The maker of a phone app that is advertised as providing a stealthy means for monitoring all activities on an Android device spilled email addresses, plain-text passwords, and other sensitive data belonging to 62,000 users, a researcher discovered recently.
A security flaw in the app, branded Catwatchful, allowed researcher Eric Daigle to download a trove of sensitive data, which belonged to account holders who used the covert app to monitor phones. The leak, made possible by a SQL injection vulnerability, allowed anyone who exploited it to access the accounts and all data stored in them.
Unstoppable
Catwatchful creators emphasize the app’s stealth and security. While the promoters claim the app is legal and intended for parents monitoring their children’s online activities, the emphasis on stealth has raised concerns that it’s being aimed at people with other agendas.
“Catwatchful is invisible,” a page promoting the app says. “It cannot be detected. It cannot be uninstalled. It cannot be stopped. It cannot be closed. Only you can access the information it collects.”
The promoters go on to say users “can monitor a phone without [owners] knowing with mobile phone monitoring software. The app is invisible and undetectable on the phone. It works in a hidden and stealth mode.”
AT&T is rolling out a protection that prevents unauthorized changes to mobile accounts as the carrier attempts to fight a costly form of account hijacking that occurs when a scammer swaps out the SIM card belonging to the account holder.
The technique, known as SIM swapping or port-out fraud, has been a scourge that has vexed wireless carriers and their millions of subscribers for years. An indictment filed last year by federal prosecutors alleged that a single SIM swap scheme netted $400 million in cryptocurrency. The stolen funds belonged to dozens of victims who had used their phones for two-factor authentication to cryptocurrency wallets.
Wireless Account Lock debut
A separate scam from 2022 gave unauthorized access to a T-Mobile management platform that subscription resellers, known as mobile virtual network operators, use to provision services to their customers. The threat actor gained access using a SIM swap of a T-Mobile employee, a phishing attack on another T-Mobile employee, and at least one compromise of an unknown origin.
This class of attack has existed for well over a decade, and it became more commonplace amid the irrational exuberance that drove up the price of bitcoin and other cryptocurrencies. In some cases, scammers impersonate existing account holders who want a new phone number for their account. At other times, they simply bribe the carrier’s employees to make unauthorized changes.
The Sinaloa drug cartel in Mexico hacked the phone of an FBI official investigating kingpin Joaquín “El Chapo” Guzmán as part of a surveillance campaign “to intimidate and/or kill potential sources or cooperating witnesses,” according to a recently published report by the Justice Department.
The report, which cited an “individual connected to the cartel,” said a hacker hired by its top brass “offered a menu of services related to exploiting mobile phones and other electronic devices.” The hired hacker observed “’people of interest’ for the cartel, including the FBI Assistant Legal Attache, and then was able to use the [attache’s] mobile phone number to obtain calls made and received, as well as geolocation data, associated with the [attache’s] phone.”
“According to the FBI, the hacker also used Mexico City’s camera system to follow the [attache] through the city and identify people the [attache] met with,” the heavily redacted report stated. “According to the case agent, the cartel used that information to intimidate and, in some instances, kill potential sources or cooperating witnesses.”
The report didn’t explain what technical means the hacker used.
Existential threat
The report said the 2018 incident was one of many examples of “ubiquitous technical surveillance” threats the FBI has faced in recent decades. UTS, as the term is abbreviated, is defined as the “widespread collection of data and application of analytic methodologies for the purpose of connecting people to things, events, or locations.” The report identified five UTS vectors, including visual and physical, electronic signals, financial, travel, and online.
Credit: Justice Department
While the UTS threat has been longstanding, the report authors said, recent advances in commercially available hacking and surveillance tools are making such surveillance easier for less sophisticated nations and criminal enterprises. Sources within the FBI and CIA have called the threat “existential,” the report authors said
A second example of UTS threatening FBI investigations occurred when the leader of an organized crime family suspected an employee of being an informant. In an attempt to confirm the suspicion, the leader searched call logs of the suspected employee’s cell phone for phone numbers that might be connected to law enforcement.
For those who missed the Flash era, these in-browser apps feel somewhat like the vintage apps that defined a generation of Internet culture from the late 1990s through the 2000s when it first became possible to create complex in-browser experiences. Adobe Flash (originally Macromedia Flash) began as animation software for designers but quickly became the backbone of interactive web content when it gained its own programming language, ActionScript, in 2000.
But unlike Flash games, where hosting costs fell on portal operators, Anthropic has crafted a system where users pay for their own fun through their existing Claude subscriptions. “When someone uses your Claude-powered app, they authenticate with their existing Claude account,” Anthropic explained in its announcement. “Their API usage counts against their subscription, not yours. You pay nothing for their usage.”
A view of the Anthropic Artifacts gallery in the “Play a Game” section. Benj Edwards / Anthropic
Like the Flash games of yesteryear, any Claude-powered apps you build run in the browser and can be shared with anyone who has a Claude account. They’re interactive experiences shared with a simple link, no installation required, created by other people for the sake of creating, except now they’re powered by JavaScript instead of ActionScript.
While you can share these apps with others individually, right now Anthropic’s Artifact gallery only shows examples made by Anthropic and your own personal Artifacts. (If Anthropic expanded it into the future, it might end up feeling a bit like Scratch meets Newgrounds, but with AI doing the coding.) Ultimately, humans are still behind the wheel, describing what kinds of apps they want the AI model to build and guiding the process when it inevitably makes mistakes.
Speaking of mistakes, don’t expect perfect results at first. Usually, building an app with Claude is an interactive experience that requires some guidance to achieve your desired results. But with a little patience and a lot of tokens, you’ll be vibe coding in no time.
The letter, signed by Aiden Fitzgerald, director of global sales operations at Broadcom, claims that Broadcom will use its time “as efficiently and productively as possible to minimize disruption.”
Still, the security worker that Ars spoke with is concerned about the implications of the audit and said they “expect a big financial impact” for their employer. They added:
Because we are focusing on saving costs and are on a pretty tight financial budget, this will likely have impact on the salary negotiations or even layoffs of employees. Currently, we have some very stressed IT managers [and] legal department [employees] …
The employee noted that they are unsure if their employer exceeded its license limits. If the firm did, it could face “big” financial repercussions, the worker noted.
Users deny wrongdoing
As Broadcom works to ensure that people aren’t using VMware outside its terms, some suggest that the semiconductor giant is wasting some time by investigating organizations that aren’t violating agreements.
After Broadcom started sending cease-and-desist letters, at least one firm claimed that it got a letter from Broadcom despite no longer using VMware at all.
Additionally, various companies claimed that they received a cease-and-desist from Broadcom despite not implementing any updates after their VMware support contract expired.
The employee at the Dutch firm that received an audit notice this month claimed that the only update that their employer has issued to the VMware offerings it uses since support ended was a “critical security patch.”
That employee also claimed to Ars that their company didn’t receive a cease-and-desist letter from Broadcom before being informed of an audit.
Broadcom didn’t respond to Ars’ request for comment ahead of publication, so we’re unable to confirm if the company is sending audit letters without sending cease-and-desist letters first. Ars also reached out to Connor Consulting but didn’t hear back.
“When we saw the news that they were going to send cease-and-desist letters and audits, our management thought it was a bluff and that they would never do that,” the anonymous security worker said.
Broadcom’s litigious techniques to ensure VMware agreements are followed have soured its image among some current and former customers. Broadcom’s $69 billion VMware acquisition has proven lucrative, but as Broadcom approaches two years of VMware ownership, there are still calls for regulation of its practices, which some customers and partners believe are “legally and ethically flawed.”
On Wednesday, CISA added CVE-2024-54085 to its list of vulnerabilities known to be exploited in the wild. The notice provided no further details.
In an email on Thursday, Eclypsium researchers said the scope of the exploits has the potential to be broad:
Attackers could chain multiple BMC exploits to implant malicious code directly into the BMC’s firmware, making their presence extremely difficult to detect and allowing them to survive OS reinstalls or even disk replacements.
By operating below the OS, attackers can evade endpoint protection, logging, and most traditional security tools.
With BMC access, attackers can remotely power on or off, reboot, or reimage the server, regardless of the primary operating system’s state.
Attackers can scrape credentials stored on the system, including those used for remote management, and use the BMC as a launchpad to move laterally within the network
BMCs often have access to system memory and network interfaces, enabling attackers to sniff sensitive data or exfiltrate information without detection
Attackers with BMC access can intentionally corrupt firmware, rendering servers unbootable and causing significant operational disruption
With no publicly known details of the ongoing attacks, it’s unclear which groups may be behind them. Eclypsium said the most likely culprits would be espionage groups working on behalf of the Chinese government. All five of the specific APT groups Eclypsium named have a history of exploiting firmware vulnerabilities or gaining persistent access to high-value targets.
Eclypsium said the line of vulnerable AMI MegaRAC devices uses an interface known as Redfish. Server makers known to use these products include AMD, Ampere Computing, ASRock, ARM, Fujitsu, Gigabyte, Huawei, Nvidia, Supermicro, and Qualcomm. Some, but not all, of these vendors have released patches for their wares.
Given the damage possible from exploitation of this vulnerability, admins should examine all BMCs in their fleets to ensure they aren’t vulnerable. With products from so many different server makers affected, admins should consult with their manufacturer when unsure if their networks are exposed.
Beyond volume, fraud poses an increasing threat. In January, the Justice Department announced indictments in a scheme to place North Korean nationals in remote IT roles at US companies. Research firm Gartner says that fake identity cases are growing rapidly, with the company estimating that by 2028, about 1 in 4 job applicants could be fraudulent. And as we have previously reported, security researchers have also discovered that AI systems can hide invisible text in applications, potentially allowing candidates to game screening systems using prompt injections in ways human reviewers can’t detect.
And that’s not all. Even when AI screening tools work as intended, they exhibit similar biases to human recruiters, preferring white male names on résumés—raising legal concerns about discrimination. The European Union’s AI Act already classifies hiring under its high-risk category with stringent restrictions. Although no US federal law specifically addresses AI use in hiring, general anti-discrimination laws still apply.
So perhaps résumés as a meaningful signal of candidate interest and qualification are becoming obsolete. And maybe that’s OK. When anyone can generate hundreds of tailored applications with a few prompts, the document that once demonstrated effort and genuine interest in a position has devolved into noise.
Instead, the future of hiring may require abandoning the résumé altogether in favor of methods that AI can’t easily replicate—live problem-solving sessions, portfolio reviews, or trial work periods, just to name a few ideas people sometimes consider (whether they are good ideas or not is beyond the scope of this piece). For now, employers and job seekers remain locked in an escalating technological arms race where machines screen the output of other machines, while the humans they’re meant to serve struggle to make authentic connections in an increasingly inauthentic world.
Perhaps the endgame is robots interviewing other robots for jobs performed by robots, while humans sit on the beach drinking daiquiris and playing vintage video games. Well, one can dream.
Large-scale attacks designed to bring down Internet services by sending them more traffic than they can process keep getting bigger, with the largest one yet, measured at 7.3 terabits per second, being reported Friday by Internet security and performance provider Cloudflare.
The 7.3Tbps attack amounted to 37.4 terabytes of junk traffic that hit the target in just 45 seconds. That’s an almost incomprehensible amount of data, equivalent to more than 9,300 full-length HD movies or 7,500 hours of HD streaming content in well under a minute.
Indiscriminate target bombing
Cloudflare said the attackers “carpet bombed” an average of nearly 22,000 destination ports of a single IP address belonging to the target, identified only as a Cloudflare customer. A total of 34,500 ports were targeted, indicating the thoroughness and well-engineered nature of the attack.
The vast majority of the attack was delivered in the form of User Datagram Protocol packets. Legitimate UDP-based transmissions are used in especially time-sensitive communications, such as those for video playback, gaming applications, and DNS lookups. It speeds up communications by not formally establishing a connection before data is transferred. Unlike the more common Transmission Control Protocol, UDP doesn’t wait for a connection between two computers to be established through a handshake and doesn’t check whether data is properly received by the other party. Instead, it immediately sends data from one machine to another.
UDP flood attacks send extremely high volumes of packets to random or specific ports on the target IP. Such floods can saturate the target’s Internet link or overwhelm internal resources with more packets than they can handle.
Since UDP doesn’t require a handshake, attackers can use it to flood a targeted server with torrents of traffic without first obtaining the server’s permission to begin the transmission. UDP floods typically send large numbers of datagrams to multiple ports on the target system. The target system, in turn, must send an equal number of data packets back to indicate the ports aren’t reachable. Eventually, the target system buckles under the strain, resulting in legitimate traffic being denied.
Elliptic also confirmed in its blog post about the attack that crypto tracing shows Nobitex does in fact have links with sanctioned IRGC operatives, Hamas, Yemen’s Houthi rebels, and the Palestinian Islamic Jihad group. “It’s also an act of sabotage, by attacking a financial institution that was pivotal in Iran’s use of cryptocurrency to evade sanctions,” Robinson says.
Predatory Sparrow has long been one of the most aggressive cyberwarfare-focused groups in the world. The hackers, who are widely believed to have links to Israel’s military or intelligence agencies, have for years targeted Iran with an intermittent barrage of carefully planned attacks on the country’s critical infrastructure. The group has targeted Iran’s railways with data-destroying attacks and twice disabled payment systems at thousands of Iranian gas stations, triggering nationwide fuel shortages. In 2022, it carried out perhaps the most physically destructive cyberattack in history, hijacking industrial control systems at the Khouzestan steel mill to cause a massive vat of molten steel to spill onto the floor, setting the plant on fire and nearly burning staff there alive, as shown in the group’s own video of the attack posted to its YouTube account.
Exactly why Predatory Sparrow has now turned its attention to Iran’s financial sector—whether because it sees those financial institutions as the most consequential or merely because its banks and crypto exchanges were vulnerable enough to offer a target of opportunity—remains unclear for now, says John Hultquist, chief analyst on Google’s threat intelligence group and a longtime tracker of Predatory Sparrow’s attacks. Almost any conflict, he notes, now includes cyberattacks from hacktivists or state-sponsored hackers. But the entry of Predatory Sparrow in particular into this war suggests there may yet be more to come, with serious consequences.
“This actor is very serious and very capable, and that’s what separates them from many of the operations that we’ll probably see in the coming weeks or months,” Hultquist says. “A lot of actors are going to make threats. This is one that can follow through on those threats.”
“If I showed the [webpage] to my parents, I don’t think they would be able to tell that this is fake,” Jérôme Segura, lead malware intelligence analyst at Malwarebytes, said in an interview. “As the user, if you click on those links, you think, ‘Oh I’m actually on the Apple website and Apple is recommending that I call this number.’”
The unknown actors behind the scam begin by buying Google ads that appear at the top of search results for Microsoft, Apple, HP, PayPal, Netflix, and other sites. While Google displays only the scheme and host name of the site the ad links to (for instance, https://www.microsoft.com), the ad appends parameters to the path to the right of that address. When a target clicks on the ad, it opens a page on the official site. The appended parameters then inject fake phone numbers into the page the target sees.
A fake phone number injected into a Microsoft webpage.
Credit: Malwarebytes
A fake phone number injected into a Microsoft webpage. Credit: Malwarebytes
A fake phone number injected into an HP webpage.
Credit: Malwarebytes
A fake phone number injected into an HP webpage. Credit: Malwarebytes
Google requires ads to display the official domain they link to, but the company allows parameters to be added to the right of it that aren’t visible. The scammers are taking advantage of this by adding strings to the right of the hostname. An example:
The parameters aren’t displayed in the Google ad, so a target has no obvious reason to suspect anything is amiss. When clicked on, the ad leads to the correct hostname. The appended parameters, however, inject a fake phone number into the webpage the target sees. The technique works on most browsers and against most websites. Malwarebytes.com was among the sites affected until recently, when the site began filtering out the malicious parameters.
Fake number injected into an Apple webpage.
Credit: Malwarebytes
Fake number injected into an Apple webpage. Credit: Malwarebytes
“If there is a security flaw here it’s that when you run that URL it executes that query against the Apple website and the Apple website is unable to determine that this is not a legitimate query,” Segura explained. “This is a preformed query made by a scammer, but [the website is] not able to figure that out. So they’re just spitting out whatever query you have.”
So far, Segura said, he has seen the scammers abuse only Google ads. It’s not known if ads on other sites can be abused in a similar way.
While many targets will be able to recognize that the injected text is fake, the ruse may not be so obvious to people with vision impairment, cognitive decline, or who are simply tired or in a hurry. When someone calls the injected phone number, they’re connected to a scammer posing as a representative of the company. The scammer can then trick the caller into handing over personal or payment card details or allow remote access to their computer. Scammers who claim to be with Bank of America or PayPal try to gain access to the target’s financial account and drain it of funds.
Malwarebytes’ browser security product now notifies users of such scams. A more comprehensive preventative step is to never click on links in Google ads, and instead, when possible, to click on links in organic results.
Graham-Cumming is no stranger to tech preservation efforts. He’s a British software engineer and writer best known for creating POPFile, an open source email spam filtering program, and for successfully petitioning the UK government to apologize for its persecution of codebreaker Alan Turing—an apology that Prime Minister Gordon Brown issued in 2009.
As it turns out, his pre-AI website isn’t new, but it has languished unannounced until now. “I created it back in March 2023 as a clearinghouse for online resources that hadn’t been contaminated with AI-generated content,” he wrote on his blog.
The website points to several major archives of pre-AI content, including a Wikipedia dump from August 2022 (before ChatGPT’s November 2022 release), Project Gutenberg’s collection of public domain books, the Library of Congress photo archive, and GitHub’s Arctic Code Vault—a snapshot of open source code buried in a former coal mine near the North Pole in February 2020. The wordfreq project appears on the list as well, flash-frozen from a time before AI contamination made its methodology untenable.
The site accepts submissions of other pre-AI content sources through its Tumblr page. Graham-Cumming emphasizes that the project aims to document human creativity from before the AI era, not to make a statement against AI itself. As atmospheric nuclear testing ended and background radiation returned to natural levels, low-background steel eventually became unnecessary for most uses. Whether pre-AI content will follow a similar trajectory remains a question.
Still, it feels reasonable to protect sources of human creativity now, including archival ones, because these repositories may become useful in ways that few appreciate at the moment. For example, in 2020, I proposed creating a so-called “cryptographic ark”—a timestamped archive of pre-AI media that future historians could verify as authentic, collected before my then-arbitrary cutoff date of January 1, 2022. AI slop pollutes more than the current discourse—it could cloud the historical record as well.
For now, lowbackgroundsteel.ai stands as a modest catalog of human expression from what may someday be seen as the last pre-AI era. It’s a digital archaeology project marking the boundary between human-generated and hybrid human-AI cultures. In an age where distinguishing between human and machine output grows increasingly difficult, these archives may prove valuable for understanding how human communication evolved before AI entered the chat.
OpenAI executives have discussed filing an antitrust complaint with US regulators against Microsoft, the company’s largest investor, The Wall Street Journal reported Monday, marking a dramatic escalation in tensions between the two long-term AI partners. OpenAI, which develops ChatGPT, has reportedly considered seeking a federal regulatory review of the terms of its contract with Microsoft for potential antitrust law violations, according to people familiar with the matter.
The potential antitrust complaint would likely argue that Microsoft is using its dominant position in cloud services and contractual leverage to suppress competition, according to insiders who described it as a “nuclear option,” the WSJ reports.
The move could unravel one of the most important business partnerships in the AI industry—a relationship that started with a $1 billion investment by Microsoft in 2019 and has grown to include billions more in funding, along with Microsoft’s exclusive rights to host OpenAI models on its Azure cloud platform.
The friction centers on OpenAI’s efforts to transition from its current nonprofit structure into a public benefit corporation, a conversion that needs Microsoft’s approval to complete. The two companies have not been able to agree on details after months of negotiations, sources told Reuters. OpenAI’s existing for-profit arm would become a Delaware-based public benefit corporation under the proposed restructuring.
The companies are discussing revising the terms of Microsoft’s investment, including the future equity stake it will hold in OpenAI. According to The Information, OpenAI wants Microsoft to hold a 33 percent stake in a restructured unit in exchange for foregoing rights to future profits. The AI company also wants to modify existing clauses that give Microsoft exclusive rights to host OpenAI models in its cloud.
