Category: Mobile Tags: Android, Malware, Storify | Comments (0)
Category: Internet Security Tags: Android, Blackhole Exploit Kit, Finfisher, Finspy, legal surveillance tools, madware, malicious mobile apps, malvertising, Malware, Man-in-the-Browser, Ransomware, scams, search history poisoning, social networking, spear-phishing | Comments (0)The threat landscape of 2013 will continue to amp up the security battleground…
With the web picking up traction in the distribution of malware – cybercriminals continue to focus their efforts on exploiting the weakest link. From irreversible malware to premium attack exploit toolkits – the threat landscape of 2013 will continue to amp up the security battleground…
1- More browser-infecting malware
With so much sensitive and personal data passing through web browsers, WatchGuard predicts that Man-in-the-Browser (MitB) attacks can anticipate a steep rise in 2013.
2- More Android mobile madware
Researchers at Georgia Tech Information Security Center (GTISC), state that malware writers have moved from taking a casual interest in mobile platforms to trying to create a viable business model, especially focusing on devices based on the Android operating system.
-Malicious and privacy-undermining applications for Android will continue to grow quickly, as cybercriminals use toll fraud and other mechanisms to turn compromised devices into cash sources.
-Mobile wallets will face further scrutiny and slow adoption until their security is proven.
3- More IPv6-based attacksThis leaves the door wide open for cybercriminals to exploit unprotected weaknesses.
WatchGuard also predicts an increase in IPV6-based attacks and IPV6 attack tools. Because the IT industry is slow in adopting IPV6 technology, many of the new devices are already IPV6-aware and have the ability to create IPV6 networks on their own. When these devices create their own networks and have not been locked down with security controls – this leaves the door wide open for cybercriminals to exploit unprotected weaknesses.
4- More madware (mobile apps)
Expectation is high that madware, otherwise known as mobile adware will continue to rise. In a recent FTC staff report: Mobile Apps for Kids: Disclosures still not making the Grade, nearly 60% of the child apps surveyed was transmitting information from the child’s device back to the app developer, advertising network, analytics company, or other third party.
What is becoming apparent with some madware is that it pushes consumer tolerance to the limit by gaining permission to make phones calls or send text messages. Five of the most annoying habits of madware include sending alerts to the notification bar, adding icons to your device, to change browser settings, gather personal information and even change the ringtone. What makes madware such a nuisance development, is that in many cases consumers have no idea what these ad networks are doing, and they can be left with astronomical phone bills or become a victim of identity theft if these activities go unchecked. –Symantec
5- More ransomwareThis is a very clever social engineering trick – designed to instill fear of potential criminal prosecution if the victim fails to comply with the perpetrator’s ransom demands.
According to the Internet Crime Complaint Center (IC3) the latest version of ransomware uses the name of IC3 to frighten victims into sending money to the perpetrators. This version of the Citadel malware platform also claims that the user’s computer activity is being recorded using audio, video, and other devices. This is a very clever social engineering trick – designed to instill fear of potential criminal prosecution if the victim fails to comply with the perpetrator’s ransom demands.
Next, the victim is lured to a drive-by-download website that installs ransomware on the user’s computer. Once installed, the computer freezes and a warning screen is displayed warning the user that they have violated U.S. federal law. Then the perpetrator goes even further (instilling more fear in the victim), by stating that IC3 has discovered that the victim’s IP address has accessed child pornography or other illegal content. To unlock the computer, the victim is instructed to pay an IC3 fine by purchasing a prepaid money card.
You can expect much more sophisticated versions of ransomware in 2013.
6- More use of legal surveillance tools
With the revelation that the U.K.- based Gamma Group offered ‘Finfisher/Finspy’ monitoring software to the previous Egyptian government and reports that the Indian government asked firms (including Apple, Nokia and RIM) for secret access to mobile devices – surveillance tools will be a hot security topic in 2013. –Securelist
7- More targeted spear-phishing attacks
Websense Security Labs is predicting that malicious email will make a comeback in 2013 with “timed and targeted spear-phishing email attacks, along with an increase in malicious email attachments, are providing new opportunities for cybercrime. Domain generation algorithms will also bypass current security to increase the effectiveness of targeted attacks.”
8- More social networking scamsOne of the biggest crowd enticers on Facebook is for the cybercriminal to produce an unbelievable video, rogue app or viral link that can be shared with a large number of users.
Social networking sites such as Facebook and Twitter are optimal grazing grounds for cybercriminals to easily target large pools of victims. With the free flow of personal information cybercriminals easily digest all this social data and devise targeted attacks that prey on consumers using social engineering tactics and sensationalism.
One of the biggest crowd enticers on Facebook is for the cybercriminal to produce an unbelievable video, rogue app or viral link that can be shared with a large number of users. The idea is to perpetuate a continuous bombardment of shared content that can spam the wall or messaging system of the original victim, their friends and even friends of friends.
This content is generally socially engineered to convince the victim to download a fake video viewer (in order to view that fabulous video), take a scam survey via a rogue app in order to win an iPad 3 or share a link that is infested with several redirects until it arrives at a malicious website. Expect more of this in 2013.
9- More search history poisoning
In early November, Researchers at Georgia Tech Information Security Center (GTISC) released their 2013 computer security threat forecast. It was interesting to note that the researchers mentioned tampering with a user’s search history as a new attack vector.
“If you compromise a computer, the victim can always switch to a clean machine and your attack is over,” said Professor Wenke Lee. “If you compromise a user’s search history and hence his online profile, the victim gets the malicious search results no matter where he logs in from.”Such attacks can significantly change input to a search engine’s filtering algorithm, changing which sites a person sees.
The benefit to the attacker is that such manipulations, when stored as part of an online profile indexed by a cookie, can survive many defensive measures. Such attacks can significantly change input to a search engine’s filtering algorithm, changing which sites a person sees.
10 -More sophisticated Cybercriminal Attack “Premium” Toolkits
Sophos recently reported in their Security Threat Report 2013 that malware authors have become highly sophisticated in authoring the Blackhole Exploit Kit. The exploit kit combines both technical dexterity with a business model that could have come straight from a Harvard Business School MBA case study.
“In the coming year we will likely see a continued evolution in the maturation of these kits replete with premium features that appear to make access to high quality malicious code even simpler and comprehensive,” warns Lyne. –Infosecurity
Category: Mobile Tags: 159.com, Android, ANFONE, AppChina, AZ4SD, China, China Mobile, GFan, LIQU, Malware, mobile security, nDuoa, Soft.3g.cn, TalkPhone, Trojan!MMarketPay.A@Android | Comments (0)
On July 4 TrustGo discovered new malware dubbed Trojan!MMarketPay.A@Android on China Mobile’s Mobile Market. This new malware was able to automatically place orders on behalf of users and jack up their phone bills as part of the payload. The virus spread to 9 China markets (nDuoa, GFan, AppChina, LIQU, ANFONE, Soft.3g.cn, TalkPhone, 159.com and AZ4SD); infecting more than 100,000 devices.It works by silently downloading paid apps and multimedia content from Mobile Market, an Android app store hosted by China Mobile.
Emil Protalinski of ZDNet states in a blog post that “It works by silently downloading paid apps and multimedia content from Mobile Market, an Android app store hosted by China Mobile, one of the largest wireless providers in the world.”
Normally China Mobile customers receive a verification code via SMS after purchasing an app from Mobile Market. Then the customer would go to Mobile Market to input their SMS code to begin the download (the order is then charged to their phone bill).MMarketPay.A automates this process and downloads as much as it can so that victims rack up huge phone bills.
MMarketPay.A automates this process and downloads as much as it can so that victims rack up huge phone bills. It finds paid content, simulates a click action in the background, intercepts the received SMS messages, and collects the verification code sent by Mobile Market. If a CAPTCHA image is invoked, the malware posts the image to a remote server for analysis.
In short, MMarketPay.A is a complex little bugger. If you’re using an Android device on China Mobile, you may want to check your phone bill and make sure there’s nothing suspicious on it. —-Emil Protalinski for Zero Day | ZDNetTo avoid malicious apps like MMarketPay.A, you should avoid downloading non-Market applications from “unknown sources” and purchase apps from the official Google Play Store.
To avoid malicious apps like MMarketPay.A, you should avoid downloading non-Market applications from “unknown sources” and purchase apps from the official Google Play Store. You can tweak the application options on your Android via Settings > Applications and uncheck “Unknown Sources.”