in the wild. The patch for this bug is one of 37 that are part of the monthly security release which covers multiple components in the popular mobile OS. This comes at a time when mobile banking malware is on the rise and there are also concerns around threat groups targeting phones to compromise them for use in MFA request responses.

Google is an odd company. They have used the personal vs corporate data ownership line like a jump rope over the years. We have watched them for a long time and all we can say is that their track record on protecting personal information and privacy has been both good and bad with them being on the bad side for most of recent history. After being a vehement opposer of bills like SOPA (Stop Online Piracy Act) and PIPA (Protect our Intellectual Property Act) they quickly dropped those stances and started facilitating blanket takedown noticed from the MPAA (now the MPA) and RIAA. The blanket notices often came from law firms that provided little more than links to Google which Google then removed from their search engine and YouTube.

It looks like there has been another round of malware identified on the Google Play sore and, you guessed it, the majority is focused on banks and other financial institutions. The combination of apps found totals around 515,000 downloads. 500,000 of these downloads are being attributed to a new trojan dubbed Octo and appears to be distributed via fake apps uploaded to the Google Play store.

Google pushed out a n Out-of-band patch for Chrome due to a high-severity on Friday (March 25th, 2022). The patch was pushed out quickly as the vulnerability, tracked as CVE-2022-1096 is being actively exploited in the wild. CVE-2022-1096 is a type confusion vulnerability that exists in the JavaScript Engine used by Chrome and was reported to Google by an Anonymous researcher last week.

Once again Google has been caught with their hands in the personal data collection cookie jar. It seems that their Messages and Phone Dialer Apps were sending information about your calls and messages without giving the user any chance to opt-out of this data collection. They also perform this data collection without any user notification at all.

In early February, rumors about a potential acquisition of Mandiant by Microsoft started to circle the internet. The response was not positive with many feeling that it was allowing the fox to run the chicken coop. Although unpopular the rumor did make sense on a few levels. However, regardless of whether the rumors were true or not, Microsoft is not buying Mandiant; Google is. Yes, Google is scooping up Mandiant for a cool $5.4 Billion.

As mobile devices continue to be a focus for attackers, we are hearing that there is new banking malware in the Google Play Store. The new malware belongs to a the SharkBot family and, according to researchers, is also a new generation thanks to included features found inside. The biggest difference between SharkBot and other banking malware is that SharkBot allows the developers to steal money in a highly automated fashion.

Google has a bit of a history (understatement) of abusing data collection and sneaking in ways to continue collecting data on its users. This type of collection is all in service to their ad business. They want to be able to send targeted ads to users and the only way to do that is to collection information about them. This pattern of behavior has led to more than one lawsuit in the past based on the way they word turning features on or off and what they collect. Even Google’s current proposed solution to excessive data collection for targeted ads is confusing and seems like nothing more than a way to maintain control of the collection process.

After Google talked about their response to Apple requiring user acceptance for cross app tracking on mobile devices, the internet sort of exploded with different articles about the pros and cons of each. We wrote about this 2 days ago and gave out thoughts on both solutions. You can read the full article, or just read on for the summation. In short, Apple requiring a user to explicitly allow an app to perform cross tracking and data collection is better than Google’s current plan to collect everything and allow controlled access to the data via API. Google’s plan has even brought up the specter of anti-competition laws as they would literally control all the data on a mobile device. Yes, it is that bad.

A couple of weeks ago Meta, Facebook’s parent company, announced that they were losing money (to the tune of $10 Billion) due to changes in the way Apple mobile devices handle user tracking by apps. The move by Apple was a bit of a surprise considering some of Apple’s history, but when you consider that Apple and Meta will probably be VR competitors it was not that much of one. The announcement also caused many to wonder if Google would follow suit.