Wednesday Newsbytes: Windows 11 Gets New Backup Feature; New Settings App in Windows 11 is a Mind Reader; How the FBI Removed Oakbot from Infected PCs: Whiffy Malware Sends Hackers Your Location… and more!
Every day we scan the tech world for interesting news in the world of technology and sometimes from outside the world of technology. Every Wednesday, we feature news articles that grabbed our attention over the past week. We hope you find this week’s ‘Wednesday Newsbytes’ informative and interesting!
The latest Windows 11 Insider Preview includes a new Backup App that functions in a similar fashion to Time Machine in macOS.
The backup app will allow for more regular backups of most apps, settings, and data in Windows 11. This will allow for easier restore abilities, as well as the ability to transfer data to a new PC, NotebookCheck noted.
Notably, Time Machine works by allowing you to frequently back up data in macOS. If an issue arises with your Mac system, you can select a date of one of your most recent backups, before the issue occurred, and restore the system to that date to see if the issue will resolve. Time Machine has been a staple on macOS since 2007.
Microsoft recently announced its new Backup App as part of its Windows 11 Insider Preview Build 23466 release, which is now available for download from the Dev Channel.
The system features that will generally be backed up include stock applications, documents, photos, files, passwords, and basic settings, in addition to Start Menu and Taskbar configurations. In terms of modification, the system does allow you to determine which files and settings you wish not to include in your backup. Applications downloaded from the Microsoft Store aren’t eligible for automatic backup and reinstallation.
You can initiate a backup by visiting the new Windows Backup app or through the Accounts/Windows Backup section in the Settings…
Settings is getting a new homepage
Microsoft is introducing a new addition to the Settings app that is currently available for testing among Windows 11 insiders. The Redmond-based tech giant boasted that the new update features a new Settings homepage that’s built to deliver more personalization to Windows 11.
The most salient aspect of this update is that the homepage will feel more like “you.” In other words, based on your usage patterns and trends, it will populate recommended settings that you use the most (e.g., Display, Sound, Search permissions).
Windows 11 Settings app gets a new homepage
The new homepage in the Settings app will have seven new cards:
Each interactive card, according to Microsoft, will be optimized to offer “the most relevant information” at your finger tips. For example, the Recommended settings card will surface your most commonly used Windows 11 settings….
The FBI announced today the disruption of the Qakbot botnet in an international law enforcement operation that not only seized infrastructure but also uninstalled the malware from infected devices.
During this past weekend’s law enforcement operation, Operation Duck Hunt, the FBI redirected the botnet’s network communications to servers under its control, allowing agents to identify approximately 700,000 infected devices (200,000 located in the U.S.).
After they took control of the botnet, the FBI devised a method to uninstall the malware from the victims’ computers, effectively dismantling the botnet’s infrastructure, from the victims’ PCs to the malware operators’ own computers.
What is Qakbot?
Before we learn how the FBI uninstalled Qakbot from computers, it is essential to understand how the malware was distributed, what malicious behavior it performed, and who utilized it.
Qakbot, aka Qbot and Pinkslipbot, started as a banking trojan in 2008, used to steal banking credentials, website cookies, and credit cards to conduct financial fraud.
However, over time, the malware evolved into a malware delivery service utilized by other threat actors to gain initial access to networks for conducting ransomware attacks, data theft, and other malicious cyber activities.
Qakbot is distributed through phishing campaigns that utilize a variety of lures, including reply-chain email attacks, which is when threat actors use a stolen email thread and then reply to it with their own message and an attached malicious document…
Whiffy Recon malware sends hackers your exact location every 60 seconds
Normally when hackers infect one of the best Windows laptops with malware, financial gain is their motivation. However, they also like to deploy infostealer malware to get their hands on your personal data.
Security researchers at Secureworks’ Counter Threat Unit have come across a mysterious new malware strain that is after something else entirely: your exact location. As reported by The Hacker News, hackers are now using the SmokeLoader malware to deliver a new malware strain called Whiffy Recon.
As its name suggests, SmokeLoader is a Malware-as-a-Service offering sold on dark web forums that’s designed to drop additional payloads (which include other malware) on vulnerable computers. It’s typically distributed through either phishing emails or malicious documents.
Now SmokeLoader is being used to infect PCs with Whiffy Recon, but even the security researchers that discovered this new malware strain aren’t quite sure what the hackers behind this campaign intend to use it for.
Pinpointing your exact location
According to a new blog post detailing Secureworks’ findings, the Whiffy Recon malware “has only one operation” and “every 60 seconds it triangulates the infected systems’ position by scanning nearby Wi-Fi access points.”
To find an infected device’s exact location, Whiffy Recon uses the information obtained from these Wi-Fi access points as a data point for Google’s geolocation API. It does this by constantly checking Windows’ WLAN AutoConfig Service on infected PCS. However, if this service doesn’t exist, WhiffyRecon shuts down on its own. The malware also adds a shortcut to the Windows Startup folder…
Hackers found, and disabled, another top spyware manufacturer
Hackers have attacked the makers of a widepsread mobile spyware tool, destroying all of the data the company gathered on its victims while exposing the malicious actors who were paying for the spyware service.
A report by TechCrunch, tipped off by DDoSecrets, a nonprofit transparency group that documents data leaks, examined a large database – 1.5GB in size – it received from an unnamed hacking group, claiming the database came from WebDetetive, a mobile spyware app built for the Portuguese-speaking community.
The majority of the victims were located in Brazil, it was said.
Flipping the script
The hackers told DDoSecrets that they found multiple vulnerabilities in WebDetetive’s infrastructure and endpoints which allowed them to access the database. While inside, they uncovered that some 76,000 Android devices were victims of the spyware, which was harvesting all sorts of private and sensitive information.
However, instead of stealing the victim data and posting it online, the group deleted their devices from the spyware’s network, rendering it useless. The infected devices were no longer able to send new data to the spyware’s server. The group said it did this “because we could.” They also generated a different database (the one shared with DDoSecrets) and filled it with information on the people who were using WebDetetive’s services.
The data included customer IP addresses and their purchase history. It also included all of the devices each customer infected, which version of the spyware was installed, and the type of data that was being stolen.
Spyware, or stalkerware apps, are not available on official app stores, such as the Play Store or the App Store. They can be installed from third-party stores and other places on the internet…
People keep finding new uses for ChatGPT. One of the latest is flooding social media with spam bots and AI-generated content that could further degrade the quality of information on the internet.
A new study shared last month by researchers at Indiana University’s Observatory on Social Media details how malicious actors are taking advantage of OpenAI’s chatbot ChatGPT, which became the fastest-growing consumer AI application ever this February.
The research, conducted by Kai-Cheng Yang, a computational social science researcher, and Filippo Menczer, a computer-science professor, found that ChatGPT’s ability to generate authoritative-looking text is being used to run “botnets” on X, formerly Twitter.
What are botnets and why are they bad?
Botnets are networks of hundreds of harmful bots and spam campaigns on social media that can go undetected by current anti-spam filters. They are deployed for many reasons…
Thanks for reading this week’s Wednesday Newbytes. We hope these articles were informative, interesting, fun, and helpful. Darcy & TC