​A prolific form of Android spying malware was left undetected in the Google Play store for four years and is likely to have affected hundreds of thousands of users, according to the team of researchers who discovered it.

The team from cyber security firm Bitdefender discovered the “highly sophisticated Android espionage platform” earlier this year, although they believe it had been active since 2016, first targeting Android users in Australia and then users in the Americas and Europe, including the UK.

The malware has been further defined as a strain of spyware, which allowed its authors to snoop on any user that downloaded infected apps and access personal data, such as device preferences, the contents of their address books and messages, as well as device usage data and inactivity times.

Researchers have named the spyware ‘Mandrake’, as the criminals behind it were found to be using names of toxic plants for their development branches.

The team also found that Mandrake conducted phishing attacks on applications including Amazon, Gmail, PayPal, Google Chrome, as well as popular cryptocurrency wallet apps such as Lunoor, Coinbase and numerous banking apps from around the world. UK banks were not listed by Bitdefender among the victims.

The creators of the malware attempted to gain a strong presence on the app market and circumvent Google Play security by publishing their own malicious apps, such as OfficeScanner and CoinCast, and generated fake comments and downloads in order to ensure that their application made it to the trending section of Google Play.

The malware developers went to great lengths to ensure their apps came across as legitimate software, including by engaging with negative reviews and comments, and delivering fixes to the apps.

The marketing behind the malicious apps was so extensive that CoinCast not only had an official website, but also a strong social media presence on Facebook, Twitter, Reddit, and YouTube.

Hackers even tried to evoke trust among its potential victims by listing an address for its  OfficeScanner app on its Facebook page, namely the Engineering and Mathematical Sciences Building in Milwaukee, Wisconsin.

Alongside CoinCast and OfficeScanner, Bitdefender also listed Abfix, SnapTune Vid, Currency XE Converter, Horoskope, and Car News as other malicious applications developed by Mandrake operators.

The Bitdefender team estimates “the number of victims in the tens of thousands for the current wave, and probably hundreds of thousands throughout the full 4-year period”.

“We can also extrapolate that every victim of Mandrake has most probably been exposed to some form of data theft,” they said.

The discovery made by Bitdefender comes weeks after a group of cyber security experts from Cybereason Nocturnus found that a mobile-based trojan was capable of compromising Android’s accessibility features in order to steal user data from banking applications and read user’s SMS messages, allowing the malware to bypass two-factor authentication.

Software giant VMware has said it plans to acquire specialist Kubernetes company Octarine, a deal at the core of VMware’s drive to become a major security provider.

Following the firm’s decision to snap up Carbon Black seven months ago, VMware is hoping to integrate Octarine’s security platform for Kubernetes applications into its broader security services. 

The company’s technology helps simplify DevSecOps and enables cloud-native environments to be more secure from development through runtime, according to Carbon Black’s CEO Patrick Morley.

“The unique properties of the cloud (speed, agility, scale) mean that developers are increasingly using containers to modernize applications. As with any major technology adoption, attackers are not far behind, looking to take advantage of new risk areas,” he said.

“Protecting workloads is critical to the security of applications and data inside every organization. Building Octarine’s innovation into the VMware security portfolio will present a major opportunity for our team to further simplify and improve security for our customers.”

The move is seen as a leap forward for VMware, which has launched a significant push into the security market through investments and acquisitions.

Over the past two decades, there can be few tech workers who have put in a harder shift than Microsoft’s branding department. Barely a week seems to pass without them changing the name of a product, sometimes putting it back to the original name a few months later, just to confuse the hell out of everybody.

The latest makeover victim is Office 365 – the subscription suite that encompasses Word, Excel, PowerPoint and so on – which is being rebadged as Microsoft 365. One can only imagine the amount of blue-sky, think-outside-the-box, no-idea-is-a-silly-idea brainstorming that went into that one.

In this case, however, I suspect the name change is more than just cosmetic. In fact, it could be an indication of a massive change to come.

While the contents of a Microsoft 365 subscription look very much like Office 365 right now, I wouldn’t mind betting that switching to the more general Microsoft name tag is paving the way for the company to add Windows to the package. No longer will your operating system be priced into the cost of a new PC or laptop. Instead, those devices will come with a 30-day free trial of Windows (much like Office does now), after which you’ll be expected to take out a subscription to keep the operating system active. 

If you’re muttering “not another bloody subscription” as you read this and are about to let out a scream that will be heard two counties away, let me explain why this might not be such a terrible thing. 

First, you pay for Windows anyway. You may not notice it, and you might have been told Windows 10 was “free”, but it’s not. The PC makers pay anything up to £50 per licence for Windows 10, and that cost is added to the price of new computers. If Microsoft were to turn that into a free trial, you’d hope the PC makers would pass on the savings. 

Second, if Microsoft is charging you directly for Windows, it has a responsibility to support it. That means not simply directing you to a website or “chat assistant”, but proper telephone support, because if they don’t fix your problem, you don’t pay them next month. In other words, Microsoft will have a direct financial incentive to sort out its support.

Finally, and this is the biggie, a Windows subscription makes it much easier to move to the model that will shape computing in this decade: streaming. I’m 99% certain that by the end of this decade, you won’t be running Windows on the PC in front of you, but streaming it over the internet. 

Your Windows installation will be hosted in one of Microsoft’s massive data centres, and whether you’re using a laptop, desktop PC, tablet or streaming device plugged into a screen – much like Amazon’s Fire Sticks – you’ll stream Windows over your fibre broadband connection. 

Microsoft will look after backup for you; Microsoft will store all your documents, photos and other files; Microsoft will charge you for all this in one convenient monthly sum and will call it Microsoft 365. Well, at least until the branding department has another brainwave.

​Appian has unveiled three new apps intended to help organisations better weather the storm created by the ongoing coronavirus pandemic.

The three apps, COVID-19 Response, Paycheck Protection Program and Workforce Safety & Readiness, were all built and released over the course of the fast two months and address different aspects of the challenges businesses are facing right now.

Speaking at the opening day keynote of the company’s now virtual annual conference, CEO Matt Caulkins said COVID-19 Response, which was launched in March, “is about responding to [the disease] and tracking the health of an employer’s workforce”.

“Everything about this application is free – the software is free, the intellectual property is free, the installation, the web hosting, the support and services, everything is completely free,” said Calkins, adding that it quickly became the most popular launch in the history of the company.

“It was taken up really well by our customer base, we had 500 downloads in the first few days, and then soon it was over 1,000,” he said.

Paycheck Protection Program, launched in April, focuses on helping banks process one the US government’s key financial responses to the coronavirus pandemic: small business loans.

“My favourite thing about this application is the way it showcases the power of automation. It uses artificial intelligence to read loan applications and then it uses robotic process automation to upload them to a government portal and it uses people to manage compliance,” said Calkins.

“This is the North Star of automation, it’s the combination of human workers and digital workers in the same workflow. It’s exactly what the automation industry is aiming for.”

Finally, Workforce Safety & Readiness helps organisations prepare for the reopening of their offices as the pandemic starts to subside.

“The purpose of the application is to get your employees back to work safely, carefully, and cautiously and we do that by considering more information than we would have if you just told people to come back if they met CDC (Centres for Disease Control) guidelines,” explained Calkins. 

“Instead, we’re going to take a lot of things into account – how many workers should really be in each facility in your organisation and which workers should they be on day one? And on day 10? And on day 50?” he continued.

“We’re going to take into account a lot of additional factors in the name of safety, such as how many people live in their household and how old are those people? Who do they come to work in the same office with, to be sure that we don’t have them both come in on the same day? Can their job be done at a distance effectively?

“All this information is stored in a HIPAA-certified cloud and it’s exceptionally easy to use. Users log in every morning  on any device to update their health, answer a few questions  and then they’re told whether they should come to work today and what days they should plan to come to work.”

All three apps are available immediately.

Twitter has told employees that they can choose to work from home forever if they wish as the coronavirus lockdown continues to shape the new normal in working culture.

The San Francisco-based company has also announced that they will not be reopening their offices before September, “with very few exceptions”. Even when offices do reopen, the staff will be able to choose whether they want to return to them.

In a blog post detailing the decision, Twitter’s People VP Jennifer Christie said that although Twitter “was one of the first companies to go to a work from home model in the face of COVID-19”, the company does “not anticipate being one of the first to return to offices”.

“Opening offices will be our decision, when and if our employees come back, will be theirs,” she said.

The decision was made after Twitter has found that their 4,600 employees can work from home in a successful manner. Nevertheless, Christie emphasised that staff who prefer working from the offices will be able to do so: “Our offices will be their warm and welcoming selves, with some additional precautions, when we feel it’s safe to return.”

The company also announced a ban on business travel before September, as well in-person company events for the rest of the year. Events scheduled for 2021 are to be assessed by the end of 2020.

Commenting on Twitter’s announcement, Saka Nuru, head of product marketing for Fintech Eco Systems and Payments at Intuit Quickbooks, said that “we will no doubt see more [companies] follow in Twitter’s footsteps in the months to come”.

“The fact that Twitter can commit to this promise, is an indication of how adept our technology solutions have been at facilitating remote working. Cloud-enabled Software-as-a-Service solutions as well as video conferencing service have evidently been a huge success when transitioning to a largely at-home environment, even for larger companies,” he said.

Twitter’s unprecedented announcement comes days after Facebook and Google confirmed that they will continue to allow employees to work from home for the rest of the year. Apple, on the other hand, is reportedly planning to allow some employees back into its global offices soon, including its Apple Park headquarters in Cupertino, California. ​

The parent company of shopping chain Lidl is reportedly gearing up to launch a cloud computing service for third party retailers. 

German-based Schwarz Gruppe recently acquired software firm Camao IDC, according to Lebensmittel Zeitun, and is now looking to build a rival to Amazon Web Services (AWS).

Cloud computing is a fiercely competitive industry with some of the biggest names in tech fighting for a share of the market. Companies like IBM, Google and Microsoft all deliver slightly different cloud-based services, but each one trails behind AWS.

Cloud Pro has approached Schwarz for comment as there is very little detail on the alleged service, but there is a suggestion that it will be more of a rival to China’s Alibaba as it appears to be more e-commerce-based.  

The acquisition is alleged to have brought 70 cloud computing specialists into the Schwarz Gruppe, which is seen as a key part of the strategy. The company’s head of strategy and business management, Stefan Herold is said to be heading up the new cloud division, which is thought to have been accelerated due to the current coronavirus pandemic. 

Many cloud-based services have enjoyed a surge in users, with remote and automated technologies coming to greater prominence since lockdowns have been enforced. Most retail outlets have either closed and furloughed staff or have shifted to online operations only. 

It is thought that Schwarz will use its cloud service to enable an online delivery service for Lidl, which was reported in January as launching sometime this year.

In October, Lidl advertised for ‘digital managers’ for an unnamed e-commerce project and the company’s UK digital director Alex Murray reportedly suggested online plans were in the works during an industry conference in 2018.

Amazon Web Services (AWS) has announced the general availability of Amazon Kendra, a machine learning-based search service for organisations with large datasets.

Kendra enables businesses to index all of their internal data sources, make that data searchable, and allow users to get precise answers to natural language queries with just a few clicks, according to AWS.

The service doesn’t require machine learning expertise and can be set up completely within the AWS Management Console. A key part of it is that rather than using keywords to search through datasets, Kendra uses machine learning algorithms that can understand specific questions.

This enables businesses to search internal documents spread across portals and wikis, research organisations to create a searchable archive of experiments and notes, and contact centres can use it to find the right answer to customer questions across a library of documentation.

“Our customers often tell us that search in their organisations is difficult to implement, slows down productivity, and frequently doesn’t work because their data is scattered across many silos in many formats,” said Swami Sivasubramanian, VP of Amazon Machine Learning.

“Using keywords is also counterintuitive, and the results returned often require scanning through many irrelevant links and documents to find useful information.”

Kendra is underpinned by technology that understands natural language, and as such employees can run searches with detailed questions. They can still use keywords, but it is optimised to understand complex language from multiple domains, including IT, healthcare and life sciences.

Kendra also supports industry-specific language from insurance, energy, industrial, financial services, legal, media and entertainment, travel and hospitality, human resources, news, telecommunications, mining, food and beverage, and automotive.

The service encrypts data in transit and at rest, according to AWS, and it integrates with commonly used data repository types such as file systems and relational databases, so developers can index their company’s content with just a few clicks, and provide end-users with accurate search without writing a single line of code.

Microsoft will soon give end-users the ability to revoke encrypted email messages sent using its Office 365 Message Encryption (OME) service.

The OME service is built on Azure Rights Management (Azure RMS) and lets businesses send encrypted emails to people inside or outside of their organisation using Outlook.com, Gmail and other email services with support for encryption.

Currently, only IT administrators can make use of the service’s ability to revoke encrypted emails that have already sent, but as first reported by Bleeping Computer, Microsoft is planning to expand this capability to end-users in the fourth quarter of 2020.

“As part of Office 365 Advance Message Encryption, we are extending the email revocation capabilities to the end-user,” Microsoft explains. “Previously, you had to be an admin to revoke an already sent message; with this update, end users will have this capability as well.”

Once an email is revoked, recipients will receive an error stating “The message has been revoked by the sender” when they attempt to access the encrypted message.

The feature, which will help companies to prevent leaks and enterprise data theft, will be available to users whose business is signed up to an Office 365 subscription with Advanced Message Encryption. This is offered as part of Microsoft 365 Enterprise E5, Office 365 E5, Microsoft 365 E5 (Nonprofit Staff Pricing), Office 365 Enterprise E5 (Nonprofit Staff Pricing), and Office 365 Education A5.

As part of Microsoft’s wider efforts to improve its services as employees continue to work from home during the pandemic, the company also announced this week that it has started rolling out a new feature that will protect users from reply-all email storms. The Reply All Storm Protection tool for Office 365 will block subsequent replies to an email thread for four hours when it detects 10 reply-all emails to over 5,000 recipients within 60 minutes.

Prior to that, the company upgraded its Microsoft Teams collaboration platform to support up to nine people in participant view, and also made its the Yammer Communities app available in Teams.

Last weekend we hosted a Zoom-based birthday party for my girlfriend, packed with a four-round quiz, six-part scavenger hunt and a few rounds of e-Pictionary. Oddly enough we were having just as much fun online as we would if we’d headed for a night out at Popworld, as was originally planned. This has become the new normal, and we’re not alone. 

Millions of us have inexplicably signed up to the business-centric video conferencing platform in recent weeks to stay in touch with friends and family. Our online gatherings now extend beyond work meetings into the realm of virtual pub trips, birthday parties, and even pre-booked dance classes. 

Even as the coronavirus crisis began escalating, nobody could have foreseen the extraordinary surge in Zoom’s popularity, especially given the former dominance of Skype. Not even Zoom’s founder and CEO, Eric Yuan, would have anticipated a thirty-fold increase in usage, with daily meeting participants ballooning from 10 million in December 2019 to 300 million just last month. 

Zoom’s surge is bizarre in many ways, none more so than how it flew by Skype, although the surge in popularity is something of a special case. Its success is entirely predicated on a short-term growth in demand fuelled by COVID-19 lockdown measures, which will likely be lifted to a great extent by the end of the year. The firm’s privacy and security woes have proven that success isn’t always a walk in the park either, but these problems are ultimately manageable. The more worrying challenge might come a little later down the line.

There’s every possibility, first of all, that the company has hit its peak in terms of its user base. Additionally, many of us have been taking advantage of the company’s cost-free tier, meaning the company now encounters a headache that oddly enough resembles the existential crisis plaguing the digital media industry. While online publications have had no problem attracting hundreds of millions of online readers, figuring out how to monetise this massive traffic has been difficult. Zoom, similarly, may struggle to actually convert this unprecedented demand into a viable revenue stream.

To make matters trickier, phasing in a cost-barrier beyond a 40-minute time limit, which itself can be easily bypassed by starting a new conversation with participants, may drive people away. The likes Skype or Facebook’s own newly announced services are just as capable.

The final, crucial point to consider is that people aren’t attached to Zoom as a company or platform, but to the friends and family it allows them to keep in touch with. Once lockdown measures are lifted, it’s more likely than not we’ll leave the service as quickly as we found it and arrange to meet up in-person with the folks we’re desperately missing. As enjoyable as our Zoom-based birthday bash was, I’d still choose that night out in Popworld if given the option.

For these reasons, the company’s explosion in popularity, a surge in daily participants and even its exorbitant $40.5 billion valuation – more than double its $16.1 billion market value in January – are all highly volatile. Zoom’s executives, therefore, must ensure all business and product decisions made in light of this short-term success are sufficiently future-proofed.

There really is no predicting what might happen in a world riddled with coronavirus, but there’s every chance that once we’re all allowed outside and Zoom’s active daily user count plummets, its investors will lose confidence and cut their losses. That could leave the company in a far more precarious position than it has ever been, even before COVID-19. While Zoom represents an astounding story of business success in 2020, the same forces that fuelled its rise may also be the root of its downfall.

The House of Commons is reportedly looking at alternatives to video conferencing service Zoom due to concerns about its security capabilities. 

The lower house of Parliament is already testing a UK-based provider called StarLeaf, according to The Telegraph. 

Parliament IT teams are also looking for a service that can display as many MPs as possible at once, with many members frustrated by the current system used by Zoom that jumps around when someone speaks, according to The Telegraph. 

StarLeaf, like a number of video conferencing services, has seen a surge in usage since the coronavirus pandemic hit and a number of organisations have looked for alternatives to Zoom due to its poor security reputation. 

Norwegian firm Pexip is also currently enjoying a big spike in users, with big-name customers such as Intel, Vodafone and even the Irish Court system. StarLeaf is said to be readying a push into both Ireland and Northern Ireland, which could be made easier with a successful trial with the UK’s government. 

“The House of Commons has already purchased some hardware from us, their IT department is currently testing the software and they’re doing a security analysis on us,” Starleaf CTO Will MacDonald said to The Telegraph. 

If successful, the House of Commons will become the latest organisation to be added to the ever-expanding list of those that have ditched Zoom. Companies like Google, the FBI and even the country of Taiwan have banned the video conferencing service over issues about encryption standards and ‘Zoom-bombing’. 

The company has made repeated attempts to shore up its services but its reputation has taken a big hit and it’s proving too much of a concern for many. The House of Commons would be the first of the government’s institutions to ditch the video conferencing service, despite the Ministry of Defence labelling the services as a security risk a few months ago. ​