Malware Hidden Inside Games Found In Microsoft Store

Security experts tell people all the time to never to download apps from anywhere other than official sources like the Microsoft Store, the Google Play Store, and the Apple App Store.

It’s good advice but unfortunately, even those sources aren’t perfect when it comes to keeping malicious apps that have been poisoned with malware off of their virtual shelves.

Recently, the cyber-intelligence firm named Check Point discovered poisoned clones of a number of popular games like Temple Run and Subway Surfer.  These poisoned clones have been responsible for compromising more than five thousand machines located primarily in Sweden, Israel, Spain, and Bermuda.

The code lurking in these poisoned copies of popular games is called Electron Bot and it is fairly mild in terms of what it does. It seeks to earn profits by taking control of machines and commandeering their social media accounts including Facebook, Google, YouTube and Sound Cloud.

If the owner of the infected system happens not to have accounts on any of those services, that’s fine too.  Electron Bot is more than capable of setting up brand new accounts and then commenting and “liking” content on those platforms which is engaging in click fraud.

This Electron Bot is not new.  It was first spotted in the wild in the waning days of 2018 masquerading as an app called “Album by Google Photos” on the Google Play store.

Since then, the malicious code has undergone several revisions and each time the authors have further refined the code and added new capabilities to it.

According to the Check Point researchers, the main goals of the group behind the malware seem to be:

  • SEO poisoning – Create malware-dropping sites that rank high on Google Search results.
  • Ad clicking – Connect to remote sites in the background and click on non-viewable advertisements.
  • Social media account promotion – Direct traffic to specific content on social media platforms.
  • Online product promotion – Increase store rating by clicking on its advertisements.

As malware goes that’s hardly the worst thing but it’s still not something you want on your system. So be warned and be aware.

New PCIe 6 Standard Brings Speeds Two Times Faster

For those that aren’t aware, PCI SIG is short for the PCI Special Interests Group.

They have just announced the release of the latest PCI Express (PCIe) specification which is called PCIe 6.0. It has the entire industry abuzz. Standards aren’t usually all that exciting but, in this case, it’s a very big deal.

That’s because it is the specification that matters in terms of connecting your computer’s CPU to graphics cards, SSDs, your Wi-Fi, and the like.

The old 5.0 standard offered transfer rates of up to 64 Giga Transfers per second (64 GT/s).  The new standard literally doubles this to a whopping 128 Gigabytes per second in a single direction on 16 lanes (or 8 GB/s per lane). That makes it the largest rate of increase in the entire 19-year history of the standard.

Even better is that the new standard is designed to be backwards compatible so older devices will continue to retain their value.

It’s important to note that as good and exciting as the new standard is, it’s probably too soon to hold off making a strategic purchase to take advantage of it.  New products that take advantage of the 6.0 standard won’t hit the market for a few years. So if you need something now, get it.  Just know that the day is coming when we’ll all be able to enjoy equipment with significantly improved transfer speeds.

If the past is any guide the first products to be released taking advantage of the new standards were equipment used by server farms and big, industrial concerns. These include research labs that are investing heavily in AI and with consumer products appearing sometime after that.

Even though we won’t be getting any instant gratification from the new standard it’s still fantastic news and points to great things on the horizon.

Popular HP Gaming Laptops And Desktops Have Security Vulnerability

Do you own an HP Omen, Envy, or Pavilion gaming laptop or desktop? You’re certainly not alone if you do. It’s a wildly popular and incredibly versatile model that has sold millions of units worldwide. Unfortunately there’s a problem. A serious security flaw in a driver used by the Omen gaming software. It comes pre-loaded on all HP Omen laptops and desktops and can be abused by hackers to take control of a target system.

This flaw is being tracked as CVE-2021-3437. It was caused by HP’s decision to use vulnerable code that was copied in part from an open source driver.

The Omen gaming hub can be used by any PC to boost one’s gaming experience via overclocking and creating highly optimized gaming profiles that adjust system settings depending on what game you’re playing.

The software can be downloaded on any PC but as mentioned it comes pre-installed on several of HP’s most popular models. In light of the above the flaw in the HP Gaming Hub software can potentially put millions of users at risk.

If there’s a silver lining it lies in the fact that HP acted quickly and has already patched the issue. In fact a fix has been available since July of this year (2021). If you use the Gaming Hub application be sure to check the version you’ve got installed.

If you’re using HP Omen Gaming Hub or earlier you’ll want to update right away. If you’re using HP Omen Gaming Hub SDK package prior to 1.0.44 you’ll likewise want to grab the latest version.

So far, there have been no reports of this bug being exploited in the wild. It’s still a potentially serious issue though. So if you are currently using a vulnerable version of the software upgrade right away just to be safe.

Popular Gaming Company Has An Installation Software Server Vulnerability

You may not be familiar with the name “SteelSeries” unless you’re a gamer.

The company makes an exceptional line of gaming gear including keyboards, mice, and gaming headsets.

If you buy one of their devices you will undoubtedly use the company’s app to install and configure your new gear.

Unfortunately, the app has a bug that can be exploited by hackers to take full control of your system. You don’t even need to actually own a SteelSeries device although it is unlikely that you’d install the app if you didn’t have one.

The bug was discovered by a researcher named Lawrence Amer. He began investigating the SteelSeries installation app after hearing about a similar bug that impacted the Razer Synapse software. The theory was that since the two companies made similar products, their installation apps may suffer from similar weaknesses and limitations. That theory proved to be absolutely correct.

A spokesperson for SteelSeries had this to say about this issue:

We are aware of the issue identified and have proactively disabled the launch of the SteelSeries installer that is triggered when a new SteelSeries device is plugged in. This immediately removes the opportunity for an exploit and we are working on a software update that will address the issue permanently and be released soon.”

This is a somewhat exotic attack that won’t impact a huge number of consumers so your risk is relatively low. Low risk is still greater than no risk, however. If you’re a gamer just be aware that these issues exist and keep an eye out for the coming patch. The company hasn’t released an ETA yet so we don’t know for sure when it’s coming but we know that it is.

Kudos to Mr. Amer for his keen eye and to SteelSeries for their prompt attention to the matter.

Upgrades To USB-C Components Will Give It More Power

The USB-C cables on the market today are capable of handling no more than 100 watts of power. Industry engineers have been hard at work trying to find ways to improve that. Later this year, we should begin to see new USB-C cables that are capable of supporting up to 240 watts.

At first glance, it may not seem all that significant, but today’s computers and smart devices are increasingly power hungry. Large, robust laptops used for gaming and 4k monitors simply require more throughput to fully utilize all of their capabilities, and today’s cables leave certain segments of the market wanting.

The 240-watt cable variant will be called EPR, or Extended Power Range. Although the design has not been finalized, EPR cables will have some sort of graphical representation on the product packaging to alert potential buyers that these cables do indeed support the higher throughput levels.

Brad Saunders, the chairman of the USB Promoter Group, had this to say about the coming upgrade:

With the new capabilities of USB Power Delivery 3.1, we now enable higher power products such as larger notebook PCs to shift from traditional power connectors to USB Type-C. We also anticipate a wider range of product application developers outside of the traditional USB ecosystem to now consider standardizing on USB Type-C with USB PD power their power needs.”

Cables of any kind just aren’t very flashy or exciting. As such, they’re not things that most casual users think about. The right cable, however, can make a huge difference in overall performance, so power users will no doubt be rejoicing at news of the coming upgrade.

According to the USB-IF, we can expect to start seeing the new cables on store shelves sometime in the second half of this year (2021). Great news indeed.

1 2 3 5