Image: ESET (supplied) Researchers from cyber-security firm ESET announced today that they discovered a never-before-seen malware framework with advanced capabilities that are rarely seen today. Named Ramsay, ESET says this malware toolkit appears to have been designed to infect air-gapped computers, collect Word and other sensitive documents in a hidden storage container, and then wait […] More

Uber and Lyft will share information on drivers that have been banned from their platforms for reasons including sexual and physical assault. 

The Industry Sharing Safety Program, announced on Thursday, will be managed by workforce solutions provider HireRight. 
If drivers are banned from working on one of the firms’ platforms for “serious” safety incidents, at present, they could theoretically move to the other and resume work either as passenger transport or for delivery services. 
However, the new US program may stop these transitions from going under the radar. 
According to Tony West, senior VP and chief legal officer at Uber, “safety should never be proprietary.”
“Tackling these tough safety issues is bigger than any one of us and this new Industry Sharing Safety Program demonstrates the value of working collaboratively with experts, advocates, and others to make a meaningful difference,” West commented. 
The platform will allow both Uber and Lyft to exchange data on drivers ‘deactivated’ for sexual assault, misconduct, and “physical assault fatalities.” HireRight will collect and manage driver data.

Uber and Lyft say the platform will “incorporates learnings from anti-sexual violence advocates over the past several years and prioritizes safety, privacy, and fairness for both drivers and survivors.”
The program will be opened to similar transport and delivery companies in the United States. 
In other Uber news, in February, a UK court ruled that Uber drivers in the UK could not be considered self-employed. The long-running legal battle, in which Uber argued its drivers were contractors and, therefore, not entitled to certain employment protection or a minimum wage, was lost as the Supreme court disagreed. 
For drivers, this means that they may be entitled to back pay and compensation. For Uber, this means the company’s entire business model — based on gig-economy workers — needs to be revised, at least in the UK. 
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Thomas Fuller/SOPA Images/LightRocket via Getty Images Follow ZDNET: Add us as a preferred Google source<!–> on Chrome. ZDNET’s key takeaways Apple TV+ will soon cost $12.99 a month. The 30% price increase is the streaming service’s third in three years. The price of a full-year subscription remains the same at $99 If you’re an Apple TV+ subscriber, […] More

Fake Android apps are being deployed on the handsets of Kurds in a surveillance campaign promoted across social media.  

On Tuesday, researchers from ESET said an attack wave conducted by the BladeHawk hacking group is focused on targeting the Kurdish ethnic group through their Android handsets.  Thought to have been active since at least March last year, the campaign is abusing Facebook and using the social media platform as a springboard for the distribution of fake mobile apps.  The researchers have identified six Facebook profiles connected to BladeHawk at the time of writing, all of which have now been taken down. While they were active, these profiles posed as individuals in the technology space and as Kurd supporters in order to share links to the group’s malicious apps.  ESET says that at minimum, the apps — hosted on third-party websites, rather than Google Play — have been downloaded 1,481 times.  BladeHawk’s fake applications were promoted as news services for the Kurdish community. However, they are harboring 888 RAT and SpyNote, two Android-based Remote Access Trojans (RATs) which enable the attackers to spy on their victims. 

SpyNote was only found in one sample, and so it appears that 888 RAT is currently BladeHawk’s main payload. The commercial Trojan, of which a cracked and free version has been made available online since 2019, is able to execute a total of 42 commands once executed on a target device and a connection to the attacker’s command-and-control (C2) server is established.  The Trojan’s functions include taking screenshots and photos; exfiltrating files and sending them to a C2; deleting content, recording audio and monitoring phone calls; intercepting and either stealing or sending SMS messages; scanning contact lists; stealing GPS location data; and the exfiltration of credentials from Facebook, among other functions.  The researchers say that the RAT may also be linked to two other campaigns: a surveillance campaign documented by Zscaler that spreads via a malicious and fake TikTok Pro app, and Kasablanca, threat actors tracked by Cisco Talos who also focus on cyberespionage.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

ReMarkable Paper Pro <!–> ZDNET’s key takeaways The ReMarkable Paper Pro is on sale in a bundle for $629, with refurbished devices starting at $499. It improves on its predecessor with a larger color screen and a host of integrations for popular productivity software. It’s expensive, the Marker is sold separately (even though it’s a […] More