Cheap banking scams are often easier to pull off in a country with older devices, fewer regulations, and experienced fraudsters.

Source: Jayant Bahel via Alamy Stock Photo

A series of fake banking apps are making the rounds in India, mimicking trusted institutions to steal credentials and, ultimately, money.

The scale of the campaign is impressive, featuring nearly 900 different malware samples tied to around 1,000 different phone numbers used to perpetrate the fraud. Researchers from Zimperium observed all those malware couched in apps that mimic billion-dollar financial institutions, designed to target regular people across India.

**Banking Fraud in East India**

Across India, regular people have been receiving WhatsApp messages carrying malicious Android Package Kit (APK) files. Once downloaded, these APKs open into fake apps mimicking one of more than a dozen banks, including most of the largest in India: HDFC Bank, ICICI Bank, the State Bank of India (SBL), and others.

Source: Zimperium

The apps ask victims to submit their most sensitive financial information, including their mobile banking credentials, credit and debit card numbers, ATM PINs, Permanent Account Number (PAN) Card — used for various financial and government purposes, like paying taxes or opening a bank account — and Aadhar Card, and equivalent to a Social Security number (SSN).

To allow the attackers to log into victims' bank accounts, the malware intercepts one-time passwords sent via SMS, and redirects them either to an attacker-controlled phone number, or a command-and-control (C2) server running on Firebase.

Related:Russian APT Phishes Kazakh Gov't for Strategic Intel

The malware also sports stealth and anti-analysis measures, like "packing," where the malware is compressed, encrypted, and obfuscated to the point of illegibility. It can install itself invisibly by taking advantage of accessibility services, and obtain all conceivable permissions on users' devices by simply prodding a user to thoughtlessly hit "Allow" when it asks nicely.

"Since you don't see the app, it's not easy to uninstall it," explains Nico Chiaraviglio, chief scientist at Zimperium. "And then you \[have to deal with the\] higher permissions. So if you want to uninstall the app, the device will say you cannot install it because it's a system app. You basically need to connect the phone to a computer and uninstall it using the Android Debug Bridge (ADB). It's not something that you can do from a regular user's standpoint."

**Why Fraud Works in India**

Phone numbers tied to the campaign lovingly named "FatBoyPanel" have tended to concentrate in eastern states: West Bengal (30.2%), Bihar (22.6%), Jharkjand (10%).

That FatBoyPanel seems to be going so well, Chiaraviglio thinks, comes down to a couple of obvious factors. First: older, outdated phones are common in East India, and, "If you want to run some sort of exploit, it's easier to do on older devices," he says.

Related:Chinese APT Group Is Ransacking Japan's Secrets

"It's also widely known that there are a lot of scammers in India," he adds. In this campaign, "They are targeting some specific apps, and this basically tells you that the attackers are Indians, and that they know the market that they are working in."

One thing surprised him, he says: "We publish a report every year on banking Trojans, and we see most of them targeting many different countries at the same time. It's very uncommon that we see a campaign that is only targeting one country."

**About the Author**

Nate Nelson is a writer based in New York City. He formerly worked as a reporter at Threatpost, and wrote "Malicious Life," an award-winning Top 20 tech podcast on Apple and Spotify. Outside of Dark Reading, he also co-hosts "The Industrial Security Podcast."

Basket of Bank Trojans Defraud Citizens of East India

A banking malware campaign using live phone numbers to redirect SMS messages has been identified by the zLabs research team, uncovering 1,000+ malicious apps and 2.5GB of exposed data.

Mobile devices have become a prime target for financial fraud, as the availability of digital payments and interception of OTPs (one-time passwords) for authentication make them vulnerable. Threat actors’ latest targets are Indian bank users, forced to reveal sensitive financial/personal data in a sophisticated mobile malware campaign, uncovered by the Zimperium zLabs research team. 

According to the company, banking trojans are targeting Indian banks and government institutions, and live phone numbers are used to intercept and redirect SMS messages, putting sensitive data at risk. This campaign is believed to be the work of a single threat actor and targets mobile devices running the Android OS. The researchers have dubbed the actor as “FatBoyPanel.”

This “coordinated effort” utilizes over 1,000 malicious Android applications designed to steal financial and personal data, researchers noted in the blog post shared with Hackread.com ahead of publishing on Wednesday. 

These apps, disguised as legitimate banking and government tools, are distributed primarily through WhatsApp. Victims are tricked into revealing Aadhaar and PAN card details, ATM PINs, and mobile banking credentials.

The most frequently impersonated banks are:

*   ICICI: 15.2%
*   SBI: 10.5%
*   RBL: 11.9%
*   PNB: 12.9%

Unlike traditional malware campaigns, this one employs a more innovative approach towards OTP theft. As observed by Zimperium researchers, instead of relying solely on command-and-control servers, the malware intercepts and redirects SMS messages in real-time using live phone numbers.  This method, however, leaves a traceable digital trail and may aid law enforcement in identifying the perpetrators.  

ZLas researchers have identified around 900 malware samples and approximately 1,000 phone numbers involved in this operation. Around 63% of these numbers were registered in West Bengal, Bihar, and Jharkhand.

*   Bihar: 22.6% of victims
*   Jharkhand: 10.0% of victims
*   West Bengal: 30.2% of victims

The scope of this campaign is substantial.  Analysis of the malicious apps reveals shared code, user interface elements, and app logos, indicating a centralized operation.  Furthermore, researchers discovered over 222 unprotected Firebase storage buckets containing 2.5 gigabytes of stolen data.  This exposed information, including bank details, card information, government IDs, and SMS messages, affects an estimated 50,000 victims.

The phishing UI used within the app to steal sensitive information, along with the admin dashboard view of the C&C servers managed by the threat actors (Via Zimperium zLabs)

The malware operates in three distinct variants: SMS Forwarding, Firebase-Exfiltration, and a Hybrid approach.  All variants intercept and exfiltrate SMS messages, including OTPs, enabling unauthorized transactions.  Evasion techniques include hiding its icon, resisting uninstallation, and using code obfuscation and packing.  

The top sources of distribution of SMS messages based on their sender are:

*   Jio Payments: 47.4%
*   Airtel Payments Bank: 18.5%

Hardcoded phone numbers within the malware and the Firebase endpoints act as exfiltration points for stolen data. The administrative dashboard for this platform even contained a “WhatsApp Admin” button, suggesting a multi-user environment and facilitating direct communication among the threat actors.

To protect yourself from mobile malware, download apps from official app stores and avoid downloading APK files from websites, messaging apps or untrusted sources. Verify app details before installing and avoid apps that request excessive permissions for a secure mobile experience.

Banking Malware Uses Live Numbers to Hijack OTPs, Targeting 50,000 Victims

Organizations and development teams need to evolve from "being prepared" to "managing the risk" of security breaches.

Kirsten Newcomer, Director, Cloud and DevSecOps Strategy, Red Hat

February 4, 2025

4 Min Read

Source: RTimages via Alamy Stock Photo

COMMENTARY

It's a perfect storm: The cost of a data breach is rising, known cyberattacks are becoming more frequent, security expertise is in short supply, and the demand for connectedness — to deliver and act on even the most sensitive of data across all devices, and all the way to the network edge — is unyielding. A recent example that affects anyone who texts between Android and iPhone devices is the Salt Typhoon attack. Meanwhile, industry and government regulations are tightening, demanding stricter proof of security measures and faster reporting of breaches, raising the stakes for "getting it wrong."

In its most recent analysis, Verizon Business found that organizations take an average of 55 days to remediate 50% of critical vulnerabilities listed in the Cybersecurity and Infrastructure Security Agency's (CISA's) Known Exploited Vulnerabilities (KEV) catalog. Unfortunately, cybercriminals respond far more quickly, with mass exploitations of the CISA KEV appearing on the Internet within a median of five days. 

That's why organizations and development teams must evolve from "being prepared" to "managing the risk" of security breaches.

Vulnerability risk management is not a new concept, but I am noticing that organizations are attempting to manage risk in one of two ways — by setting up guardrails (proactive) or patching (reactive). Neither is optimal.

The key is to balance the two, highlighting the critical importance of adopting a DevSecOps approach. "DevSec" solutions are focused on shifting security left by integrating security gates into the continuous integration and continuous delivery (CI/CD) pipeline. "SecOps" solutions are focused on detecting and responding to threats in the runtime environment. 

Here's a look at the challenges to each approach.

**The Vulnerability Patching Approach**

On its face, patching sounds simple enough: When a software vulnerability is revealed, patch it. However, that assumes that developers and security teams have the resources to quickly monitor for issues, create or identify patches, and then test and apply those patches — before cyberattackers can take advantage of the vulnerabilities themselves. 

AI will eventually help developers more efficiently identify vulnerabilities, but we're not at that point yet. Right now, AI and the demand for AI-enabled applications is only adding to the potential for unidentified vulnerabilities. AI code generation tools increase the likelihood of introducing hard-to-trace snippets of code from unidentified sources. While many of today's vulnerability scanners rely on identifying code packages rather than code snippets. 

**The Guardrails Approach**

The guardrails approach is more nuanced than the vulnerability patching approach, but it comes with its own set of challenges.

While organizations that focus on the patching approach take a more reactive stance, the guardrails approach is grounded in proactive protection and mitigating controls. These include:

*   Reducing the attack surface across the stack
    
*   Working toward continuous hardening and compliance improvement
    
*   Securing the application CI/CD pipeline using best practices, such as those recommended in slsa.dev: identifying provenance, hardening builds, verifying artifacts
    
*   Implementing automated, policy-based promotion and admission controls to ensure that applications have production-ready security before being deployed to production systems
    
*   Application of data protection controls such as encryption
    

*   Use of zones of control (fencing communications with network and API security controls) and microsegmentation
    
*   Prioritizing the use of Linux security solutions, such as SELinux and secure computing profiles (seccomp), as well as features focused on securing containers such as user namespaces and cgroupsv2
    

All of these strategies are highly effective; however, it's often challenging for organizations to integrate these and other guardrails into their infrastructure. It is even more challenging to harden existing application pipelines. Striking the balance between security and innovation has gotten more difficult as pressure to improve security increases from all sides and the impact of a security breach reverberates up and down the supply chain.

**Creating a Balanced Approach to Software Risk Management**

Used together, patching and guardrails can help organizations maintain a balance between efficient vulnerability management and proactive security monitoring and management. 

Organizations should assess risk based on key factors for their business, including what mitigating controls they have in place in the runtime environment. While the Common Vulnerability Scoring System, with Base Metrics and Temporal and Environmental Metrics, offers some indication of the level of risk a known vulnerability creates, this data does not and cannot account for the specific context of a deployed application. Organizations need to account for additional factors such as external exposure and mitigating controls.

Using open source can help, since the community is committed to transparency and clear communication about newly discovered vulnerabilities and how to get fixes for them. In fact, in addition to prioritizing the use of open source, organizations should take their cue from the open source community and establish their own processes for sharing detailed information about identified vulnerabilities — internally but also with partners and vendors following principles of responsible disclosure. 

Responsible disclosure and open data are critical for customers and communities to fully understand the vulnerabilities that may impact them, as well as to ensure that the data necessary to make appropriate, informed decisions is widely available.

Offering multiple remediation options, such as software updates and/or patches, and automated guardrails at all stages of the application life cycle including CI/CD and runtime mitigations, provides flexibility in addressing vulnerabilities across diverse environments. By combining these elements, organizations can create a comprehensive vulnerability risk management program that effectively mitigates security risks across their entire IT infrastructure.

**About the Author**

Director, Cloud and DevSecOps Strategy, Red Hat

Kirsten Newcomer works closely with Red Hat’s many security professionals across the Red Hat portfolio of open source offerings. She is a diversified software management professional with more than 20 years of experience in security, application development, and infrastructure solutions. Prior to joining Red Hat, Kirsten provided strategic direction for Black Duck’s open source security and governance solutions.

Managing Software Risk in a World of Exploding Vulnerabilities

Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild.
The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver.
Successful exploitation of the flaw could lead

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

Though Windows, iOS, and macOS users won't need to make any changes, Android users are advised to remove their Defender VPN profiles.

Source: CryptoFX via Alamy Stock Photo

NEWS BRIEF

Microsoft is notifying users that it will no longer support the Privacy Protection VPN feature within the Microsoft Defender app. The feature will be removed on Feb. 28.

Microsoft Defender checks files or apps downloaded and installed on a device for any malicious software, as well as runs scans of files already on a system. It works alongside third-party anti-malware solutions and is included as part of a Microsoft 365 Personal or Family subscription.

Microsoft plans to eliminate only the VPN feature and will still provide device protection, identity theft monitoring, and credit monitoring in the US.

The support update document announcing the change did not have a lot of detail but stated that removing the privacy protection benefit will allow the company to "invest in new areas that will better align to customer needs." The document also notes the company routinely evaluates the effectiveness of its features.

Though Windows, iOS, and macOS users won't have to take any action, Microsoft provided instructions for Android users to follow because the VPN profile must be removed from devices manually.

"Not removing the Defender VPN profile on your Android device will not cause any impact to your device but it's recommended to remove it as it won't be used by Defender to provide protection," Microsoft stated.

Android users can follow the steps below to remove their Defender VPN profiles:

3.  Users should see a "Microsoft Defender" VPN profile in the list of VPN profiles if they've onboarded to privacy protection.
    
4.  Click on the "Info" icon and remove the profile.
    

**About the Author**

Skilled writer and editor covering cybersecurity for Dark Reading.

Microsoft Sets End Date for Defender VPN

WhatsApp has accused professional spyware company Paragon of spying on a select group of users.

WhatsApp has accused the professional spyware company Paragon of spying on a select group of users.

WhatsApp, the Meta-owned, end-to-end encrypted messaging platform, said it has reliable information that nearly 100 journalists and other “members of civil society” were targets of a spyware campaign conducted by the Israeli spyware company.

“Members of civil society” usually refers to individuals and organizations that operate independently from government and business sectors, often those advocating for public interests, influencing policy, or holding governments accountable.

In a statement, a WhatsApp spokesperson said:

> “This is the latest example of why spyware companies must be held accountable for their unlawful actions. WhatsApp will continue to protect people’s ability to communicate privately”

Many such targets use WhatsApp because they rely on the end-to-end encryption (E2EE) that it offers by default to safeguard communications, protect sources, and shield sensitive information from prying eyes.

The targets were spread over two dozen countries, including several in Europe. WhatsApp notified the possibly affected accounts through its own app. The platform has the ability notify users about sensitive matters directly via a WhatsApp chat. In such a case, the chat will include a system message at the top of the chat that verifies that it originates from the official account of WhatsApp Support, and there will be a blue checkmark next to WhatsApp Support at the top of the chat.

A spokesperson stated that WhatsApp was able to identify and block the attack vector which Paragon used in these attacks. Reportedly, the hacking campaign used malicious PDFs sent via WhatsApp groups to compromise targets. The attack apparently required no action from the target, a so-called zero-click attack.

Researchers have often compared Paragon’s Graphite spyware to the Pegasus spyware, a deeply invasive tool developed by a company called NSO that WhatsApp has been fighting in court since 2019. But up until now, Paragon was able to keep a low profile. This is the first time that Paragon has been publicly linked to a hacking campaign that allegedly targeted journalists and members of civil society.

WhatsApp has sent Paragon Solutions a cease-and-desist letter following the series of attempted attacks. Meta also notified Canadian privacy watchdog Citizen Lab. Citizen Lab’s researcher John Scott-Railton says they observed this campaign and have started an investigation.

The attacks reportedly took place in December 2024. If you are a potential target and you received a suspicious PDF you can reach out to Citizen Lab or the non-profit digital security helpline AccessNow.

If you received a WhatsApp notification about the attack, you can contact WhatsApp Support in-app by clicking here.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 WhatsApp says Paragon is spying on specific users 

Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps.
The tech giant also noted it prevented 1.3 million apps from getting excessive or unnecessary access to sensitive user data during the time period by working with

Google Bans 158,000 Malicious Android App Developer Accounts in 2024

Apple has released a host of security updates for iOS, iPadOS, Mac, Apple Watch, and Apple TV. Update as soon as you can.

Apple has released a host of security updates across many devices, including for a zero-day bug which is being actively exploited in iOS.

Apple said:

> “A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.”

Devices affected are those that run:

*   iPhone XS and later
*   iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
*   macOS Sequoia
*   Apple Watch Series 6 and later
*   All models of Apple TV HD and Apple TV 4K

If you use any of these then you should install updates as soon as you can. To check if you’re using the latest software version, go to **Settings** (or **System Settings**) > **General** \> **Software Update**. It’s also worth turning on Automatic Updates if you haven’t already, which you can do on the same screen.

**Technical details about the zero-day**

The zero-day vulnerability patched in this update is tracked as CVE-2025-24085. It is described as a use after free (UAF) issue in Apple’s Core Media framework that would allow an attacker to elevate privileges.

The Core Media framework handles multimedia applications like photos, videos, and real-time communication applications. UAF is a type of vulnerability that is the result of the incorrect use of dynamic memory during a program’s operation. If, after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to manipulate the program. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. In this case, successful exploitation could provide a malicious app with privileges on the affected device that it shouldn’t have.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Apple users: Update your devices now to patch zero-day vulnerability 

Amid ongoing fears over TikTok, Chinese generative AI platform DeepSeek says it’s sending heaps of US user data straight to its home country, potentially setting the stage for greater scrutiny.

The United States’ recent regulatory action against the Chinese-owned social video platform TikTok prompted mass migration to another Chinese app, the social platform “Rednote.” Now, a generative artificial intelligence platform from the Chinese developer DeepSeek is exploding in popularity, posing a potential threat to US AI dominance and offering the latest evidence that moratoriums like the TikTok ban will not stop Americans from using Chinese-owned digital services.

DeepSeek, an AI research lab created by a prominent Chinese hedge fund, recently gained popularity after releasing its latest open source generative AI model that easily competes with top US platforms like those developed by OpenAI. However, to help avoid US sanctions on hardware and software, DeepSeek created some clever workarounds when building its models. On Monday, DeepSeek’s creators limited new sign-ups after claiming the app had been overrun with a “large-scale malicious attack.”

While DeepSeek has several AI models, some of which can be downloaded and run locally on your laptop, the majority of people will likely access the service through its iOS or Android apps or its web chat interface. Like with other generative AI models, you can ask it questions and get answers; it can search the web; or it can alternatively use a reasoning model to elaborate on answers.

DeepSeek, which does not appear to have established a communications department or press contact yet, did not return a request for comment from WIRED about its user data protections and the extent to which it prioritizes data privacy initiatives.

As people clamor to test out the AI platform, though, the demand brings into focus how the Chinese startup collects user data and sends it home. Users have already reported several examples of DeepSeek censoring content that is critical of China or its policies. The AI setup appears to collect a lot of information—including all your chat messages—and send it back to China. In many ways, it’s likely sending more data back to China than TikTok has in recent years, since the social media company moved to US cloud hosting to try to deflect US security concerns

“It shouldn’t take a panic over Chinese AI to remind people that most companies in the business set the terms for how they use your private data” says John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab. “And that when you use their services, you’re doing work for them, not the other way around.”

**What DeepSeek Collects About You**

To be clear, DeepSeek is sending your data to China. The English-language DeepSeek privacy policy, which lays out how the company handles user data, is unequivocal: “We store the information we collect in secure servers located in the People's Republic of China.”

In other words, all the conversations and questions you send to DeepSeek, along with the answers that it generates, are being sent to China or can be. DeepSeek’s privacy policies also outline the information it collects about you, which falls into three sweeping categories: information that you share with DeepSeek, information that it automatically collects, and information that it can get from other sources.

The first of these areas includes “user input,” a broad category likely to cover your chats with DeepSeek via its app or website. “We may collect your text or audio input, prompt, uploaded files, feedback, chat history, or other content that you provide to our model and Services,” the privacy policy states. Within DeepSeek’s settings, it is possible to delete your chat history. On mobile, go to the left-hand navigation bar, tap your account name at the bottom of the menu to open settings, and then click “Delete all chats.”

This collection is similar to that of other generative AI platforms that take in user prompts to answer questions. OpenAI’s ChatGPT, for example, has been criticized for its data collection although the company has increased the ways data can be deleted over time. Regardless of these types of protections, privacy advocates emphasize that you should not disclose any sensitive or personal information to AI chat bots.

“I would not input personal or private data in any such an AI assistant,” says Lukasz Olejnik, independent researcher and consultant, affiliated with King's College London Institute for AI. Olejnik notes, though, that if you install models like DeepSeek’s locally and run them on your computer, you can interact with them privately without your data going to the company that made them. Additionally, AI search company Perplexity says it has added DeepSeek to its platforms but claims it is hosting the model in US and EU data centers.

Other personal information that goes to DeepSeek includes data that you use to set up your account, including your email address, phone number, date of birth, username, and more. Likewise, if you get in touch with the company, you’ll be sharing information with it.

Bart Willemsen, a VP analyst focusing on international privacy at Gartner, says that, generally, the construction and operations of generative AI models is not transparent to consumers and other groups. People don’t know exactly how they work or the exact data they have been built upon. For individuals, DeepSeek is largely free, although it has costs for developers using its APIs. “So what do we pay with? What do we usually pay with: data, knowledge, content, information,” Willemsen says.

As with all digital platforms—from websites to apps—there can also be a large amount of data that is collected automatically and silently when you use the services. DeepSeek says it will collect information about what device you are using, your operating system, IP address, and information such as crash reports. It can also record your “keystroke patterns or rhythms,” a type of data more widely collected in software built for character-based languages. Additionally, if you purchase DeepSeek’s premium services, the platform will collect that information. It also uses cookies and other tracking technology to “measure and analyze how you use our services.”

A WIRED review of the DeepSeek website's underlying activity shows the company also appears to send data to Baidu Tongji, Chinese tech giant Baidu's popular web analytics tool, as well as Volces, a Chinese cloud infrastructure firm. In a social media post, Sean O'Brien, founder of Yale Law School's Privacy Lab, said that DeepSeek is also sending “basic” network data and “device profile” to TikTok owner ByteDance “and its intermediaries.

The final category of information DeepSeek reserves the right to collect is data from other sources. If you create a DeepSeek account using Google or Apple sign-on, for instance, it will receive some information from those companies. Advertisers also share information with DeepSeek, its policies say, and this can include “mobile identifiers for advertising, hashed email addresses and phone numbers, and cookie identifiers, which we use to help match you and your actions outside of the service.”

**How DeepSeek Uses Information**

Huge volumes of data may flow to China from DeepSeek’s international user base, but the company still has power over how it uses the information. DeepSeek’s privacy policy says the company will use data in many typical ways, including keeping its service running, enforcing its terms and conditions, and making improvements.

Crucially, though, the company’s privacy policy suggests that it may harness user prompts in developing new models. The company will “review, improve, and develop the service, including by monitoring interactions and usage across your devices, analyzing how people are using it, and by training and improving our technology,” its policies say.

DeepSeek’s privacy policy also says the company will also use information to “comply with \[its\] legal obligations”—a blanket clause many companies include in their policies. DeepSeek’s privacy policy says data can be accessed by its “corporate group,” and it will share information with law enforcement agencies, public authorities, and more when it is required to do so.

While all companies have legal obligations, those based in China do have notable responsibilities. Over the past decade, Chinese officials have passed a series of cybersecurity and privacy laws meant to allow state officials to demand data from tech companies. One 2017 law, for instance, says that organizations and citizens should “cooperate with national intelligence efforts.”

These laws, alongside growing trade tensions between the US and China and other geopolitical factors, fueled security fears about TikTok. The app could harvest huge amounts of data and send it back to China, those in favor of the TikTok ban argued, and the app could also be used to push Chinese propaganda. (TikTok has denied sending US user data to China’s government.) Meanwhile, several DeepSeek users have already pointed out that the platform does not provide answers for questions about the 1989 Tiananmen Square massacre, and it answers some questions in ways that sound like propaganda.

Willemsen says that, compared to users on a social media platform like TikTok, people messaging with a generative AI system are more actively engaged and the content can feel more personal. In short, any influence could be larger. “Risks of subliminal content alteration, conversation direction steering, in active engagement ought by that logic to lead to more concern, not less,” he says, “especially given how the inner workings of the model are widely unknown, its thresholds, borders, controls, censorship rules, and intent/personae largely left unscrutinized, and it being already so popular in its infancy stage.”

Olejnik, of King's College London, says that while the TikTok ban was a specific situation, US law makers or those in other countries could act again on a similar premise. “We can’t rule out that 2025 will bring an expansion: direct action against AI firms,” Olejnik says. “Of course, data collection may again be named as the reason.”

_Updated 5:27 pm EST, January 27, 2025: Added additional details about the DeepSeek website's activity._

_Updated 10:05 am EST, January 29, 2025: Added additional details about DeepSeek's network activity._

DeepSeek’s Popular AI App Is Explicitly Sending US Data to China

Google has launched a new feature called Identity Check for supported Android devices that locks sensitive settings behind biometric authentication when outside of trusted locations.
"When you turn on Identity Check, your device will require explicit biometric authentication to access certain sensitive resources when you're outside of trusted locations," Google said in a post announcing the

Tag

#android