Wednesday Newsbytes: Malware in Windows Logo, Scrub Your Phone Number, Address from Google, Banks Won’t Reimburse Scammed Zelle Customers, Goodwill Online… and more!
Every day we scan the tech world for interesting news in the world of technology and sometimes from outside the world of technology. Every Wednesday, we feature some news articles that grabbed our attention over the past week. We hope you find this week’s ‘Wednesday Newsbytes’ informative and interesting!
Malware Found Hiding in a Windows Logo
This old Windows logo hides a very dangerous payload waiting to wreak havoc on a network.
A group of hackers has been found using an old Windows logo to help distribute malware to government targets.
As The Register reports(Opens in a new window), the Witchetty espionage group (also known as LookingFrog) uses a range of tools to target governments, diplomatic missions, charities, and industrial/manufacturing organizations. Recently, Symantec’s Threat Hunter Team discovered(Opens in a new window) the group had started employing a new and “rarely seen” steganography technique, which hides malicious code within an image.
The image used by Witchetty is a bitmap of an old Windows logo, and the malicious code it carries is a backdoor Trojan (Backdoor.Stegmap) capable of executing a range of system commands. By disguising the malicious payload as an image, it’s possible to hide it in plain sight on a free and trusted service while avoiding detection as a security threat. In this case, Witchetty hosted the bitmap on GitHub.
The image is apparently downloaded from GitHub after a target has been compromised. Once stored within the network being attacked, the payload can be unpacked (“decrypted with an XOR key”) and used for further system infiltration. A successful attack allows Witchetty to “install web shells on public-facing servers.” After that, they can steal credentials and begin to install other pieces of malware inside an organization’s network…
How to scrub your phone number and address from Google search
Online stalking and harassment are real threats. Companies are slowly catching up, advocates say.
From a simple Google search, strangers can dig up your phone number, physical address or other personal information. You might not want that floating around the internet — or its presence could be putting you in danger.
Now, Google says it’s making it easier to request that information be removed from search results. A new shortcut, which Google teased in May, is rolling out in its app and next to search results in the United States during the next two weeks. Before, you could request the removal of that type of information through this form.
The change comes as concerns intensify about the connection between online privacy and real-life safety. This month, stalker forum Kiwi Farms was taken down after forum members spent years harassing women and those who identify as LGBTQ, frequently posting their physical addresses and phone numbers. Victims of domestic abuse are also at risk when their personal information appears online. Some jurisdictions, including the European Union, have adopted a “right to be forgotten,” which grants people the right to ask for their personal information to be deleted from company databases or the internet, but the United States hasn’t adopted such a law.
In addition to requesting the removal of search results, starting early next year people can sign up for alerts if their personal information appears in new results, Google says…
Read more at The Washington Post.
Banks Refusing To Pay Back Customers Scammed Through Popular Payment App?
Big banks aren’t paying back more than 90% of theft claims made by those who were scammed through Zelle.
As long as we have online banking and peer-to-peer payment apps, it would seem there will be instances of fraud and different scams out there. In the past, one could sometimes trust that if they fell victim to a scam through a bank app the institution would do right by the customer. But with the recent uptick in Zelle scams, that hasn’t been the case and millions of customers are being left holding the bag when it comes to recovering funds lost through Zelle’s service.
According to CNN, following up on reports made by The New York Times, as well as a recent government investigation, it appears that reported scams and theft taking place through the Zelle platform aren’t being reimbursed by the banks who own the operator. In fact, the numbers suggest that these banks, while being aware of the issue, seem to be doing very little to curb customers falling victim to predatory scammers looking to get their funds.
With this reporting, it was determined that banks were not paying 90% of the cases involving Zelle scams and there were more than $400 million dollars lost or stolen by Zelle customers. Where banks take cover here is in the difference between “Authorized” or “Unauthorized” transactions.
If a Zelle customer is providing their information willingly to a scammer and the latter removes funds, the banks will often say that it appears as if it was an Authorized transaction seeing as how the scammer had all of the correct banking information…
Iconic Goodwill gets serious with online for thrifters
Thrifters who flock to Goodwill stores will now be able to do more of their treasure hunting online.
The 120-year-old nonprofit organization on Tuesday launched GoodwillFinds, a newly incorporated shopping venture that is making roughly 100,000 donated items available for purchase online and expanding Goodwill’s internet presence that until now had been limited to auction sites like ShopGoodwill.com or individual stores selling donations online via eBay and Amazon.
GoodwillFinds’ goal is to have 1 million items on its site in a few years, said Matthew Kannes, newly appointed CEO of the online shopping arm, which features search tools that let shoppers browse by category. Eventually GoodwillFinds will be able to be personalized based on a customer’s past purchases.
GoodwillFinds is a separate entity from Goodwill Industries International Inc. but it will support the larger organization by helping fund its community-based programs across the U.S. provide professional training, job placement and youth mentorship. It should also increase donations, while also helping to expand its base of customers.
Unlike rivals like Thredup and Poshmark, customers cannot use GoodwillFinds to make donations and will still have to visit one of the organization’s 3,300 U.S. and Canadian Goodwill stores to drop them off — for now. But Kaness said that as the business expands, Goodwill will eventually offer that service…
A New, Disposable Paper Battery Has Been Developed
The battery is water-activated and could be applied to a broad range of single-use electronic devices.
A proof-of-concept study published in the journal Scientific Reports outlines a water-activated disposable paper battery. According to the scientists, it could be used to power a broad variety of low-power, single-use disposable electronics, such as smart labels for tracking items, environmental sensors, and medical diagnostic devices, thereby minimizing their environmental impact.
The battery was developed by Gustav Nyström and colleagues, and it consists of at least one cell that is one centimeter squared and is made up of three inks that have been printed on a rectangular piece of paper. The paper strip is covered with sodium chloride salt, and one of its shorter ends has been dipped in wax.
One of the flat sides of the paper is printed with ink containing graphite flakes, which serves as the positive end of the battery (cathode). The other side is printed with ink containing zinc powder, which serves as the negative end of the battery (anode).
In addition, on top of the other two inks, an ink containing graphite flakes and carbon black is printed on both sides of the paper. This ink links the battery’s positive and negative ends to two wires positioned at the wax-dipped end of the paper.
The salts in the paper dissolve when a small quantity of water is added, releasing charged ions. These ions spread across the paper to activate the battery, which causes the zinc in the ink at the negative end of the battery to release electrons.
Attaching the wires to an electrical device closes the circuit so that electrons can be transferred from the negative end – via the graphite and carbon black-containing ink, wires, and device – to the positive end (the graphite-containing ink) where they are transferred to oxygen in the surrounding air. These reactions generate an electrical current that can be used to power the device.
To demonstrate the ability of their battery to run low-power electronics, the authors combined two cells into one battery and used it to power an alarm clock with a liquid crystal display…
Thanks for reading this week’s Wednesday Newbytes. We hope you found these articles informative, interesting, fun, and/or helpful. Darcy & TC