this post was submitted on 31 Aug 2023

170 points (98.3% liked)

Technology

57472 readers

3622 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

[email protected]

170

How a Well-Regarded Mac App Became a Trojan Horse (gizmodo.com)

submitted 1 year ago by [email protected] to c/[email protected]

23 comments fedilink hide all child comments

Short Summary

The macOS app called NightOwl, originally designed to provide a night mode feature for Macs, has turned into a malicious tool that collects users' data and operates as part of a botnet. Originally well-regarded for its utility, NightOwl was bought by another company, and a recent update introduced hidden functionalities that redirected users' data through a network of affected computers. Web developer Taylor Robinson discovered that the app was running a local HTTP proxy without users' knowledge or consent, collecting users' IP addresses and sending the data to third parties. The app's certificate has been revoked, and it is no longer accessible. The incident highlights the risks associated with third-party apps that may have malicious intentions after updates or ownership changes.

Longer Summary

The NightOwl app was developed by Keeping Tempo, an LLC that went inactive earlier this year. The app was recently found to have been turned into a botnet by the new owners, TPE-FYI, LLC. The original developer, Michael Kramser, claims that he was unaware of the changes to the app and that he sold the company last year due to time constraints.

Gizmodo was unable to reach TPE-FYI, LLC for comment. However, the internet sleuth who discovered the botnet, Will Robinson, said that it is not uncommon for shady companies to buy apps and then monetize them by integrating third-party SDKs that harvest user data.

Robinson also said that it is understandable why developers might sell their apps, even if it means sacrificing their morals. App development is both hard and expensive, and for individual creators, it can be tempting to take the money and run.

This is not the first time that a popular app has been turned into a botnet. In 2013, the Brightest Flashlight app was sued by the Federal Trade Commission after allegedly transmitting users' location data and device info to third parties. The developer eventually settled with the FTC for an undisclosed amount.

In 2017, software developers discovered that the Stylish browser extension started recording all of its users' website visits after the app was bought by SimilarWeb. Another extension, The Great Suspender, was flagged as malware after it was sold to an unknown group back in 2020.

All of these apps had millions of users before anyone recognized the signs of intrusion. In these cases, the new app owners' shady efforts were all to support a more-intrusive version of harvesting data, which can be sold to third parties for an effort-free, morals-free payday.

Possible Takeaways

Minimize the software you use
Keep track of ownership changes
Use software from only the most reputable sources
Regularly review installed apps
Be suspicious about app's unexpected behaviors and permissions

top 23 comments

sorted by: hot top controversial new old

[–] [email protected] 94 points 1 year ago (6 children)

Use software from only the most reputable sources

everyone using brand new lemmy apps from random developers: 👀

[–] [email protected] 23 points 1 year ago

Yeah, this is definitely a problem with brand new services, especially when the native app isn't appealing. For example, I use Liftoff for Lemmy. Open-sourced✅ In official Appstore✅ Relatively transparent who the developer is✅ No special permission starting off✅ Relatively few downloads📛 .

When a mobile app doesn't ask for permissions, it's definitely less nerve-racking than the more permissive desktop environments where the apps don't have to be special to do considerable damages.

[–] [email protected] 15 points 1 year ago (2 children)

At least we can be rest assured that the core lemmy devs, being communists at the very least, probably won't sell out lemmy to profit-chasing scummy companies.

[–] [email protected] 6 points 11 months ago

Sweats in ZA/UM

[–] [email protected] 3 points 11 months ago

It's open source, so there's only so much they can sell out

[–] [email protected] 11 points 1 year ago (1 children)

Most of the apps and devs came over from reddit, they've got a history

[–] [email protected] 10 points 1 year ago

Fucking rif guy went to tildes. I miss rif

[–] [email protected] 7 points 11 months ago (1 children)

Agreed. But FOSS apps for Lemmy exist, use one of those!

[–] [email protected] 4 points 11 months ago (1 children)

I do, but I have no computer science knowledge. I have no way of checking anything and have to rely on others to make sure the developer is trustworthy. I know there are people doing this, but it’s on their own time, they’re volunteering their effort. They may not be monitoring the specific app I’m using, or maybe they’ll be tired from work and won’t check the most recent update until it’s too late and a lot of people installed malware.

Maybe I’m completely wrong about this, like I said this is not my field.

[–] [email protected] 4 points 11 months ago

Well, yes, but the reality is that the crowd-sourced aspect of it is what protects you. But you're right, there's always an element of risk!

[–] [email protected] 6 points 11 months ago

Using chrome, meta, Microsoft, Apple,… tiktok 👀

[–] [email protected] 2 points 11 months ago

But they look better than jerboa! =,[

[–] [email protected] 21 points 1 year ago (1 children)

I appreciate the “take aways” section trying to put on a positive spin, but there’s essentially no way for a regular user to track this. There is also no real technical solution that protects against this and encourages timely application of patches.

We are, with a technical term, screwed.

[–] [email protected] 13 points 11 months ago* (last edited 11 months ago)

True.

Automatic patch => automatic installation of malware
Manual patch => unpatched vulnerabilities

Screwed either way.

[–] [email protected] 13 points 1 year ago (1 children)

I always get paranoid when I notice an app I use having unusual updates.

Example: The gallery app for Android I use, F-Stop, used to post infrequent updates with changelog only stating "stability updates" and such, or nothing. Then a few months ago they started posting quite major feature updates with detailed log. I freaked out if they weren't bought up or something, so I stopped updating and just watched for a few months. So far so good.

But ya know, moral of the story - use open source whenever possible. FOSS community is very vigilant and vocal about such things. It's not bulletproof, but there's a much better peace of mind with foss apps, it's quite crazy.

The proprietary app stores claim how their corporate bullshit is the only secure way to get reliable apps, while in reality it's the exact opposite.

[–] [email protected] 7 points 1 year ago (1 children)

It's nice to use FOSS as much as possible, but in reality, is the source in the binary exactly the same as in the repo? Unless you compile yourself, you still don't know what you get.

[–] [email protected] 8 points 1 year ago (1 children)

In lots of places other people do the compilation and thus guarantee the build, like in Linux distros or F-Droid.

[–] [email protected] 1 points 11 months ago (1 children)

That's nice to know, but I was more thinking about phone apps.
It's harder the be sure that what was uploaded - to let's say Google Store - is not "tweaked" ...

[–] [email protected] 1 points 11 months ago

That is one nice thing about F-Droid. They compile the binary like Linux distros do.

[–] [email protected] 9 points 11 months ago (1 children)

This is why I don't trust using proprietary apps from small startups no matter how reliable the startup might seem.

[–] [email protected] 5 points 11 months ago

Meanwhile people hype the Arc browser to the skies right now. Wouldn’t trust them with anything.

[–] [email protected] 8 points 11 months ago (1 children)

One of my friends who's a windows user asked me the other day, "what program do you use to uninstall your video card drivers" because he saw some article about how using some third party app to uninstall your drivers before updating will give you better frames.... IDK where to begin with that...

[–] [email protected] 7 points 11 months ago

Hopefully your friend didn't encounter a scam, in which case it absolutely won't improve fps. That's the dumbest thing I've ever read. Otherwise it's possible he misunderstood the article.

If it's a misunderstanding, there is genuinely a use case for using third party software to remove graphics drivers. In case anyone doesn't know, neither Intel, AMD or Nvidia uninstall processes completely remove all traces as if they've never been installed.

The software is called "Display Driver Uninstaller", or "DDU" for short, is highly regarded among the tech community for solving various issues with driver upgrades and downgrades if you encounter one. It's strongly recommended when switching between GPUs. It's been discussed and recommended by nearly every high profile technology site and tech YouTube channel. In fact, Intel even has a support page about it.

There's misconceptions about what the "Clean" or "Reset" options do when installing a graphics driver while one is already installed. This option only resets the user settings configured via the control panel provided by the driver package.

https://www.guru3d.com/files-details/display-driver-uninstaller-download.html

https://www.intel.com/content/www/us/en/support/articles/000091878/graphics.html