eavesdropping Archives

AppWizard

June 4, 2025

Meta Pixel halts Android localhost tracking after disclosure

Security researchers have found that Meta and Yandex used native Android applications to access localhost ports, allowing them to link web browsing data with user identities and bypass privacy protections. Following these findings, Meta stopped its data transmission to localhost and removed much of the tracking code to comply with Google Play policies. A report from researchers at IMDEA Networks, Radboud University, and KU Leuven detailed how apps like Facebook and Instagram collected web cookie data via the loopback interface. This method allowed the companies to associate browsing sessions with user identities, undermining privacy measures. Meta's tracking process involved the Meta Pixel script, which transmitted cookies to native apps through various protocols. Meta began using this technique in September 2024 but ceased these practices by June 3rd, 2025. Yandex's localhost tracking dates back to 2017, and while they did not respond to inquiries, browser vendors have implemented mitigations against these practices. Proposed solutions include a new permission for local network access to prevent such tracking in the future.

AppWizard

April 25, 2025

12 Android apps secretly recorded your conversations

Recent findings from cybersecurity experts at ESET revealed that several Android applications, disguised as harmless tools, have been secretly recording conversations and stealing sensitive data. These malicious apps infiltrated devices through the Google Play Store and third-party platforms, compromising the privacy of thousands of users. One tactic used by cybercriminals involved romantic deception, where victims were coaxed into downloading a seemingly harmless messaging app containing the VajraSpy Trojan, which activated upon installation to record conversations and harvest personal data. The identified malicious apps fall into three categories: 1. Standard Messaging Apps with Hidden Trojans: These apps, including Hello Chat, MeetMe, and Chit Chat, request access to personal data and operate silently in the background, stealing contacts, SMS messages, call logs, device location, and installed app lists. 2. Apps Exploiting Accessibility Features: Apps like Wave Chat exploit Android’s accessibility features to intercept communications from secure platforms, record phone calls, keystrokes, and ambient sounds. 3. Single Non-Messaging App: Nidus, a news app, requests a phone number for sign-in and collects contacts and files, increasing the risk of data theft. The 12 malicious Android apps identified include: Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat. The first six apps were available on the Google Play Store and had over 1,400 downloads before removal. Users are advised to uninstall these apps immediately to protect their personal data.

AppWizard

December 24, 2024

I played at least one retro game every week in 2024: Here are 10 I’d still recommend to everyone

The text discusses the appeal of classic video games and their modern counterparts, highlighting several notable titles. - Dig Dug (1982) is an arcade classic known for its simple yet challenging gameplay, where players clear dirt and drop rocks on monsters. - Mr. Driller DrillLand (2002) is a modern twist on the Dig Dug experience, featuring puzzle-solving and whimsical aesthetics, originally a GameCube exclusive now available on Steam. - Thief (1998) offers a first-person stealth experience in a detailed steampunk universe, focusing on exploration and heists. - Wing Commander (1990) combines space combat with a narrative that evolves based on player choices. - Strahd’s Possession is an RPG inspired by Dungeons & Dragons, featuring an innovative automap system for exploration in a gothic fantasy setting. - Baldur's Gate: Dark Alliance 2 (2004) provides engaging character development and loot collection, compatible with modern platforms. - The Castlevania Dominus Collection includes classic titles like Haunted Castle (1987) and Dawn of Sorrow (2005), showcasing the potential for redemption through redesign. - Alone in the Dark (1992) is recognized as a pioneer of the survival horror genre, known for its puzzle design and atmospheric tension. - Skald: Against the Black Priory (2024) captures retro aesthetics with modern gameplay mechanics, reminiscent of classic Commodore 64 adventures. - Devil Blade Reboot (2024) channels '90s arcade shooters with vibrant pixel art and fast-paced action.

AppWizard

December 5, 2024

Warning: These 12 Android Apps Could Be Listening to Your Conversations

Smartphones have become essential tools for communication and financial management, but they also expose users to privacy risks. Cybersecurity investigations have found that certain Android applications may secretly record conversations and steal personal information. A report by cybersecurity firm ESET identified malicious apps distributed via Google Play and third-party channels that masquerade as legitimate tools. One tactic used by hackers involves initiating romantic dialogues on platforms like Facebook Messenger or WhatsApp to gain victims' trust before persuading them to install infected apps, such as those containing the VajraSpy Trojan. Malicious applications fall into three groups: 1. Standard Messaging Apps with Hidden Trojans: Apps like Hello Chat, MeetMe, and Chit Chat request access to contacts and phone numbers while secretly gathering sensitive data. 2. Apps Exploiting Accessibility Features: Apps like Wave Chat use Android’s accessibility features to intercept communications from secure applications, eavesdropping on conversations and capturing notifications. 3. The Single Non-Messaging App: Nidus, a news application, requests sensitive information despite lacking messaging capabilities. A list of 12 identified malicious apps includes Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat. Six of these were available on the Google Play Store and had over 1,400 downloads before removal. To protect privacy, users should uninstall suspicious apps, change passwords, enable two-factor authentication, run security scans, and exercise caution when downloading apps.

AppWizard

October 23, 2024

Delete These 12 Android Apps That Record Your Conversations – Jason Deegan

Security researchers at ESET have identified twelve malicious Android apps capable of recording audio in the background and other intrusive actions. Six of these apps were distributed through the Google Play Store, while the other six were disseminated through less direct means. One tactic used by hackers involves posing as romantic interests on messaging platforms to persuade targets to download infected apps containing the VajraSpy Trojan. The malicious apps fall into three categories: 1. Infected messaging apps that steal personal information and run a Trojan in the background. 2. Apps that exploit accessibility features to intercept communications on WhatsApp and Signal, with one app, Wave Chat, capable of recording phone calls and ambient sounds. 3. A disguised news app that requests personal information and can intercept contacts and files. The identified malicious apps to uninstall include Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat. The first six were downloaded over 1,400 times from the Google Play Store before being removed.