Hi and welcome to another Security weekly. Where we laugh, we cry and share the latest and greatest in security and tech news.

In this week's edition:
👗 Dress to compress - Android malware runs free
🔬 How visible are you online?
📰 Bits & Bytes
❓ Disable User explains: Digital footprint
🔥 meme of the week

Reading time: 02:39

Dress to compress - Android malware runs free

Worried your smartphone might be at risk? Neither did I, until I read this article.

A recent study by cybersecurity firm Zimperium explains tactics hackers are using.

They're making harmful Android files - called APK’s - hard to investigate.

But that’s nothing new. The new part? They’re bypassing Google Play doing so.

How are they doing this?

• Complex files: Hackers are using APK files that are hard to unravel. Essentially, they're compressed in a way that most analysis tools can't understand.

• Off-the-grid distribution: These harmful apps aren't coming from Google Play Store. They're downloaded from other sources. It also suggests that hackers are using social tricks to get people to download these apps.

• Targeting newer phones: If you have a newer Android phone, you're not safer. These APKs work perfectly on Android 9 and newer versions.

Security researcher Fernando Ortega points out the craftiness in these methods. "They're using an approach that makes the APKs nearly impossible to decode with standard tools," he says. “this reduces the chances of these harmful apps being analyzed and flagged as dangerous.”

The company has also noticed other ways hackers are breaking tools:

• Filenames are absurdly long - this makes it hard or impossible for detection tools to scan.

• They use broken files - this crashes the tool trying to examine the APK’s

This is not an isolated event. Just weeks ago, Google reported that hackers were using a method called 'versioning' to escape the Play Store's security measures.

Uncle Disable User’s advice?

Switch to iPhone (hehe jk, I use Android myself)

• Be vigilant when downloading Android apps. Use the Play Store.

• Your new Android phone isn't as safe as you might think.

• Install antivirus software on your smartphone also.

Just to bring balance to the force, I’ll add extra Apple security news to the Bits & Bytes.

How visible are you online?

Cool tool I found the other day, by OSINT Industries.

OSINT is mainly used in the context of companies. But a lot of people, rightfully, wonder what’s online about them.

You all know haveibeenpwned.com by now, right? This goes one step further.

• Click the link (I figured you guessed that much)

• Make an account (feel kinda double, I know)

• Fill in your email

• Check your digital footprint.

Bits & Bytes

• Attackers demand ransoms for stolen LinkedIn accounts - this sparks the discussion why LinkedIn doesn’t force MFA.

• Macs are getting compromised to act as proxy exit nodes - Somebody found good use for a Mac, kudos.

• Google security check: 60 seconds to kick out snoops and hackers - good, quick tips to do a security check on your Google environment.

• Hotmail email delivery fails after Microsoft misconfigures DNS - pretty sure they’re not going to obtain their SLA’s this year.

• New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode - As promised.

• WinRAR flaw enables remote code execution of arbitrary code - if this could be solved by paying the paid version, would you?

Digital Footprint

The information about a particular person that exists on the internet as a result of their online activity.

I really regret sh#tposting so much on Facebook when I was younger..

Meme of the week