Exclusive: Massive spying on users of Google’s Chrome shows new security weakness (Reuters)

Reuters: Exclusive: Massive spying on users of Google’s Chrome shows new security weakness. “A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry’s failure to protect browsers as they are used more for email, payroll and other sensitive functions.”

The Register: Multi-part Android spyware lurked on Google Play Store for 4 years, posing as a bunch of legit-looking apps

The Register: Multi-part Android spyware lurked on Google Play Store for 4 years, posing as a bunch of legit-looking apps . “A newly uncovered strain of Android spyware lurked on the Google Play Store disguised as cryptocurrency wallet Coinbase, among other things, for up to four years, according to a new report by Bitdefender.”

CNET: Popular messaging app ToTok reportedly an Emirati spy tool

CNET: Popular messaging app ToTok reportedly an Emirati spy tool. “A popular messaging app billed as a secure way to chat with friends and family is actually a spying tool used by the United Arab Emirates to track the activities of those who download it, The New York Times reported Sunday. The app, which debuted only a few months ago, has been downloaded millions of times around the world.” Please note that ToTok is not TikTok.

Ars Technica: Activists’ phones targeted by one of the world’s most advanced spyware apps

Ars Technica: Activists’ phones targeted by one of the world’s most advanced spyware apps. “Mobile phones of two prominent human rights activists were repeatedly targeted with Pegasus, the highly advanced spyware made by Israel-based NSO, researchers from Amnesty International reported this week.”

Motherboard: This Spyware Data Leak Is So Bad We Can’t Even Tell You About It

Motherboard: This Spyware Data Leak Is So Bad We Can’t Even Tell You About It. “A consumer spyware vendor left a lot of incredibly sensitive and private data, including intimate pictures and private call recordings, for all to see on a server freely accessible over the internet. And it still hasn’t taken the data down.”

ZDNet: Spyware firm SpyFone leaves customer data, recordings exposed online

ZDNet: Spyware firm SpyFone leaves customer data, recordings exposed online. “No matter the user, you would think that the companies responsible for developing spyware would do their utmost to protect the information collected on behalf of their customers. However, it appears that an oversight by spyware developer SpyFone has led to the online leak of terabytes of data belonging not just to customers but also their targets.”

TechCrunch: Google follows in Apple’s footsteps by cleaning up its Play Store

TechCrunch: Google follows in Apple’s footsteps by cleaning up its Play Store . “Google is cracking down on the apps published to the Play Store. An updated version of the company’s Developer Policy, released this week, indicates the company will now ban a wider variety of apps including cryptocurrency miners, those selling firearms and accessories, those that aim to trick children into downloading adult-themed apps, and apps built using automated tools or wizard services, or based on templates.”

AdGuard: “Big Star Labs” spyware campaign affects over 11,000,000 people

AdGuard: “Big Star Labs” spyware campaign affects over 11,000,000 people. “In the previous article about the Unimania spyware campaign I promised to tell you more about the privacy issues discovered during our automated scan of many Google Chrome extensions. This took me a while, and I apologize for the delay. The reason for the delay is that the investigation did not end with merely looking into a few Chrome extensions. In fact, the spyware campaign appears to be even bigger than what I anticipated.”

PC World: There’s now a tool to test for NSA spyware

PC World: There’s now a tool to test for NSA spyware. “Luke Jennings of security firm Countercept wrote a script in response to last week’s high-profile leak of cyberweapons that some researchers believe are from the U.S. National Security Agency. It’s designed to detect an implant called Doublepulsar, which is delivered by many of the Windows-based exploits found in the leak and can be used to load other malware.”