Connect with us

Technology

‘I Want To Expose Google’s Mistakes’: The Russian Hacker Blamed For A Big Android Fraud Problem

mm

Published

on

Google’s proud of its track record in protecting more than one billion Android phones and tablets from malevolent hackers. But in the last 12 months, it’s been dealt a few blows, including the biggest ad fraud to ever hit its mobile operating system and the most significant single theft of Google accounts thanks to an Android malware called Gooligan.

Those alarming events were set off via networks of cybercriminals focused on the platform, where coders combine their technical skills with the will and financial backing of organized gangs. Sometimes, the latter group don’t even have to pay for the former’s digital tools. Sometimes, the technically-savvy types open their minds for free.

That’s just what a character calling himself Maza-In did just before last Christmas, when he or she posted an in-depth guide on the Exploit.in hacker forum for creating Android “bankers” – malware designed to steal bank login details from users of Google’s platform. The post not only included directions, but source code for a banker too. There was also a description of the required backend infrastructure, all of which combined could deliver realistic-looking bank pages designed to trick victims into handing over their usernames and passwords.

And now, Android security experts have pinned a spike in banking malware on Maza-In and that post. They claim that Maza-In, in one fell swoop, caused a sudden leap in Android banking fraud, as cybercriminals took that open sourced code and adapted it to spread both in and outside Google’s official Play store. According to an independent researcher going by the moniker b0n1, as many as 60 variants of malware containing the Maza-In banker have been pushed out into the wider world by hackers hoping to make some easy money.

Making Millions From Paranoia

Check Point, which has been tracking the mini-explosion in Android bank fraud with ElevenPaths, a Telefónica security unit, told Forbes it had records of several dozen servers operating Maza-In’s malware, the largest of which controlled close to 3,000 bots. ElevenPaths said that, from Google Play alone, downloads of apps based on Maza-In’s code stood at above 10,000 and expected to rise, not to mention the number of downloads outside the store.

Those aren’t massive numbers. But what Maza-In and those who adapted his work for their own machinations have proven repeatedly are flaws in Google Play’s security, namely the Bouncer technology that’s supposed to keep bad apples out. Just two weeks ago, a sample of BankBot, based on Maza-In’s creation, was seen inside Google Play initially disguised as a video downloader tool. On June 13th, a very similar looking video downloader was up on the market; underneath was, again, a banker using Maza-In’s work. Going further back to April, a malware called Charger, which also borrowed heavily from Maza-In, was doing much the same, but masquerading as a flashlight app inside the official store, ESET reported. All were removed from Google Play as soon as the tech giant was alerted, but not before thousands were infected.

“Before this Maza-In code, there were a lot of Android banking Trojans, for sure,” said ElevenPaths security researcher Sergio de los Santos. “But accessing the source code was not easy and this helps all kinds of people create variants and even get into Google Play. Giving a very simple and effective framework to create and manage your own banking Trojan opens the door to hundreds of profiles of attackers that want to get into business the easy way.

“Maza-in made it very simple to add different banks to attack, so you may see people from Latin America with their own samples focused on banks in there, UK people, Russians.”

A hacker responds

Maza-In says he is no cybercriminal, though. (As Maza-In uses a profile picture of Bob Marley, Forbes has chosen to refer to the hacker in the masculine). In an interview over encrypted chat, he said he only wanted to highlight weaknesses in Google’s operating system, not spawn a spike in Android cybercrime. He claimed, for instance, that despite security firms’ claims he was behind the BankBot banker, another individual was responsible.

Yet he was aware of the criminal use of his code, revealing others, whether they’d given the malware additional features or not, were selling it for between $2,000 and $3,000 a pop on the web’s underground markets. “I did not expect it to work out that way, that it would spread so much,” he told me in Russian (translated by Google Translate).

“I did not write an article to harm people… I’m interested in studying the holey Android, since Google is not able to make a good operating system… by this I wanted to show the vulnerability of the Android and thought that Google would take care of security.” Unlike security pros who disclose bugs in return for credit or monetary reward, Maza-In said he didn’t contact Google.

Industrial Thief On The Line, How Can I Rob You?

In describing just what he thought was wrong with Android security, he added: “The biggest problem is that the device can install any application, get full access to the device and can be substituted for fake banking applications [that can] intercept SMS [and] manage the device. In general, everything is possible.”

As for Check Point and ElevenPaths’ assessment he was a malware creator supporting criminal operations, Maza-In said they’d exaggerated. He even claimed to be working on an Android anti-virus application.

But whilst analysts from both firms agree there’s no evidence he’s actively exploiting Android devices, they say it’s clear he is a malware creator who’s not followed best practise in highlighting security issues. “The blog contains explicit evidence that Maza-in is indeed behind the malware. He also boasted about his malware not being caught until January on one forum,” said Daniel Padon, mobile security researcher at Check Point. According to Lookout Mobile Security researcher Michael Flossman, Maza-In is just one handle used by a crew of Android fraudsters running all the aforementioned fraud malware.

“If you really want to show how unsecure Android is, you write an article about it, you code a proof of concept, you contact the right people to spread the word,” said de los Santos, explaining his disbelief at Maza-In’s claims to innocence.”But creating a Trojan? Oh, come on.”

Whatever the hacker’s involvement in the murkier parts of the internet, he and those who took advantage of his guide have given Google a headache. The company didn’t respond to requests for comment. But with the frequent appearances of these bankers on Google Play, it’s apparent the company has some work to do to keep ne’er-do-wells out of the market and users’ Android devices. – Written by Thomas Fox-Brewster, FORBES STAFF

Continue Reading
Advertisement
Comments

Technology

Nigeria Needs A More Effective Sanitation Strategy Here Are Some Ideas:

Published

on

By

In November last year, Nigeria declared that its water supply, sanitation and hygiene sector was in crisis. This was partly prompted by the fact that the country has struggled to make progress towards ending open defecation.

Almost one in four Nigerians – around 50 million people – defecates in open areas. They do so because access to proper sanitation, like private indoor toilets or outdoor communal toilets, has not improved in recent years.

In fact, it’s got worse: in 2000, 36.5% of Nigerians had access to sanitation facilities that hygienically separate human excreta from human contact. By 2015 the figure had dropped to 32.6%, likely driven by rapid population growth and a lack of sufficient private and public investment.

Open defecation comes with many risks. It can lead to waterborne diseases, cause preventable deaths, and hamper education and economic growth. It also infringes on people’s privacy and dignity.

READ MORE | Small Businesses In Africa Will Be On The Frontline Of Climate Change

The government has tried several strategies to address this problem. In 2008 it adopted an intervention called “Community Led Total Sanitation”. This is a community-level intervention aimed at reducing open defecation and improving toilet coverage.

It draws in community leaders and ordinary residents so they can understand the risks associated with open defecation. By 2014 the intervention was deployed in all 36 Nigerian states, covering around 16% of the country’s 123,000 communities.

We wanted to know how effective the programme has been, if at all. So we conducted a study and found that community-led total sanitation programmes alone will not eradicate the practice of open defecation. But they could be part of the solution.

READ MORE | With 190 million people, Nigeria most likely to give birth to unicorns

We found that the programme currently works quite well in poor communities but is less effective in richer places – that is, places with higher average ownership rates of assets such as fridges, motorcycles, TVs, smartphones and power generators.

Poorer communities distinguish themselves from richer ones in other ways, too. They tend to have higher levels of trust among their citizens, lower initial levels of toilet coverage and lower wealth inequality. But none of these characteristics is, on its own, as strong a predictor of where the intervention works better than community wealth.

Low community wealth is a simple measure that encompasses all these different features, and is associated with greater programme effectiveness.

The intervention

Community-led total sanitation typically starts with mobilisation. This initially involves community leaders and then, through them, communities more broadly. Then, a community meeting is held at which residents typically start by marking their household’s location and toilet ownership status on a stylised map on the ground. They also identify and mark regular open defecation sites.

READ MORE | Somalis Turn a Profit by Transforming Their Scrap Plastic

Facilitators use the map to trace the community’s contamination paths of human faeces into water supplies and food. A number of other activities may follow, such as walks through the community that are often referred to as “walks of shame” during which visible faeces are pointed out, to evoke further disgust and shame.

Another common activity involves calculating medical expenses related to illnesses that are caused by open defecation practices.

The research

In 2015 we worked with the charity organisation WaterAid Nigeria and local government agencies in the states of Ekiti and Enugu to design a field experiment in areas with no recent experience of community led total sanitation, or similar interventions.

The community-led total sanitation programme was implemented in a random sample of 125 out of 247 clusters of rural communities.

To study the intervention’s effectiveness, we interviewed 20 randomly selected households before community-led total sanitation took place. We followed up with these households eight, 24 and 32 months after the intervention.

We found that the programme’s roll-out didn’t lead to any changes in sanitation practices in richer communities. But it worked in the poorest communities. The prevalence of open defecation declined by an average of nine percentage points in poorer communities when compared to other poor areas where the programme wasn’t implemented. This drop was accompanied by a similar increase in toilet ownership rates.

Impact depends on wealth

Our results are in line with observations by the designers of the programme. But we are the first to show quantitatively that community asset wealth is a good predictor of whether the intervention can be expected to be successful. Unfortunately, our data does not allow us to pin down why households in poorer communities are more susceptible to the programme. However, these results have important implications for more cost effective targeting of the programme.

Most countries, including Nigeria, have access to readily available datafrom household surveys that can be used to measure how asset-poor a community is. These data can be used to identify and target communities where community-led total sanitation is likely to have the biggest impact.

Eradicating open defecation is not just a Nigerian priority. Today, an estimated 4.5 billion people globally don’t have access to safe sanitation. So we also looked at data and research about this same intervention from other parts of the world.

READ MORE | New Ways Of Thinking On Health, Arts And Humanities Are Emerging In Africa

Community-led total sanitation intervention was first developed in Bangladesh in 1999. It has now been implemented in more than 25 Latin American, Asian and African countries.

We used information from evaluations of this intervention in Mali, India, Tanzania, Bangladesh and Indonesia. The studies found widely differing impacts. These ranged from a 30 percentage point increase in toilet ownership in Mali to no detectable impact on toilet ownership in Bangladesh.

Using a measure of wealth for these countries, we found that sanitation interventions have larger impacts in poorer areas, such as Tanzania, and low or no impact in relatively richer areas, such as Indonesia. This supports the idea that targeting poorer areas maximises the impact of community led total sanitation.

Conclusion

Our research shows that while community-led total sanitation is effective in Nigeria’s poorer areas, there are two main challenges.

First, community-led total sanitation had no perceivable impact in the wealthier half of our sample. There, open defecation remains widespread. And second, even in poor areas, a large number of households still engaged in open defecation after the intervention.

This suggests that while community-led total sanitation can be better targeted, it needs to be complemented with other policies – subsidies, micro-finance or programmes that promote private sector activity in this under-served market.

Continue Reading

Technology

African Music Platforms Soar As Spotify And Apple Snooze

mm

Published

on

Creators and consumers of music seek African online music platforms even as global entities and record labels hesitate to fully commit on the continent.


Africa is a continent of over a billion people, with a young, increasingly tech-savvy population that has growing spending power and a desire to find new ways of accessing a wider range of content. And, at a sociocultural level, music plays a huge role in Africa.

A ripe environment for major global players in the music industry, you would think, but things have been rather quiet around digital music on the continent.

Spotify only launched in South Africa last year, and its only other African markets are Algeria, Egypt, Morocco and Tunisia. Apple Music is still only available in the same handful of African countries as at the time of its launch.

Where these companies have, so far, looked on, others have filled the gap. Chinese company Boomplay, founded in 2015, through a joint venture between phone manufacturer Transsion and consumer apps firm NetEase, now has 42 million users across multiple markets on the continent, and recently secured $20 million in funding to break into more countries.

Locally and regionally focused platforms are also seeing traction. Key among them is the Nairobi-based Mdundo, which has more than 3.5 million monthly active users in countries like Kenya, Tanzania, Uganda, Rwanda, Zambia, Zimbabwe, Mozambique, Cameroon, Ghana and Nigeria.

The company works with 50,000 musicians across Africa and has signed a licensing deal with Warner Music Group.

The company’s CEO Martin Nielsen says the sector is seeing strong progress, with artists flooding to online platforms to distribute their music and labels paying more attention to the continent.

“We’re experiencing an increasing interest in Africa and the music industry, both from commercial partners, record labels, music distributors and global music services. This is a very positive development, Africa is next in line,” he says.

The growth of platforms like Mdundo, and the launch of new ones, has benefits for both creators and consumers of music on the continent. For artists, they provide new ways of getting their music out there.

Dumisani Kapanga is founder of the Malawi-based streaming platform Mvelani, which has almost 100,000 songs in its catalogue and claims to have at least 40,000 users each day. He says services like his have broken down barriers to entry for artists.

“It’s now easier than ever for musicians to put out music to their fans without relying on record labels to do so. Within minutes an artist can have their music on some of the biggest platforms out there. We are providing the means for artists to be heard easily, without the need for expensive middle men,” Kapanga says.

For consumers, it is ever easier to access music new and old, in a variety of different ways. Damola Taiwo, co-founder of Nigeria-based music downloads platform MyMusic.com.ng, says download platforms such as his own remain the most popular due to factors such as accessibility and affordability, but sees a future in Spotify-style streaming services in Africa.

“The download services seem to still be the preferred method, where individual tracks are downloaded on devices and permanently owned. This is probably due to the cost and quality of internet access on the continent,” he says.

“However, there are other more structured platforms that also exist where listeners consume music. Some of them are streaming services similar to Spotify and Apple Music while others are download services, or a mixture of both.”

What business model to pursue, and how to monetize, are key challenges faced by local music platforms, and the fact that there are, as yet, no clear answers might account for the wariness of the likes of Spotify and Apple Music to bet big on Africa. Taiwo says another key issue is the lack of major record labels on the continent.

“Most artists will fall under the ‘indie’ bracket, and even the ones that have record labels are more like a one-man business with a maximum of three artists. This makes licencing difficult as there are too many entities to talk to,” he says.

The diversity of what is loosely referred to as the “African consumer”, but is, in fact, a huge mass of people with differing tastes and preferences, also poses a problem for music platforms. Nielsen says there is a rapidly growing middle class that demands the same service that global music services offer, yet they are still very data-cost conscious.

“Plus many of the smart devices have limited storage, so we tailor-make our solution to their needs. In addition to that, we have a mass-market segment on our service with low-end smartphone devices that we see a huge potential in with simpler music offerings,” he says.

Continue Reading

Technology

Out With The Old, In With The Fold

mm

Published

on

Smartphones have been stuck in the same groove for years, until the recent unveiling of folding screens. Are these devices, starting at a nifty $2,000, and that you would likely fold a 100 times a day, durable?


It’s no secret that the mobile phone industry has been stagnant for some time now. Consumers are overwhelmed with similar hardware being released every couple of months, making purchasing decisions more difficult. But why are these faster, thinner and lighter smartphones not cutting it anymore?

Tech giants Apple and Samsung have both felt the pinch from shrinking sales in 2018. In a letter to investors early 2019, Apple CEO Tim Cook warned of weak earnings as a result of too many new products; a strong US dollar; and economic weakness in emerging markets, which resulted in, “fewer iPhone upgrades than it had anticipated”.

READ MORE | How Mobile Solutions Are Paying It Forward

Samsung also couldn’t match the success of the Galaxy S8 with last year’s almost identical-looking S9 that featured new cameras and processors, and was forced to drop the price on its flagship to increase sales.

Mark Joseph, a director who heads up technology strategy at Deloitte, says the smartphone industry is finding it increasingly difficult to differentiate on the hardware layer as it becomes a commodity.

“It is easy to compare it to the PC industry where the consumer sees very little differentiation at all anymore.”

However, the market is expected to take a different turn as Samsung and Huawei have both come out with folding screen devices in 2019, which is arguably the most exciting thing to have occurred in ages.

READ MORE | Is This Technology the Answer to World Hunger?

Samsung introduced the Galaxy Fold earlier this year that appears to be ‘tablet-first’ with smartphone support. The 4.6-inch smartphone still looks like a first-generation product and opens into a 7.3-inch tablet, which supports three-app multi-tasking and app continuity between modes.

Days later at MWC Barcelona, Huawei unveiled its own folding screen device called the Mate X. The 8-inch tablet has no notch, and folds into two screens, a 6.6-inch on the front and a 6.38-inch at the back, primarily aimed at people who want more from their smartphones and to be productive on-the-go.

These innovations have generated a great deal of interest, says Joseph.

Folding screen devices are considered a new type of device, like a tablet vs a laptop rather than just a new version of a smartphone.

“The differences over the past few years have been mainly cosmetic, like the number of cameras, changes to screen size with internal changes like processor speeds, and memory increases. Folding screens are an entirely new range of devices.”

But is the market ready for a new category device, and is there a need for folding screens? Joseph thinks its success falls on how durable and scratch-resistant they are.

“If they break easily, they might be discarded rather quickly or limited to a niche category, e.g. office use only.”

Samsung claims the Galaxy Fold is durable for up to 200,000 folds, which translates to 100 folds every day for five years.

If they are durable – and only time will tell – there is huge potential, he says. “In the corporate market, their multi-tasking abilities could lead to industry specific solutions being launched on their form-factor, in addition to being the primary office tool of choice for executives.”

Joseph says there is a growing corporate market using smartphones for daily tasks previously done on tablets or laptops, like reading and responding to e-mails.

“Folding screen devices will enable an increase in activities moving from tablets/laptops, which will then reduce the number of people who use both laptops and tablets.”

READ MORE | Software Pirates Use Apple Tech To Put Hacked Apps On iPhones

It will also double as a weekend/evening entertainment device of a busy executive who uses it extensively during the work day, he says.

As expected with any brand new technology, it won’t come cheap. The Galaxy Fold has a starting price of $1,980, and the Huawei Mate X will cost $2,600, both of which are expected to go on sale in South Africa, with local pricing to be announced at launch.

So who is expected to purchase these eye-wateringly expensive hybrids?

“Like all the newest devices in each generation, there is status associated with being one of the first owners, so naturally, there will be those who fit into this category,” Joseph says.

“Next, there will be the corporate user who currently uses both a smartphone and tablet.”

There are also those who generally upgrade to the “best” device every two years with their post-paid contract upgrade, he says.

“In addition, there could be a niche in private schools where this is a growing trend where students have smartphones and their schools are now using tablets as part of their curriculum.”

“The area that I’m most excited by is the ability for innovation around industry or corporate specific applications being developed for a purpose using this form-factor,” Joseph says.

“Hopefully, folding screens will make it to a second generation as this will allow for better pricing, better tech and, hopefully, a more robust product.”

Continue Reading

Trending