Tag Archive for: Bully

Zimperium reveals new Android threat ‘the Schoolyard Bully’

/in


Zimperium, the mobile security platform purpose-built for enterprise environments, has revealed details of a newly discovered Android threat campaign that has been stealing Facebook credentials from unsuspecting users since 2018.

The Zimperium zLabs threat research team recently discovered and named the Schoolyard Bully Android trojan, which it found in numerous educational applications that have been downloaded from the Google Play Store and third-party app stores by more than 300,000 victims to date, according to a statement from the company.

Applications hiding the Schoolyard Bully trojan and its malicious code have been removed from the Google Play Store, but are still available on third-party app stores.

These applications are often disguised as legitimate, educational applications with a wide range of books and topics for students to consume, but are capable of stealing details including a users name, email, phone number and password.

Richard Melick, Director of Mobile Threat Intelligence at Zimperium, says, “Attackers can cause a lot of havoc by stealing Facebook passwords. If they can impersonate someone from their legitimate Facebook account, it becomes extremely easy to phish friends and other contacts into sending money or sensitive information. It’s also very concerning how many people reuse the same passwords.

“If an attacker steals someone’s Facebook password, there’s a high probability that the same email and password will work with banking or financial apps, corporate accounts and so much more.”

The Schoolyard Bully trojan primarily targets Vietnamese language applications, but has been discovered in 71 countries so far, illustrating the broader-reaching geographic impact of this campaign. However, the actual number of countries where Schoolyard Bully is active could be even higher and could continue to grow because applications are still being found in third-party app stores.

The malware uses native libraries to hide from the majority of antivirus and machine learning virus detections, and uses the same technique with a native library named libabc.so to store the command and control data. The data is further encoded, to hide all the strings from any…

Source…

Uber Wins Dubious Honor Of Being First Big Tech Company To Bully A Small Nation Using Corporate Sovereignty

/in

Six years ago, when Techdirt first started writing about the investor-state dispute system (ISDS) — or corporate sovereignty as we prefer to call it — it was largely unknown outside specialist circles. Since then, more people have woken up to the power of this apparently obscure element of international trade and investment deals. It essentially gives a foreign company the ability to threaten to sue a nation for millions — even billions — of dollars if the latter brings in new laws or regulations that might adversely affect an investment. The majority of corporate sovereignty cases have been brought by the extractive industries — mining and oil. That’s not least because many of the laws and regulations they object to concern environmental and health issues, which have come to the fore in recent years. New legislation designed to protect local communities might mean lower profits for investors, who then often threaten to use ISDS if they are not offered compensation for this “loss”.

Big tech companies, for all their real or supposed faults, have not turned to corporate sovereignty as a way of bullying small countries — until now. En24 News reports that Uber is threatening to invoke corporate sovereignty in a dispute with Colombia. According to Uber:

a series of recent measures by the Republic have had a serious adverse impact on Uber’s investments in Colombia and the viability of its operations in the country. On December 20, 2019, for example, through the Superintendence of Industry and Commerce (“SIC”), the Republic ordered Uber, Uber Colombia, and another Uber subsidiary that will virtually cease to make the Uber Platform available of Associated Drivers and passengers in Colombia.

Uber points out:

other companies in Colombia and third countries that offer similar forms in Colombia have not undergone the same treatment and continue to operate in Colombia without similar interference from the Republic.

The company claims a wide range of harms:

The illegal order of the Republic to block the Uber Platform in Colombia also constitutes an act of censorship in contravention of international human rights instruments that protect net neutrality, freedom of expression on the internet and freedom of use of the internet.

At the moment, this is all just saber-rattling, designed to encourage the Colombian government to unblock Uber in the country. If it doesn’t, the company says, it will invoke the ISDS Articles (pdf) of the 2012 United States-Colombia Trade Promotion Agreement, and ask a tribunal to award compensation. Even if the current threat to use corporate sovereignty is not followed through, it is surely only a matter of time before another big tech company joins the ISDS club.

Follow me @glynmoody on Twitter, Diaspora, or Mastodon.

Permalink | Comments | Email This Story

Techdirt.

California Man Gets Sued After Trying To Trademark Bully A Theme Park

/in

We’ve seen a great many examples of trademark lawsuits here at Techdirt. In most cases, those lawsuits are levied by individuals and companies that are the trademark bully, but that’s not always the case. We also see plenty of suits that are raised in defense of such bullying, in which the entity suing asks the court to simply affirm that its use is not infringing. Trademark bullies, of course, don’t like when that sort of thing happens.

Meet Scott D’Avanzo of California. Scott did a pretty cool thing and created a haunted house attraction in his garage, naming it the “Mystic Motel.” Then he came across the plans of the Silver Dollar City theme park near Branson for its new “Mystic River Falls” water rafting ride. At that point, he did the very un-cool thing of contacting Mystic River over the trademark he had on his haunted house and demanding to speak about the name of the new ride.

Scott D’Avanzo said he sent Silver Dollar City a letter earlier this year asking the theme park to contact him about the name, which he claims is similar to the “Mystic Motel” name he used for a haunted house attraction he started out of his garage.

“You have to police your trademarks,” D’Avanzo said. “That’s all we were doing is protecting what was ours.”

D’Avanzo said he has sent many letters to other businesses that are similar to the one he sent Silver Dollar City. He said his letters are usually followed by a phone call where the two parties can work out some parameters for use of the name.

Silver Dollar City, however, didn’t bend the knee to D’Avanzo. Instead, the theme park filed a lawsuit, seeking to have the court declare that the name of its ride at a large-ish theme park doesn’t somehow violate the trademark rights for a garage-based haunted house. The reported arguments Silver Dollar City makes are the ones you would expect; namely, that its use of the word “Mystic” isn’t going to cause confusion among the public for a “family project and neighborhood attraction.” That’s all the theme park wants: the reasonable use of the name of its ride.

But Silver Dollar City doesn’t stop there. The theme park also points out that D’Avanzo didn’t oppose its trademark application, didn’t say a word about it until it came time for a money-grab, and, oh, D’Avanzo destroyed his Mystic Motel setup entirely some time ago.

Upon information and belief, both the “Mystic Motel” “dark house” and the Christmas-themed “Journey to Polar Point” family projects were destroyed or deconstructed at some time. Upon information and belief, the “Mystic Motel” and “Journey to Polar Point” marks were not in continuous use with those projects during certain years. Upon information and belief, the “Mystic Motel” and “Journey to Polar Point” marks were not used at all or in interstate commerce with those projects during certain years. Upon information and belief, the “MYSTIC MOTEL” mark does not appear to be in use at this time. Upon information and belief, Mr. D’Avanzo and his family are not currently living in the Ladera Ranch house and they appear to have no ability to offer the “dark house” attraction under the “MYSTIC MOTEL” mark for Halloween this year.

In fact, the filing goes so far as to claim that D’Avanzo’s trademark application itself may have been built on lies, where he claims to be using the “Mystic Motel” mark in interstate commerce, but never did. On top of that, D’Avanzo created a separate company, Adrenaline Attractions, to which he assigned the trademark. Adrenaline Attractions doesn’t provide amusement attractions, but instead consults with parks to design rides, which isn’t the market designation for which D’Avanzo has his trademark. Also, Adrenaline Attractions appears to have exactly one customer. Again, this is not a story about confusion in commerce, but about a money-grab.

This, somehow, rates with D’Avanzo as bullying.

“That’s what they are is a big bully,” D’Avanzo said of Silver Dollar City.  “I’m not a stranger to the court,” D’Avanzo said. “And if I have to fight, I will.”

Any reasonable assessment of the situation would result in Silver Dollar City’s request for declaratory judgement to be granted. I’d only like to add that it takes chops to bully a company over a trademark, have that company ask the court to defend it from the bullying, and then call the company the trademark bully.

Maybe D’Avanzo can add an IP wing to his haunted house, except he doesn’t appear to actually have one any longer.

Permalink | Comments | Email This Story

Techdirt.