Tag: android

Scrcpy 2.0 is out! How to Install & Use this Android Remote Control App

Posted on by Kernel

The free open-source Android screen mirroring and remote control application, Scrcpy, released version 2.0 today!

The new release feature audio forwarding support! Meaning it’s not only mirroring your Android screen, but also sending the sound from Android to your PC speaker. The new feature supports Android 11 and higher. It’s enabled by default, though there’s --no-audio flag available to disable it.

Another big change in the release is that the device screen can now be encoded in H.265, or even AV1 if your device supports AV1 encoding.

The release also includes new --list-encoders option to list audio and video encoders available in the device, and --list-displays to list displays available on the device. For more about Scrcpy 2.0, see the official release note.

How to Install & Use Scrcpy in Ubuntu 22.04 to control your Android Phone Wirelessly or via USB cable

NOTE: This tutorial is tested and works in Ubuntu 22.04, though it should also work in all current Ubuntu releases.

Step 1. Prepare your Android device

To use the software, you need to first enable USB Debugging Mode in Android.

1. First, go to Settings in Android. Navigate to “About Phone”, and tap on “Build Number” several times (usually 7 times). It should prompt you something like “You are now in Developer Mode“.

TIP: there’s NO security issue or performance loss with developer mode enabled.

2. Then navigate to “Developer Options” in Settings menu or ‘Additional Settings’ sub-menu, and turn on the option for “USB Debugging“.

Step 2. Install adb

adb (Android Debug Bridge) package is also required for this software. Just press Ctrl+Alt+T on keyboard to open terminal and run command to install it:

sudo apt install adb

Step 3. Install scrcpy

There are few ways to install scrcpy, choose either one that you prefer.

Option 1: .deb package from system repository

Scrcpy is available in Ubuntu system repository. It’s working good in my case, though a little bit old that lacks new features.

To install the package, open terminal (Ctrl+Alt+T) and run command:

sudo apt install scrcpy

Option 2: Snap package in Ubuntu Software

The snap package in Ubuntu Software can be the easiest way to install the app, though it runs in sandbox.

The snap package at the moment is the last 1.25 version, though it will automatically update to v2.0 once maintainer updated the package.

Scrcpy Snap in Ubuntu Software

Option 3: Install Scrcpy from the source

If you can’t wait to use the latest release, open terminal (Ctrl+Alt+T) and run the command below one by one to install it from source:

  • First, run command to install dependency libraries: 
    sudo apt install ffmpeg libsdl2-2.0-0 adb wget gcc git pkg-config meson ninja-build libsdl2-dev libavcodec-dev libavdevice-dev libavformat-dev libavutil-dev libswresample-dev libusb-1.0-0 libusb-1.0-0-dev
  • Then, clone the source code via command: 
    git clone https://github.com/Genymobile/scrcpy
  • Finally, navigate to source folder and start the installer script: 
    cd scrcpy && ./install_release.sh

    NOTE: After building process it may ask you to type user password for the permission to install files into system directories.

Step 4. Remote control your Android in Ubuntu

Now, connect your Android device into Ubuntu using USB cable. Then, click “Allow” in Android to confirm the “Allow USB Debugging” dialog.

1. First, open terminal (Ctrl+Alt+T) and start adb in your favorite mode:

  • To remote access via USB cable, run command: 
    adb usb
  • To remote access using wireless network, run commands: 
    adb tcpip 7676
    adb connect 192.168.0.150:7676

    Here, change port number 7676 and the Android’s IP address accordingly! When done successfully, you can then remove the USB cable.

2. If the previous step goes well without any error! You can now start scrcpy:

  • Run scrcpy command in terminal if you installed from system repository.
  • Launch it from start menu (or ‘Activities’ overview) if installed from source. For debugging purpose, use scrcpy(console).

That’s all. Your android screen should appear in the Ubuntu desktop after launching scrcpy. Enjoy!

Uninstall scrcpy

To remove the adb package, open terminal and run command:

sudo apt remove --autoremove adb

To remove Scrcpy installed as .deb package, use command:

sudo apt remove --autoremove scrcpy

For the snap package, just use Ubuntu Software again to remove it.

And, for the package installed from source, navigate to the source folder again in terminal window and run command to uninstall it:

sudo ninja -Cbuild-auto uninstall

Transparent Tribe APT weaponising Android messaging apps to target officials in India and Pakistan with romance scams

Posted on by Kernel

ESET researchers have analysed a cyberespionage campaign run by the Transparent Tribe APT group distributing CapraRAT backdoors through trojanised and supposedly “secure” Android messaging apps that exfiltrate sensitive information of mostly Indian and Pakistani Android users — presumably with a military or political orientation. The victims were probably targeted through a honey-trap romance scam, in which they were initially contacted on another platform and then convinced to use supposedly “more secure” apps, which they were then lured into installing. ESET researchers were able to geolocate over 150 victims from India and Pakistan as well as from Russia, Oman, and Egypt. The threat campaign most likely has been active since July 2022.

 

“The victims were persuaded to use the MeetsApp or MeetUp app. We have previously seen such honey-trap baits being used by Transparent Tribe operators against their targets. Finding a mobile number or an email address they can use to make first contact is usually not difficult,” explained ESET researcher Lukáš Štefanko, who discovered the campaign. “We identified this campaign when analysing a different malware sample posted on Twitter.”

 

Besides the inherent working chat functionality of the original MeetUp and MeetsApp apps, the trojanised versions include malicious code that ESET has identified as that of the CapraRAT backdoor. Transparent Tribe, also known as APT36, is a cyberespionage group known to use CapraRAT. The backdoor can take screenshots and photos, record phone calls and surrounding audio, and exfiltrate any other sensitive information. The backdoor can also receive commands to download files, make calls, and send SMS messages. The campaign is narrowly targeted, and nothing suggests these apps were ever available on Google Play.

 

CapraRAT is remotely controlled, executing commands received from the command and control server. Since the operators of these apps had poor operational security, the victims’ personally identifiable information was exposed to our researchers across the open internet. It was possible to obtain information about the victims, such as their locations.

 

Both apps are distributed through two similar websites that describe the apps as secure messaging and calling services. In other words, they pose as the official distribution centers of these apps. Before using the app, victims need to create accounts that are linked to their phone numbers and that require SMS verification. Once this account is created, the app requests further permissions that allow the backdoor’s full functionality to work, such as accessing contacts, call logs, SMS messages, external storage, and recording audio.

 

Transparent Tribe probably uses romance scam baits to lure victims into installing the app and continues to communicate with them using the malicious app to keep them on the platform and make their devices accessible to the attacker.

 

The post Transparent Tribe APT weaponising Android messaging apps to target officials in India and Pakistan with romance scams appeared first on IT Security Guru.

Best Apps To Learn Guitar In 2023 | [Desktop, Android & iOS]

Posted on by Kernel

Best Apps To Learn Guitar In 2023

The guitar is one of the best musical instruments. It is also one of the most preferred instruments. Everyone wants to learn guitar but only a few of them are stuck with it. This post is for you if you are looking forward to learning guitar in 2023. In this post, we are bringing you a list of some of the amazing apps to learn guitar in 2023.

Best Apps To Learn Guitar In 2023

1. Chordify

This app has an access to over 8,000,000 songs. It has amazing integration with YouTube: It automatically recognizes the chords via the audio signal. You can easily learn the chords for any song that’s on YouTube. This is available on desktop, Android, and iOS platforms. Meanwhile, this app is not free as you need to pay £4.99/$6.99 per month to use Chordify.

Chordify Website

2. BandLab

If you are a pro-level guitar player then this guitar software is for you. It has an in-built social networking platform that also helps you to collaborate with fellow artists. There are more than 100 guitars and bass presets. You can also record acoustic guitars, keyboards, pianos, and synths with virtual MIDI instruments. Another interesting feature, that you will find in this software is unlimited cloud storage. BandLab is free to use and it is available for desktop, Android, and iOS platforms.

BandLab Website

3. Guitar Tricks

Despite not having a large catalog of songs, Guitar Tricks is one of the most useful Guitar software to learn guitar in 2023. With 11,000 song lessons, Guitar Tricks is stable software.

Guitar Tricks Website

4. Yousician

If you are a first-time user or beginner-level guitar player then this app is a must for you. There is various level of courses developed by professional for both beginners and intermediate players. The app is free to download but you need to have a premium subscription for unlimited access.

5. GarageBand for iOS

GarageBand is an amazing guitar app for iOS. GarageBand has support for up to 32 tracks so you can instantly record them. You can also have an access to free virtual instruments. It is completely free to use but it is available for apple users only.

6. Songsterr Guitar Tabs & Chords

Songsterr Guitar Tabs & Chords has easy to use and user-friendly UI with over 500,000 tabs and chords. Meanwhile, This app is not free to use as you need to pay £3.56/$4.99 per month. Songsterr Guitar Tabs & Chords is available for Desktop, iOS, and Android.

 

Top 5 Best Apps For Bass Players In 2023 | iOS and Android

Posted on by Kernel

Best Apps For Bass Players In 2023 | iOS and Android

These Apps are useful for the bass guitarist to tune their guitar before starting the real show. Yes, you need to optimize your bass guitar so that you can perform well. It is a wise habit to use apps to see chord progressions or to tune your guitar.

Best Apps For Bass Players In 2023

1. GuitarTab

GuitarTab is a fine app that you should have if you are a bass guitarist. GuitarTab also has a collection of various song chords. You can have access to the 1000000 free tabs and music notes.

Install GuitarTab from Google Play Store

2.Chordbot Lite

With more than 1 million downloads, Chordbot Lite is another useful and must-have app for bass players in 2023. You can use this app to create and play complex chord progressions quickly and easily. You can also create customizable backing tracks for instrument practice sessions. You can find 60+ chord types in all keys and inversions along with 400+ dynamically mixable instrument tracks. It has also interesting features of automatic song generating with pop, jazz, and other experimental profiles.

Install Chordbot Lite from Google Play Store

3. GuitarTuna

Another useful app for Bass Players, GuitarTuna helps you to tune across 15 instruments including guitar, ukulele, and bass. With more than 100 million downloads, You can play guitar with chords and lyrics.

Some of the musical instruments that you can tune with GuitarTuna are:

  • Guitar: 6-string, 7-string, 12-string
  • Bass: 4-string, 5-string
  • Ukulele
  • Viola
  • Violin
  • Cello
  • Banjo: 4-string, 5-string
  • Balalaika

4. Fender Play

Fender Play is premium apps for bass players. Fender Play is loaded with plenty of innovative features that are designed to help you customize your guitar learning experience at your pace. Some of the modes that you can find in Fender Player are:

• Practice Mode. A built-in metronome and tempo control help you learn to time.
Practice Reminders. Set reminders to prioritize practicing in a way that fits your schedule.
• Streaks. Earn a streak whenever you practice in the app for at least 7 minutes, 3 times per week.
Backing Tracks. Feel like you’re jamming with a full band, even if you’re practicing alone.
• Chord Challenge. Master chord transitions and improve finger dexterity. Beat your own high score by increasing the speed and tempo of chords from your favorite songs.
Tone Integration. Tap into amp presets that work with select Fender amps to get the right tone to sound like your favorite artists.
• Collections. Browse through curated collections of songs to learn organized by artist, genre, difficulty, and technique.

Get it from this link.

5. Learn how to play Bass Guitar

“Learn how to play Bass Guitar” will help you to learn Rock, Blues, Jazz, and other contemporary styles of Bass Guitar. This app contains seventy lessons on the following contemporary music styles:

  • Rock (15)
  • Blues (15)
  • Funk (15)
  • Latin Music (15)
  • Jazz (5)
  • Fusion (5)

Newly Discovered Android Spyware ‘RatMilad’ Targets Enterprise Devices in Iran

Posted on by Kernel

Earlier this week, a newly discovered Android spyware family dubbed ‘RatMilad’ has been observed trying to infect an enterprise device in the Middle East.

It appears that the discovery comes from security researchers at Zimperium, who said the original variant of the previously unknown RatMilad spyware hid behind a VPN and phone number spoofing app called Text Me.

In recent news, after identifying the RatMilad spyware, the Zimperium team also uncovered a live sample of the malware family distributed through NumRent, a graphically updated version of Text Me.

The malicious actors reportedly developed a product website advertising the app to socially engineer victims into believing it was legitimate.

Additionally, from a technical standpoint, the RatMilad spyware is installed by sideloading after a user enables the app to access multiple services. This allows the malicious actors to collect and control aspects of the mobile endpoint.

Following installation, the user is asked to allow access to contacts, phone call logs, device location, media and files, alongside the ability to send and view SMS messages and phone calls.

Therefore, a successful attack will result in threat actors accessing the camera to take pictures, record video and audio, get precise GPS locations and more.

“Though this is not like other widespread attacks we have seen in the news, the RatMilad spyware and the Iranian–based hacker group AppMilad represent a changing environment impacting mobile device security,” explained Richard Melick, director of mobile threat intelligence at Zimperium.

The executive has reported a growing mobile spyware market is available through legitimate and illegitimate sources, including tools like Pegasus and PhoneSpy.

“RatMilad is just one in the mix,” Melick added. “The group behind this spyware attack has potentially gathered critical and private data from mobile devices outside the protection of Zimperium, leaving individuals and enterprises at risk.”

It appears that the discovery comes months after Zimperium published its 2022 Global Mobile Threat Report, which suggested a 466% increase in zero–day attacks against mobile devices.

The post Newly Discovered Android Spyware ‘RatMilad’ Targets Enterprise Devices in Iran appeared first on IT Security Guru.

Android Banking Users Targeted With Fake Rewards Phishing Scam

Posted on by Kernel

Earlier today reports of an SMS-based phishing campaign were announced, targeting customers of Indian banks with information-stealing malware that masquerades as a rewards application.

According to the Microsoft 365 Defender Research Team, the messages contain links that redirect users to a sketchy website that triggers the download of the fake banking rewards app for ICICI Bank.

“The malware’s RAT capabilities allow the attacker to intercept important device notifications such as incoming messages, an apparent effort to catch two-factor authentication (2FA) messages often used by banking and financial institutions,” researchers Shivang Desai, Abhishek Pustakala, and Harshita Tripathi said.

In addition to this, the malware is equipped with the ability to steal SMSes, potentially enabling the attacker to swipe 2FA codes sent as text messages and gain unauthorized access to victim accounts.

Similarly to other social engineering attacks, familiar brand logos and names are used in the smishing message as well as the rogue app in a bid to give an illusion of legitimacy and trick the users into installing the apps.

The attacks are recognised as a continuation of an ongoing campaign that has distributed similar rewards-themed apps for other Indian banks such as the State Bank of India (SBI) and Axis Bank in the past.

Once the fraudulent app has been installed, it not only asks for extensive permissions, but also requests users to enter their credit/debit card information as part of a supposed sign-in process, while the trojan waits for further instructions from the attacker.

The app commands allow the malware to harvest system metadata, call logs, intercept phone calls, as well as steal credentials for email accounts such as Gmail, Outlook, and Yahoo.

“This malware’s continuing evolution highlights the need to protect mobile devices,” the researchers said. “Its wider SMS stealing capabilities might allow attackers to the stolen data to further steal from a user’s other banking apps.”

The post Android Banking Users Targeted With Fake Rewards Phishing Scam appeared first on IT Security Guru.

TikTok Vulnerability Discovered on Android

Posted on by Kernel

Researchers have discovered a critical vulnerability in the TikTok Android app which could allow hackers to hijack user accounts remotely.

The vulnerability, CVE-2022-28799, was reported to the ByteDance owned company by Microsoft in February 2022. Tiktok quickly fixed the issue. It is estimated that the app has around 1.5billion downloads on the Play Store, however, Microsoft added, the bug has not yet been exploited in the wild.

Microsoft further explained: “The vulnerability allowed the app’s deeplink verification to be bypassed. Attackers could force the app to load an arbitrary URL to the app’s WebView, allowing the URL to then access the WebView’s attached JavaScript bridges and grant functionality to attackers.”

Microsoft also identified more than 70 exposed JavaScript methods which could be used to grant functionality to the attackers, if paired with an exploit to hijack WebView such as the TikTok bug.

If an attacker did that, they could retrieve the user’s authentication tokens by triggering a request to a controlled server and logging the cookie and the request headers. They would also be able to retreieve or modify the user’s TikTok account data by triggering a request to the app’s endpoint and retrieving the reply via the JavaScript callback.

In their proof of concept, Microsoft wrote: “Once the attacker’s specially crafted malicious link is clicked by the targeted TikTok user, the attacker’s server is granted full access to the JavaScript bridge and can invoke any exposed functionality.”

“The attacker’s server returns an HTML page containing JavaScript code to send video upload tokens back to the attacker as well as change the user’s profile biography.”

Attackers could, with full control over users’ accounts, change the victim’s profile details, send messages, publish private videos and upload content.

This comes not long after concerns in the US over the safeguarding of user data from Chinese staff in July.

The post TikTok Vulnerability Discovered on Android appeared first on IT Security Guru.