Image by Matthew Henry, from Unsplash

Google Lifts Ban On AI Use For Weapons And Surveillance Technologies

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Alphabet, Google’s parent company, has reversed its promise not to use AI for developing weapons or surveillance tools.

In a Rush? Here are the Quick Facts!

• Google updated its AI ethics guidelines, removing harm-related restrictions, just before earnings report.
• AI head Demis Hassabis emphasized national security and global AI competition as key factors.
• Experts warn that Google’s updated guidelines could lead to more autonomous weapons development.

On Tuesday, just before reporting lower-than-expected earnings, the company updated its AI ethics guidelines, removing references to avoiding technologies that could cause harm, as reported by The Guardian .

Google’s AI head, Demis Hassabis, explained that the guidelines were being revised to adapt to a changing world, with AI now being seen as crucial to protecting “national security.”

In a blog post , Hassabis and senior vice-president James Manyika emphasized that as global AI competition intensifies, the company believes “democracies should lead in AI development,” guided by principles of “freedom, equality, and respect for human rights.”

WIRED highlighted that Google shared updates to its AI principles in a note added to the top of a 2018 blog post introducing the guidelines. “We’ve made updates to our AI Principles. Visit AI.Google for the latest,” the note reads.

Aljazeera reported that Google first introduced its AI principles in 2018 following employee protests over the company’s involvement in the U.S. Department of Defense’s Project Maven, which explored using AI to help the military identify targets for drone strikes.

In response to the backlash, which led to employee resignations and thousands of petitions, Google decided not to renew its Pentagon contract. Later that year, Google also chose not to compete for a $10 billion cloud computing contract with the Pentagon, citing concerns that the project might not align with its AI principles, as noted by Aljazeera.

However, in Tuesday’s announcement, Google revised its AI commitments. The updated webpage no longer lists specific prohibited uses for its AI projects, instead giving the company more flexibility to explore sensitive applications.

The revised document now emphasizes that Google will maintain “appropriate human oversight, due diligence, and feedback mechanisms to align with user goals, social responsibility, and widely accepted principles of international law and human rights.” Additionally, the company states its intention to “mitigate unintended or harmful outcomes.”

However, experts warn that AI could soon be widely deployed on the battlefield, although concerns are rising over its use, especially in relation to autonomous weapons systems.

“For a global industry leader to abandon red lines it set for itself signals a concerning shift, at a time when we need responsible leadership in AI more than ever,” said Anna Bacciarelli, senior AI researcher at Human Rights Watch, as reported by BBC .

Bacciarelli also noted that the “unilateral” decision highlights “why voluntary principles are not an adequate substitute for regulation and binding law.”

Image by James Yarema, from Unsplash

SparkCat: Multi-Platform Malware Spreading Through App Stores

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Cybersecurity researchers from Kaspersky have uncovered a new malware campaign dubbed “SparkCat,” targeting both Android and iOS users through official app stores, including Google Play and the Apple App Store.

In a Rush? Here are the Quick Facts!

• SparkCat malware campaign targets government and telecom entities worldwide.
• Attackers use modified open-source tools for initial access and persistence.
• SparkRat, a multi-platform RAT, enables remote control of infected systems.

Kaspersky says that this marks the first instance of a stealer being found within Apple’s ecosystem, raising concerns over security vulnerabilities in mobile applications.

The malware, embedded within a malicious software development kit (SDK), was discovered in Android and iOS applications that had amassed over 242,000 downloads.

SparkCat primarily functions as an optical character recognition (OCR) stealer, scanning images in users’ device galleries to extract crypto wallet recovery phrases. This technique allows attackers to bypass traditional security measures and gain unauthorized access to victims’ digital assets.

ESET’s investigation traced SparkCat’s activity back to March 2024. The malware operates by utilizing an OCR plug-in built with Google’s ML Kit library to identify and extract sensitive text from images.

The stolen data is then sent to a command-and-control (C2) server using a communication protocol implemented in Rust—a programming language rarely used in mobile applications, further obfuscating its operations.

One of the infected apps, a food delivery service named “ComeCome,” was found on Google Play with over 10,000 downloads. TIn its version 2.0.0, the app secretly included harmful software called “Spark.”

Once installed, Spark connected to a GitLab repository to download hidden instructions, which it decoded and decrypted. If that failed, it used backup settings already built into the malware.

To steal data, the malware used strong encryption before sending it to a hacker-controlled server. It layered encryption methods, including AES-256, RSA keys, and compression, making it hard for security experts to track or crack the stolen information.

Infected apps prompted users to grant access to their photo galleries under the pretense of customer support interactions. If permission was granted, the malware actively searched for crypto-related keywords in multiple languages, including English, Chinese, and French, to identify valuable recovery phrases.

Security experts warn users to exercise caution when downloading apps, even from official sources, and to regularly audit app permissions to mitigate potential threats.

The discovery of SparkCat underscores the persistent risks posed by sophisticated malware campaigns within trusted digital marketplaces.