Cybercriminals were, once again, spotted impersonating legitimate businesses, as they try to steal valuables from software developers. This time around, researchers from Checkmarx saw fake Roblox npm packages, whose true purpose is to deploy a remote access trojan (RAT) called Quasar.
Roblox is an online platform where users can create and play games made by other users, using a game creation system called Roblox Studio. It features a virtual currency called Robux for in-game purchases and has over 214 million monthly active users.
In this campaign, crooks were using typosquatting (giving malware a name similar to a legitimate file that developers could download and run by mistake), and deployed multiple packages to the npm repository, in hopes that someone will pick it up.
Quasar Remote Access TrojanIt’s an old strategy that worked well in the past, and seems to have worked well in this instance, too. According to the researchers, the four malicious packages that were identified, have had almost 200 downloads, combined, before being spotted and removed.
The noblox.js-async package had 74 downloads, noblox.js-thread 117 downloads, noblox.js-threads 64 downloads, and noblox.js-api 64 downloads.
“By mimicking the popular 'noblox.js' library, attackers have published dozens of packages designed to steal sensitive data and compromise systems," Checkmarx researchers said in a report.
"The attackers of this campaign have employed techniques including brandjacking, combosquatting, and starjacking to create a convincing illusion of legitimacy for their malicious packages."
To further improve the perceived legitimacy of these packages, the crooks also listed the source repository as noblox.js.
Developers that don’t spot the ruse and download these packs will receive the Quasar Remote Access Trojan, which is hosted on a GitHub repository. At the same time, they will lose their Discord tokens, and have their Microsoft Defender Antivirus updated to not spot the malware.
"Central to the malware's effectiveness is its approach to persistence, leveraging the Windows Settings app to ensure sustained access," the researchers added. "As a result, whenever a user attempts to open the Windows Settings app, the system inadvertently executes the malware instead."
Via The Hacker News
More from TechRadar ProNebula is Anker's smart entertainment brand, and it's just unveiled two brand-new and very different projectors: one portable that's barely bigger than a soda can, and a 4K laser model capable of 200-inch displays. Both projectors run Google TV with built-in Netflix and the usual range of apps.
The bigger of the two is the Nebula Cosmos 4K SE. It's 4K with Dolby Vision and Nebula's own NebulaMaster image processing engine, which the brand says delivers improved contrast and color accuracy. It delivers 1,800 ANSI Lumens and can create an image of up to 120 inches in normal lighting conditions and a huge 200 inches in darker conditions. The brightness and color reproduction is achieved via a hybrid lighting system that combines LED and laser light, which Anker says delivers higher brightness and better color.
The audio system here is 2x 15W full-range drivers with Dolby Audio, and the projector has auto setup and a bunch of automatic corrections for screen fitting, obstacle avoidance and wall color adaptation. It looks like an interesting addition to the best 4K projectors, since it's large and quite serious, but still designed to be somewhat portable, with a carry handle on top.
It costs $1,299 and is available to buy now – we're waiting on information about a release in other countries, and will update this article when we can.
Pocket-sized projection powerThe Nebula Capsule Air is soda-can shaped and only slightly taller than one. Despite its tiny size it can deliver up to 150 ANSI Lumens for up to two hours from its built-in battery. Resolution is 720p and it's capable of delivering a 60-inch image in normal lighting and 100 inches in the dark. Its USB-C port supports PD (power delivery) so it can be used with a power bank or wall charger as well as on battery.
For the $399 asking price, that seems like a very tempting option among the best portable speakers – it's less than half the price of the Samsung Freestyle Gen 2 projector, for example, which doesn't have a battery built-in.
There are three new accessories to go with the Capsule Air. The snap-on base is included with the projector and enables you to tilt the projector up to 30 degrees or 90 degrees when wall mounted. One use case is for parents to use it to project cooking videos while they and their kids cook.
That one's exclusive to the Air, but Nebula has also created a gimbal stand ($49.99) for 360-degree angle adjustment, and a tripod with a power bank inside to double the playback time as well as deliver more viewing angles. That one's $129.99. Both accessories are compatible with the whole Capsule range, not just the Capsule Air.
Like the Cosmos 4K SE, the Capsule Air is available to buy now – and Anker is offering a $200 early discount on the Cosmos if you order early. Obviously, we can't tell you how good they are just yet, but we plan to review both as soon as we're able.
You might also likeHuawei's upcoming tri-foldable phone has been spotted several times in the wild, and the company has now announced an unveiling date of Tuesday, September 10, as rumors continue to swirl around this intriguing device.
You can see the event teaser over at GSMArena, and while the phone isn't specifically mentioned, that sure looks like a Z-shape folding handset in the background. New smartwatches and an electric car could also be unveiled.
The event is scheduled to get underway at 2.30pm in China on the afternoon of September 10 – which works out as 11.30pm PT on September 9, and 2.30am ET / 7.30am BST / 4.30pm AEST on September 10.
For those living in California and along the US West Coast, the Huawei tri-foldable is actually going to launch on the same day – just – as the iPhone 16 series, as September 9 is also the date of Apple's 'It's Glowtime' event, which is perhaps a deliberate move on the part of Huawei.
The most expensive panel ever10” before folding…most expensive smartphone panel…September 2, 2024
Even though we've caught a glimpse or two of the phone in public, we don't know too much about it, other than that it'll have two hinges rather than one (which is the standard on handsets such as the Samsung Galaxy Z Fold 6).
Industry analyst Ross Young, who is usually reliable when it comes to predictions, says the phone is going to have a 10-inch main screen, and that it'll be the most expensive smartphone yet – which is unsurprising considering the tech built into it.
It seems that the extra screen space will be used to run "PC-level applications", so we could be looking at a device that blurs the boundaries between phone, tablet, and laptop. High-end internal specs have also been rumored.
How easy it'll be to buy this phone outside of China remains to be seen – Huawei is banned from selling its devices in the US, don't forget – but it's still going to be a notable first for the mobile industry, marking the introduction of a new foldable form factor.
You might also likePhilips will soon roll out four new effects for your Philips Hue smart lights, including space-themed and aquatic options to help you relax at home.
Fabian at Hueblog reports that the new options will be named Cosmos, Enchant, Sunbeam, and Underwater. They will sit alongside the Sparkle, Glisten and Opal effects that arrived earlier this year, the Prism setting that was introduced in 2023, and the Fireplace and Candle effects from 2022.
To use effects with your Philips Hue bulbs, just open a room in the Hue app, select the Play bar, and then choose the Effect button that's displayed beside the color selection buttons. You can also create custom scenes, with multiple bulbs playing the same effect.
Not all Philips Hue lights are compatible with all effects though, so check the documentation to find out which options your bulbs support.
The new lighting effects sound well suited to the Philips Hue Twilight lamp, which is designed for use on your nightstand (Image credit: Philips Hue) Rise and shineAlthough there are no previews of the modes available yet, their names suggest they should work well with the new Twilight sleep and wake-up light, which started arriving on nightstands around the world this summer. We've been testing it ourselves, and will be publishing our review very soon.
The Twilight has two LED sources: the main light, with an adjustable shade that can be tilted left and right, and a rear light that illuminates the wall behind the lamp. This can paint your room with a subtle glow, and would be well suited to a sunbeam effect in the morning, or a shimmering underwater scene.
The downside is the price tag of $279.99 (about £210 / AU$410), but you should be able to use the new effects with other Hue products too, letting you enjoy the feeling of floating in the ocean without splashing quite so much cash. Our guide to the best smart lights includes several more affordable options to consider.
You might also likeRight now, if you have a model in Apple’s entry-level iPad line then you won’t be able to use it with a true Magic Keyboard, with the most recent – the iPad 10.9 (2022) – only supporting a lower-end Magic Keyboard Folio.
While this still has Magic Keyboard in the name, it’s a rather different product, with a different design that makes it more awkward to use on your lap, as you can see in the images below. But now a true Magic Keyboard could be in the works for this line.
This is according to reputable leaker Mark Gurman, who, writing in his Power On newsletter for Bloomberg (via Apple Insider), claimed that Apple suppliers are working on a new Magic Keyboard, and that it's likely to launch by the middle of next year.
This new model is apparently a low-end version of the accessory, which could be designed for either the entry-level iPad or the iPad Air line (or perhaps both). The iPad Air line already has access to a Magic Keyboard, but not to the revamped version that Apple so far exclusively offers for the iPad Pro series.
Image 1 of 2The Magic Keyboard Folio (Image credit: Apple)Image 2 of 2The Magic Keyboard for iPad Pro (Image credit: Apple) Function keys and other changesOf course, no low-end version would match the iPad Pro’s Magic Keyboard with its aluminum palm rest, but according to Gurman this model will have some new features, which he speculates might include a row of function keys. That row of keys is already present on the iPad Pro’s Magic Keyboard, but not on the iPad Air's.
It would also most likely have a similar stand design to true Magic Keyboards, rather than the flimsier design of the Magic Keyboard Folio.
We’d take all of this with a pinch of salt for now of course, but Gurman has a good track record for leaks, so there’s a good chance that this information is accurate. And if so, we’d speculate that there’s a chance this new Magic Keyboard could land alongside the iPad 11 – after all, the current latest model came out in 2022, so a new version is due.
If so, then based on this leak the iPad 11 could arrive by June – but before that that we're expecting to see the iPhone 16 series, among other devices, at Apple's September 9 'It's Glowtime' launch event.
You might also likeWe're expecting both an iPhone 16 series unveiling and a full release of iOS 18 at Apple's September 9 event next week – and it looks like the new iPhone software is set to downgrade the functionality of Live Activities in one important way.
According to 9to5Mac, Apple is restricting the rate at which these widgets can refresh themselves – which is going to cause problems for apps that want to show real-time activity information, such as cycling speed as you've moving.
These Live Activities widgets were introduced with iOS 16 in 2022, and they work like enhanced notifications on the lock screen or in the Dynamic Island: they can keep you up to date with sports scores, for example, or the estimated arrival time of an approaching cab.
In feedback sent to one developer, Apple says Live Activities were "never intended to be used to create real-time experiences", despite a mention of real-time fitness metrics on the official Live Activities guide for iOS developers.
The write ideaSo it is official now. LiveActivities were never designed for real-time experiences :/ https://t.co/Zc1musx6ae pic.twitter.com/IjOq8uV2J7August 28, 2024
Apple goes on to explain that each update from a Live Activities widget requires data to be written to the storage on the iPhone – which, if it's happening constantly, can contribute to wear and tear inside the handset.
What's more, with iOS 18, each of those updates needs to be synced to an Apple Watch, if one is connected. While the downgrade will disappoint some, it should improve battery life and the lifespan of the internal iPhone storage.
It seems that update intervals are now set at 5-15 seconds, though this won't affect anything with a timer (like a notification showing a delivery driver arrival time): in this case starting the timer is just one action, with no refreshes needed in order for the timer to count down.
Apple announced a wealth of new features that will be arriving with iOS 18 at its WWDC 2024 event in June, and next Monday the beta-testing process for the software should be coming to an end – which means it'll then be pushed out to all compatible iPhones.
You might also likeA recent study of 1,200 IT decision-makers (ITDMs) from the UK, US, France, Germany, Australia and Singapore found that many businesses are simply integrating artificial intelligence into their operations due to a fear of missing out (FOMO).
The ABBYY State of Intelligent Automation Report revealed that three in five (58%) UK IT leaders had only invested in AI technologies out of fear that their business would be left behind.
This is despite leaders expressing concern over misuse by their staff (37%), associated cost (37%), data protection (36%), AI hallucinations (35%) and compliance (32%).
Are companies only investing in AI because of FOMO?The study also revealed that the average AI investment across UK organizations stood at nearly three-quarters of a million (£730,000), with virtually all (95%) respondents expressing plans to increase investment over the next 12 months. However, more than one in three (37%) remain worried about the financial implications of deploying artificial intelligence in the workplace.
Compared with the other nations, UK workers were more likely to use AI, with three-quarters (77%) using GenAI compared with two-thirds (65%) globally.
Key areas of focus for future development include the ethical use of AI, responsible AI policies, and understanding AI’s regulations.
However, despite expressed concerns about the evolving technology, trust in AI seems to be rising, with decision-makers displaying the highest confidence in small language models (SLMs) and purpose-built AI (92%).
Maxime Vermeir, ABBYY’s Senior Director of AI Strategy, said that it was “no surprise to [him] that organizations have more trust in small language models due to the tendency of LLMs to hallucinate and provide inaccurate and possibly harmful outcomes. We’re seeing more business leaders moving to SLMs to better address their specific business needs, enabling more trustworthy result.”
ABBYY’s report serves as a stark reminder of the costs of implementing AI technologies, and therefore the importance of establishing proper strategies before investing out of fear.
More from TechRadar ProIf you were hoping for a physical release for the upcoming Nintendo Switch version of Yakuza Kiwami, then we've got some bad news.
As spotted by Nintendo Everything, the official Japanese X / Twitter account of developer Ryu Ga Gotoku Studio posted that the game will be "download distribution only" (translated from Japanese with X / Twitter's in-built translation tool). The developer's English account posted soon after that Yakuza Kiwami will be available "on the Nintendo eShop", without mention of a physical release.
『龍が如く 極』がNintendo Switchにシリーズ初登場!✅発売日:2024年10月25日(金)✅価格:2,980円(税込) ✅ダウンロード配信専用▼公式サイトhttps://t.co/dfSNS8vHHz#龍が如く極 pic.twitter.com/pLV3ZZZfSVAugust 27, 2024
This is definitely a shame for those hoping to add Yakuza Kiwami to their physical Switch collection. But there is some good news in that the highly-praised remake, which is launching on October 25 for Nintendo Switch, will be priced at around $19.99 / £14.99. If you've yet to properly dive into the Yakuza / Like a Dragon franchise, this is an ideal starting point and a very reasonable price to boot.
Yakuza Kiwami is a remake of the original Yakuza title which came out for the PlayStation 2 all the way back in 2005. The game introduced the world to protagonist Kazuma Kiryu - an officer of the Tojo Clan criminal organization - whom in this initial outing takes the fall for his boss's murder. After a decade in jail, Kiryu must acclimate to modern life in the city of Kamurocho and save the clan from a dark fate.
While certainly rough around the edges, the very first Yakuza title introduced the world to its gripping and heavily political storytelling, balanced out with a gut-busting sense of humor and a wide range of incredible and memorable characters that appear in the series to this day. Having no physical release on Nintendo Switch is definitely a bummer, but we highly recommend the game nonetheless. Especially if you can work your way up to modern releases such as the brilliant Like a Dragon: Infinite Wealth.
You might also like...