[Thread] Security researcher finds Zoom uses a "shady" technique to install its Mac app without user interaction, applying tricks used by macOS malware (Felix/@c1truz_)

Felix / @c1truz_:
[Thread] Security researcher finds Zoom uses a “shady” technique to install its Mac app without user interaction, applying tricks used by macOS malware  —  Ever wondered how the @zoom_us macOS installer does it's job without you ever clicking install? Turns out they (ab)use preinstallation scripts, manually unpack the app using a bundled 7zip and install it to /Applications if the current user is in the admin group (no root needed). https://twitter.com/...



from Techmeme https://ift.tt/2QVz1qL

Comments

Post a Comment

Popular posts from this blog

Index and Credo lead a $2.75M seed in anti-fraud tech, Resistant AI

Image
Prague based Resistant AI has nabbed a $2.75M seed round. The security startup’s machine learning technology is designed to be deployed on top of AI systems used for financial decision making to protect customers in markets such as financial services and ecommerce from attacks such as targeted manipulation, adversarial machine learning and advanced fraud. The seed round was co-led by Index Ventures (Jan Hammer) and Credo Ventures (Ondrej Bartos and Vladislav Jez). Seedcamp also participating, along with Daniel Dines, CEO of UiPath; Michal Pechoucek, CTO of Avast and other unnamed angel investors. Bartos joins the board of directors on behalf of the investors. The startup sells an additional layer of protection that’s specifically designed for tightening security around automated functions such as credit risk scoring and anti-money laundering by using tech to detect fake documents that feed such systems. Its tech is also aimed at uncovering suspicious patterns of transactions whic...
Read more

UK's Metro Bank confirms it has faced an SS7 attack intercepting 2FA codes; a telecom lobbying group previously told Congress such an attack is "theoretical" (Joseph Cox/Motherboard)

Image
Joseph Cox / Motherboard : UK's Metro Bank confirms it has faced an SS7 attack intercepting 2FA codes; a telecom lobbying group previously told Congress such an attack is “theoretical”   —  Motherboard has identified a specific UK bank that has fallen victim to so-called SS7 attacks, and sources say the issue is wider than previously reported. from Techmeme http://bit.ly/2FYYCex
Read more

This Week in Apps: Facebook’s other Clubhouse rival, Apple details ATT, App Store trial nears

Image
Welcome back to This Week in Apps,  the weekly TechCrunch series  that recaps the latest in mobile OS news, mobile applications and the overall app economy. The app industry is as hot as ever, with a record  218 billion downloads and $143 billion in global consumer spend in 2020. Consumers last year also  spent  3.5 trillion minutes using apps on Android devices alone. And in the U.S., app usage surged ahead of the time spent watching live TV. Currently, the average American watches 3.7 hours of live TV per day, but now spends four hours per day on their mobile devices. Apps aren’t just a way to pass idle hours — they’re also a big business. In 2019, mobile-first companies had a  combined $544 billion valuation, 6.5x higher than those without a mobile focus. In 2020, investors poured $73 billion in capital into mobile companies — a figure that’s up 27% year-over-year. This Week in Apps will soon be a newsletter! Sign up here: techcrunch.com/news...
Read more