Cooktek, the developer behind the popular Android keyboard TouchPal, snuck adware into 238 apps. It took steps to obfuscate the adware, and when activated the ads appeared everywhere on your phone. For some people, it made their phone unusable.
流行的Android键盘TouchPal背后的开发商Cooktek将广告软件植入了238个应用中。 采取了迷惑广告软件的措施,并在**后,广告出现在手机上的任何地方。 对于某些人来说,这使他们的手机无法使用。
Security firm Lookout recently discovered that the Chinese developer CooTek had been sneaking adware into many of its apps. CooTek is the developer behind TouchPal, a keyboard with over 100 million installs alone.
安全公司Lookout最近发现,中国开发商CooTek一直在将广告软件潜入其许多应用程序中。 CooTek是TouchPal的开发人员,TouchPal是仅安装一亿个键盘的键盘。
This particular brand of adware, provided through a BeiTaAd plugin, was particularly nasty in part because CooTek took steps to hide what it was doing. During the first 24 hours, and sometimes for the first two weeks, the plugin did nothing. But when it finally activated, ads began to show on the phone even with the app closed.
通过BeiTaAd插件提供的这种特定品牌的广告软件特别讨厌,部分原因是CooTek采取了隐藏其活动的措施。 在最初的24小时内,有时在最初的两个星期内,该插件没有执行任何操作。 但是,当它最终**时,即使关闭了应用程序,广告也开始在手机上展示。
Complaints that calls, music, emails, and more were interrupted by obtrusive ads eventually piled up, but thanks to that waiting period, it was difficult to tell which app was the culprit. And that was precisely the point, by waiting you might install other apps before the ads appeared and blame the wrong app.
投诉,电话,音乐,电子邮件等投诉最终因干扰性广告而堆积,但由于等待时间长,因此很难确定哪个应用程序是罪魁祸首。 正是这一点,等待您可能在广告出现之前安装其他应用,并归咎于错误的应用。
Thankfully, Lookout discovered the problem and reported it to Google, who swiftly took action. Offending apps were taken off the store, though some have been allowed back with the plugin removed.
幸运的是,Lookout发现了问题并将其报告给Google,GoogleSwift采取了行动。 冒犯性的应用程序已从商店中删除,尽管在删除了插件的情况下允许某些应用程序返回。
It would be easy to blame this entirely on Google’s open ecosystem and wonder why the company didn’t find this itself (and that latter question is somewhat legitimate), but CooTek’s attempts to hide what it was doing helped it slip by testing. Just remember, if your phone starts acting weird examine all the apps you’ve installed, not just the most recent ones. [Tech Radar]
将此完全归咎于Google的开放生态系统很容易,并且想知道为什么公司本身找不到它(而后一个问题在某种程度上是合理的),但是CooTek试图隐藏其所做的尝试通过测试使其失败。 请记住,如果您的手机开始运行异常,请检查已安装的所有应用程序,而不仅仅是最新的应用程序。 [ 科技雷达 ]
在其他新闻中: (In Other News:)
-
Move over e-scooters rentals, here comes an electric bike: Bird, one of the companies behind many of the electric scooters you keep tripping over on the street, has a new ride-sharing product in the works—a bike. The Cruiser has a 52-volt battery, a padded seat for two, and an LCD to show trip progress. Stay safe friends, and wear a helmet. [VentureBeat]
转移到电动滑板车的租金上来了,这是一辆电动自行车: Bird是您经常在街上绊倒的许多电动滑板车背后的公司之一,正在开发一种新的乘车共享产品-自行车。 巡洋舰有一个52伏电池,一个可容纳两个的软垫座椅和一个液晶显示屏,用于显示旅行进度。 保持安全的朋友,并戴好头盔。 [ VentureBeat ]
-
YouTube bans children from solo live-streaming: To protect children from predators on its platform, YouTube recently disabled comments on most videos featuring children. Now the company is expanding that step by barring young children from live-streaming without visible adult supervision. It may seem harsh, but if measures like this protect children, that’s a good thing. [Variety]
YouTube禁止儿童进行独奏直播:为了保护儿童不受平台上掠食者的侵害,YouTube最近禁止了大多数带有儿童的视频的评论。 现在,公司正在扩大这一步骤,禁止幼儿在没有明显的成人监督的情况下进行直播。 这看起来似乎很严厉,但是如果这样的措施能够保护儿童,那就太好了。 [ 品种 ]
-
Spotify takes a
stationpage from Pandora: If you love Pandora’s music recommendation stations, but prefer Spotify’s catalog, good news: Spotify is testing a similar service. Spotify’s stations (even the name is the same), curates similar music based on preference history and music styles. And just like Pandora, if you pay for Spotify, you lose the ads and gain unlimited skips. The test started in Australia and recently made its way to the United States. [MacRumors]Spotify需要一个
站Pandora的页面:如果您喜欢Pandora的音乐推荐台,但更喜欢Spotify的目录,那么好消息:Spotify正在测试类似的服务。 Spotify的电台(即使名称相同)也根据喜好历史和音乐风格来策划相似的音乐。 就像潘多拉(Pandora)一样,如果您为Spotify付费,就会失去广告并获得无限的跳过机会。 该测试始于澳大利亚,最近又进入了美国。 [ MacRumors ] -
Apple may kill off the Dashboard: If you want, you can download the beta for Apple’s latest MacOS update, Catalina, right now. (You shouldn’t, but you can.) Enterprising developers who did take the beta noticed straightaway that the Dashboard is completely removed (as opposed to disabled). If you used OS X, you might recognize the Dashboard as the widget center or “that stupid thing I accidentally launched—again.” Good riddance if you ask me. [AppleInsider]
Apple可能会终止Dashboard:如果需要,您可以立即下载Apple最新MacOS更新Catalina的Beta。 (您应该这样做,但是可以。)尝试了Beta版的进取的开发人员立即注意到,Dashboard已完全删除(而不是禁用)。 如果使用OS X,则可能会将仪表板识别为小部件中心或“我再次意外启动的那个愚蠢的东西”。 如果你问我,很好。 [ AppleInsider ]
-
Microsoft thinks you smell bad, wants to make it worse: Lynx, otherwise known as Axe in the U.S., is partnering with Microsoft to make an Xbox body wash and spray. Adorned in the Xbox logos and traditional greens, the company says the spray will let you “power up” before leaving the house. Gross. [The Verge]
微软认为您的气味很难闻,并希望使情况变得更糟: Lynx(在美国也称为Ax)正在与Microsoft合作制造Xbox沐浴露和喷雾剂。 该公司称,这种喷雾剂将以Xbox徽标和传统的绿色装饰,让您在离开房屋之前“加电”。 毛。 [ 边缘 ]
-
Nintendo announces PokémonSword and Shield games: Pokémon is never going away, at least not so long as it continues to bring in bucketloads of money. Nintendo announced the next expansion in the franchise, Sword and Shield. New in this game? You can make your Pokémon giant sized. You know what they say about Pokémon games: Gotta buy ’em all. [Engadget]
任天堂宣布推出《神奇宝贝剑与盾》游戏:神奇宝贝永远不会消失,至少只要它继续带来大量金钱就不会消失。 任天堂宣布了《 剑与盾》系列的下一个扩展。 这个游戏有新内容吗? 您可以将神奇宝贝的尺寸定为巨型。 您知道他们对神奇宝贝游戏的评价:必须全部购买。 [ Engadget ]
-
Skype gains screen sharing capability: How often have you tried to help a relative or friend find a setting on their phone when they called through that phone? “Too many” is probably the right answer. Skype wants to help you out with screen sharing. The new feature will let you see their screen and walk them through steps. Once you tell them how to install Skype, that is. [XDA developers]
Skype拥有屏幕共享功能:当他们的亲朋好友通过电话呼叫时,您尝试过几次尝试帮助亲戚或朋友在他们的电话上找到设置? “太多”可能是正确的答案。 Skype希望帮助您进行屏幕共享。 这项新功能可让您查看他们的屏幕并逐步进行操作。 当您告诉他们如何安装Skype后,就是这样。 [ XDA开发人员 ]
-
Researchers show proof-of-concept malware that mimics your typing: A few security companies have explored a method of identity verification through keyboard typing habits. The idea is simple: everyone types a little differently, so pay attention to how the keyboard is used to verify who is using it. But researchers have now shown concept malware that accurately mimics a targets keyboard strokes, fooling software designed to identify people. Security is always a game of escalation, unfortunately. [ZDNet]
研究人员展示了模仿您打字的概念验证型恶意软件:一些安全公司已经通过键盘打字习惯探索了一种身份验证方法。 这个想法很简单:每个人的键入都有些不同,因此请注意如何使用键盘来验证谁在使用它。 但是研究人员现在已经展示了概念恶意软件,它们可以准确地模拟目标键盘击键,欺骗了旨在识别人员的软件。 不幸的是,安全始终是一场升级游戏。 [ ZDNet ]
Over seven years, scammers managed to steal 19 million dollars worth of iPhones. Even accounting for more recent $1000 iPhones, that’s a lot of phones.
七年来,诈骗者成功窃取了价值1900万美元的iPhone。 即使考虑到最新的1000美元的iPhone,这也是很多手机。
The scammers put together a sophisticated network that comprised of multiple parts. Across 34 states, they used runners and grunts. The runners used stolen identities and fake documents to pose as buyers wanting to upgrade their phones. They naturally would choose a payment plan to get the iPhone for as low a price as possible.
骗子将复杂的网络组成一个由多个部分组成的网络。 在34个州中,他们使用跑步者和咕gr声。 跑步者使用被盗的身份和伪造的文件冒充买家想要升级他们的手机。 他们自然会选择付款计划,以尽可能低的价格获得iPhone。
Runners would travel out of state, retrieve the iPhone, and ship them back to the ring leaders, who referred to themselves as “Top Dogs.”
跑步者会离开州,取回iPhone,然后将其运回指环领队,指环领队将自己称为“顶级狗”。
The most eye-popping detail isn’t how long they got away with this, or how many they stole, but how they the scam fell apart. An eagle-eyed employee working for one of the overnight shipment companies noticed the packages seemed suspicious.
最引人注目的细节不是他们逃脱了多长时间,或者偷了多少,而是骗局如何破裂。 在一家隔夜运输公司工作的鹰眼员工发现这些包裹似乎可疑。
Usually, when shipping a significant number of packages to a single address, an account with the shipping company is used, but cash or credit card was the method of payment here. And even though packages came from out of state, they listed New York as the return address.
通常,当将大量包裹运送到一个地址时,将使用在运送公司的帐户,但是这里使用现金或信用卡作为付款方式。 即使包裹来自州外,他们仍将纽约列为回邮地址。
At some point, the shipping company opened up 39 packages to find 253 phones. Further investigation revealed the rest, and investigators charged six individuals with mail fraud, conspiracy to commit mail fraud, and aggravated identity theft. Someone give that shipping employee a raise. [Gizmodo]
在某个时候,运输公司打开了39个包裹,查找253部电话。 进一步的调查揭示了其余的情况,调查人员指控六个人有邮件欺诈,串谋实施邮件欺诈以及严重的身份盗窃行为。 有人给那位运输雇员加薪。 [ Gizmodo ]
翻译自: https://www.howtogeek.com/fyi/daily-news-roundup-touchpals-sneaky-android-adware/