By the way, also read our article: Top Facebook Scams 2024: How to Avoid Them.

According to court documents shared by Bleeping Computer journalists, malicious applications, in particular, were available for download from the websites of the companies themselves, as well as through the Google Play Store, APK Pure, APKSFree, iDescargar and Malavida.

After installing applications (including AppUpdater for WhatsPlus 2021 GB Yo FM HeyMods and Theme Store for Zap), they used the built-in malware to collect sensitive user information, including authentication data, and then took over other people’s WhatsApp accounts to send spam.

At the same time, according to the official statistics of the Google Play Store, only the AppUpdater for WhatsPlus application has been installed more than a million times.

A gambling site that spammers advertised on WhatsApp

It is worth noting that last summer, the head of WhatsApp, Will Cathcar, warned users not to download modified versions of WhatsApp, and cited HeyMods and HeyWhatsApp as examples. Cathcart wrote that the company’s security service discovered hidden malware in these applications, and their main goal is to steal users’ personal information.

Interestingly, at the same time that the media learned about this lawsuit, Meta published an official press release in which it also stated that it had discovered more than 400 malicious applications that stole user data. However, here we are talking not only about applications for Android (355 pieces), but also about applications for iOS (47 pieces), and theft of credentials from Facebook accounts was named as their purpose.

By prompting victims to “Log in with Facebook,” the apps ended up stealing user credentials, hijacking other people’s accounts, and being able to “perform activities such as sending messages to friends and gaining access to personal information.”

More than a million users have reportedly been notified of the potential compromise and are now urged to change their passwords and enable two-factor authentication.

The post Meta Finds over 400 Chinese Apps That Stole Data from 1 million Users appeared first on Gridinsoft Blog.

A historic legal event took place when, after accusations of unlawful discrimination put in the design of the targeted advertising system employed by Meta, the company agreed to cease using the tool and pay the penalty of around $115,000.

The source of the news is the June 21 official statement of the U.S. Department of Justice.

The Department of Housing and Urban Development (HUD) has investigated discrimination in Meta ad-serving software. The official charge (of discrimination) issued by HUD on On March 28, 2019 was a nudge to start the disputed lawsuit. The fact is that in order to select the audience for advertisements for the sale and rental of housing, the Meta ad distribution system employs the criteria mentioned in the Civil Rights Act of 1968, namely its eighth and ninth parts, also known as Fair Housing Act. This law states that the sale or rental of housing must not involve discrimination on the part of the property owner, and this applies to both the transactions themselves and the advertising that precedes them. Advertising must not discriminate against the audience based on race, sex, gender, religion, sexual orientation, etc. The prosecution argues that this is exactly what happens when the ad targeting system, based on the data mentioned, does not allow part of the audience to see some ads at all. At the same time, people are not even aware of such filtering.

Significantly, this is the first time the law has been applied to digital advertising and digital targeting mechanisms. The U.S. Department of Justice noted that the Meta agreed to develop a new tool under the supervision of the DoJ. The new product must exclude discrimination and be built on other filtering criteria. The U.S. Attorney for the Southern District of New York, Damian Williams, said that if Meta continues to use discriminatory technologies, the civil rights lawsuit will not be dismissed and litigation will continue.

For the time being, Meta has a settlement of the lawsuit and seven months (until December 31) to come up with the revised ad-targeting tool. Otherwise, the corporation would have to stand before a federal court.

The post Meta to Give up its Discriminating Ad-Targeting System appeared first on Gridinsoft Blog.

READ ALSO: Spyware vs. Infostealer – what’s the difference?

The information provided within the current article, including the images, is courtesy of Brad Duncan, an independent cybersecurity analyst, the man behind the malware-traffic-analysis.net blog.

Spam Campaign details

The Meta infostealer malware gets into the victim’s computer. It begins with an email with an attachment. Already a stay-away thing for the experienced ones, but someone might still buy into that. The bait is classic: you have received payment, and there is a little paperwork to be done before getting your money.

After the user downloads the attachment (an excel table within the current campaign,) the file will, just as expected, request allowance to execute macros. The sheets file features a DocuSign image to be more persuasive, although it is unnecessary since it is already downloaded. If the victim consents, enabled scripts (VBS) start downloading stuff from several sources.

The downloaded payload gets encoded with base64 (schemes presenting binary data as text) or undergoes byte reversal. Both methods increase the malware’s chances of passing undetected by antivirus programs. The fetched content constitutes *.dll and *.exe files.

The hacker’s plan succeeds as a malicious executable gets assembled on the victim’s computer, and it starts sending data to the server with 193[.]106[.]191[.]162 address. The file name is ‘qwveqwveqw,’ and it even gets itself a system registry entry. Meta steals passwords for cryptocurrency wallets and web browsers, namely Chrome, Firefox, and Edge. By the way, Meta alters PowerShell and Windows Security settings, excluding *.exe files from antivirus examination.

Brief information on Meta malware

The hacker community quickly reacted to the suspension of Raccoon Stealer malware. Its operators stopped selling and supporting the tool as one of the developers became a victim of the war in Ukraine. Meta, advertised as the successor of RedLine, is one of several stealers that arrived to occupy the vacant niche. Its monthly price on the 2Easy botnet marketplace is $125 and a lifetime subscription costs $1000. For a more thorough analysis of the Meta malware, consider reading the original report by Brad Duncan on the Internet Storm Center security forum.

RELATED: Why is the 2easy trading platform gaining popularity?

The post Meta Infostealer Malware Spread via Spam appeared first on Gridinsoft Blog.

When hiring employees, HR departments are increasingly turning to artificial intelligence (AI) technologies for help. With their help, CVs are analyzed, video interviews are conducted and the mental state of applicants is assessed.

Major American corporations have decided to join forces to prevent these technologies from producing biased results that could perpetuate or even exacerbate discrimination.

According to The New York Times, last week they launched the Data & Trust Alliance, which includes representatives from various industries, in particular CVS Health, Deloitte, General Motors, Humana, IBM, Mastercard, Meta (parent company of Facebook), Nike and Walmart.

The organization does not engage in lobbying or research. With the participation of corporate and third-party experts, the Data & Trust Alliance has developed a system for evaluating software that uses AI. The system consists of 55 questions covering 13 topics, and its purpose is to combat algorithmic bias.

Today’s AI software is data driven, so it matters which data is used and how it is used. If the data for training the algorithms are mostly white males, then the results produced by these algorithms are likely to discriminate against blacks and females. If, for example, the data for predicting success in a company refers to employees who have performed well in the past, the results produced by the algorithm may reinforce pre-existing bias.

Seemingly neutral datasets, when used with others, can lead to results that discriminate against applicants based on race, gender, or age.

Internal research of Data & Trust Alliance companies has shown that their HR departments use AI-based software, often sourced from third-party vendors. Enterprise users generally don’t know what data the vendor used to train the AI models, and how those models work.

To develop the solution, the alliance recruited its employees from HR, data analysis, legal and procurement departments, as well as software vendors and external experts. This collaboration resulted in a bias detection, measurement and mitigation system for learning data processing practices and developing HR software.

Let me remind you that I also wrote that Scientist discovered a vulnerability in the universal Turing machine.

The post Major corporations teamed up to fight AI bias appeared first on Gridinsoft Blog.