A Russian cyber researcher named Leonid Evdokimov discovered 30 SORM (System for Operative Investigative Activities) devices used by the Russian government to intercept internet traffic were unsecured and leaking any collected information. Worse still, these devices were placed at various ISP’s servers and thus were collecting large amounts of data as they sifted through any traffic passing through the ISP. SORMs collect IP addresses, email addresses, other pieces of device information such as MAC address, and specific information that an organization has tasked the SORM with finding. The leaking SORMs contained information found from previous intelligence operations that was also left stored with the SORM and otherwise unprotected.
Source SORM equipment leaks surveillance data of Russian internet users
Two apps serving as a front for malware were removed from the Google Play Store after 2 years and 1.5+ million downloads. The apps contained ads that took users directly to infected websites or tried to convince them to download malware. The apps evaded detection by Google by hiding the adds in plain view. The malicious ads were generated to appear outside of the users view with an invisible extension that covered the entire screen and did not visibly react to the user’s touch. When a user interacted with the app, they inadvertently clicked the ad which began running or downloading malware on their device. The apps would continue to run in the background after clicked and display ads over the user’s screen. This would cause constant clicks that the user could not see, each of which generated ad revenue for the apps as well. The only noticeable signs were decreased battery life and slower response times from the phone as it attempted to handle the ads.
Source: Malicious ad clicking apps with 1.5M downloads found on Google Play
Max is a Legal Assistant and author residing in the Philadelphia area He has been writing for AskCyberSecurity.com since early 2017.