Friday, March 31, 2023

It's all about technology

Malicious Android app that uses user numbers to create accounts without their permission

A security researcher has found a fake Android text messaging app that secretly acts as a way to create accounts on sites like Microsoft, Google, Instagram, Telegram and Facebook.

The researcher said that the phone numbers of devices on which the app, which has been downloaded about 100,000 times from Android’s Google Play store, is then rented without the owners’ knowledge to obtain a one-time passcode that is usually used to verify users while creating new accounts.

Malicious Android app that uses user numbers to create accounts without their permission

While the app has an overall rating of 3.4, many user reviews say it is fake, hijacking their phones, and sending them multiple passcodes upon installation.

Symoo was discovered by Evina security researcher Maxime Ingro, who reported it to Google, but received no response from the Android team. It is still available at the moment of writing the report on the Google Play Store.

How does Symoo work?

When installed on the device, the app asks for permission to send and read SMS messages, which seems natural since Symoo markets itself as an “easy-to-use” texting app.

On the first screen, it asks the user to provide their phone number, after that, it shows a fake loading screen that supposedly shows the progress of downloading resources. But the process is so long that the app operators can send many text messages that are used as two-factor authentication codes to create accounts on many services, read the content of the messages, and then send them to the operators.

After completing the task, the application freezes and then does not reach the main interface of the application, which prompts users to uninstall it. Meanwhile, the app has used the user’s phone number to generate fake accounts on the services. Users of the app say they have been given codes for accounts they did not create.

Since phone numbers are often the only possible way to verify accounts, people who wish to engage in illegal or anonymous activities find these pseudonymous accounts useful.

In addition, Maxim Ingro discovered that Symoo was pulling SMS data into a domain used by another app, Virtual Number, which was also present in the Google Play Store earlier, but has been removed from it.

Users of such applications on the Android system are advised to uninstall them; Because it copies the SMS content of the users to its own servers.

Get notified whenever we post something new!

Continue reading

Stability AI CEO hints at IPO plans, calls for transparency in AI governance

During the Cerebral Valley AI Conference in San Francisco on Thursday, Emad Mostaque, the CEO and founder of Stability AI, revealed that he plans to take the open-source platform public within the next few years

Amazon’s Audible Tests Advertisements in Audiobooks for Non-Paying Users

Audible, the audiobook company owned by Amazon, has begun testing advertisements in its audiobooks. The experiment is currently limited to non-paying users

“Google Chrome and Classroom Launch New Features for Educators and Students, Including Reading Mode and AI-Powered Hand Raise Detection

Google has recently announced new features for educators and students that will be added to Chrome and Classroom. Among these features is the new “reading mode” for Chrome, which is an AI-powered feature that helps students with dyslexia and ADHD.