Connect with us

Technology

Krita art app users targeted by ransomware posing as paid ‘collaboration’ opportunities • The Register

Voice Of EU

Published

on

Krita, an open-source cross-platform digital painting application, has become the latest victim of ransomware – but rather than being attacked directly, its name is being used to spread malware among users via emails offering advertising revenue.

In one example of the emails seen by The Register the recipient was offered a fee to mention the app on YouTube in a 30 to 45-second advertising spot. The fees on offer: $350 for accounts with 10,000-80,000 subscribers, rising to $1,700 for those with up to a million – or “individually” priced for larger accounts.

Those looking to take advantage of the “offer” are asked to “register as a Krita partner” and sent a link to download the Windows version of the app and a “media pack” of assets – the link, naturally, pointing to a convincingly named domain outside the control of the Krita project and hosting a ransomware dropper which takes over the victim’s system, encrypts their files, and demands payment to reverse the process.

“Some fraudsters are sending mails to artists with offers pretending to be from official Krita team or Foundation,” artist Raghavendra Kamath wrote in one of the earliest warnings about the attack. “They have registered some domains like ‘Krita.io’ which redirect to [the] official .org domain. This confused people and tricks them in believing that the mail they received is from official team.

“I would like to make everyone aware that these mails are fraud mails and if you receive any communication from Krita team which originates from the email address other than foundation@krita.org then please mark it as spam and report for phishing. Also spread this word to your friends who may have got such mails.”

“If you receive mail pretending to come from the Krita team from an email address that does not end in krita.org, like krita.io or krita.app, please be aware that these mails are scams,” the project’s maintainers wrote in their own warning on the topic.

“This is a ransomware attack. If you reply, you will get a link to a ‘mediabank.zip’ file that contains two programs masquerading as videos. There are now also fake installers that you are asked to run. Only download Krita from this website, Steam, Windows Store or Epic Store!”

“I almost downloaded this,” wrote artist and Krita user Philip Hartshorn, one of the targets of the ongoing attack, “as it’s a fairly convincing collaboration email/offer. I just happened to check the Krita Twitter before I did.”

The waters are slightly muddied by the fact that while krita.org is indeed the official domain for the software’s distribution, the project maintains a second domain for its forum: krita-artists.org.

While the first reports of the attack date back to nearly a month ago, evidence shows it is ongoing with the most recent examples dating to 11 September. Many of the sites used in the attack, however, are no longer responding, with registrar Namecheap confirming at least one termination following user reports – but with the attackers jumping onto new domains, the battle continues.

Those looking to download the real Krita are advised to do so from the official website – and to delete any unexpected emails offering collaborations. ®



Source link

Technology

UK competition watchdog unveils advice for antivirus firms • The Register

Voice Of EU

Published

on

The UK’s Competition and Markets Authority (CMA) has unveiled compliance principles to curb locally some of the sharper auto-renewal practices of antivirus software firms.

The move follows the watchdog baring its teeth at McAfee and Norton over the issue of automatically renewing contracts.

The CMA took exception to auto-renewal contracts for antivirus software that customers in the UK signed up for and found difficult to cancel. Refunds and clearer pricing information (including making sure consumers were aware that year two could well end up considerably costlier than the first) were the order of the day.

Today’s principles build on that work, and are aimed at helping antivirus companies toe the line where UK consumer law is concerned. They are a bit more detailed than a simple “stop being horrid.”

The focus remains on auto-renewing contracts, where a customer signs up for a fixed period, then is charged again for subsequent periods. The CMA acknowledges that such arrangements are convenient, but they risk the consumer being locked into an agreement they no longer want or that they get stung with higher fees at renewal time.

While the principles are intended to be helpful, lurking in the background is consumer law and the threat of a potential trip to court for vendors stepping out of line.

First up comes a requirement to make sure customers are informed about auto-renewal, rather than hiding the detail in an End User Licence Agreement (EULA) or burying it in hard-to-read text through which a user must scroll.

Price claims must be “accurate” and “not mislead your customers” – so only show discounts against the normal price. It must also be possible to turn off the auto-renew easily, keep auto-renew turned off once it is off and, if on, make sure customers are reminded in good time that an auto-renew will happen.

Getting a refund must be easier and customers should be able to change their mind when auto-renewal happens. If the customer has stopped using the product, safeguards are needed around auto-renewal.

The last principle could pose a few challenges – how does a vendor become aware that a customer is not using its product? The suggestion from the CMA is to check if software updates are being received rather than simply charging users year after year.

The Register contacted McAfee and Norton for their thoughts on the principles, and will update should the companies respond. ®

Source link

Continue Reading

Technology

Grocery start-up Gorillas raises nearly $1bn in round led by Delivery Hero

Voice Of EU

Published

on

Just a few months after hitting unicorn status, Gorillas has raised another major round of funding from big-name investors.

German start-up Gorillas has raised nearly $1bn to expand its on-demand grocery delivery business.

The Series C funding round was led by Delivery Hero, the German food and grocery delivery giant that recently took a stake in Deliveroo.

Gorillas also received backing from existing investors including Coatue Management, DST Global and Tencent, as well as new investors G Squared, Alanda Capital, Macquarie Capital, MSA Capital and Thrive Capital.

The fresh funding comes just a few months after the company’s $290m Series B, which brought its valuation to more than $1bn.

Gorillas was founded in Berlin in 2020 by Kağan Sümer and Jörg Kattner, promising grocery deliveries in as little as 10 minutes.

It now operates more than 180 warehouses and has expanded to more than 55 cities in nine countries, including Amsterdam, London, Paris, Madrid, New York and Munich.

The company plans to use the latest funding for its next phase of development. This includes reinforcing its footprint in existing markets and investing in operations, technology and marketing.

“The size of today’s funding round by an extraordinary investment consortium underscores the tremendous market potential that lies ahead of us,” said Sümer, who is CEO of the start-up.

“With Delivery Hero, we have chosen a strong strategic support that is deeply rooted in the global delivery market, and is renowned for having unique experience in sustainably scaling a German company internationally.”

On-demand grocery delivery is a growing area in Europe that’s attracting investor attention.

Swedish start-up Kavall raised $5.8m in August, Czech player Rohlik hit unicorn status after its €100m Series C round in July, and Spain’s Glovo secured a €450m Series F round in April to expand in the grocery market.

Gorillas differentiates itself from other players in the market, such as Deliveroo, by employing its delivery drivers rather than relying on gig workers.

However, as the start-up has scaled rapidly over the past year, it has seen delivery workers protest over working conditions and pay, and been put under the spotlight for its treatment of employees.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Continue Reading

Technology

ICO to step in after schools use facial recognition to speed up lunch queue | Facial recognition

Voice Of EU

Published

on

The Information Commissioner’s Office is to intervene over concerns about the use of facial recognition technology on pupils queueing for lunch in school canteens in the UK.

Nine schools in North Ayrshire began taking payments for school lunches this week by scanning the faces of their pupils, according to a report in the Financial Times. More schools are expected to follow.

The ICO, an independent body set up to uphold information rights in the UK, said it would be contacting North Ayrshire council about the move and urged a “less intrusive” approach where possible.

An ICO spokesperson said organisations using facial recognition technology must comply with data protection law before, during and after its use, adding: “Data protection law provides additional protections for children, and organisations need to carefully consider the necessity and proportionality of collecting biometric data before they do so.

“Organisations should consider using a different approach if the same goal can be achieved in a less intrusive manner. We are aware of the introduction, and will be making inquiries with North Ayrshire council.”

The company supplying the technology claimed it was more Covid-secure than other systems, as it was cashless and contactless, and sped up the lunch queue, cutting the time spent on each transaction to five seconds.

Other types of biometric systems, principally fingerprint scanners, have been used in schools in the UK for years, but campaigners say the use of facial recognition technology is unnecessary.

Silkie Carlo, the director of Big Brother Watch, told the Guardian the campaign group had written to schools using facial recognition systems, setting out their concerns and urging them to stop immediately.

“No child should have to go through border-style identity checks just to get a school meal,” she said. “We are supposed to live in a democracy, not a security state.

“This is highly sensitive, personal data that children should be taught to protect, not to give away on a whim. This biometrics company has refused to disclose who else children’s personal information could be shared with and there are some red flags here for us.”

The technology is being installed in schools in the UK by a company called CRB Cunninghams. David Swanston, its managing director, told the FT: “It’s the fastest way of recognising someone at the till. In a secondary school you have around about a 25-minute period to serve potentially 1,000 pupils. So we need fast throughput at the point of sale.”

Live facial recognition, technology that scans crowds to identify faces, has been challenged by civil rights campaigners because of concerns about consent. CRB Cunninghams said the system being installed in UK schools was different – parents had to give explicit consent and cameras check against encrypted faceprint templates stored on school servers.

A spokesperson for North Ayrshire council said its catering system contracts were coming to a natural end, allowing the introduction of new IT “which makes our service more efficient and enhances the pupil experience using innovative technology”.

They added: “Given the ongoing risks associated with Covid-19, the council is keen to have contactless identification as this provides a safer environment for both pupils and staff. Facial recognition has been assessed as the optimal solution that will meet all our requirements.”

The council said 97% of children or their parents had given consent for the new system.

A Scottish government spokesperson said that local authorities, as data controllers, had a duty to comply with general data protection regulations and that schools must by law adhere to strict guidelines on how they collect, store, record and share personal data.

Hayley Dunn, a business leadership specialist at the Association of School and College Leaders, said: “There would need to be strict privacy and data protection controls on any companies offering this technology.

“Leaders would also have legitimate concerns about the potential for cyber ransomware attacks and the importance of storing information securely, which they would need reassurances around before implementing any new technology.”

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!