TECH

Samsung reveals its first UFS 5.0 storage solution, could debut with the Galaxy S27

Samsung has announced the industry's first UFS 5.0 storage chip, achieving sequential read speeds of up to 10.8 GB/s and write speeds of up to 9.5 GB/s — more than double the ceiling on the current UFS 4.1 standard. The chip is also 40% more power-efficient than UFS 4.1 and measures 7.5mm x 13mm x 0.9mm. Mass production is scheduled to begin in Q4 2026 at capacities up to 1TB.

Samsung has today announced what it claims is the world’s first UFS 5.0 storage chip. It promises sequential read speeds of up to 10.8GB/s and sequential write speeds of up to 9.5GB/s, up from 4.3GB/s and 4.1GB/s for the current UFS 4.1 storage. which happens to be the fastest storage grade currently used in production smartphones.

Samsung says the UFS 5.0 chip is 40 percent more power-efficient than UFS 4.1 thanks to clock gating and multi-voltage tech. The chip itself measures 7.5mm x 13mm x 0.9mm, which makes it smaller than its predecessor, too.

Higher throughput usually helps out two places on current smartphones: app launch times and on-device AI, which more and more depends on fast data retrieval over brute CPU power alone. Samsung announced mass production of UFS 5.0 chips will start in Q4 2026, with storage up to 1TB available at launch.

Samsung also just revealed that it’s working on the Exynos 2700 chip, which we expect to power (at least) some Galaxy S27 devices. Leaker Ice Universe tweeted from X that the Exynos 2700 will natively support UFS 5.0, making the Galaxy S27 one of the first phones to ship with the new storage standard. Samsung hasn’t confirmed UFS 5.0 for the Galaxy S27. The S27 isn’t expected to arrive until early 2027, the same time when the chips are expected to go into production in Q4 2026.

 

TECH

Next-generation battery potential unlocked with a novel electrolyte design

A research team has successfully designed a novel electrolyte for fluoride shuttle batteries based on a new concept. The research is published in the journal ACS Applied Energy Materials.

With global demand rapidly increasing for high-energy-density and low-cost energy storage technologies, the search for new systems to replace conventional lithium-ion batteries is accelerating. Fluoride shuttle batteries have garnered significant attention as a promising next-generation candidate. They boast an extremely high theoretical energy density and can be manufactured using inexpensive, abundant materials found in the Earth's crust. The key feature of these batteries is how they operate: They store and release energy by shuttling fluoride ions back and forth between the electrodes.

However, a major issue with this battery system is that the "fluorination reaction" is much harder to trigger than the opposing "defluorination reaction." During fluorination, unwanted side reactions and irreversible processes often occur, causing the battery's performance to decline. Therefore, a crucial challenge has been figuring out how to make this reaction proceed smoothly and what kind of electrolyte design is needed to achieve that.

A bottleneck in fluorination...To promote the fluorination reaction, one approach is to increase the concentration of fluoride ions in the electrolyte. However, stable inorganic fluoride salts generally do not dissolve well in organic solvents, making it difficult to achieve a high enough concentration. Researchers have tried adding specific organic molecules designed to bind to fluoride ions to help them dissolve. These molecules are often expensive, difficult to synthesize and can sometimes trap the fluoride ions too tightly, ironically hindering the very fluorination reaction they were meant to help.

To tackle this problem, the research team focused on a different fluorine-containing inorganic salt: potassium tetrafluoroborate (KBF4). Because KBF4 is chemically stable and is reported to act as a fluoride source in chemical reactions, the team hypothesized that it might effectively regulate the fluorination reaction at the boundary where the electrode meets the electrolyte.

The electrolyte for fluoride shuttle batteries using potassium tetrafluoroborate. Credit:Taketoshi Minato

KBF4 changes the electrolyte...First, the team discovered that by adding both cesium fluoride (CsF) and KBF4 to an organic solvent (tetraglyme), the amount of Cs ions successfully increased dramatically compared with when KBF4 was not used. This suggested that KBF4 boosts the solubility of fluoride salts and fundamentally changes the state of the fluoride ions in the electrolyte.

Next, the team tested the newly prepared electrolyte and confirmed that it possesses high electrochemical stability. Furthermore, using analytical techniques such as cyclic voltammetry and X-ray photoelectron spectroscopy on a bismuth metal electrode, they successfully observed reversible fluorination and defluorination reactions. These results proved that the KBF4-containing electrolyte is highly effective at driving the necessary electrode reactions for fluoride shuttle batteries.

Moreover, in practical charge-discharge measurements, this new electrolyte clearly supported reversible reactions in a bismuth fluoride-composite electrode. Notably, the potential at which the fluorination reaction occurred with this new electrolyte was significantly more negative than in previous systems that used organic additives. This indicates that the KBF4 electrolyte is controlling fluoride ion activity and electrode reactions in a fundamentally different and improved way.

A simpler route to reversibility...These findings demonstrate that KBF4 effectively controls fluoride ion activity within a battery and is a chemically robust, low-cost additive. It is likely that this new electrolyte activates the fluorination reaction by uniquely altering the state of the fluoride ions and the electrode. The team is conducting further research to deepen understanding of exactly how this mechanism works.

Ultimately, this study presents a fresh, simple and scalable approach to designing electrolytes for fluoride shuttle batteries, using materials quite different from previous methods. By proving that a KBF4-based electrolyte enables reversible electrode reactions, this research marks a vital step forward. As scientists continue to improve the electrolyte, optimize electrode structures and stabilize the internal environment of the battery, even greater improvements in capacity, lifespan and practicality can be expected—bringing us closer to a future powered by sustainable, next-generation energy storage.

by: Institute for Molecular Science, Core for Spin Life Sciences, Khon Kaen University and The Graduate University for Advanced Studies

DOSSIER

DIGITAL LIFE

The relentless and invisible cost of AI data centers

The heartbeat of the artificial intelligence economy sounds like the low-frequency hum of a neighbor's central air conditioning unit, a plane flying at high altitude, or a truck engine idling on the highway.

But it feels more like the vibrant, rhythmic pulse of a subwoofer from a never-ending party. Yes, the cloud has a sound, and some of the people living closest to the data centers emitting this noise have reached the limit of their patience trying to block it out.

Last month, residents of three small towns filed lawsuits against data centers specifically because of the noise.

The United States has more than 3,000 data centers in operation and another 1,500 under development, according to an analysis by the Pew Research Center. They have been the backbone of the information economy for decades, operating largely behind the scenes of everyday life.

The demands of artificial intelligence (AI), much greater amounts of computing power, and cooling infrastructure have triggered an explosion in the construction of new data centers.

Today, nearly 40% of homes are located less than 8 kilometers from at least one operational data center, according to Pew, and more and more are moving closer to residential areas.

The hum of cooling systems, the roar of generators, and the noise of fans can be heard—and felt—hundreds of meters away and even more than a kilometer.

"The acoustic footprint is simply different by orders of magnitude," said Les Blomberg, executive director of the nonprofit Noise Pollution Clearinghouse.

"Body-shaking thumping"... Part of this noise consists of infrasound, extremely low-frequency sound waves that fall below the threshold of human hearing.

Instead of hearing these very low frequencies, people physically feel them with pressure fluctuations, similar to the deep vibration of a beat shaking the body during a concert, explained Scott Hamilton, a member of the Acoustical Society of America and a consultant on data center projects.

This can make traditional noise indicators and solutions for attenuating it inadequate to meet modern needs.

Residents living near infrasound sources frequently report chronic sleep deprivation and insomnia, headaches, internal ear pressure, and anxiety. Often, legislation doesn't help.

Legislation geared towards parties...Noise pollution is regulated at the local level by a complex network of zoning laws, originally designed to deal with noisy parties, barking dogs, or construction noise, and not the constant industrial hum of a data center operating 24 hours a day.

There is also not much support at the federal level, because the Reagan administration defunded the Environmental Protection Agency's (EPA) Office of Noise Control and Reduction in the early 1980s.

Although regulations exist, "there is no one at the EPA effectively in charge of enforcing them," said Richard Neitzel, a professor of environmental health sciences at the University of Michigan.

"They used that office as an example of over-regulation, as if the government didn't have the right to tell me how noisy my lawnmower can be," he stated.

Now, residents are trying to fill this regulatory gap.

Compensation for damages...The three lawsuits argue that, although data centers generally comply with basic zoning codes, the constant hum and vibrations cause significant property devaluation and loss of the right to peace and quiet for neighboring homeowners.

The plaintiffs seek damages and also want the companies to improve noise control measures.

In Vineland, New Jersey, a group of homeowners filed a lawsuit in federal court motivated, in part, by fears that even more noise is yet to come.

"There's a constant noise from machines running, which is most noticeable at night when we're trying to sleep," said Stefanie Bartiromo, a local resident, referring to the three server rooms already in operation, according to the lawsuit. "It sounds like a helicopter that never leaves the ground and sometimes a heavy truck running non-stop."

The lawsuit was filed against DataOne USA, which is expanding its campus in Vineland. When completed, the company's complex will cover approximately 241,000 square meters and require 300 megawatts of power, enough to supply a medium-sized city.

DataOne stated that it has already taken steps to reduce the noise and will continue to do so as the expansion is completed.

Committed to dialogue..."We remain committed to constructive dialogue and to our role as a valuable and responsible member of the community in the long term," a company spokesperson said in a statement.

The company stated that it intends to generate jobs and boost the local economy. The same economic argument was presented by the other companies sued over noise, years after they repurposed former industrial land in Dowagiac, Michigan, and Lowell, Massachusetts.

Residents of Dowagiac had been complaining about a 30-megawatt data center installed in a building that was previously used primarily to store boats and recreational vehicles.

The data center's owner, Alliance Cloud Services, recently purchased an additional 50 acres of forested land as it plans to expand its energy consumption capacity from 30 to 300 megawatts. Part of this area will serve as a natural barrier against the impacts of the project, according to the company.

— We would offer to buy these properties at market value and provide a subsidy to help cover relocation costs — he stated, referring to residents living next to the data center.

24-hour noise...The core of the problem, according to Neitzel, is that many traditional sources of community noise — such as airports and highways — tend to decrease in intensity at night.

This is not the case with data centers. In Lowell, Diana Streete stated that the noise “regularly interferes with my family’s ability to sleep, rest, relax and comfortably enjoy our home.”

— My children’s bedrooms face the entrance area, where trucks circulate and facility activities take place, which makes the noise especially disruptive — she said.

Lowell, a city of 115,000 inhabitants, was founded as a textile hub in the 19th century, but its factories closed in the early 20th century. The site where the data center now operates previously housed the Lowell Bleachery and Dye Works and, later, for six decades, the Prince Spaghetti factory. The data center, spanning approximately 32,500 square meters, is located next to residences and recreational facilities, including a park and a baseball field.

Its owner, Markley, stated that the complex supports the digital infrastructure of public safety agencies, universities, local hospitals, and other regional institutions.

It is a colocation data center, a shared facility where multiple companies rent space to house their computing equipment. This is different from hyperscale data centers, built to meet the needs of large global technology companies.

A Markley spokesperson stated that the generators are tested weekly and that the sound produced remains within established limits.

Hamilton noted that there is a wide variety of sounds and, equally wide, is the way people perceive them. According to him, current standards are developed for the average person.

To combat noise, the industry is migrating to liquid cooling systems. Instead of using noisy fans to propel air, servers are submerged in special non-conductive fluids or equipped with liquid-cooled cold plates installed above the processors that generate heat.

This can reduce data center noise by more than 50%, but the installation cost is much higher.

Dowagiac, a town of 5,700 inhabitants, had a general noise law, like many communities, but recently established decibel limits for ambient noise in residential, commercial, and industrial zones.

Most communities set their standards using the A-weighted decibel scale, designed to mimic human hearing in quiet environments and which significantly reduces—or ignores—low-frequency sounds emitted by data centers, according to experts.

The C-weighted scale, on the other hand, was created to capture low-frequency noises.

This distinction is especially important when measuring data center noise, dominated by low-frequency hums produced by enormous cooling equipment fans, explained Neitzel. As a consequence, Blomberg stated, a sound source that clearly dominates a person's auditory perception may not be registered as a problem on a conventional decibel meter.

The CEO of Hyperscale Data, the parent company of Alliance, stated that its operations are within the decibel limits permitted by the city and that it uses systems that minimize energy consumption.

The executive, William B. Horne, said he would attend a city council meeting to speak with residents and emphasized his commitment to being a reliable partner.

"But when you work in this field long enough, you end up finding—or experiencing—highly sensitive people," Hamilton said. "These people really perceive sounds, vibrations, and intensities that the average human being considers irrelevant and thinks, 'That's not a problem, I don't know what you're talking about.' But they are genuinely tormented by it."

mundophone

DIGITAL LIFE

UK demands transparency in Google search ranking

The UK Competition and Markets Authority (CMA) has ordered Google to implement transparency measures in its search rankings under the new British digital competition regime. The official ruling, issued in London, sets binding deadlines of three to six months for the tech giant to rectify information asymmetries and share data with competitors in order to protect the local publishing market. The intervention comes after repeated complaints from companies about the opacity of the algorithms.

The Competition and Markets Authority (CMA) has today introduced 2 new conduct requirements for Google’s general search services under the UK’s digital markets competition regime. The first requires that Google improve transparency and fairness in how search results are ranked. The second requires Google to allow users to port their search data to authorised third parties such as rewards platforms or companies offering personalised offers or discount codes.

The requirements follow the CMA’s actions in early June which gave publishers effective tools to control whether their content is used to power Google’s AI features. More activity is expected over the summer.

Fair Ranking...UK businesses rely on Google search to reach customers but have told the CMA that current ranking practices are neither fair nor transparent - and that this uncertainty holds them back from investing in and growing their businesses. They also told the CMA that changes are made without sufficient notice, and when these changes impact their businesses, they do not have effective ways to raise concerns.

The Fair Ranking conduct requirement addresses these concerns, giving businesses the trust and confidence they need to succeed, unlocking benefits for the economy and for UK consumers.

Under this conduct requirement, Google must:

Rank ‘organic’ search results using objective and non-discriminatory criteria (including in AI Overviews but not sponsored results)

Provide greater transparency to businesses about how rankings work and give advance notice of significant changes

Introduce clear processes for businesses to raise concerns about how Google ranks results and have them addressed effectively

Search continues to evolve rapidly, including through new AI-based search features - like AI Overviews and AI Mode. The CMA believes UK businesses deserve to have trust and confidence that they will be treated fairly as these changes take place, and that users deserve continued access to relevant and high-quality search results.

Data Portability...The CMA is introducing a separate conduct requirement to support greater choice and innovation for consumers. Third-party firms are keen to offer people new products and services based on their Google search data but need to be able to access it with confidence. Using this data would allow third parties to offer people more personalised features - like tailored travel suggestions, more relevant shopping deals, and rewards (including cashback and discounts).

Today’s action puts the voluntary process already in place through Google’s UK Data Portability Application Programming Interface on a legal footing. The rights of UK users will now be on a par with those in the EU (under the EU’s Digital Markets Act), and innovative businesses will have the certainty they need to invest in new products and services for consumers.

Will Hayter, Executive Director for Digital Markets at the CMA, said:

Step by step, we’re ensuring that Google’s search services work better for businesses and consumers across the UK.

Search is a vital gateway for businesses in the UK to reach customers, and clearer, predictable and more transparent ranking systems could give them greater scope to expand and invest.

These new measures will ensure search results are ranked fairly and objectively, with clearer information about changes and effective routes to raise concerns. At the same time, innovative businesses will have the confidence that they can access search data in practice, unlocking investment and innovation in new products and services for users.

Google has 6 months to implement the fair ranking requirement, and 3 months for the data portability requirement. The CMA will monitor Google’s compliance closely, including through regular reporting and ongoing engagement with businesses and other stakeholders. It will keep the effectiveness of the requirements under review – particularly given the rapidly evolving nature of search – and may introduce further measures if necessary.

Since the digital markets competition regime came into force last year, the CMA has designated Apple and Google with strategic market status (SMS) in relation to their mobile platforms, and Google’s search and search advertising activities. It has recently launched a fourth SMS investigation into Microsoft’s business software ecosystem.

The new regulatory framework for competition in digital markets...The application of mandatory conduct rules aims to limit the tech giant's market power in British territory. The company's market share in searches in the region remains above 90%. The regulator now requires ranking criteria based on objective, clear and documented metrics.

The oversight extends to traditional results and AI-generated responses through so-called AI Overviews. Paid ads remain excluded from this specific level playing field rule.

Combating algorithmic opacity and its impact on publishers...The critical point of regulation focuses on ending the opacity that prevents competitors and publishers from understanding how rankings are constructed. Small changes to the algorithm have the capacity to eliminate thousands of organic visits and reduce the click-through rate (CTR). Regulatory pressure attempts to balance the asymmetry between the platform and the economic agents that depend on search traffic.

The creation of a swift resolution channel is another pillar of the British authority's decision. Companies gain the right to contest automatic penalties or manual actions that result in loss of ranking. The CMA's algorithmic transparency requires detailed technical justifications for each downgrading decision.

The integration of artificial intelligence and structural risks...The introduction of automatic summaries and AI-generated responses in the search interface alters the traditional distribution of traffic. When the search engine offers the direct answer to the user, there is a drop in clicks to the originating websites. This scenario generates debates about the origin, attribution, and reuse of proprietary content in the digital environment. The portability process requires the secure transfer of users' search history to authorized third parties within three months. The measure seeks to create space for more balanced alternatives in the distribution of information. The legal implications force a thorough review of editorial and search engineering strategies globally.

Note: Google stated, after the decision, that it will work constructively with the British regulator (CMA).

FAQ – frequently asked questions:

-What changes in Google's search results ranking with this decision?

Google can no longer change its ranking algorithms without prior notice to British publishers. The ranking criteria will now adhere to strictly neutral metrics auditable by the CMA.

-What are the consequences for AI-generated responses?

Automatic responses known as AI Overviews fall under the same non-discrimination regime. The search engine cannot penalize websites that refuse to provide data for training language models.

-What is the deadline for the tech company to comply with the regulator's orders?

The calendar establishes three months for the activation of data portability to third parties. The deadline is extended to six months in the case of algorithmic fairness and transparency rules.

Key points:

Legal intervention: The CMA imposes mandatory rules of conduct on Google under the new digital regime.

Prior notice: The tech company has a duty to notify publishers before applying major algorithmic updates.

Artificial intelligence: Abstracts created by artificial intelligence are subject to equal traffic guidelines.

Contingency plan: Experts recommend diversifying channels through proprietary applications, newsletters, and direct traffic.

mundophone

TECH

Shake-powered capsule tests and disinfects unsafe drinking water

Safe drinking water is usually supported by infrastructure that many of us rarely notice: treatment plants, distribution networks, electricity, chemical supplies, and monitoring systems. However, these systems are not always available or reliable. In rural or remote areas, during disasters, or in cities with aging distribution networks, people may face uncertainty about water quality at the point of use.

This motivated us to ask a practical question: can a small device help users make a preliminary assessment of water quality and then support microbial disinfection without batteries, external power, or chemical additives? We wanted to move beyond the idea of a passive water container and develop a portable system that could use ordinary motion as its own energy source.

This study builds on the research direction led by Professor Sang-Woo Kim, which focuses on human-oriented energy harvesting and self-powered systems. In our previous Nature Water study in 2024, walking-induced electrostatic charges were used to drive electroporation-based disinfection in portable water bottles. That work showed that everyday human motion could be converted into a useful disinfection mechanism. Here, we expanded this concept by combining water detection, wireless data transmission, and disinfection in a single floating capsule.

In the long term, we envision this technology as a point-of-use support system for situations where conventional water infrastructure is limited or interrupted. Possible scenarios include outdoor activities, emergency water supply after natural disasters, rural communities, remote fieldwork, and households facing uncertainty about water quality during distribution.

The device is not intended to replace centralized water treatment or comprehensive chemical analysis. The capsule uses total dissolved solids, or TDS, as a simple indicator of dissolved ionic content. TDS can provide useful preliminary information, but it cannot identify every chemical contaminant or guarantee drinking-water safety by itself. In our concept, if the measured TDS is within the acceptable range used in the study, the capsule can proceed to microbial disinfection. If the TDS is high, the water should not be regarded as suitable for drinking simply because disinfection has been performed.

The floating design also broadens possible use cases. In small containers such as personal bottles, walking-induced motion can move the capsule and drive treatment. In larger containers such as tanks or pots, wind-driven ripples can move the capsule on the water surface. Looking further ahead, multiple floating devices could potentially be used as a distributed network for surface-water monitoring and treatment, although such applications would require further validation under real environmental conditions.

Solutions such as centralized treatment and some chemical kits can be expensive, but there may soon be a cheap alternative. Researchers in Korea have developed and successfully tested a self-powered water purification capsule that can test water and disinfect it if needed.

Construction of an FDGD capsule, including an internal EMG and a TDS sensor with the Bluetooth module and an outside ABS dielectric shell taped with PPy nanorod-modified electrodes on its surface. Credit: Nature Water

The team describes their innovation and how it works in a paper published in Nature Water. It is called the FDGD (floating-induced detection-guided disinfection) capsule and looks like a small plastic pod floating on the water's surface.

To make it work, you simply shake it for a few seconds, which moves an internal magnet through a coil, generating a burst of electricity. This powers a built-in water sensor that measures the water's electrical conductivity. It then instantly sends the water quality data to a user's smartphone or smartwatch.

The sensor checks the water for Total Dissolved Solids (TDS), a measure of the total amount of minerals and salts. This is used as an indication of contamination because typical pollution sources like agricultural runoff release ions that change the water's conductivity.

Zapping the germs...After the reading, the device determines whether the water is within a safe chemical range. If it is, you leave or drop it in the water to begin disinfection. The motion of gentle waves or walking (if the water is in a container you are carrying) creates static electricity, which powers a series of microscopic rods on the outside of the pod. These generate strong electrostatic forces at the device's surface that damage the outer membranes of nearby viruses and bacteria, rendering them inactive. It is a technique called electroporation.

The researchers tested the capsule in containers holding up to 4 liters (1 gallon) of water in the lab at different speeds. They introduced large numbers of common bacteria, such as E. coli, and viruses into various water samples, including river and tap water. The capsule successfully inactivated 99.9999% of all bacteria and viruses across the different samples.

"This study has developed a portable capsule that generates electricity through electromagnetic induction and contact electrification using kinetic energy to enable simultaneous, on-demand water detection and disinfection, which does not rely on external power or chemicals," the authors wrote.

Looking to the future...They are now looking at ways to improve their device for widespread use. If it eventually reaches the market, they expect it to be a highly affordable option for those who need it most.

"When water is needed, people can collect potentially unsafe water and use a cost-effective FDGD capsule.

 

by mundophone

DIGITAL LIFE

INTERPOL reveals industrial scale of cybercrime in Asia

INTERPOL's new cyber threat report indicates that criminal activity in the digital space has reached an industrial scale in the Asia-Pacific region. The official document, published on June 17, 2026, shows that cybercrimes now account for more than 30% of all criminal offenses recorded in more than half of the countries surveyed in this geographic area. The convergence between accelerated digitization and the development of new technological tools has transformed the regional security landscape.

The study covers the period between January 2024 and March 2025. Data collection involved the collaboration of police forces from 18 member countries, as well as technical support from private sector partners specializing in digital security. Ransomware and DDoS attacks paralyze critical infrastructure in the region... Ransomware attacks constitute the biggest financial threat to public and private organizations in Asia and the South Pacific. Data shared by authorities indicate more than 135,000 attacks of this nature were recorded throughout 2024. The organized crime business model is based on double extortion, through which attackers block operating systems and threaten to disclose confidential data on the internet.

In parallel, DDoS attacks registered a 92% growth in 2024 compared to the previous year. These denial-of-service actions direct massive volumes of artificial traffic to destabilize government servers and financial platforms. INTERPOL's cyber threat report identifies the banking sector, healthcare services, and transportation networks as the preferred targets of these digital sabotage campaigns.

Artificial intelligence enhances the effectiveness of phishing and deepfake schemes...According to INTERPOL's cyber threat report, the use of artificial intelligence in cybercrime has altered the infiltration methods of structured criminal networks. Monitoring of communication channels and dark web forums revealed a 600% increase in discussions about the development and sale of deepfake tools between February and June 2024. This manipulated content serves to bypass biometric verification systems in banking institutions and to falsify the identity of executives in social engineering fraud.

Phishing campaigns have become more precise with the automation of fraudulent message writing through language models. The click-through rate on malicious links in the region is 5.5 accesses per 1,000 individuals, a value that represents double the global average recorded. [Insert quote from the INTERPOL official/analyst on the risks of generative artificial intelligence].

International cooperation and private partnerships mitigate billions of threats... Combating organized crime requires a coordinated response between the public sector and security technology companies. Through cooperation with partner company TrendAI, police forces detected and mitigated more than 6.5 billion cyber threats in the region during 2024. This sharing of telemetry data allows for the early identification of command and control servers used by transnational groups.

The technical capacity building of local authorities shows progress in the adoption of defense technologies. The report points out that 66.7% of police forces surveyed in Asia and the South Pacific already use artificial intelligence-based tools to optimize digital forensics processes and accelerate the detection of intrusions. However, serious asymmetries remain in response capacity between the most developed nations and the small island economies of the region.

INTERPOL recommends the harmonization of national legislative frameworks to avoid the creation of legal sanctuaries that benefit criminals. The rapid sharing of indicators of compromise emerges as the determining factor in halting the spread of new malware variants before they reach vital infrastructure for the functioning of states.

Frequently Asked Questions (FAQ):

-What is the impact of cybercrime in Asia and the South Pacific according to INTERPOL?

Cybercrime accounts for more than 30% of all recorded criminal offenses in more than half of the nations assessed in the region. INTERPOL's cyber threat report underlines that accelerated digitization without adequate protection has transformed digital criminal activity into a threat to the national security of several countries.

-How many ransomware attacks were recorded in Asia in 2024?

Security forces and digital monitoring companies recorded more than 135,000 ransomware attacks in the region throughout 2024. This attack vector focuses on double extortion and primarily targets critical infrastructure such as healthcare services, banking institutions, and transportation networks.

-How do cybercriminals use artificial intelligence according to authorities?

Criminal groups use artificial intelligence in cybercrime to automate phishing attacks and create deepfakes. Discussions about creating fake synthetic identities in specialized forums grew by 600% in 2024, with the aim of circumventing the biometric security of financial platforms.

Key points:

Industrial scale: Cybercrime exceeds 30% of criminal occurrences in more than half of the states surveyed in the region.

DDoS growth: Denial-of-service attacks against public and private servers registered a 92% increase in 2024.

Phishing vulnerability: The rate of opening malicious links in Asia is 5.5 per 1,000 people, double the global average.

Police technology adoption: Approximately 66.7% of local police forces already integrate artificial intelligence solutions into digital forensics procedures.

Large-scale mitigation: The strategic partnership between INTERPOL and TrendAI thwarted more than 6.5 billion digital threats in 2024.

mundophone

DIGITAL LIFE

New remote access trojan threatens Android ecosystem

The European cybersecurity company ESET has issued a global alert about the discovery of a new remote access trojan that compromises the security of Android devices through advanced social engineering tactics. The threat stands out for its ability to collect sensitive data and capture all user activity remotely. Unlike conventional tools focused on stealing banking credentials, this code allows you to take complete remote control of the affected equipment.

What is BTMOB and why is it a concern...BTMOB is classified as a RAT (Remote Access Trojan). Among the features provided by its creators, a tool for creating malicious applications stands out, allowing cybercriminals to launch campaigns more quickly and efficiently.

As already mentioned in other WeLiveSecurity articles, Portugal is known for the high incidence of Trojan detections. However, due to characteristics of the local scenario, these detections tend to be concentrated on banking Trojans.

In general, Trojans are threats that disguise themselves as legitimate files or applications to deceive victims and infect their devices. In the case of banking Trojans, the focus is on stealing financial information. RATs, on the other hand, have a more comprehensive scope, allowing everything from the theft of different types of data to complete monitoring of the infected device.

Among the capabilities of this type of malware are keylogging, periodic screen capture, activity recording, file transfer, and hijacking of active sessions. In the specific case of BTMOB, the possibility of real-time screen transmission was also observed, in addition to direct interaction between cybercriminals and the compromised device.

How BTMOB is distributed...Several social engineering campaigns have been used to distribute BTMOB. Among them, phishing sites that impersonate well-known streaming services stand out, as well as fake cryptocurrency mining platforms.

Since it is a threat focused on Android devices, the campaigns observed in Portugal concentrate their efforts on creating malicious versions of popular applications. These apps are distributed through social engineering, frequently directing victims to fake app stores that mimic the appearance of the Google Play Store.

BTMOB was also identified as being offered as a service on a website hosted on the open web (surface web). The page is simple and directs interested parties, through clickable links, to contact the BTMOB operator via Telegram.

In addition, references to the tool were found on social networks. An account on platform X (formerly Twitter), for example, redirects interested parties to the same contact on Telegram. Other platforms, such as Instagram, also present content related to the dissemination of the malware.

Analyses conducted by two independent researchers, Johnk3r and Merl, also point to the spread of the threat in other countries. In one case identified in Argentina, cybercriminals used the impersonation of a government agency, the Agencia de Recaudación y Control Aduanero, to distribute the malware, increasing the credibility of the campaign and potentially increasing the number of victims.

“BTMOB shows how the smartphone can go from being just a target for fraud to becoming a control point for the attacker. When the user installs a fake application and grants critical permissions, they are potentially exposing not only their data, but all the activity they maintain on the device,” says Ricardo Neves, Communications Manager at ESET Portugal.

The infection process begins with redirecting victims to phishing pages that replicate the visual identity of legitimate services, such as streaming platforms or cryptocurrency mining systems. From these addresses, users access fake app stores designed to mimic official repositories, such as the Google Play Store, where they download malicious installation files in APK format.

Technical analysis conducted by the ESET research team indicates that the first detections of this remote access trojan occurred in Brazilian territory. Additionally, records shared by analyst Germán Fernández Bacian document the group's activity in Argentina, with the direct falsification of the official portal of the government agency ARCA. The potential for geographic expansion of this infrastructure remains high due to the flexibility of the distribution model.

Abuse of Accessibility Services elevates privileges in the system...Once the installation on the target device is complete, this remote access trojan immediately begins attempts to obtain elevated administrative permissions. The critical vector for consolidating the attack lies in the systematic abuse of the Android operating system's Accessibility Services. This legitimate feature, designed to support users with special needs, allows the malicious application to perform automated actions without requiring any additional interaction or consent from the mobile phone user.

The criminal ecosystem associated with this campaign operates under the Malware-as-a-Service (MaaS) model. The creators offer an automation tool that allows the generation of new variants of the APK file without requiring advanced programming knowledge. The marketing of the product includes structured sales channels and dedicated technical support services, factors that significantly accelerate the circulation of this remote access trojan in multiple markets.

FAQ – Frequently Asked Questions:

- What is a remote access trojan and what are the risks on Android?

A remote access trojan is a type of malware that allows cybercriminals to take complete control of a device remotely. On Android, this threat monitors activity and collects sensitive data through abusive administrative privileges.

- How does an Android device get infected by this code? 

The infection develops through social engineering schemes where the victim accesses fake links to known services. These portals direct the user to fake app stores, where a malicious APK file is downloaded.

-How does malware bypass system protections? 

The fraudulent application requests the activation of Android Accessibility Services. By obtaining this level of authorization, the code gains administrative privileges that enable the autonomous execution of commands and the collection of information without the user's knowledge.

Key points:

-Full remote control: The malicious code surpasses the functions of common banking trojans and allows remote management of the affected smartphone.

-Professional distribution: The threat operates as a commercial service with automatic APK generators and technical support channels for buyers.

-Accessibility abuse: Exploitation of Android Accessibility Services serves to automate actions and bypass system security restrictions.

-Use of fake repositories: Attackers accurately replicate the design of official stores and government portals to deceive victims.

mundophone