Author: Martin Brinkmann

When I was young, I studied German, History and English at Essen University in Germany. I worked in computer support for several years at the time to help other computer users when they ran into issues. Writing started out as a passion project, as I wanted to help more users and not just the ones that I handled in support. This lead to the founding of Ghacks Technology News in 2005. First, as a side-project, but shortly thereafter as a full-time project as the site's popularity exploded. I sold Ghacks to Softonic some years ago, but stayed on as Editor. You can still read my articles on the site. I do publish on Betanews as well. In recent years, I started to write and publish technology books, including my latest book "Windows 11 From Beginner to Advanced", which is available on Amazon. I'm also a freelance writer for the German publisher Gamestar. Chipp.in is my newest project. I want to use it to talk about my book projects, sell my books directly, and write about technology, as this is what interests me.
Advertising

Oh look, Google ads are again used to scam Google Search users

Posted on by Martin Brinkmann

Threat actors have launched another malvertising campaign on Google Search. While that is not really anything to write about anymore in this day and age, this time is special.

Not only did the threat actors manage to plant scam ads on Google, they did furthermore impersonate Google’s entire product line and used Google domains for the scams. If that is not something to write about.

The story comes from Malwarebytes. Security researchers at Malwarebytes discovered the campaign.

Here are the details:

  • The campaign was run on Google Search.
  • The threat actor used Google’s Looker Studio service to show the google.com domain as the address.
  • The ads targeted Google {product}, e.g., Google Translate or Google Flights.

Even after Malwarebytes reported the ads to Google, ads that impersonated official Google products continued to show up on Google Search.

Locker Studio is a service by Google that creates “interactive dashboards and beautiful reports” from data.

The scammers used the service to display a copy of the Google Search homepage. The homepage is just an image with a hidden link. When the victim clicks on the image, the link is triggered.

The user is then redirected to fake Microsoft or Apple alert pages. These go into full screen mode and play a recording according to Malwarebytes. The alerts suggest that something is not right.

They display a number to call for support and also a form to type the Microsoft account name and password.

Calls land in overseas call centers that try to scam the callers into purchasing gift cards or logging into their bank accounts to pay for the support.

The URL used in this case is on a Microsoft Azure domain, which is designed to instill further trust.

Closing Words

There is not much to like about ads nowadays. They slow down web browsing, use additional bandwidth, collect data about users, and may be distracting. If that is not enough, they may also push ads, as seen over and over again.

The only thing that is positive about ads is, in my opinion, that they allow certain services or publications to exist. There are not viable alternatives. While subscriptions are picking up, this won’t work for everyone as users seem to be fed up already with the ever increasing list of services that is asking for a monthly or yearly payments.

More safeguards need to be in place to prevent blatant abuses like the one discovered by Malwarebytes.

What is your take on this? Feel free to leave a comment down below.

Brand Love: Google’s unethical attempt to get only positive Pixel reviews

Posted on by Martin Brinkmann

Influencers play an important role in marketing today. They tend to have a certain reach that makes cooperations with them attractive to companies.

It should not come as a surprise that influencers get offers to test devices. Companies send them the devices free of charge in the hope that they get a review by the influencer in question.

This cooperation should not come with any requirements, or only light requirements, such as disclosing that the device was not paid for.

Reports suggest that Google has altered the terms for influencers recently. To get a new Pixel device for testing, influencers had to acknowledge and agree to the following:

By opting into this program, do you acknowledge that you are expected to feature the Google Pixel device in place of any competitor mobile device? Please note that if it appears other brands are being preferred over the Pixel, we will need to cease the relationship between the brand and the creator.

In other words, Google tried to influence reviews of influencers with the new terms.

At least some YouTubers who joined “Team Pixel” in the past have quit citing that the new terms were not giving them the editorial freedom that they needed and their audiences deserved.

The Verge asked Google about the new terms and Google said that they “missed the mark” and that “it has been removed”.

Still, the agreement was in place for a time and it seems likely that the participating influencers would make sure that their reviews and takes on the new Pixel devices would not violate it.

All in all, it is a new low. It is good to see that some influencers decided to quit the program because of the changes.

Do you check out what creators or influencers have to say about a certain device before you make a buying decision? Or do you get your information from elsewhere instead? Feel free to leave a comment down below.

WhatsApp

WhatsApp: the end of Spam? New feature is a tiny step towards that goal

Posted on by Martin Brinkmann

WhatsApp is working on a new feature that will block messages from unknown accounts. Before you get too excited about it, there is a big but coming up soon.

If you are using WhatsApp, you may have experienced your fair share of spam. Be it messages from unknown accounts or even calls.

Over the past couple of weeks, I received a significant number of spam calls and also messages. The chat messages promised work, money, a girlfriend, and other things.

It is simple to block interactions with certain accounts on WhatsApp once they try to reach out to you. There are not that many options to block spam before it reaches your device though.

Soon, WhatsApp users will have another weapon in their arsenal to fight spam before it reaches the user’s device. (via WABetaInfo)

The details:

  • A new option to block unknown account messages is being tested in the WhatsApp beta.
  • It blocks messages from unknown accounts, but only if they “exceed a certain volume”.
  • Not every beta tester has the feature at this point.

In other words: If WhatsApp notices a certain amount of spam from a particular user, it will block that user’s ability to send more spam.

WhatsApp does not say how it detects spam messaging attempts. It is possible that it is using spam reports by users for that. This would mean, and here comes the aforementioned but, that spam will still land on user devices.

Not necessarily as much as before, as WhatsApp will pull the plug on the account’s ability to send messages once the threshold is reached.

Even if WhatsApp uses an automated system, it still means that spam will land on user devices, albeit less than before presumably.

Closing Words

All in all, it is a welcome new option that may reduce spam on the platform. It appears that the feature is disabled by default. You may need to enable it under Settings > Privacy > Advanced.

Do you use WhatsApp? Did you receive spam in the past? Would you enable the new feature once it becomes available? Let us know in the comments below.

Google Pixel Weather App

A first look at Google’s new Weather app

Posted on by Martin Brinkmann

Google announced several new Pixel devices this week as well as new AI and services, some of them exclusive at the time of writing.

The company’s main announcement on its official The Keyword website focuses more on software and services, and less on the hardware of the Pixel devices.

Among the new features is a “better weather app” that uses AI to give “super accurate weather forecasts” and “custom AI weather reports”.

The app is available for Pixel devices, but APK files are available already that can be installed on non-Pixel Android devices. The main restriction is that it requires Android 14.

Some of the advertised features, mostly those linked to KI, do not appear to work at the time of writing. I tried the app on a Samsung Galaxy A55 5G device and it worked. Other users claimed that the app was crashing on them, which some fixed by clearing the cache.

Google Weather App location details

The app is basic at the time of writing and on non-Pixel devices. Weather data comes from weather.com.

You can add multiple locations to it and every location is shown on the startpage. A tap opens more details for the selected location.

Here you get:

  • Warnings
  • Hourly Forecast
  • 10-day Forecast
  • Sunrise & Sunset
  • Wind speed and direction
  • UV Index
  • Air Quality Index (for some locations)
  • Visibility
  • Humidity
  • Pressure.

You can move the items around using drag & drop.

It lacks the weather background for the selected location and the weather map.

A tap on 10-day Forecast opens another page with additional details for the selected day and the period as a whole.

The app has a few widgets that you can place on the screen. At least one of is dynamic, but there are others that you may display.

I have not received any notifications, warnings, or AI reports at the time of writing. Maybe that is reserved for Pixel devices or accounts that are subscribed to Google Gemini in one form or another.

Closing Words

Google’s new Weather app is limited when you run it on a non-Pixel 9 device. It is likely that it may come to older devices, but that some features, mostly those powered by AI, may not come to older devices.

You can download the latest version from APK Mirror to give it a try.

Do you use a weather app on your mobile devices? If so, which app do you use and why? Feel free to leave a comment down below.

Encryption

Windows 11: Device Encryption will be enabled automatically in these cases

Posted on by Martin Brinkmann

The next feature update for Windows 11 enables automatic device encryption for users of the operating system. This happens automatically in the background and for most users, but there are exceptions.

What is Device Encryption and how does it differ from BitLocker Drive Encryption?

Device Encryption is based on BitLocker, Microsoft’s encryption technology. It is an automatic system that will encrypt the Windows partition and other fixed drives.

In other words: most drives that are internal will be encrypted by Device Encryption.

Encryption protects data on the drives to prevent unauthorized access.

BitLocker Drive Encryption on the other hand is only available for Pro, Enterprise, and Education editions of Windows. It gives administrators control over the technology and needs to be enabled manually.

The change in Windows 11 24H2

Starting with the release of Windows 11, version 24H2, Windows 11 will encrypt drives automatically using Device Encryption in the following cases:

  • During first sign-in with a Microsoft account, or work or school account.
  • During first set up of the device, if a Microsoft account is used.

Windows 11 will start the encrypting of the drives immediately in the background.

Windows users who create a local account during set up won’t have their drives encrypted. Microsoft notes here that it is possible to do that manually though.

Note: Microsoft is making it harder and harder to set up Windows without a Microsoft account. It is still possible, but most users are probably unaware of this.

Enabling or disabling Device Encryption manually

Device Encryption setting in Windows 11
Device Encryption setting in Windows 11

You need to sign-in with an administrator account to manage Device Encryption. Also, it is possible that the feature is not supported on the device.

Here is how to find out and manage it:

  1. Select Start and then Settings to open the Settings app.
  2. Go to Privacy & security > Device Encryption.

If you do not see Device Encryption on the page, it is either unavailable on the device or you are signed-in with a standard user account.

Device Encryption offers a simple toggle to turn the feature on or off.

How to find out why Device Encryption is now available

Here is a step-by-step guide on finding out why Device Encryption is not supported.

  1. Open the Start menu.
  2. Type System Information.
  3. Select Run as adminstrator.
  4. Scroll down to Automatic Device Encryption Support or Device Encryption support.
  5. Hover over the entry to see the reason why it is not supported.

What is your take on Device Encryption? Do you use BitLocker encryption on your devices? Let us know in the comments below.

Google Pixel 9 devices

Beyond hardware: these Pixel 9 features launch with the phones

Posted on by Martin Brinkmann

Google announced this year’s Pixel upgrade on its Made by Google event yesterday. As Google puts it, these are the most powerful Pixel devices ever. They are also the most expensive ones.

You find information about the hardware features of the four Pixel devices — Pixel 9, Pro, Pro XL, and Fold — on numerous sites. Check out Android Police’s or Android Central’s coverage, if you are interested in that.

Google’s main blog post on the Keyword website mentions hardware improvements just in passing. Just a few paragraphs that detail improvements over previous Pixel devices.

The majority of text is reserved for software improvements, mostly AI. The clear focus is software, therefore.

Here are the highlights:

Gemini Live — Deeper interactions with Google’s Gemini AI. Available for Gemini Advanced subscribers. Free for one year for Pixel 9 Pro, Pro XL, and Pro Fold buyers (sorry Pixel 9 buyers, no love for your).

Pixel Studio — Is an image generator that uses the “on-device diffusion model” with a text-to-image model that in the cloud. (Not available in all languages or countries, no further info on that).

Pixel Screenshots — Exclusive app for Pixel 9 that makes screenshots searchable using AI. You may later interact with the app to retrieve information. May include links and other information. (Not available in all languages or countries, no further info on that).

Improved Weather app — Google promises “super accurate weather forecasts” and custom AI weather reports. Also more customization options.

Camera improvements — The cameras get several new features and improvements:

  • AI-powered camera experience — Optimizes HDR+, exposure, tone mapping, sharpening, contrast, and more.
  • Super Res Zoom Video — Supports up to 20x super resolution zoom in Night Sight Video or Video Boost. Uses the telephoto camera with “advanced machine learning”. Only available on Pixel 9 Pro and Pro XL.
  • Add Me — Uses AI to merge multiple photos into a single one. One application for this is that you may add the photographer to a scene.
  • Reimagine Magic Editor — Change images using a text box, e.g., by removing objects or people, changing the sky, or placing new objects.
  • Auto frame in Magic Editor — Helps frame a photo that has been taken already.
  • Night Sight in Panorama — Panorama mode is now also available in low-light conditions.
  • Zoom Enhance — This one allows you to zoom in even more using AI. Only available on Pixel 9 Pro, Pro XL, and Pro Fold.
  • Video Boost — upgrades video to 8K resolution.
  • Move anything — Allows you to move objects or people in a photo.

Clear Calling and Call Notes — Clear calling improves the audio quality of calls according to Google. Call Notes on the other hand creates private summaries and full transcripts of phone calls. Everyone is informed about the recording. (only for calls that are at least 30 seconds long. Not available in all languages or countries, no further info on that).

Satellite SOS — known from Apple, this adds an emergency option to Pixel 9 devices to call for help, even when there is no cellular service. (Only available in the U.S., free for the first 2 years).

There you have it, these are the main features that Google announced. Google does not say which of these require Internet connectivity or what data is transferred for the services that require it.

Does this sound interesting to you? Do you plan to buy a Pixel 9 device, or will you skip those? Feel free to leave a comment down below.

Malware

Three year old Malvertising Campaign is still going strong

Posted on by Martin Brinkmann

One of the most important skills of any Internet user is the ability to distinguish between advertising and organic links. A core reason for that is that advertising is regularly abused for malvertising campaigns.

Malvertising refers to ads that in one way or another attack the user or the user’s device. A simple example is a download ad that pushes a malicious file onto the user’s system.

Security researchers at ReasonLabs have discovered a malvertising campaign that has been around for at least three years.

The details:

  • Polymorphic campaign that installs Chrome and Edge extensions on endpoints.
  • Uses multiple attacks, including search hijacking, stealing private data, or executing commands on the user’s device.
  • At least 300,000 users fell victim to the campaign until now.

How the attack works

The attackers use advertising to push malicious downloads. They use fake download sites for legitimate applications such as YouTube, VLC, or Roblox FPS Unblocker.

Users who fall for this, you guessed it, download a malicious payload to their systems. Here is what happens next:

  1. The executable creates a scheduled task, which is designed to run a PowerShell script.
  2. The PowerShell script downloads a payload from a remote server and runs it on the user’s machine.
  3. It then begins to make changes to the user’s system:
    • Adds policies to enforce the installation of Chrome and Edge installations from the Store (which are malicious).
    • Some versions of the script uninstall browser updates.
    • Tampers with browser .lnk file to load another extension for communication with a control server and stealing search queries.
    • Communicate with command center for status reports and the next stage of execution.

The script blocks uninstallation of the installed extensions, even when Developer Mode of the browser is set to on. Users will also see the “your browser is managed by your organization” message.

The blog post offers a deep dive, which interested or affected users may check out. There is also a section on removing the malware from infected hosts.

This involves:

  • Removing the scheduled tasks.
  • Removing the planted Registry keys.
  • Deleting the malicious files.

Closing Words

The security researchers note that many of the used domains, extensions, and scripts are not detected as malicious at the time of writing. Google and Microsoft were notified according to the blog post.

Which brings us right back to the beginning. Ads are not easily distinguishable from organic results in many cases. Google, for instance, displays a simple “sponsored” text above ads. They look exactly like organic results in any other way.

While experienced users may not have any problems differentiating between the two, less tech-savvy users fall for these.

So, if you want to improve security, you better take a good look at links before you click. If you want to be safer, do not click on ads 🙂

Exodus Android App Tracker analysis

Android Apps: Exodus reveals trackers and permissions before installation

Posted on by Martin Brinkmann

Much of what happens during the installation of an Android app happens in the background. While Android may highlight permissions that an app requires, it stays silent when it comes to privacy.

Many apps include trackers and may also contain ads, but ad-free apps may still have trackers.

If you are particularly worried about tracking, you may find the free service Exodus useful. It is available as a web-based version that you can launch from any modern web browser.

To get started, type the name of an Android app in the search field at the top. You can type partial names and pick the app from the list of results. Other options are to type the apps’ unique handle or full Google Play URL.

The number of trackers and permissions is returned then. Select trackers to look through the list of trackers that the application references. Trackers are classified based on their purposes, e.g., advertisement, identification, or analytics.

Exodus uses colors to highlight the number of trackers and permissions. Green apps use 0 trackers and permissions. Yellow apps less than 5, and red apps more than 5.

A click reveals the total number of analyzed apps that use the particular tracker.

Note that Exodus does not decompile applications. It performs a “static analysis of APKs and compares Java class names with a list of trackers”.

In other words, there is a chance that trackers do get overlooked.

As far as permission go, these are also shown on the profile page of the app on the Exodus website.

Another useful feature is the ability to have new apps scanned. You need to supply the full Google Play Store or F-Droid URL for that.

The application will be analyzed, if it is unknown to Exodus. The makers note that apps with geographic restrictions cannot be scanned.

Verdict

Exodus, all in all, is a useful service. It highlights if an application uses trackers. If you do not want to be tracked, you may want to give it a try. Most Android apps use tracking in one form or another though.

Do you use services like Exodus to analyze apps before you install them? Or do you use something else to block trackers? Let us know in the comments.

Paint 3D end of support

Microsoft is retiring a Windows app this year that it at one time had high hopes for

Posted on by Martin Brinkmann

When it comes to the dozen or so Windows app that Microsoft ships with Windows, there are several that most users would probably never touch.

Of these, Paint 3D is probably high up on the list of the majority of Windows users. It sits there at the top with the likes of 3D Builder.

Paint 3d came out at a time when Microsoft wanted to push creativity and creating in Windows. It was set out to replace the original Paint application, which was a trustworthy, albeit basic, image editing app for Windows for a long time.

Many users were not pleased with Paint 3D and Microsoft’s course, as interface and functionality were changed. Eventually, Microsoft realized that Paint was the app that won the popularity contest and decided to deprecate Paint 3D.

Paint 3D is now beginning to show an end of support banner in its interface. First reported by Phantom of Earth on Twitter, the banner notifies users that the app will reach end of support soon.

It says:

Paint 3D won’t be available in the Microsoft Store or receive future updates on November 4, 2024.

It is a crushing defeat for the app, considering that a very similar message was displayed in the original Paint app at one time.

It said:

This version of Paint will soon be replaced with Paint 3D. Classic Paint will then become available in the Store.

Paint 3D is not getting the same treatment. The app is already no longer installed on new Windows devices. Soon, users won’t find it listed anymore on the Microsoft Store.

Microsoft does not say if it is going to remove the app if it is installed on user devices. It likely won’t, but it will certainly remind users that the app is no longer supported when it is run.

Do you have any favorites among the default Windows apps? Is Paint 3D on that list? Let us known in the comments below.

0.0.0.0 Day: decade-old vulnerability affects all browsers

Posted on by Martin Brinkmann

Security researchers have disclosed a vulnerability that affects all modern browsers. What makes it particularly worrisome is that it has been known for 18 years; that goes back to a time before Google even thought of creating Chrome.

The details:

  • The researchers call the issue 0.0.0.0 Day.
  • It allows malicious websites to interact with services that run on the local network.
  • This could lead to unauthorized access or remote code execution attacks on local services from outside the local network.

In other words: the security issue allows the circumvention of security protections by malicious websites. Chromium’s Private Network protection does not protect against this, neither does Firefox. Apple’s Safari browser was also vulnerable, but the company has released a patch that blocks access to 0.0.0.0.

The blog post provides a technical description of the vulnerability. It also explains why it took this long to react on it.

The researchers found a Mozilla bug listing that dates back 18 years. It shows that the developers were not sure whether the reported bug was a security issue, a bug, or no flaw at all.

How Google, Mozilla, and Apple plan to react

Researchers at Oligo disclosed the vulnerability to security teams of major browsers in April 2024.

  • Google: plans to block access starting in Chrome 128 and finalize the rollout by Chrome 133. Other Chromium-based browsers will get this as well.
  • Apple: has implemented a change that blocks destination host IP addresses, if the IP is all zeroes.
  • Mozilla: fix is in progress. Firefox is special, as it never restricted Private Network Access in first place. Will implement Private Network Access, but no ETA on this one.

The fixes are important, but so is standardization of the issue. HTTP requests to 0.0.0.0 should be added to security standards according to the security researchers.

Closing Words

The security researchers note that use of 0.0.0.0 on the Web is on the rise. They use counters provided by Chromium for this. According to those, it is used by 0.015% of all websites. While that may not sound like much, it equates to roughly 100,000 public websites that may communicate with 0.0.0.0.

Malicious actors may exploit the issue in their attacks. Oligo points out that ShadowRay, a recent attack that targets AI workloads, could be executed from browsers using 0.0.0.0 as the attack vector.

It is unclear if browser extensions such as Port Authority for Firefox provide protection against this kind of attack.

What is your take on this new vulnerability? Seems that there is always something new, or shall I say old, that is affecting the security of browsers. (via Born)