Decrypted Telegram bot chatter revealed as new Windows malware

Sometimes it take a small bug in one thing to find something massive elsewhere.

During an investigation recent, security firm Forcepoint Labs said it found a new kind of malware that was found taking instructions from a hacker sending commands over the encrypted messaging app Telegram .

The researchers described their newly discovered malware, dubbed GoodSender, as a “fairly simple” Windows-based malware that’s about a year old, which uses Telegram as the method to listen and wait for commands. Once the malware infects its target, it creates a new administrator account and enables remote desktop — and waits. As soon as the malware infects, it sends back the username and randomly generated password to the hacker through Telgram.

It’s not the first time malware has used a commercial product to communicate with malware. If it’s over the internet, hackers are hiding commands in pictures posted to Twitter or in comments left on celebrity Instagram posts.

But using an encrypted messenger makes it far harder to detect. At least, that’s the theory.

Forcepoint said in its research out Thursday that it only stumbled on the malware after it found a vulnerability in Telegram’s notoriously bad encryption.

End-to-end messages are encrypted using the app’s proprietary MTProto protocol, long slammed by cryptographers for leaking metadata and having flaws, and likened to “being stabbed in the eye with a fork.” Its bots, however, only use traditional TLS — or HTTPS — to communicate. The leaking metadata makes it easy to man-in-the-middle the connection and abuse the bots’ API to read bot sent-and-received messages, but also recover the full messaging history of the target bot, the researchers say.

When the researchers found the hacker using a Telegram bot to communicate with the malware, they dug in to learn more.

Fortunately, they were able to trace back the bot’s entire message history to the malware because each message had a unique message ID that increased incrementally, allowing the researchers to run a simple script to replay and scrape the bot’s conversation history.

The GoodSender malware is active and sends its first victim information. (Image: Forcepoint)

“This meant that we could track [the hacker’s] first steps towards creating and deploying the malware all the way through to current campaigns in the form of communications to and from both victims and test machines,” the researchers said.

Your bot uncovered, your malware discovered — what can make it worse for the hacker? The researchers know who they are.

Because the hacker didn’t have a clear separation between their development and production workspaces, the researchers say they could track the malware author because they used their own computer and didn’t mask their IP address.

The researchers could also see exactly what commands the malware would listen to: take screenshots, remove or download files, get IP address data, copy whatever’s in the clipboard, and even restart the PC.

But the researchers don’t have all the answers. How did the malware get onto victim computers in the first place? They suspect they used the so-called EternalBlue exploit, a hacking tool designed to target Windows computers, developed by and stolen from the National Security Agency, to gain access to unpatched computers. And they don’t know how many victims there are, except that there is likely more than 120 victims in the U.S., followed by Vietnam, India, and Australia.

Forcepoint informed Telegram of the vulnerability. TechCrunch also reached out to Telegram’s founder and chief executive Pavel Durov for comment, but didn’t hear back.

If there’s a lesson to learn? Be careful using bots on Telegram — and certainly don’t use Telegram for your malware.

Opera brings a flurry of crypto features to its Android mobile browser

Crypto markets may be down down down, but that isn’t stopping Opera’s crypto feature — first released in beta in July — from rolling out to all users of its core mobile browser today as the company bids to capture the ‘decentralized internet’ flag early on.

Opera — the world’s fifth most-used browser, according to Statcounter — released the new Opera Browser for Android that includes a built-in crypto wallet for receiving and sending Bitcoin and other tokens, while it also allows for crypto-based commerce where supported. So on e-commerce sites that accept payment via Coinbase Commerce, or other payment providers, Opera users can buy using a password or even their fingerprint.

Those are the headline features that’ll get the most use in the here and now, but Opera is also talking up its support for “Web 3.0” — the so-called decentralized internet of the future based on blockchain technology.

For that, Opera has integrated the Ethereum web3 API which will allow users of the browser to access decentralized apps (dapps) based on Ethereum. There’s also token support for Cryptokitties, the once-hot collectible game that seemingly every single decentralized internet product works with in one way or another.

But, to be quite honest, there really isn’t much to see or use on Web 3.0 right now, the big bet is that there will be in the future.

Ethereum, like other cryptocurrencies, in a funk right now thanks to the bearish crypto market, but the popular refrain from developers is that low season is a good time to build. Well, Opera has just shipped the means to access Ethereum dapps, will the community respond and give people a reason to care?

Pessimism aside, this launch is notable because it has the potential to get blockchain-based tech into the daily habits of “millions” of people, Charles Hamel — Opera’s product lead for crypto — told TechCrunch over email.

While Opera can’t match the user base of Apple’s Safari or Google Chrome — both of which have the advantage of bundling a browser with a mobile OS — Opera does have a very loyal following, which makes this release one of the most impactful blockchain launches to date.

Note: The author owns a small amount of cryptocurrency. Enough to gain an understanding, not enough to change a life.

Red Hat acquires hybrid cloud data management service NooBaa

Red Hat is in the process of being acquired by IBM for a massive $34 billion, but that deal hasn’t closed yet and, in the meantime, Red Hat is still running independently and making its own acquisitions, too. As the company today announced, it has acquired Tel Aviv-based NooBaa, an early-stage startup that helps enterprises manage their data more easily and access their various data providers through a single API.

NooBaa’s technology makes it a good fit for Red Hat, which has recently emphasized its ability to help enterprise more effectively manage their hybrid and multicloud deployments. At its core, NooBaa is all about bringing together various data silos, which should make it a good fit in Red Hat’s portfolio. With OpenShift and the OpenShift Container Platform, as well as its Ceph Storage service, Red Hat already offers a range of hybrid cloud tools, after all.

“NooBaa’s technologies will augment our portfolio and strengthen our ability to meet the needs of developers in today’s hybrid and multicloud world,” writes Ranga Rangachari, the VP and general manager for storage and hyperconverged infrastructure at Red Hat, in today’s announcement. “We are thrilled to welcome a technical team of nine to the Red Hat family as we work together to further solidify Red Hat as a leading provider of open hybrid cloud technologies.”

While virtually all of Red Hat’s technology is open source, NooBaa’s code is not. The company says that it plans to open source NooBaa’s technology in due time, though the exact timeline has yet to be determined.

NooBaa was founded in 2013. The company has raised some venture funding from the likes of Jerusalem Venture Partners and OurCrowd, with a strategic investment from Akamai Capital thrown in for good measure. The company never disclosed the size of that round, though, and neither Red Hat nor NooBaa are disclosing the financial terms of the acquisition.

The US Postal Service exposed data of 60 million users

A broken US Postal Service API exposed from over 60 million users and allowed a researcher to pull millions of rows of data by sending wildcard requests to the server. The resulting security hole has been patched after repeated requests to the USPS.

The USPS service, called InformedDelivery, allows you to view your mail before it arrives at your home and offered an API to allow users to connect their mail to specialized services like CRMs. We profiled in the service in 2017.

The anonymous researcher showed that the service accepted wildcards for many searches, allowing any user to see any other users on the site. Brian Krebs has a copy of the API on his site.

The USPS told Krebs that it had investigated the hack and that:

“Computer networks are constantly under attack from criminals who try to exploit vulnerabilities to illegally obtain information. Similar to other companies, the Postal Service’s Information Security program and the Inspection Service uses industry best practices to constantly monitor our network for suspicious activity.”

“Any information suggesting criminals have tried to exploit potential vulnerabilities in our network is taken very seriously. Out of an abundance of caution, the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law.”

Krebs also reported that identity thieves are misusing the service to see what mail is arriving at users homes on which days, allowing them to grab important documents and checks at will. The API hole is currently patched but there is no telling what other mishandled features will crop up in this powerful tool.

Facebook is still facing ‘intermittent’ outages for advertisers ahead of Black Friday and Cyber Monday

One day after experiencing a massive outage across its ad network, Facebook, one of the most important online advertising platforms, is still seeing “intermittent” issues for its ad products at one of the most critical times of the year for advertisers.

According to a spokesperson for the company, while most systems are restored there are still intermittent issues that could affect advertisers.

For most of the day yesterday, advertisers were unable to create and edit campaigns through Ads Manager or the Ads API tools.

The company said that existing ads were delivered, but advertisers could not set new campaigns or make any changes to existing campaigns, according to several users of the network.

Reporting has been restored for all interfaces, according to the company, but conversion data may be delayed throughout the day for the Americas and in the evening for other regions.

The company declined to comment on how many campaigns were affected by the outage or on whether it intends to compensate or make up for the outage with advertisers on the platform.

Some advertisers are still experiencing outages and are not happy about it.

This is a bad look for a company that is already fighting fires on any number of other fronts. But unlike the problems with bullying, hate speech, and disinformation that don’t impact the ways Facebook makes money, selling ads is actually how Facebook makes money.

In the busiest shopping season of the year (and therefore one of the busiest advertising seasons of the year) for Facebook to have no response and for some developers to still be facing intermittent outages on the platform is a bad sign.

Metacert’ Cryptonite can catch phishing links in your email

Metacert, founded by Paul Walsh, originally began as a way to watch chat rooms for fake Ethereum scams. Walsh, who was an early experimenter in cryptocurrencies, grew frustrated when he saw hackers dumping fake links into chat rooms, resulting in users regularly losing cash to scammers.

Now Walsh has expanded his software to email. A new product built for email will show little green or red shields next to links, confirming that a link is what it appears to be. A fake link would appear red while a real PayPal link, say, would appear green. The plugin works with Apple’s Mail app on the iPhone and is called Cryptonite.

“The system utilizes the MetaCert Protocol infrastructure/registry,” said Walsh. “It contains 10 billion classified URLs. This is at the core of all of MetaCert’s products and services. It’s a single API that’s used to protect over 1 million crypto people on Telegram via a security bot and it’s the same API that powers the integration that turned off phishing for the crypto world in 2017. Even when links are shortened? MetaCert unfurls them until it finds the real destination site, and then checks the Protocol to see if it’s verified, unknown or classified as phishing. It does all this in less that 300ms.”

Walsh is also working on a system to scan for Fake News in the wild using a similar technology to his anti-phishing solution. The company is raising currently and is working on a utility token.

Walsh sees his first customers as enterprise and expects IT shops to implement the software to show employees which links are allowed, i.e. company or partner links, and which ones are bad.

“It’s likely we will approach this top down and bottom up, which is unusual for enterprise security solutions. But ours is an enterprise service that anyone can install on their phone in less than a minute,” he said. “SMEs isn’t typically a target market for email security companies but we believe we can address this massive market with a solution that’s not scary to setup and expensive to support. More research is required though, to see if our hypothesis is right.”

“With MetaCert’s security, training is reduced to a single sentence ‘if it doesn’t have a green shield, assume it’s not safe,” said Walsh.

D-Wave offers the first public access to a quantum computer

Outside the crop of construction cranes that now dot Vancouver’s bright, downtown greenways, in a suburban business park that reminds you more of dentists and tax preparers, is a small office building belonging to D-Wave. This office — squat, angular and sun-dappled one recent cool Autumn morning — is unique in that it contains an infinite collection of parallel universes.

Founded in 1999 by Geordie Rose, D-Wave worked in relative obscurity on esoteric problems associated with quantum computing. When Rose was a PhD student at the University of British Columbia, he turned in an assignment that outlined a quantum computing company. His entrepreneurship teacher at the time, Haig Farris, found the young physicists ideas compelling enough to give him $1,000 to buy a computer and a printer to type up a business plan.

The company consulted with academics until 2005, when Rose and his team decided to focus on building usable quantum computers. The result, the Orion, launched in 2007, and was used to classify drug molecules and play Sodoku. The business now sells computers for up to $10 million to clients like Google, Microsoft and Northrop Grumman.

“We’ve been focused on making quantum computing practical since day one. In 2010 we started offering remote cloud access to customers and today, we have 100 early applications running on our computers (70 percent of which were built in the cloud),” said CEO Vern Brownell. “Through this work, our customers have told us it takes more than just access to real quantum hardware to benefit from quantum computing. In order to build a true quantum ecosystem, millions of developers need the access and tools to get started with quantum.”

Now their computers are simulating weather patterns and tsunamis, optimizing hotel ad displays, solving complex network problems and, thanks to a new, open-source platform, could help you ride the quantum wave of computer programming.

Inside the box

When I went to visit D-Wave they gave us unprecedented access to the inside of one of their quantum machines. The computers, which are about the size of a garden shed, have a control unit on the front that manages the temperature as well as queuing system to translate and communicate the problems sent in by users.

Inside the machine is a tube that, when fully operational, contains a small chip super-cooled to 0.015 Kelvin, or -459.643 degrees Fahrenheit or -273.135 degrees Celsius. The entire system looks like something out of the Death Star — a cylinder of pure data that the heroes must access by walking through a little door in the side of a jet-black cube.

It’s quite thrilling to see this odd little chip inside its super-cooled home. As the computer revolution maintained its predilection toward room-temperature chips, these odd and unique machines are a connection to an alternate timeline where physics is wrestled into submission in order to do some truly remarkable things.

And now anyone — from kids to PhDs to everyone in-between — can try it.

Into the ocean

Learning to program a quantum computer takes time. Because the processor doesn’t work like a classic universal computer, you have to train the chip to perform simple functions that your own cellphone can do in seconds. However, in some cases, researchers have found the chips can outperform classic computers by 3,600 times. This trade-off — the movement from the known to the unknown — is why D-Wave exposed their product to the world.

“We built Leap to give millions of developers access to quantum computing. We built the first quantum application environment so any software developer interested in quantum computing can start writing and running applications — you don’t need deep quantum knowledge to get started. If you know Python, you can build applications on Leap,” said Brownell.

To get started on the road to quantum computing, D-Wave built the Leap platform. The Leap is an open-source toolkit for developers. When you sign up you receive one minute’s worth of quantum processing unit time which, given that most problems run in milliseconds, is more than enough to begin experimenting. A queue manager lines up your code and runs it in the order received and the answers are spit out almost instantly.

You can code on the QPU with Python or via Jupiter notebooks, and it allows you to connect to the QPU with an API token. After writing your code, you can send commands directly to the QPU and then output the results. The programs are currently pretty esoteric and require a basic knowledge of quantum programming but, it should be remembered, classic computer programming was once daunting to the average user.

I downloaded and ran most of the demonstrations without a hitch. These demonstrations — factoring programs, network generators and the like — essentially turned the concepts of classical programming into quantum questions. Instead of iterating through a list of factors, for example, the quantum computer creates a “parallel universe” of answers and then collapses each one until it finds the right answer. If this sounds odd it’s because it is. The researchers at D-Wave argue all the time about how to imagine a quantum computer’s various processes. One camp sees the physical implementation of a quantum computer to be simply a faster methodology for rendering answers. The other camp, itself aligned with Professor David Deutsch’s ideas presented in The Beginning of Infinity, sees the sheer number of possible permutations a quantum computer can traverse as evidence of parallel universes.

What does the code look like? It’s hard to read without understanding the basics, a fact that D-Wave engineers factored for in offering online documentation. For example, below is most of the factoring code for one of their demo programs, a bit of code that can be reduced to about five lines on a classical computer. However, when this function uses a quantum processor, the entire process takes milliseconds versus minutes or hours.

Classical

# Python Program to find the factors of a number

define a function

def print_factors(x):

This function takes a number and prints the factors

print(“The factors of”,x,”are:”)
for i in range(1, x + 1):
if x % i == 0:
print(i)

change this value for a different result.

num = 320

uncomment the following line to take input from the user

#num = int(input(“Enter a number: “))

print_factors(num)

Quantum

@qpu_ha
def factor(P, use_saved_embedding=True):

####################################################################################################

get circuit

####################################################################################################

construction_start_time = time.time()

validate_input(P, range(2 ** 6))

get constraint satisfaction problem

csp = dbc.factories.multiplication_circuit(3)

get binary quadratic model

bqm = dbc.stitch(csp, min_classical_gap=.1)

we know that multiplication_circuit() has created these variables

p_vars = [‘p0’, ‘p1’, ‘p2’, ‘p3’, ‘p4’, ‘p5’]

convert P from decimal to binary

fixed_variables = dict(zip(reversed(p_vars), “{:06b}”.format(P)))
fixed_variables = {var: int(x) for(var, x) in fixed_variables.items()}

fix product qubits

for var, value in fixed_variables.items():
bqm.fix_variable(var, value)

log.debug(‘bqm construction time: %s’, time.time() – construction_start_time)

####################################################################################################

run problem

####################################################################################################

sample_time = time.time()

get QPU sampler

sampler = DWaveSampler(solver_features=dict(online=True, name=’DW_2000Q.*’))
_, target_edgelist, target_adjacency = sampler.structure

if use_saved_embedding:

load a pre-calculated embedding

from factoring.embedding import embeddings
embedding = embeddings[sampler.solver.id]
else:

get the embedding

embedding = minorminer.find_embedding(bqm.quadratic, target_edgelist)
if bqm and not embedding:
raise ValueError(“no embedding found”)

apply the embedding to the given problem to map it to the sampler

bqm_embedded = dimod.embed_bqm(bqm, embedding, target_adjacency, 3.0)

draw samples from the QPU

kwargs = {}
if ‘num_reads’ in sampler.parameters:
kwargs[‘num_reads’] = 50
if ‘answer_mode’ in sampler.parameters:
kwargs[‘answer_mode’] = ‘histogram’
response = sampler.sample(bqm_embedded, **kwargs)

convert back to the original problem space

response = dimod.unembed_response(response, embedding, source_bqm=bqm)

sampler.client.close()

log.debug(’embedding and sampling time: %s’, time.time() – sample_time)

 

“The industry is at an inflection point and we’ve moved beyond the theoretical, and into the practical era of quantum applications. It’s time to open this up to more smart, curious developers so they can build the first quantum killer app. Leap’s combination of immediate access to live quantum computers, along with tools, resources, and a community, will fuel that,” said Brownell. “For Leap’s future, we see millions of developers using this to share ideas, learn from each other and contribute open-source code. It’s that kind of collaborative developer community that we think will lead us to the first quantum killer app.”

The folks at D-Wave created a number of tutorials as well as a forum where users can learn and ask questions. The entire project is truly the first of its kind and promises unprecedented access to what amounts to the foreseeable future of computing. I’ve seen lots of technology over the years, and nothing quite replicated the strange frisson associated with plugging into a quantum computer. Like the teletype and green-screen terminals used by the early hackers like Bill Gates and Steve Wozniak, D-Wave has opened up a strange new world. How we explore it us up to us.

Africa Roundup: Paga goes global and 4 startups raise $99M in VC

Nigerian digital payments startup Paga is gearing up for international expansion with a $10 million round led by the Global Innovation Fund.

The company is exploring the release of its payments product in Ethiopia, Mexico, and the Philippines—CEO Tayo Oviosu told TechCrunch.

Paga looks to go head to head with regional and global payment players, such as PayPal, Alipay, and Safaricom according to Oviosu.

“We are not only in a position to compete with them, we’re going beyond them,” he said of Kenya’s MPesa mobile money product. “Our goal is to build a global payment ecosystem across many emerging markets.”

Launched in 2012, Paga has created a multi-channel network and platform to transfer money, pay bills, and buy things digitally 9 million customers in Nigeria—including 6000 businesses.

Since inception, the startup has processed 57 million transactions worth $3.6 billion, according to Oviosu. He joined Cellulant CEO Ken Njoroge and Helios Investment Partners’ Fope Adelowo at Disrupt San Francisco to discuss fintech and Africa’s tech ecosystem.

South African fintech startup Jumo raised a $52 million round (led by Goldman Sachs) to bring its fintech services to Asia. The company—that offers loans to the unbanked in Africa—has opened an office in Singapore to lead the way.

The new round takes Jumo to $90 million raised from investors and also saw participation from existing backers that include Proparco — which is attached to the French Development Agency — Finnfund, Vostok Emerging Finance, Gemcorp Capital, and LeapFrog Investments.

Launched in 2014, Jumo specializes in social impact financial products. That means loans and saving options for those who sit outside of the existing banking system, and particularly small businesses.

To date, it claims to have helped nine million consumers across its six markets in Africa and originated over $700 million in loans. The company, which has some 350 staff across 10 offices in Africa, Europe and Asia, was part of Google’s Launchpad accelerator last year. Jumo is led by CEO Andrew Watkins-Ball, who has close to two decades in finance and investing.

Lagos based Paystack raised an $8 million Series A round led by Stripe.

In Nigeria the company’s payment API integrates with tens of thousands of businesses, and in two years it has grown to process 15 percent of all online payments.

In 2016, Paystack became the first startup from Nigeria to enter Y Combinator, and the incubator is doing some follow-on investing in this round.

Other strategic investors in this Series A include Visa and the Chinese online giant Tencent, parent of WeChat and a plethora of other services. Tencent also invested in Paystack’s previous round: the startup has raised $10 million to date.

Paystack integrates a wide range of payment options (wire transfers, cards, and mobile) that Nigerians (and soon, those in other countries in Africa) use both to accept and make payments. There’s more about the company’s platform and strategy in this TechCrunch feature.

South African startup Yoco raised $16 million in a new round of funding to expand its payment management and audit services for small and medium-sized businesses as it angles to become one of Africa’s billion-dollar businesses.

To get there the company that “builds tools and services to help SMEs get paid and manage their business” plans to tap $20 billion in commercial activity that the company’s co-founder and chief executive, Katlego Maphai estimates is waiting to move from cash payments to digital offerings.

Yoco offers a point of sale card reader that links to its proprietary payment and performance software at an entry cost of just over $100.

With this kit, cash-based businesses can start accepting cards and tracking metrics such as top-selling products, peak sales periods, and inventory flows.

Yoco has positioned itself as a missing link to “solving an access problem” for SMEs. Though South Africa has POS and business enterprise providers — and relatively high card (75 percent) and mobile penetration (68 percent) — the company estimates only 7 percent of South African businesses accept cards.

Yoco says it is already processing $280 million in annualized payment volume for just under 30,000 businesses.

The startup generates revenue through margins on hardware and software sales and fees of 2.95 percent per transaction on its POS devices.

Yoco will use the $16 million round on product and platform development, growing its distribution channels, and acquiring new talent.

Emerging markets credit startup Mines.io closed a $13 million Series A round led by The Rise Fund, and looks to expand in South America and Asia.

Mines provides business to consumer (B2C) “credit-as-a-service” products to large firms.

“We’re a technology company that facilitates local institutions — banks, mobile operators, retailers — to offer credit to their customers,” Mines CEO and co-founder Ekechi Nwokah told TechCrunch.

Most of Mines’ partnerships entail white-label lending products offered on mobile phones, including non-smart USSD devices.

With offices in San Mateo and Lagos, Mines uses big-data (extracted primarily from mobile users) and proprietary risk algorithms “to enable lending decisions,” Nwokah explained.

Mines started operations in Nigeria and counts payment processor Interswitch and mobile operator Airtel as current partners. In addition to talent acquisition, the startup plans to use the Series A to expand its credit-as-a-service products into new markets in South America and Southeast Asia “in the next few months,” according to its CEO.

Nwokah wouldn’t name specific countries for the startup’s pending South America and Southeast Asia expansion, but believes “this technology is scalable across geographies.”

As part of the Series A, Yemi Lalude from TPG Growth (founder of The Rise Fund) will join Mines’ board of directors.

 

Digital infrastructure company Liquid Telecom is betting big on African startups by rolling out multiple sponsorships and free internet across key access points to the continent’s tech entrepreneurs.

The Econet Wireless subsidiary is also partnering with local and global players like Afrilabs and Microsoft­­ to create a cross-border commercial network for the continent’s startup community.

“We believe startups will be key employers in Africa’s future economy. They’re also our future customers,” Liquid Telecom’s Head of Innovation Partnerships Oswald Jumira told TechCrunch.

With 13 offices on the continent, Liquid Telecom’s core business is building the infrastructure for all things digital in Africa.

The company provides voice, high-speed internet, and IP services at the carrier, enterprise, and retail level across Eastern, Central, and Southern Africa. It operates data centers in Nairobi and Johannesburg with 6,800 square meters of rack space.

Liquid Telecom has built a 50,000 kilometer fiber network, from Cape Town to Nairobi and this year switched on the Cape to Cairo initiative—a land-based fiber link from South Africa to Egypt.

Though startups don’t provide an immediate revenue windfall, the company is betting they will as future enterprise clients.

“Step one…in supporting startups has been….supporting co-working spaces and events with sponsorships and free internet,” Liquid Telecom CTO Ben Roberts told TechCrunch. “Step two is helping startups to adopt…business services.”

Liquid Telecom provides free internet to 30 hubs in seven countries and is active sponsoring startup related events.

On the infrastructure side, it’s developing commercial services for startups to plug into.

“At the early stage and middle stage, we’re offering startups connectivity, skills development, and access to capital through the hubs,” said Liquid Telecom’s Oswald Jumira.

“When they reach the more mature level, we’re focused on how we can scale them up…and be a go to market partner for them. To do that they’ll need to leverage…cloud services.”

Microsoft and Liquid Telecom announced a partnership in 2017 to offer cloud services such as Microsoft’s Azure, Dynamics 365, and Office 365 to select startups through free credits—and connected to comp packages of Liquid Telecom product offerings.

On the venture side, Liquid Telecom doesn’t have a fund but that could be in the cards.

“We haven’t yet started investing in startups, but I’d like to see that we do,” said chief technology officer Ben Roberts. “That can be the next move onwards… from having successful business partnerships.”

And finally, tickets are now available here for Startup Battlefield Africa in Lagos this December. The first two speakers were also announced, TLcom Capital senior partner and former minister of communication technology for Nigeria Omobola Johnson and Singularity Investment’s Lexi Novitske will discuss keys to investing across Africa’s startup landscape.

More Africa Related Stories @TechCrunch

African Tech Around the Net

Japan’s Freee raises $60M to grow its cloud accounting business

Japan-based accounting software company Freee, one of the country’s most-prominent startups, has raised a $60 million Series E funding round as it bids to expand its services into other areas of management for its customers.

Freee was founded six years ago — we wrote about the startup when it raised a Series A in 2013 — which makes it one of the ‘oldest’ startups in Japan, while this round is also a large one for the country, too. Japan’s startup ecosystem has a culture that encourages founders to take their companies’ public earlier than in most parts of the world, to mitigate some risk, but there are signs of alternative approaches that include this round and of course the recent IPO of Mercari, which went public this summer and raised over $1 billion.

“Japan is a country that respects precedent a lot,” Freee founder and CEO Daisuke Sasaki told TechCrunch in an interview. “Having present cases will change [the culture] a lot, we are staying private and investing in growth. The ecosystem isn’t changing [yet] but [startups, founders and VCs] now have more options.”

Free was one of the first Japanese startups to raise from overseas investors, a move that helped get Japanese VCs interested in enterprise and Saas, and this time around it has pulled in capital from a bunch of big names: Chat app company Line, Mitsubishi UFJ Financial Group (MUFG) — Japan’s largest bank — consumer credit firm Life Card and “several [unnamed] international institutional investors.”

DCM and Infinity Investments are among the startup’s earliest backers.

Today, Freee offers cloud-based accounting and HR software and it claims to have over one million business accounts. It has over 5,000 certified accountant advisors — who help it reach new customers and also use it for their own work — and the company said that over 3,500 apps and services, including mainly financial products, are integration with its software.

Going forward, Sasaki — who is a former Googler — said Freee will use this new capital to build out an API ecosystem to enable more integrations — some of its practical ones right now include Slack and Salesforce — while it is planning a major collaboration with Line to allow Line business customers to integrate their use of the app with Free, while it is exploring how it can collaborate around Line Pay.

Freee founder and CEO Daisuke Sasaki

Freee is also focused on expanding the scope of its services to branch out into products that help with more general management and operational tasks.

“We want to focus not only on back office but also to add value to customers to make their businesses better through dashboards, reporting and insight. Customers who use the [existing business] reports grow faster. Our vision is to give much better insight and business advice through AI [and] to do that we need more data, not just back office but front line too,” Sasaki said.

Finally, the startup is exploring ways it can enable banks and financial organizations to work more closely with its customer base. Already customers can share data within Freee to banks for assessment for loans and other credit products, and the company is exploring the potential to introduce a marketplace that would give its customers a place to scout out financial products at more preferential rates.

“Initially we focused on small business but now our biggest customers have a couple of hundred employees so we are going upmarket,” Sasaki told TechCrunch.

One area Freee won’t be moving into is overseas markets. Yet at least. Sasaki explained that the company wants to build out that vision of an expanded ecosystem of connected services and more in-depth business tools before branching out into new countries.

SmartHR, a younger rival to free which specializes in HR as the name suggests, raised $13.3 million earlier this year to push on into areas such as payroll and more. That could begin to pose a threat to Freee, particularly since SmartHR a developer platform to hose third-party applications and services.

Taking the pain out of accounting and payroll for small businesses, ScaleFactor raises $10 million

ScaleFactor, the Techstars alumnus that’s selling accounting and payroll management software as a service, has raised $10 million in a new round of funding as it looks to scale up its sales and marketing efforts.

Founded by longtime accountant, Kurt Rathmann, the Austin-based company has created a software service that collects and analyzes data from point of sale systems, bank accounts, credit cards and billing systems, to automate recordkeeping and payroll functions.

Rathmann, a former KPMG employee, started ScaleFactor after seeing the lack of innovation in the backoffice functions that are really the engine of any small business.

“Around the tech stack, accounting and financials were lacking the most,” Rathmann says. So he left his job at KPMG and started ScaleFactor Consulting out of his garage in Austin in 2014.

After a few years of basically going door-to-door (a throwback to Rathmann’s first company as an 18-year-old selling outdoor lighting in suburban Dallas) to find out what small businesses needed from an accounting software solution, ScaleFactor developed the API toolkit and management software that would become the services it’s pitching today.

After graduating from TechStars’ Austin accelerator, the company was able to nab $2.5 million in a seed financing round that included TechStars Ventures, NextCoast Ventures, and two Kansas City-based investment firms — Firebrand Ventures and Flyover Capital.

While the initial services business holds a lot of value and has managed to attract scores of small businesses, both Rathmann and his new investors led by Canaan Partners and including Citi Ventures and Broadhaven Capital see bigger opportunities down the road for ScaleFactor.

With the window that the company has into the operations of small businesses around the country, ScaleFactor can serve as an unimpeachable source of information for small business lenders.

With insight of (and control over) payroll management, billpay, cash approvals, cash accounting, and an ability to project forward cash flows (along with invoicing and tax management for part time employees), ScaleFactor will be able to offer lending services to smooth bumps in a company’s progress. 

“Bookkeeping and accounting is really the nucleus,” says Michael Gilroy, a principal with Canaan Partners. 

While Square has moved into lending services (and now is on the hunt for a banking license) through its window into a company’s revenues through point-of-sale devices, a company like ScaleFactor has a more holistic view of the health of a business, says Gilroy.

Equipped with that information ScaleFactor software can do things — like prompt business owners of the revenue targets they need to hit each month or suggest lending options to cover shortfalls — that better equip business owners to handle disruptions. 

“With our foundation established, a big part of our Series A is how do we power the business owner past bookkeeping & accounting? We see many opportunities to help further and our next steps will include things like lending, payments and many other activities that take a business owner/operators focus away from driving their business forward,” Rathmann wrote in an email.