German authorities have managed to disrupt a major malware operation that affected thousands of Android devices across the country.
The Federal Office of Information Security (BSI) said BADBOX came preloaded on Android devices with older firmware, which were essentially sold as infected.
Some 30,000 devices across the country were compromised, the agency added, with digital picture frames, media players, and streaming devices being the most common endpoints - however, some smartphones and tablet devices were possibly infected as well.
Outdated Android devices"What all of these devices have in common is that they have outdated Android versions and were delivered with pre-installed malware," the BSI said in a press release.
The agency outlined how BADBOX was capable of carrying out a number of malicious activities.
Mostly, it was built to silently create new accounts for email and message services, which were later used to spread fake news, misinformation, and propaganda, but BADBOX was also designed to open websites in the background, which would count as ad views - a practice generally perceived as ad fraud.
Furthemore, the malware was able to act as a residential proxy service, lending the traffic to malicious third parties for different illegal activities. Finally, BADBOX can be used as a loader, as well, dropping additional malware on the devices.
The operation was reportedly first documented by HUMAN’s Satori Threat Intelligence more than a year ago, and that it most likely originates from China. The same threat actors allegedly operate an ad fraud botnet called PEACHPIT, as well, designed to spoof popular Android and iOS apps, and its own traffic from the BADBOX network.
"This complete loop of ad fraud means they were making money from the fake ad impressions on their own fraudulent, spoofed apps," HUMAN said at the time. "Anyone can accidentally buy a BADBOX device online without ever knowing it was fake, plugging it in, and unknowingly opening this backdoor malware."
Via The Hacker News
You might also likeMeta is rounding out the year with a major update to its Ray-Ban smart glasses with two Live features it teased at Meta Connect 2024. It’s also adding Shazam integration to help you find the names of tunes you hear while wearing your specs.
The only downside of the awesome-sounding Live features are that they’re in early access, so expect them to be less reliable than your typical AI tools. They'll also only be available to Early Access Program members in the US and Canada. You can enroll at Meta’s official site.
But if you are in the Early Access Program you can now try Live AI and Live Translation.
Live AI is like a video version of Look and Ask. Instead of taking a quick snap, your glasses will continually record your view so you can converse with it with about what you can see – or other topics. What’s more, while in a Live AI session you won’t need to say “Hey Meta” over and over again.
Meta adds that “Eventually live AI will, at the right moment, give useful suggestions even before you ask.” So be prepared for the AI to butt in with ideas without you prompting it directly.
The babelfish gets closer Shazam is coming to your Ray-Ban specs (Image credit: Shazam)Live Translation is another real-time AI tool. This time it allows the AI to automatically translate between English and either Spanish, French, or Italian.
When you’re speaking to someone who is using one of those three languages you'll hear what they say in English through the glasses’ open-ear speakers, or see it as a transcript on your phone – and they'll be able to hear or read a translation of what you’re saying in their language.
Thankfully, the update isn't all about just early access features.
If you’re out at an end-of-year party and like the sound of a tune you can also ask your glasses “Hey Meta, Shazam this song,” and it will tell you what song is playing via the Shazam music recognition tool.
Unfortunately, while this feature is available more widely it is once again only available in the US and Canada – so folks in the UK and beyond won’t have access to it yet.
You might also likeApple introduced the Mac Studio in 2022 with the M1 chip, followed by the M2 model in 2023, and although these compact powerhouses have been lauded for their performance, buyers have rightly expressed concerns about the limited base SSD configurations and the absence of post-purchase upgrade options.
External USB-C or Thunderbolt SSDs are a common workaround for users seeking additional storage, but they don't match the speed and convenience of internal storage solutions.
Stepping in to address this gap, French company Polysoft has created the first publicly available SSD upgrade solution for Apple Silicon devices. Offered at a fraction of Apple’s prices, these SSD modules are the result of an extensive reverse-engineering process.
Better than AppleUnlike SSDs used in PCs, Apple’s storage modules are challenging to replicate due to their integration with the M1 and M2 chips, where the storage controller resides.
Polysoft’s efforts included detailed disassembly, component analysis, and redesign, culminating in the StudioDrive SSD which is set to launch next year following a successful Kickstarter campaign.
Polysoft claims its SSDs not only replicate Apple’s modules but also improve on them.
A key difference is the inclusion of "RIROP" (Rossmann Is Right Overvoltage Protection), a safeguard inspired by Louis Rossmann’s work on hardware reliability. This feature reportedly protects against voltage surges, reducing the risk of catastrophic data loss due to hardware failure.
The StudioDrive product line supports both M1 and M2 Mac Studio models. It includes blank boards for enthusiasts and pre-configured options in 2TB, 4TB, and 8TB capacities. Polysoft says that the modules use high-quality Kioxia and Hynix TLC NANDs, offering performance and durability comparable to Apple’s original storage solutions. The drives are backed by a five-year warranty and have a lifespan of up to 14,000 TBW.
Pricing starts at €399 ($419) for 2TB, €799 ($839) for 4TB, and €1,099 ($1,155) for 8TB. While these upgrades will no doubt be viewed as an affordable, and welcome solution by many Mac Studio owners, users should be aware that installing third-party storage will void Apple’s warranty.
You might also likeApple has revealed its most download apps, games and Apple Arcade titles in the US across 2024, covering free and paid releases on all the best iPhones and iPads. And while there are plenty of expected names in the top 10 lists, there are also some that might raise a few eyebrows (scroll down for the full lists).
The most controversial pick can be found in the list of the most downloaded free iPhone apps, where the number one app is Chinese shopping site Temu. Despite retailers like this growing in popularity, a survey in summer 2024 found that 94% of respondents did not trust Temu, and the brand has been accused of mishandling customer data in the past. Yet that hasn’t stopped iOS users from sending it rocketing to the top of Apple’s charts.
As for the most downloaded paid iPhone app, that award goes to proxy utility Shadowrocket, which can be used to redirect your device’s traffic and has similarities with some of the best VPN apps. It’s clearly a popular choice, as it also landed the number three spot in the list of top paid iPad apps.
Speaking of iPad apps, the list of top ten free iPad apps is chock-full of well-known names, including YouTube, Netflix, Max, Disney Plus, Google Chrome and TikTok. Many of these same names appear in the list of most downloaded free iPhone apps, although the likes of Threads, ChatGPT, Instagram and WhatsApp have displaced several of the iPad picks.
Familiar names and games (Image credit: Brett Jordan / Pexels)The games charts also contain some interesting tidbits. The Tetris-like game Block Blast takes the number one spot on the list of free iPhone games, followed by Monopoly Go, Roblox, Call of Duty Warzone Mobile, Township, and more. Perhaps unsurprisingly, the top paid iPhone game is Minecraft, with Heads Up and Geometry Dash following behind.
Minecraft and Geometry Dash take the top two spots for paid iPad games, with Five Nights at Freddy’s and Stardew Valley taking spots three and four. Roblox, meanwhile, is the most downloaded free iPad game.
Finally, Apple included download figures for its Apple Arcade subscription service, where games can be made to work across iPhone, iPad and the Mac. Here, NBA 2K24 Arcade Edition was the most popular Apple Arcade game, followed by Snake.io+ and Hello Kitty Island Adventure.
While most of the lists are dominated by established names, they show that a few viral hits have been able to penetrate the top ten, as well as long-lived titles like Heads Up. If you’ve been looking for a new app or game for your Apple device, it might be worth browsing the lists to see what catches your eye. Here are those lists of most popular iPhone and iPad apps of 2024 in full.
The top free iPhone Apps of 2024
The top paid iPhone apps of 2024
The top free iPhone games of 2024
The top paid iPhone games of 2024
The top free iPad apps of 2024
The top paid iPad apps of 2024
The top free iPad games
The top paid iPad games of 2024
The Federal Trade Commission (FTC) is warning jobseekers to be wary of an emerging ‘task scam’, which essentially tricks victims into completing repetitive ‘work’ tasks, under the pretense of earning money - but first asking for a ‘deposit’ to secure the assignments.
This type of scam was virtually non-existent just three years ago, but reports of financial loss have shot up in 2024, with the FTC receiving over 20,000 complaints in the first 6 months alone, compared to under 500 in all of 2021.
This translates to a $220 million loss for victims of job related scams in the first half of 2024, with nearly 40% of those being ‘task scams’, according to the agency. Since cryptocurrency is the primary form of payment for these schemes, they have driven the crypto losses - with $41 million lost in employment scams in the same period - double that of 2023 in its entirety.
Don’t pay to get paidThe offer of easy money is always enticing, and fraudsters will often impersonate trusted companies like Amazon or Deloitte, with victims given a set of tasks to complete before moving to the next level.
Interestingly, the FTC has warned this approach has ‘gamified’ the scams, creating an effect similar to gambling, where the victim is sucked in, sometimes with small payouts to build trust, before being goaded into making larger deposits to access bigger tasks - but the deposits are never returned to the victim.
Joobseekers have unfortunately proved frequent targets for scammers, especially for those looking for a remote position - with a request for upfront payment is a common job related scam, making up 25% of cases.
More tactics used by fraudsters are phishing attempts (19%), and requests for confidential data (17%) that can then either be used to commit identity theft, or sold on to malicious actors.
You might also likeA huge database containing millions of sensitive records has been discovered unprotected online available to anyone who knew where to look.
The cache was recently discovered by security researcher Jeremiah Fowler, known for uncovering misconfigured databases, or non-password-protected archives.
This time around, Fowler said he found a database containing more than 4.8 million documents, and weighing roughly 2.2 terabytes. Investigating the files found in the archive, the researchers said he found eye exams in .PDF format, together with patient Personally Identifiable Information (PII), doctor’s comments, and images of the exam results.
Reacting to the findings“The database also contained .csv and.xls spreadsheets that listed patients and included their home addresses, Personal Health Numbers (PHN), and details regarding their health,” Fowler told vpnMentor.
Personal Health Numbers are unique identifiers, assigned to individuals, by provincial or territorial healthcare systems in Canada to manage access to publicly funded healthcare services. They are used to track medical records, process insurance claims, and verify eligibility for healthcare services.
Cybercriminals could abuse PHNs by using them for identity theft, such as obtaining unauthorized medical services, filing fraudulent insurance claims, or purchasing prescription drugs illegally. They could also sell these numbers on the dark web for profit or exploit the associated data to craft targeted phishing or social engineering attacks.
Drilling deeper, Fowler found that the database belonged to Care1, a Canadian company offering AI software solutions to support optometrists in delivering enhanced patient care. The company says its software helped manage more than 150,000 patient visits, and is used by more than 170 optometrists.
After realizing who the owner was, Fowler reached out to the company, who locked the database down soon after. However, without detailed forensics, it’s impossible to know if malicious actors found the archive at any time in the past.
You might also likeAdobe and Box have announced a new partnership aimed at making content creation easier than ever for business users.
The agreement will see Adobe Express become the default image editor in Box’s online content creation service, giving users access to a far more powerful and wide-ranging platform.
The move will also bring editing images, crafting presentations, and managing digital assets directly into Box, meaning users will no longer need to switch between multiple applications to carry out tasks such as cropping and resizing images, adding filters, and removing distracting objects and backgrounds.
Box and Adobe Express partnership“Today, every enterprise is feeling the pressure to create more content to engage audiences across a growing number of internal and external channels,” said Govind Balakrishnan, SVP of Adobe Express & Creative Cloud Services.
“By integrating Adobe Express directly into Box, we’re helping enterprises close that gap, meeting millions of business users where they work with intuitive, world-class creative tools and AI they can trust.”
Adobe Express will also bring the company's Firefly generative AI tool, meaning teams can create AI-powered content within the Box platform.
The two firms say by reducing the time it takes to create, review, and approve content, businesses can maintain a competitive edge. For example, marketing teams can quickly edit visuals for their campaigns and tailor social media content for different markets, while HR departments can build training materials and update internal communications, and sales teams can develop presentations personalized to their audience.
The news is the latest step in the partnership between Adobe and Box, with Adobe Document Cloud, Adobe Experience Cloud, and Adobe Creative Cloud already integrated into the platform.
“As enterprises increase the amount of content they’re creating, Box is leveraging AI in our secure ecosystem to fuel collaboration, reduce content sprawl and manage risk,” said Aaron Levie, CEO of Box.
“We’re excited to partner with Adobe Express to enhance what we can offer with the world’s best creative tools and AI that’s commercially safe. As a result, every Box customer and user will have the ability to easily create, collaborate on and securely manage digital media in a single, secure Intelligent Content Management platform.”
You might also likeChristmas just came early for fans of The White Lotus, because HBO Max has dropped the season 3 trailer and confirmed that The White Lotus season 3 will be available to stream from February 16, 2025 – we'd guessed January or February so we're feeling pretty smug right now.
In a big surprise, it looks like the luxury hotel brand will once again be plagued by murder. We know. We can't believe it either. And according to showrunner Like White, season 3 is going to be "longer, bigger, crazier".
We don't yet know who the victim is or how they met their end. But the trailer does feature a body in a bag, so it's pretty clear that things are going to end badly for at least one visitor.
What we know so far about The White Lotus Season 3We already knew a few things thanks to the short teaser trailer that Max posted back in August with the caption "new luxuries await you in Thailand". That trailer also gave us glimpses of the new cast, including Jason Isaacs, Parker Posey, and Patrick Schwarzenegger. That teaser ended with Posey by the pool alongside Leslie Bibb and Michelle Monaghan before the tagline "what happens in Thailand stays in Thailand" appeared.
One thing the new trailer has revealed is how Natasha Rothwell's character Belinda ended up there: she's doing a transfer between hotels so she can get a change of scene. And the new guests all seem pretty horrible, with Walton Goggins a particular standout. It's nice to see him with a nose again after watching him in Fallout.
Here's the confirmed cast for season 3 of one of the best Max shows so far:
Seasons 1 and 2 of The White Lotus are streaming now on Max.
You might also likeA new survey from the company Sellcell has found that most iPhone and Samsung users don't actually think AI improves their daily lives.
The survey asked iPhone users with Apple Intelligence and Samsung users with access to Galaxy AI, whether or not the AI features on their smartphones were actually useful, and most don't seem to think so. According to Sellcell, 73% of iPhone users and 87% of Samsung users say AI features add little to no value, showcasing that AI is yet to show its raison d'être on the best smartphones.
The survey also found that 1 in 6 iPhone users would make the jump to Android for AI features if there was an enticing enough AI-fuelled feature worth making the move for. Interestingly, nearly 50% of iPhone users said AI was a major factor when deciding on their next smartphone purchase, that number was 23.7% for Samsung users.
The survey in itself doesn't highlight any surprising results, after all, we're still at the very beginning of AI development in consumer products, with Apple only launching Apple Intelligence in September and features still rolling out. According to the 1000+ iPhone users asked, Writing Tools was deemed the most popular AI feature interesting 72% of all those who responded. ‘Notification summaries’ (54%), ‘Priority Messages’ (44.5%), ‘Clean Up in Photos’ (29.1%), and ‘Smart Reply in Mail and Messages’ (20.9%) rounded out the list. This survey would've been conducted before the launch of iOS 18.2 and the arrival of Genmoji, ChatGPT integration in Siri, and Image Playground which all launched last week.
On the Samsung side, users found ‘Circle to Search’ (82.1%), ‘Photo Assist’ (55.5%), ‘Chat Assist’ (28.8%), ‘Note Assist’ (17.4%), and ‘Browsing Assist’ (11.6%) as the most interesting AI features.
Is AI just a gimmick? (Image credit: Future / Apple)Surveys like this one from Sellcell shine a light on the larger public perception of AI tools in smartphones, that said it's still early days and the best is yet to come. As an iPhone user myself, I'm slowly noticing Apple Intelligence features creep into my workflow more and more, and I expect that's the same for users on Samsung and other Android devices with Galaxy AI and Gemini.
AI features on smartphones need a few more years to fully cement themselves into mobile operating systems for us to see if they are indeed a total gimmick or tools that can infinitely improve our lives.
I for one, remain hopeful, especially because Genmoji in itself has made my day-to-day much better. Who doesn't want to generate a frog emoji for every conversation topic they have during the day? My life now has more frogs in it, and for that, I need to thank AI.
You might also like...When you're a hammer, everything looks like a nail; when you're a drone spotter, everything looks like a drone.
As someone who's flown more than a few drones in his lifetime and sometimes carries a foldable one in his pocket during weekend hikes so he can randomly pull it out and fly it over hills, lakes, homes, and trees, I'm a bit of a drone watcher; not to be confused with a bird watcher (I'm that, too), who keeps his eyes and ears open for the aviary kind. Come to think of it, drone spotting is a bit like that, too. Usually, I hear the high-pitched buzz, and then I cast about, scanning the skies for the tell-tale movement (hover, sprint, hover, zig-zag) and spinning rotors of a consumer-grade drone.
Like a birder, I'll call out, "Oh, look, someone's flying a drone over us." Over the years, I have seen consumer class (usually under 250 grams) drones fly over my home. I typically try to identify which DJI drone it is; maybe a DJI Mini, perhaps a Mavic or DJI Mavic Pro. Usually, it's not one of the larger Phantom Pro drones since most people are neither qualified nor allowed by the FAA to fly them over residential areas.
What's up with that?Naturally, I've been intrigued by the explosion of east coast US drone sightings in recent weeks. In the videos (mostly unverified) I've seen on TikTok, they tend to be much larger than anything I've flown. In fact, they appear to be huge (think five or six feet across) enterprise-grade drones used by businesses for surveillance, package delivery, and feature film operations.
Where I live – in New York – and surrounding cities along the east coast of the US, drone spotting is now something of an obsession, though I haven't quite caught the bug.
During a recent crystal clear night that featured a brilliantly bright full Moon and Jupiter nearby, my offspring and I dragged our Celestron telescope outside to star gaze. As we stood shivering in the night, trying to get Jupiter's moons lined up in our scope, I started pointing out a few low-orbit satellites silently dashing by: They're usually easily identified by their speed, straight-as-an-arrow trajectory and lights that blink at regular intervals. It never occurred to me to suspect them of being drones. Perhaps I know better, or maybe, unlike others, I'm not looking for drones in the night sky.
Look, I'm not saying there aren't drones flying over the East Coast of the US. They may be, but I don't think it's an invasion. Here are some ideas about what's going on:
Now, I tend to agree that the government (local and federal) has moved too slowly to address the "drone invasion" (they've finally agreed to send in special drone-detecting technology), but I also think the FAA has been too lax about drone registration and tracking. Essentially, anything that takes off in public airspace should instantly become a tracked dot on local flight tracking systems. FWIW, if you ever found my lost drone, you'd open up the battery compartment to find my drone pilot registration number.
All this aside, I'm almost certain that the majority of drones people think they're seeing are not. They're still planes, helicopters, and satellites. However, until the US government responds effectively to consumer concerns, the drone hysteria will grow, people will start shooting at these drones, and then someone will probably really get hurt.
Don't be a hammer looking for a nail.
You might also like