgrade if you never do.
• Tape or cover your webcam: The traditional method of covering your laptop’s webcam with tape or some other kind of cover still works! It became extra famous when Mark Zuckerberg revealed he tapes his webcam back in 2016. Now, most of us aren’t billionaires, and Zuckerberg certainly faces privacy threats most people don’t. But even this low-tech solution works for him. (These days, hopefully Zuckerberg has a modern laptop with a built-in webcam privacy cover or disconnect!)

By the way, you’ll also find options to turn off your webcam at Settings > Privacy & security > Camera on Windows 11 and Settings > Privacy > Camera on Windows 10. You can use these options if you like, but don’t rely on them: As the interface itself says on Windows 11, “Some desktop apps might not appear on this page or be affected by these settings.”

As with the list of apps that have recently accessed your webcam, traditional Windows desktop apps could get around this setting, even if you turned off the microphone — and it’s likely the most dangerous malware applications would be designed to do so. If you’re concerned about privacy, it’s much better to physically cover or disconnect the webcam — or at least disable it at a low level in your system’s UEFI settings.

Wait, what about microphone privacy?

There’s a huge elephant in the room here — and that’s microphones. Laptops have integrated microphones. Those microphones don’t have status LEDs and there are no physical switches to turn them off.

Picture a conference room full of laptops with excellent webcam privacy solutions: Each laptop has the shutter closed. Malware running on any of those laptops could still listen in. Of course, that would require at least one of those laptops to be infected with malware — and malware on a laptop could capture all kinds of other sensitive information, from passwords and payment details to sensitive correspondence.

Still, as PCWorld pointed out in 2019, laptop manufacturers haven’t offered the kind of microphone privacy switches we see in smart speakers. Hopefully that will be a focus going forward.

For now, you could perhaps boot into UEFI firmware settings and disable your laptop’s integrated microphone from there if you’re concerned. Or, you could just tape over your microphone. When Mark Zuckerberg revealed he tapes over his laptop’s webcam, he also revealed he tapes over his laptop’s microphone hole, too. Of course, you can prevent many of these threats with good security practices, too. As long as your computer isn’t infected by malware, you don’t have to worry about someone listening in on you.

Still, it usually pays to be extra careful — especially if you’re a billionaire like Mark Zuckerberg.

Want even more practical Windows knowledge? Check out my free Windows Intelligence newsletter to get the best Windows tips in your inbox — and get a free Windows Field Guide just for subscribing.

Desktop PCs, Privacy, Windows, Windows 10, Windows 11

Cisco is warning about a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since at least March 18, 2024. "These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies," Cisco Talos said. Successful attacks could

Cisco is warning about a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since at least March 18, 2024. "These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies," Cisco Talos said. Successful attacks could Newsroomhttp://www.blogger.com/profile/[email protected]