Digital Forensics Research & Service Center - DFRSC

Digital Forensics Research & Service Center - DFRSC

Share

08/06/2026

Smart TVs and Free Apps May Be Quietly Using Your Internet for AI Web Scraping

A recent cybersecurity report highlights a hidden practice happening inside some free apps: they may be turning everyday devices like smart TVs, phones, and other connected systems into background “proxy nodes” for internet traffic.

Researchers discovered that certain apps include embedded software (SDKs) that can route web requests through users’ home internet connections often without users fully realizing the scale of what is happening.
How it works
Free apps integrate a third-party SDK
When installed, it connects your device to a proxy network
Your smart TV or phone may be used to fetch data from websites
This traffic can run silently in the background, especially on always-on devices like smart TVs
Why this is concerning
Your internet bandwidth is being used
Your home IP address may be part of proxy traffic
Consent screens may not clearly explain real usage
Smart TVs are particularly exposed due to constant connectivity
Why this is happening now

With the rise of AI, companies need massive amounts of web data for training and automation. Since many websites block data center IPs, residential internet connections are increasingly being used as an alternative source for scraping traffic.

What users can do
Review and remove unnecessary apps on smart TVs and mobile devices
Use network monitoring tools like Pi-hole or NextDNS
Block suspicious proxy-related domains at router level
Keep devices and apps updated
Final thought

This is not traditional hacking but it raises important questions about transparency, consent, and how “free” apps are actually funded and operated in the background.

20/05/2026

**Supply Chain Attack Alert: Compromised GitHub Actions Workflow**

A recent software supply chain incident has affected the popular GitHub Actions workflow **actions-cool/issues-helper**, exposing a serious risk to CI/CD pipelines.

Security researchers found that attackers compromised all existing tags in the repository and redirected them to a malicious “imposter commit.” This commit is not part of the original trusted history and was used to inject harmful code into workflows that rely on version tags.

What the malicious code does:

* Downloads the Bun JavaScript runtime on GitHub runners
* Extracts sensitive credentials from the CI/CD environment memory
* Exfiltrates stolen data to an attacker-controlled domain

Additionally, another related action, **actions-cool/maintain-one-comment**, was also found to be compromised in a similar way.

Why this is dangerous:

This attack highlights a critical weakness in how GitHub Actions are often used. When workflows reference actions by **tags instead of full commit SHAs**, they become vulnerable to upstream tampering. In this case, every tagged version now points to malicious code.

Key takeaway:

To stay protected, CI/CD pipelines should:

* Pin actions to a **specific full commit SHA**
* Regularly audit third-party GitHub Actions
* Monitor for unexpected changes in dependencies

GitHub has since disabled the affected repository due to policy violations, but the incident serves as another strong reminder that supply chain security is only as strong as its weakest dependency.

12/05/2026

New Banking Malware Alert: TCLBANKER

Cybersecurity researchers have discovered a dangerous Brazilian banking trojan called TCLBANKER targeting banks, fintech apps, and cryptocurrency platforms.

What makes it dangerous?
• Steals banking credentials and sensitive data
• Uses fake login overlays & fake Windows update screens
• Can remotely control victim devices
• Spreads through WhatsApp Web & Microsoft Outlook
• Sends malware directly from victims’ own accounts

The malware also uses advanced anti-detection techniques to avoid antivirus and security analysis tools.

Stay Safe:
Avoid opening unknown ZIP/MSI files
Verify email attachments before opening
Enable 2FA on financial accounts
Keep antivirus and software updated

Want your business to be the top-listed Computer & Electronics Service in Lahore?
Click here to claim your Sponsored Listing.

Address


Lahore Garrison University. , Sector C DHA Phase 6
Lahore

Opening Hours

Monday 08:00 - 16:00
Tuesday 08:00 - 16:00
Wednesday 08:00 - 16:00
Thursday 08:00 - 16:00
Friday 08:00 - 15:00