Category Archives: Official Google Blog

Insights from Googlers into our topics, technology, and the Google culture

How tech can support transformational growth in Africa

This week, I was privileged to be in Kigali, Rwanda for the Commonwealth Heads of Government Meeting (‘CHOGM’) - a forum that brings together government, business leaders and NGOs from around the world to discuss how to improve the lives of the over 2.5 billion people living in the 54 independent countries that make up the Commonwealth.

Africa is facing multiple challenges. While Covid was first and foremost a health crisis, the economic impact continues to be severe for parts of the continent. The war in Ukraine has added further pressure on supply chains and food security. And Africa’s rapid population growth - 60% of the population will be under 24 by 2025 - creates a further pressing need to generate economic opportunity and ensure people and families can earn a living.

Despite the challenges ahead, the mood at CHOGM was optimistic, focusing on the collaboration and solutions that can help Africa’s economic recovery. For me, harnessing technology is key to that.

I grew up in Zimbabwe, then a Commonwealth country, and discovered the possibilities of the world of programming as a highschooler. Since then I’ve always been fascinated by the role technology can play in creating opportunities and helping to solve large-scale societal problems. My position at Google allows me to focus on how technology can benefit society, and I feel fortunate that it’s taken me back to Africa after just five months in the role.

Google first bet on Africa with the investment in Seacom cable in about 2005: I remember hearing about it from my friends at Google at the time. Two years later, Google opened offices on the continent, and has been a partner in Africa’s economic growth and digital transformation ever since - working with local governments, policymakers, educators and entrepreneurs. Our mission in Africa is to unlock the benefits of the digital economy to everyone - providing helpful products, programmes and investments.

Africa’s internet economy has the potential to grow to $180 billion by 2025 - 5.2% of the continent’s GDP - bringing prosperity, opportunity and growth. African governments and businesses must turn that opportunity into a reality: integrating technology into the economy, ensuring no one is left behind, and emerging stronger from the current challenges.

Ensuring affordable internet access

Most crucial to this is affordable internet access - a precondition for digital transformation, but still a barrier today. Across Africa, only 18% of households have an internet connection, and data costs remain a major obstacle. By actively promoting infrastructure investments, including in rural areas, Governments can support people to get online and harness the economic growth and benefits that will come with that.

Google is already working in partnership with African governments to do this. We’ve enabled over 100 million Africans to access the internet for the first time through our affordable Android devices, and plan to invest $1 billion over the next 5 years in projects that will help enable Africa’s digital transformation, including our state-of-the-art Equiano subsea cable.

The cable, which lands in Namibia in the next few weeks, will provide twenty times more network capacity by connecting Africa with Europe. It will run through South Africa, Namibia, Togo, Nigeria and St Helena, enabling internet speeds up to five times faster and lowering connectivity costs by up to 21%, in turn supporting growth and jobs.

Investing in people

Those accessing the internet need to be able to use it and transform their lives leveraging it. Working with tech companies and NGOs to foster digital skills developments, governments can ensure people can participate fully online.

Google’s CEO, Sundar Pichai, made a commitment in 2017 to train 10 million Africans in digital skills. To date, Google has trained more than 6 million people across Africa through Grow with Google in partnership with local governments, and given $20 million to non-profits helping Africans develop their digital skills. Moreover, Google has committed to certifying 100,000 developers - and so far has certified more than 80,000. Last year, a Google study showed the developer ecosystem in Africa is growing. There are nearly 716,000 professional developers across Africa - of which 21% are women; numbers we hope to contribute to.

Investing in startups

Alongside digital skills, governments need to encourage entrepreneurs and startups - a crucial part of Africa’s economic growth and jobs creation. There has never been a shortage of entrepreneurs in Africa - what is needed are the tools, including technology, and financing to enable them.

Last year, we announced an Africa Investment Fund to support startup growth across Africa. Through the Fund, we invest $50 million in startups like SafeBoda and Carry1st, and provide Google’s people, products and networks to help them build meaningful products for their communities. This is on top of our existing work on the Startups Accelerator Africa, which has provided more than 80 African startups with equity-free finance, working space and expert advisors over the last three years. We also launched a Black Founders Fund in 2021, supporting Black African Founders like Shecluded, a digital financial growth resource and service startup for women.

Using technological innovation to solve systemic challenges

Advances in technology are increasingly enabling solutions to development challenges, and with 300 million more people coming online in Africa over the next five years, the possibilities are endless. Digital finance, for example, can be used to address the barriers preventing nearly a billion African women from banking - while advances in AI have made it possible for Google to Translate more languages, including Luganda - spoken by 20 million people here in Rwanda and in neighboring Uganda.

Technology offers Africa a tremendous opportunity for growth, prosperity and opportunity. I’m hopeful that working in partnership, we can continue to make an impact and build on Africa’s digital revolution.

It’s time for more transparency around government data demands

As our lives continue to become more digitized, laws governing government access to personal information need to evolve to protect both public safety and civil liberties.

America’s Stored Communications Act, passed in 1986 (before the internet became a part of daily life), sets the rules governing government demands to providers to disclose information about their users. One of those rules lets the government seek orders to prevent providers like Google from telling users about demands for data. These so-called Non-Disclosure Orders (NDOs) or “gag orders” have become commonplace.

We’re seeing NDOs issued for an increasing number of court orders, warrants, and subpoenas from U.S. authorities. That means that providers can’t notify users until long after compliance, if ever. And that people don’t have the opportunity to go to court to contest disclosure orders.

We’ve seen NDOs issued in cases where the user is already aware of the investigation, and even of the legal demand itself. Similarly, we’ve seen NDOs issued covering legal requests for the data of well-established reputable organizations, even though notifying the organization is highly unlikely to do harm. And we’ve seen some NDOs that might have been initially justified lasting years beyond the investigation, in some cases indefinitely.

It’s time to reform this practice, requiring more robust review before gag orders are issued.

We commend the bipartisan House passage of the NDO Fairness Act, a bill sponsored by Chairman Nadler and Representative Fitzgerald that would make much-needed improvements to the Stored Communications Act. This reform will ensure that gag orders are issued only where warranted and for reasonable periods.

This position is nothing new for us. We’ve long advocated for transparency for both our users and the public. We were the first major company to publish a Transparency Report on government requests for user data and co-founded both the Global Network Initiative and the Reform Government Surveillance coalition. We’ve long supported surveillance reform, including the Email Privacy Act, and legislation to allow providers to be more open about national security requests. We also contest inappropriate gag orders, going to court where necessary (with one case leading the U.S. Department of Justice to pledge to stop using court orders to get journalists’ information in leak investigations). We've also built industry-leading products to give business customers transparency and control over who has access to their data.

Transparency for government data demands is an important check-and-balance, and we urge both the House and Senate to advance this practical protection for Americans in the digital age.

5 new features for Chrome on iOS

When it comes to getting things done on your iPhone and iPad, there’s no place like Chrome. With the Chrome iOS app, you can securely save your passwords so there’s no need to keep guessing. Your payment and shipping info can be automatically filled when you’re ready to check out, and your favorite tabs and bookmarks can be synced across your devices, whether you're on your phone, tablet, or laptop.

With the next release on Chrome on iOS, we're bringing five new features to iPhone and iPad users.

1. Stronger protection from phishing and malware

Enhanced Safe Browsing can give you more proactive and tailored protections from phishing, malware and other web-based threats — and now we’re extending it to iOS. If you turn on Enhanced Safe Browsing on your iPhone or iPad, Chrome predicts and warns you proactively if web pages are dangerous by sending information about them to Google Safe Browsing to be checked. When you type your credentials into a website, Chrome can warn you if your username and password have been compromised in a third-party data breach. Chrome will then suggest you change them everywhere.

2. Fill in passwords on any app

Google Password Manager is built into Chrome on your computer or Android phone. On iOS, you can set it up as your Autofill provider so Chrome can help you quickly and securely create, store and fill in your passwords into any website or app on your iOS device.

3. Discover something new, or pick up where you left off

We’re making it easier for you to discover new content or start a fresh search in Chrome for iOS when you’ve been away for a while. You’ll still be able to find all your recent tabs, but we’re also making it easier to browse content, start a new Search or easily get back to your most frequently visited sites. This change will also come to Android soon.

Image of Chrome browser new tab page on an iPhone, which includes quick links to recent tabs, bookmarks, history and the Discover feed.

4. Translate websites faster into your language

We’re also using on-device machine learning to make those websites available in your preferred language. In particular, we are launching an updated language identification model to accurately figure out the language of the page you’re visiting, and whether it needs to be translated to match your preferences. As a result, we’re seeing many more successful translations every day.

5. Use Chrome Actions to quickly get things done

Coming soon, we’ll roll out Chrome Actions on iOS to help you get more things done quickly from the Chrome address bar. Soon, you’ll be able to save time by typing an action’s title into the address bar. The Chrome address bar also predicts when you could benefit from a Chrome Action based on the words that have been typed. Chrome Actions make it faster to do common activities on Chrome for iOS such as:

  • Clear Browsing Data
  • Open Incognito Tab
  • Set Chrome as Default Browser
Image of Chrome Actions on iOS, which specifically shows the Chrome address bar with the phrase “delete history” typed in.

We plan to bring even more innovation to Chrome on iOS in the coming weeks, so stay tuned. In the meantime, let us know if there are any features that you want to see by reaching out to us on Twitter @googlechrome.

Your Chromebook now works better with your other devices

During CES and I/O this year, we announced a few new Android and Chromebook features designed to help your phone and laptop work better together. Soon you’ll see some of those features roll out to your Chromebooks so you can try them yourself.

Easily access your recent photos

When you’re trying to stay on task, there’s nothing more distracting than switching between your phone and your laptop to get something done. Last year, we introduced Phone Hub, a built-in control center that lets you respond to text messages, check your phone’s battery, turn on tethering and more, all from your Chromebook.

With the latest update, you’ll now also have instant access to the latest photos you took on your phone — even if you’re offline. After taking a picture on your phone, it will automatically appear within Phone Hub on your laptop under “recent photos.” Just click on the image to download it, then it’s ready to be added to a document or email.

No more sending yourself emails with pictures or going through multiple steps to get an image from your phone to your laptop. The next time you’re recapping yesterday’s hike in an email to your friends, you can easily add your best photos to the message, without ever having to pick up your phone.

A zoomed in Chromebook Phone Hub exaggerates the new section called “Recent photos”.

In Phone Hub, you can see recent pictures that were shot on your Android phone.

Coming soon: connect headphones with a tap

Bluetooth-enabled headphones help you stay connected without wires, but that can be difficult when you can’t figure out how to set them up. We’ve all been there – trying to decipher the deeper meaning of tiny blue pulsing LEDs. With Fast Pair coming later this summer, it’s easier than ever to sync headphones or other compatible accessories to your Chromebook.

Just turn on your Chromebook’s Bluetooth, and it will automatically detect when a new pair of Bluetooth headphones are on, are nearby and are ready to be set up. A pop-up notification will appear and with one tap, your new accessory is connected and ready to go. No more digging through settings or struggling to figure out the right button to press to pair your headphones. Fast Pair also saves the connection to your Google Account, so both your Chromebook or a new Android phone will remember your headphones and seamlessly connect to them in the future.

Whether you want to use new headphones to watch a video, join a virtual meeting or listen to music, Fast Pair will make it hassle-free. This feature will be compatible with hundreds of different headphone models — and counting.

An image of a Chromebook showing a notification that headphones are ready to pair. An image of Pixel Buds floats over the picture.

Fast Pair on Chromebook will work with hundreds of headphones, including Pixel Buds.

Plus, share your ideas with Screencast

In case you missed it, earlier this month we announced the new, built-in Screencast app. Screencast lets anyone record, trim, and share transcribed videos automatically uploaded to Google Drive. You can even draw or write on the screen as you record using a touchscreen or stylus to diagram or illustrate key concepts.

Screencast makes it easy for anyone to record instructional videos, software demos, presentations, and more. It will start rolling out this week, so give it a go by tapping the Everything Button and searching for the Screencast app.

Later this year, we’ll introduce even more helpful features that will make all of your devices work better together. In the meantime, we’ll be back to share more exciting Chromebook announcements this summer. Stay tuned.

Meet Nathalia Silva, a Cloud Googler and DEI leader

Welcome to the latest edition of “My Path to Google,” where we talk to Googlers, interns and alumni about how they got to Google, what their roles are like and how they prepared for interviews.

Today’s post features Nathalia Silva — a Toronto-based program manager on the Google Cloud Learning team, and a leader of two employee resource groups supporting Latino Googlers.

Can you tell us a bit about yourself and your role at Google?

I work on the Google Cloud Learning team, whose mission is to train and certify millions of people on Google Cloud. As a program manager, I oversee processes that help design learning content, offerings and solutions for Google Cloud professionals. Outside of my core work, I’m a diversity, equity and inclusion (DEI) advocate, Star Wars fan and soccer lover — Fluminense is my favorite team!

How did you first become interested in tech?

I grew up in Rio de Janeiro, a beautiful city in Brazil. My mom and dad always believed in the power of education, but good high schools are expensive in my hometown. They both worked hard to provide access to a quality education for me and my brother. Through my parents' efforts and the support of my grandparents, uncles and aunts, I was able to attend an engineering university. Once I got there, I earned an academic scholarship to study in Toronto. After moving to Canada, most of my new friends were computer science students. They used to tell me about their projects and assignments, which inspired me to start studying computer science and eventually join the tech world.

Why did you apply to work at Google?

While working with local tech communities in Toronto, I met many Googlers who always spoke highly of their jobs and the company culture. This made me want to join the Google family. I also always wanted to work at a global company that fosters curiosity, and Google definitely does that. Most of my teammates love traveling and learning about different cultures — just like me!

Nathalia standing in front of a neon Google sign.

Nathalia in the office.

How did you first get involved in DEI work?

Being a first-generation Latina has helped shape my passion for DEI initiatives. Like many other first-gen college students, I struggled with financial challenges, racial discrimination, frequent homesickness and a lack of networking opportunities. So I founded an academic club offering networking events, workshops and career guidance to college students in Toronto. The club earned several academic awards and has evolved into a group that aims to connect women and kickstart their careers in tech.

How have you continued your DEI advocacy work at Google?

In addition to my previous work supporting groups such as women in tech and immigrants in Canada, I've always looked for a chance to help the Latino community. Once I started working at Google, I got involved with HOLA@ Google, an employee resource group that creates community for Latino Googlers and allies. Today, I am a global lead for HOLA@ and a founder of our local chapter, HOLA@ Toronto.

Nathalia poses in front of a large Android statue (which is dressed up as a cowboy).

Nathalia at Google’s Austin office during a Women in Tech conference in 2019.

What was it like interviewing for Google?

I loved every minute of it. My recruiter was really supportive, which helped make the process feel much more straightforward. It was also amazing to meet many different Googlers. Every Googler who interviewed me was attentive and supportive, which made a big difference in my interview performance.

Any tips for aspiring Googlers?

Never stop learning. Once you get an interview at Google, I recommend visiting both the Google Careers site and, if applicable to the role you’re applying for, Google Cloud’s training website. I didn't have much experience working with the cloud, so Google Cloud's training website was a key tool for me. It houses a number of resources to help you better understand core cloud products and services. Attending community events can also be helpful, since you get access to industry content and networking sessions.

Any advice for your past self?

I wish I could tell my past self to never stop believing in my potential. For some time, I doubted if I could get a job at Google, and this brought a lot of stress and anxiety into my life. Once I fully believed in my capabilities and knowledge, I built the confidence to apply to the role that I have now!

Meet Nathalia Silva, a Cloud Googler and DEI leader

Welcome to the latest edition of “My Path to Google,” where we talk to Googlers, interns and alumni about how they got to Google, what their roles are like and how they prepared for interviews.

Today’s post features Nathalia Silva — a Toronto-based program manager on the Google Cloud Learning team, and a leader of two employee resource groups supporting Latino Googlers.

Can you tell us a bit about yourself and your role at Google?

I work on the Google Cloud Learning team, whose mission is to train and certify millions of people on Google Cloud. As a program manager, I oversee processes that help design learning content, offerings and solutions for Google Cloud professionals. Outside of my core work, I’m a diversity, equity and inclusion (DEI) advocate, Star Wars fan and soccer lover — Fluminense is my favorite team!

How did you first become interested in tech?

I grew up in Rio de Janeiro, a beautiful city in Brazil. My mom and dad always believed in the power of education, but good high schools are expensive in my hometown. They both worked hard to provide access to a quality education for me and my brother. Through my parents' efforts and the support of my grandparents, uncles and aunts, I was able to attend an engineering university. Once I got there, I earned an academic scholarship to study in Toronto. After moving to Canada, most of my new friends were computer science students. They used to tell me about their projects and assignments, which inspired me to start studying computer science and eventually join the tech world.

Why did you apply to work at Google?

While working with local tech communities in Toronto, I met many Googlers who always spoke highly of their jobs and the company culture. This made me want to join the Google family. I also always wanted to work at a global company that fosters curiosity, and Google definitely does that. Most of my teammates love traveling and learning about different cultures — just like me!

Nathalia standing in front of a neon Google sign.

Nathalia in the office.

How did you first get involved in DEI work?

Being a first-generation Latina has helped shape my passion for DEI initiatives. Like many other first-gen college students, I struggled with financial challenges, racial discrimination, frequent homesickness and a lack of networking opportunities. So I founded an academic club offering networking events, workshops and career guidance to college students in Toronto. The club earned several academic awards and has evolved into a group that aims to connect women and kickstart their careers in tech.

How have you continued your DEI advocacy work at Google?

In addition to my previous work supporting groups such as women in tech and immigrants in Canada, I've always looked for a chance to help the Latino community. Once I started working at Google, I got involved with HOLA@ Google, an employee resource group that creates community for Latino Googlers and allies. Today, I am a global lead for HOLA@ and a founder of our local chapter, HOLA@ Toronto.

Nathalia poses in front of a large Android statue (which is dressed up as a cowboy).

Nathalia at Google’s Austin office during a Women in Tech conference in 2019.

What was it like interviewing for Google?

I loved every minute of it. My recruiter was really supportive, which helped make the process feel much more straightforward. It was also amazing to meet many different Googlers. Every Googler who interviewed me was attentive and supportive, which made a big difference in my interview performance.

Any tips for aspiring Googlers?

Never stop learning. Once you get an interview at Google, I recommend visiting both the Google Careers site and, if applicable to the role you’re applying for, Google Cloud’s training website. I didn't have much experience working with the cloud, so Google Cloud's training website was a key tool for me. It houses a number of resources to help you better understand core cloud products and services. Attending community events can also be helpful, since you get access to industry content and networking sessions.

Any advice for your past self?

I wish I could tell my past self to never stop believing in my potential. For some time, I doubted if I could get a job at Google, and this brought a lot of stress and anxiety into my life. Once I fully believed in my capabilities and knowledge, I built the confidence to apply to the role that I have now!

Spyware vendor targets users in Italy and Kazakhstan

Google has been tracking the activities of commercial spyware vendors for years, and taking steps to protect people. Just last week, Google testified at the EU Parliamentary hearing on “Big Tech and Spyware” about the work we have done to monitor and disrupt this thriving industry.

Seven of the nine zero-day vulnerabilities our Threat Analysis Group discovered in 2021 fall into this category: developed by commercial providers and sold to and used by government-backed actors. TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government-backed actors.

Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits. This makes the Internet less safe and threatens the trust on which users depend.

Today, alongside Google’s Project Zero, we are detailing capabilities we attribute to RCS Labs, an Italian vendor that uses a combination of tactics, including atypical drive-by downloads as initial infection vectors, to target mobile users on both iOS and Android. We have identified victims located in Italy and Kazakhstan.

Campaign Overview

All campaigns TAG observed originated with a unique link sent to the target. Once clicked, the page attempted to get the user to download and install a malicious application on either Android or iOS. In some cases, we believe the actors worked with the target’s ISP to disable the target’s mobile data connectivity. Once disabled, the attacker would send a malicious link via SMS asking the target to install an application to recover their data connectivity. We believe this is the reason why most of the applications masqueraded as mobile carrier applications. When ISP involvement is not possible, applications are masqueraded as messaging applications.

An example screenshot from one of the attacker controlled sites, www.fb-techsupport[.]com.

An example screenshot from one of the attacker controlled sites, www.fb-techsupport[.]com.

The page, in Italian, asks the user to install one of these applications in order to recover their account. Looking at the code of the page, we can see that only the WhatsApp download links are pointing to attacker controlled content for Android and iOS users.

code

iOS Drive-By

To distribute the iOS application, attackers simply followed Apple instructions on how to distribute proprietary in-house apps to Apple devices and used the itms-services protocol with the following manifest file and using com.ios.Carrier as the identifier.

code

The resulting application is signed with a certificate from a company named 3-1 Mobile SRL (Developer ID: 58UP7GFWAA). The certificate satisfies all of the iOS code signing requirements on any iOS devices because the company was enrolled in the Apple Developer Enterprise Program.

These apps still run inside the iOS app sandbox and are subject to the exact same technical privacy and security enforcement mechanisms (e.g. code side loading) as any App Store apps. They can, however, be sideloaded on any device and don't need to be installed via the App Store. We do not believe the apps were ever available on the App Store.

The app is broken up into multiple parts. It contains a generic privilege escalation exploit wrapper which is used by six different exploits. It also contains a minimalist agent capable of exfiltrating interesting files from the device, such as the Whatsapp database.

The app we analyzed contained the following exploits:

  • CVE-2018-4344internally referred to and publicly known as LightSpeed.
  • CVE-2019-8605 internally referred to as SockPort2 and publicly known as SockPuppet
  • CVE-2020-3837 internally referred to and publicly known as TimeWaste.
  • CVE-2020-9907 internally referred to as AveCesare.
  • CVE-2021-30883 internally referred to as Clicked2, marked as being exploited in-the-wild by Apple in October 2021.
  • CVE-2021-30983 internally referred to as Clicked3, fixed by Apple in December 2021.

All exploits used before 2021 are based on public exploits written by different jailbreaking communities. At the time of discovery, we believe CVE-2021-30883 and CVE-2021-30983were two 0-day exploits. In collaboration with TAG, Project Zero has published the technical analysis of CVE-2021-30983.

Android Drive-By

Installing the downloaded APK requires the victim to enable installation of applications from unknown sources. Although the applications were never available in Google Play, we have notified the Android users of infected devices and implemented changes in Google Play Protect to protect all users.

Android Implant

This analysis is based on fe95855691cada4493641bc4f01eb00c670c002166d6591fe38073dd0ea1d001 that was uploaded to VirusTotal on May 27. We have not identified many differences across versions. This is the same malware family that was described in detail by Lookout on June 16.

The Android app disguises itself as a legitimate Samsung application via its icon:

samsung

When the user launches the application, a webview is opened that displays a legitimate website related to the icon.

Upon installation, it requests many permissions via the Manifest file:

table

The configuration of the application is contained in the res/raw/out resource file. The configuration is encoded with a 105-byte XOR key. The decoding is performed by a native library libvoida2dfae4581f5.so that contains a function to decode the configuration. A configuration looks like the following:

code

Older samples decode the configuration in the Java code with a shorter XOR key.

The C2 communication in this sample is via Firebase Cloud Messaging, while in other samples, Huawei Messaging Service has been observed in use. A second C2 server is provided for uploading data and retrieving modules.

While the APK itself does not contain any exploits, the code hints at the presence of exploits that could be downloaded and executed. Functionality is present to fetch and run remote modules via the DexClassLoader API. These modules can communicate events to the main app. The names of these events show the capabilities of these modules:

code

TAG did not obtain any of the remote modules.

Protecting Users

This campaign is a good reminder that attackers do not always use exploits to achieve the permissions they need. Basic infection vectors and drive by downloads still work and can be very efficient with the help from local ISPs.

To protect our users, we have warned all Android victims, implemented changes in Google Play Protect and disabled Firebase projects used as C2 in this campaign.

How Google is Addressing the Commercial Spyware Industry

We assess, based on the extensive body of research and analysis by TAG and Project Zero, that the commercial spyware industry is thriving and growing at a significant rate. This trend should be concerning to all Internet users.

These vendors are enabling the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities in-house. While use of surveillance technologies may be legal under national or international laws, they are often found to be used by governments for purposes antithetical to democratic values: targeting dissidents, journalists, human rights workers and opposition party politicians.

Aside from these concerns, there are other reasons why this industry presents a risk to the Internet. While vulnerability research is an important contributor to online safety when that research is used to improve the security of products, vendors stockpiling zero-day vulnerabilities in secret poses a severe risk to the Internet especially if the vendor gets compromised. This has happened to multiple spyware vendors over the past ten years, raising the specter that their stockpiles can be released publicly without warning.

This is why when Google discovers these activities, we not only take steps to protect users, but also disclose that information publicly to raise awareness and help the entire ecosystem, in line with our historical commitment to openness and democratic values.

Tackling the harmful practices of the commercial surveillance industry will require a robust, comprehensive approach that includes cooperation among threat intelligence teams, network defenders, academic researchers, governments and technology platforms. We look forward to continuing our work in this space and advancing the safety and security of our users around the world.

Indicators of Compromise

Sample hashes

  • APK available on VirusTotal:
    • e38d7ba21a48ad32963bfe6cb0203afe0839eca9a73268a67422109da282eae3
    • fe95855691cada4493641bc4f01eb00c670c002166d6591fe38073dd0ea1d001
    • 243ea96b2f8f70abc127c8bc1759929e3ad9efc1dec5b51f5788e9896b6d516e
    • a98a224b644d3d88eed27aa05548a41e0178dba93ed9145250f61912e924b3e9
    • c26220c9177c146d6ce21e2f964de47b3dbbab85824e93908d66fa080e13286f
    • 0759a60e09710321dfc42b09518516398785f60e150012d15be88bbb2ea788db
    • 8ef40f13c6192bd8defa7ac0b54ce2454e71b55867bdafc51ecb714d02abfd1a
    • 9146e0ede1c0e9014341ef0859ca62d230bea5d6535d800591a796e8dfe1dff9
    • 6eeb683ee4674fd5553fdc2ca32d77ee733de0e654c6f230f881abf5752696ba

Drive-by download domains

  • fb-techsupport[.]com
  • 119-tim[.]info
  • 133-tre[.]info
  • 146-fastweb[.]info
  • 155-wind[.]info
  • 159-windtre[.]info
  • iliad[.]info
  • kena-mobile[.]info
  • mobilepays[.]info
  • my190[.]info
  • poste-it[.]info
  • ho-mobile[.]online

C2 domains

  • project1-c094e[.]appspot[.]com
  • fintur-a111a[.]appspot[.]com
  • safekeyservice-972cd[.]appspot[.]com
  • comxdjajxclient[.]appspot[.]com
  • comtencentmobileqq-6ffb5[.]appspot[.]com

C2 IPs

  • 93[.]39[.]197[.]234
  • 45[.]148[.]30[.]122
  • 2[.]229[.]68[.]182
  • 2[.]228[.]150[.]86

A search for bold ideas to drive climate action

Google has been committed to climate action for decades — and during that time, we've learned that we can have the biggest impact on our planet by working together. That’s why we’re launching a $30 million Google.org Impact Challenge on Climate Innovation — an open call for ambitious projects from nonprofits and social enterprises that accelerate advances in climate information and action, driven by open data, AI, machine learning and other digital tools.

We’re leading by example at Google by setting a goal to achieve net-zero emissions across all of our operations and value chain, including our consumer hardware products, by 2030. We’re going even further for our data centers and campuses, with a moonshot goal to operate on 24/7 carbon-free energy by the end of the decade. Our work to procure clean energy around the world not only helps us decarbonize our own operations, but also greens the local grids where we’re based, benefitting entire regions.

But when it comes to solving a problem as big and urgent as climate change, we get more done when we partner together. So we’re using our technology to make critical climate data available to everyone. Cities are using our Environmental Insights Explorer to better understand their emissions data, solar potential, air quality and tree canopy coverage. Customers are using innovative new tools in Google Cloud like Carbon Footprint, which helps companies accurately measure the gross carbon footprint of their cloud usage. And Google users can make more sustainable choices with information like the carbon footprint of their travel — whether finding flights with lower carbon emissions or choosing fuel-efficient driving directions in Google Maps.

Drive climate action through data

Through theGoogle.org Impact Challenge on Climate Innovation, we'll build on this work by supporting nonprofits and social enterprises that demonstrate the power of digital technology in climate innovation. Six projects will receive $5 million each in funding, along with in-kind donations of Google’s products and technical expertise through Google.org Fellowships and more. These funds will speed up the collection of data and development of tools that advocates, policymakers, businesses and individuals need to drive positive impact.

Open data and advanced digital tools, including AI and machine learning, can give way to new climate solutions that simply wouldn’t have been possible in the past. These technologies can reveal patterns and insights that were otherwise hidden in a mountain of data. Since 2018, Google.org has supported a wide range of climate innovators that can help us make better planning decisions by modeling future outcomes — including projects that map emissions on a global scale; show people the most effective places to restore ecosystems; and help small businesses understand their carbon footprint, to name a few. Tools like these make the climate information around us more accessible and useful.

This year’s Impact Challenge builds off the success of Google.org’s Impact Challenge on Climate in Europe in 2020, and a $6 million Google.org Sustainability Seed Fund launched earlier this year for the Asia-Pacific region.

Apply now with your bold ideas

Applications for the Google.org Impact Challenge on Climate Innovation are now open at g.co/climatechallenge. We encourage organizations to apply early, as priority consideration will be given to proposals received by July 29. Selected organizations will be announced on a rolling basis throughout the year, and the application window will remain open until all six projects have been selected.

A search for bold ideas to drive climate action

Google has been committed to climate action for decades — and during that time, we've learned that we can have the biggest impact on our planet by working together. That’s why we’re launching a $30 million Google.org Impact Challenge on Climate Innovation — an open call for ambitious projects from nonprofits and social enterprises that accelerate advances in climate information and action, driven by open data, AI, machine learning and other digital tools.

We’re leading by example at Google by setting a goal to achieve net-zero emissions across all of our operations and value chain, including our consumer hardware products, by 2030. We’re going even further for our data centers and campuses, with a moonshot goal to operate on 24/7 carbon-free energy by the end of the decade. Our work to procure clean energy around the world not only helps us decarbonize our own operations, but also greens the local grids where we’re based, benefitting entire regions.

But when it comes to solving a problem as big and urgent as climate change, we get more done when we partner together. So we’re using our technology to make critical climate data available to everyone. Cities are using our Environmental Insights Explorer to better understand their emissions data, solar potential, air quality and tree canopy coverage. Customers are using innovative new tools in Google Cloud like Carbon Footprint, which helps companies accurately measure the gross carbon footprint of their cloud usage. And Google users can make more sustainable choices with information like the carbon footprint of their travel — whether finding flights with lower carbon emissions or choosing fuel-efficient driving directions in Google Maps.

Drive climate action through data

Through theGoogle.org Impact Challenge on Climate Innovation, we'll build on this work by supporting nonprofits and social enterprises that demonstrate the power of digital technology in climate innovation. Six projects will receive $5 million each in funding, along with in-kind donations of Google’s products and technical expertise through Google.org Fellowships and more. These funds will speed up the collection of data and development of tools that advocates, policymakers, businesses and individuals need to drive positive impact.

Open data and advanced digital tools, including AI and machine learning, can give way to new climate solutions that simply wouldn’t have been possible in the past. These technologies can reveal patterns and insights that were otherwise hidden in a mountain of data. Since 2018, Google.org has supported a wide range of climate innovators that can help us make better planning decisions by modeling future outcomes — including projects that map emissions on a global scale; show people the most effective places to restore ecosystems; and help small businesses understand their carbon footprint, to name a few. Tools like these make the climate information around us more accessible and useful.

This year’s Impact Challenge builds off the success of Google.org’s Impact Challenge on Climate in Europe in 2020, and a $6 million Google.org Sustainability Seed Fund launched earlier this year for the Asia-Pacific region.

Apply now with your bold ideas

Applications for the Google.org Impact Challenge on Climate Innovation are now open at g.co/climatechallenge. We encourage organizations to apply early, as priority consideration will be given to proposals received by July 29. Selected organizations will be announced on a rolling basis throughout the year, and the application window will remain open until all six projects have been selected.

How Sales Academy helped three women founders grow

We frequently hear from startup founders that it’s difficult to acquire new customers and partners, especially when they’re just getting started. This can be even more difficult for underrepresented founders like women, who often lack the built-in connections to networks and funding needed to grow. This inequity is one of the reasons why women-led startups received just 2.3% of global venture capital funding in 2020.

We believe equipping founders of all backgrounds with critical sales skills at the beginning of their process is the best way to build confidence for lasting success. Google for Startups Sales Academy is designed to provide startup founders with essential sales skills and practices they can implement immediately to obtain new customers and partnerships and secure funding.

Most recently, we ran a Sales Academy tailored specifically to the needs of women founders in Asia Pacific, during what is a very exciting time to be building a startup in the region. Twelveentrepreneurs participated in weekly training modules based on Google and Accelerate Performance’s signature THRIVE concept, with each session focusing on a specific sales skill, like “Preparing to win with THINK” or “Asking better questions with REQUEST.”

Participating founders reported a 50% increase in overall confidence by the end of the program — exactly the kind of shift in mindset needed to help close the gender gap in startup communities around the world.

After the program’s conclusion late last month, we talked to three of the participants to hear how Sales Academy helped their business grow: Sanskriti Dawle, founder of Thinkerbell Labs, Saloni Mehta, founder of Tactopus Learning Solutions, and Shilpa Datar, founder ofSwayam Analytics.

  • Sanskriti Dawle, founder of Thinkerbell Labs, smiles at the camera. She has long hair, blue glasses, and a black shirt.

    Sanskriti Dawle, founder of Thinkerbell Labs

  • Saloni Mehta, founder of Tactopus Learning Solutions, smiles at the camera with her head tilted slightly to one side. She holds a white sign that reads "tactopus" in pink letters, and wears a sleeveless floral top.

    Saloni Mehta, founder of Tactopus Learning Solutions

  • Shilpa Datar, founder of Swayam Analytics, smiles at the camera. She has short dark hair and wears a pink, beige, and white top.

    Shilpa Datar, founder ofSwayam Analytics.

What inspired you to apply for Google for Startups Sales Academy?

Sanskriti: I’m at the point as a founder where I need to move the business beyond individual impact. With THRIVE, now I have a framework I can use, instead of just instinct, as I grow the business.

Saloni: I’m always eager to learn. Sales Academy felt like school in the best way: combining theory and practical application. This is particularly helpful for entrepreneurs since your brain is all over the place when you’re running a business and you’re always time-poor.

Shilpa: I am not a sales person by nature. I used to struggle with reading cues and nuances in conversations. Sales Academy taught me how to gauge the interest of a person by reading what they say versus what they mean, and how to talk about the benefit of my product, rather than just the feature.

What’s the biggest takeaway you’ve had since joining Sales Academy?

Sanskriti: It made me more confident. I also notice myself having longer conversations and ending most conversations with a solid next step.

Saloni: I’m usually a very direct person and so I tend to avoid small talk. However, with help from Sales Academy, I am making more of an effort to humanize my conversations. It has not only helped me with my conversations, but also made it possible to structure things like handling objections for my entire team.

Shilpa: Sales Academy helped me understand the difference between my product’s features and its benefits very clearly, and helped me communicate that difference to my clients and colleagues in Swayam. Another wonderful benefit that I got is in addressing clients' objections in a structured way.

How did it feel to participate in a program specifically for women founders?

Sanskriti: It was a very powerful training session. When it ended, I started a WhatsApp group to stay connected with and continue to support the other founders who went through the program.

Saloni: It was highly rewarding without being time intensive. The facilitators did a great job of being mindful and respectful of time, and structured each session incredibly well.

Shilpa: Since the whole cohort was female, it was easy to bounce a few thoughts on gender discrimination we face with clients, and I realized that I am not alone in this! Knowing others face the same issue really helped to put client interactions in a different perspective to better handle them.

Learn more about other Google for Startups programs such as ourAccelerator: Women Founders on startup.google.com.