mobile malware alert

	NEWS
	Russian hackers create fake versions of popular apps for espionage, - media 112 International "Lookout has discovered a highly targeted mobile malware threat that uses a new and sophisticated set of custom Android surveillanceware tools ... Flag as irrelevant
	Agent Smith: The new virus to hit mobile devices Backend News Check Point researchers recently discovered a new variant of mobile malware that has quietly infected around 25 million devices, while the user ... Flag as irrelevant
	No environment is immune to cyber attacks-Check Point study reveals IT News Africa Check Point's “Cyber Attack Trends: 2019 Mid-Year Report” reveals banking malwarehas evolved to become a very common mobile threat. Flag as irrelevant
	Global Mobile Anti Malware Market Research Review 2019 – Symantec, Sophos, Mcafee, Avast ... Market Research Time Global Mobile Anti Malware Market study begins with an in-depth outlook which offers readers a brief overview of the market with clarity. The report ... Flag as irrelevant
	Mobile Anti-Malware Market Overview, Driver, Restraints, Opportunities (Growing Demand ... The Atlas Newspaper The “Mobile Anti-Malware Market“ Report provides comprehensive information on the top of market owners, their annual transactions, the stability of ... Flag as irrelevant
	When a password could be gateway to corporate disasters The Sun Daily The speakers drew on some of the most pressing cybersecurity threats that companies could face in the year ahead, including mobile malware, ... Flag as irrelevant

Read more »

Pre-installed malware discovered on 5M Android smart phones

According to Check Point Mobile Security team researchers, millions of brand new Android smartphones manufactured by Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung and GIONEE came out of production with pre-installed malware.

 

Researchers report that all these affected devices were shipped through Tian Pai, a Hangzhou-based mobile phone distributor, however it is not clear if the company has direct impact on this matter.

 

Dubbed RottenSys, the malware was pre-installed as a "System Wi-Fi service" app on millions of brand new smartphones taking almost all sensitive Android permissions to enable its malicious activities.

 

To check if your device is infected with RottenSys, go to Android system settings→ App Manager, and then look for the following possible malware package names:

• com.android.yellowcalendarz
• com.changmi.launcher
• com.android.services.securewifi
• com.system.service.zdsgt

If any of above is in the list of your installed apps, simply uninstall it.

Read more »

5 mobile security threats you should take seriously in 2018

IDGNS

Mobile security is at the top of every company's worry list these days — and for good reason: Nearly all workers now routinely access corporate data from smartphones, and that means keeping sensitive info out of the wrong hands is an increasingly intricate puzzle. The stakes, suffice it to say, are higher than ever: The average cost of a corporate data breach is $21,155 per day, according to a 2016 report by the Ponemon Institute.

While it's easy to focus on the sensational subject of malware, the truth is that mobile malware infections are incredibly uncommon in the real world — with your odds of being infected significantly less than your odds of being struck by lightning, according to one estimate. That's thanks to both the nature of mobile malware and the inherent protections built into mobile operating systems.

The more realistic mobile security hazards lie in some easily overlooked areas, all of which are only expected to become more pressing in the coming year:

1. Data leakage

It may sound like a diagnosis from the robot urologist, but data leakage is widely seen as being one of the most worrisome threats to enterprise security as we head into 2018. What makes the issue especially vexing is that it often isn't nefarious by nature; rather, it's a matter of users inadvertently making ill-advised decisions about which apps are able to see and transfer their information.

"The main challenge is how to implement an app vetting process that does not overwhelm the administrator and does not frustrate the users," says Dionisio Zumerle, research director for mobile security at Gartner. He suggests turning to mobile threat defense (MTD) solutions — products like Symantec's Endpoint Protection Mobile, CheckPoint's SandBlast Mobile, and Zimperium's zIPS Protection. Such utilities scan apps for "leaky behavior," Zumerle says, and can automate the blocking of problematic processes.

Of course, even that won't always cover leakage that happens as a result of overt user error — something as simple as transferring company files onto a public cloud storage service, pasting confidential info in the wrong place, or forwarding an email to an unintended recipient. That's a challenge the healthcare industry is currently struggling to overcome: According to specialist insurance provider Beazley, "unintended disclosure" was responsible for a full 41 percent of data breaches reported by healthcare organizations in the first three quarters of 2017 — more than double the next highest cause.

For that type of leakage, data loss prevention (DLP) tools may be the most effective form of protection. Such software is designed explicitly to prevent the exposure of sensitive information, including in accidental scenarios.

2. Social engineering

The tried-and-true tactic of trickery is just as troubling on the mobile front as it is on desktops. Despite the ease with which one would think social engineeringcons could be avoided, they remain astonishingly effective.

A staggering 90 percent of data breaches observed by Verizon's Enterprise Solutions division are the result of phishing, according to the company's 2017 Data Breach Investigations Report. While only 7 percent of users fall for phishing attempts, Verizon says, those gullible guys and gals tend to be repeat offenders: The company estimates that in a typical organization, 15 percent of users who are successfully phished will be phished at least one more time within the same year.

What's more, numerous bits of research suggest users are more vulnerable to phishing from mobile devices than desktops — by as much as three times, according to an IBM study, in part because a phone is where people are most likely to first see a message. "We do see a general rise in mobile susceptibility driven by increases in mobile computing overall [and] the continued growth of BYOD work environments," says John "Lex" Robinson, information security and anti-phishing strategist at PhishMe — a firm that uses real-world simulations to train workers on recognizing and responding to phishing attempts.

Robinson notes that the line between work and personal computing is also continuing to blur. More and more workers are viewing multiple inboxes — connected to a combination of work and personal accounts — together on a smartphone, he notes, and almost everyone conducts some sort of personal business online during the workday. Consequently, the notion of receiving what appears to be a personal email alongside work-related messages doesn't seem at all unusual on the surface, even if it may in fact be a ruse.

3. Wi-Fi interference

A mobile device is only as secure as the network through which it's transmitting data. In an era where we're all constantly connecting to public Wi-Fi networks, that means our info often isn't as secure as we might assume.

Just how significant of a concern is this? According to new research being released by enterprise security firm Wandera this week, corporate mobile devices use Wi-Fi almost three times as much as they use cellular data. Nearly a quarter of devices have connected to open and potentially insecure Wi-Fi networks, and 4 percent of devices have encountered a man-in-the-middle attack — in which someone maliciously intercepts communication between two parties — within the most recent month.

"These days, it's not difficult to encrypt traffic," says Kevin Du, a computer science professor at Syracuse University who specializes in smartphone security. "If you don't have a VPN, you're leaving a lot of doors on your perimeters open."

Selecting the right enterprise-class VPN, however, isn't so easy. As with most security-related considerations, a tradeoff is almost always required. "The delivery of VPNs needs to be smarter with mobile devices, as minimizing the consumption of resources — mainly battery —  is paramount," Gartner's Zumerle points out. An effective VPN should know to activate only when absolutely necessary, he says, not when a user is accessing a news site, for instance, or when a user is working within an app that's known to be trustworthy and secure.

4. Out-of-date devices

Smartphones, tablets and smaller connected devices — commonly known as the internet of things (IoT) — pose a new risk to enterprise security in that unlike traditional work devices, they generally don't come with guarantees of timely and ongoing software updates. This is true particularly on the Android front, where the vast majority of manufacturers are embarrassingly ineffective at keeping their products up to date — both with operating system (OS) updates and the smaller monthly security patches between them — as well as with IoT devices, many of which aren't even designed to get updates in the first place.

"Many of them don't even have a patching mechanism built in, and that's becoming more and more of a threat these days," Du says.

Again, a strong policy goes a long way. There are Android devices that do receive timely and reliable ongoing updates. Until the IoT landscape becomes less of a wild west, it falls upon a company to create its own security net around them.

5. Physical device breaches

Last but not least is something that seems silly but remains a disturbingly realistic threat: A lost or unattended device can be a major security risk, especially if it doesn't have a strong PIN or password and full data encryption.

Consider the following: In a 2016 Ponemon Institute study, 35 percent of professionals indicated their work devices had no mandated measures in place to secure accessible corporate data. Worse yet, nearly half of those surveyed said they had no password, PIN, or biometric security guarding their devices — and about two-thirds said they didn't use encryption. Sixty-eight percent of respondents indicated they sometimes shared passwords across personal and work accounts accessed via their mobile devices.

The take-home message is simple: Leaving the responsibility in users' hands isn't enough. Don't make assumptions; make policies. You'll thank yourself later.

via CSO

Read more »

how bad guys get malware inside your smartphone

Digital thieves have a playbook for stealing your sensitive data. A software security firm spells it out. 

Avira, a company that provides antivirus and Internet security software, has published a concise but informative 5 step guide to mobile theft explaining the how and why of malware getting inside your mobile device. 

The five-step strategy is pretty simple but effective, according to Avira.

CUNNING MALWARE SPREADS, GOING AFTER YOUR BANK ACCOUNT

Effective because, one, some malicious software slips by filters at reputable online stores and, two, people are always looking for free stuff, Alexander Vukcevic, head of virus lab for Avira, told Fox News. 

“Users rely on the quality assurance provided by store operators, and many users try to access and deploy popular apps through alternative stores without paying anything,” He said. “This…is used by many malware authors to infect mobile phones.” 

Step 1: The plan. The bad guys identify vulnerabilities then develop exploits. If they don’t have the skills, they hire a bounty hunter on the black market. Bounty hunters sometimes work with exploit brokers. The broker gets paid because organizations will pay to find and stop the hack. 

SCARY RANSOMWARE ATTACKS FAMOUS NORTH CAROLINA COUNTY

Step 2: The gear. Infected websites and malicious apps are the gear used to install malware on victims' phones.

Step 3: The inside man. Once downloaded to your phone, the bad guy tries to gain root access to the phone. “If this fails, they generate a fake update notification — clicking on the notification grants them the ability to display ads and download apps at will. Banditos can even change the phone’s IMEI number to increase the number of ads they can display,” according to Avira.

IMEI, which stands for International Mobile Equipment Identity, is a unique number used to identify phones.

SHIPPING GIANT HIT BY CYBERATTACK, REFUSES TO PAY HACKERS' RANSOM

Step 4: The heist. They sit back wait until the money starts flowing in.

Step 5: the getaway. The cybercriminals have gotten inside and left malicious code behind. But the malware is often “difficult to dislodge,” says Avira. 

HummingBad -- and its derivatives -- is a good real-world example, according to Avira. The booby-trapped app is incredibly devious because it’s often supported by fake reviews and four-star ratings. 

https://blog.avira.com/mobile-malware-guide/

MacOS HIGH SIERRA 'ROOT' BUG MAKES HACKING IT EASY

“These apps can look pretty good. People have found them in the official Google Play store or, more commonly, from the off-market sites,” Avira said. Off-market sites offer, for example, Android apps that may not be available in the Google Play store. The apps on these sites are often free.

However, if users access a malicious app it immediately tries to get root access to the phone, which allows it to do pretty much anything. “If that fails, it tries to get the user to click on a bogus ‘System Update’ notification," according to Avira. 

And it can be very profitable. “Each click, every install on the infected device means more money for the bad guys – an estimated $300,000 monthly,” Avira said, referring to HummingBad.

The fix can be extreme. “To remove this malware, the most common solution is a wipeout for the device owner, as it usually requires a complete reset of the device, wiping out all apps, settings, and saved files,” says Avira.



via FoxNews

Read more »

180M Smartphones Vulnerable To Hacker Eavesdropping

Appthority, the enterprise mobile threat protection company, announced news on Thursday (Nov. 9) that it published research on its recent discovery of a so-called Eavesdropper vulnerability, in which hackers can intercept texts, voice messages and other user data from millions of smartphones through their mobile apps.

In a press release, the company said the cyberattack vulnerability is caused by “developers carelessly hard coding their credentials in mobile applications that use the Twilio Rest API or SDK, despite best practices the company clearly outlines in its documentation.” Twilio, said Appthority, has reached out to all developers with affected apps and is actively working to secure their accounts.

According to the company, Appthority mobile security researchers have identified this as a real and ongoing threat affecting close to 700 apps in enterprise mobile environments, over 170 of which are live in the official app stores today. Affected Android apps have been downloaded up to 180 million times, the company said.

What’s more, the company said the issue is not specific to developers who create apps with Twilio. Hard coding of credentials is a common developer error that increases the security risks of mobile apps. Appthority researchers are finding that developers who hardcode credentials in one service are likely to make the same error with other services.

Examples of apps with the Eavesdropper vulnerability include an app for secure communication for a federal law enforcement agency, an app that enables enterprise sales teams to record audio and annotate discussions in real-time and branded and white label navigation apps for customers, such as AT&T and U.S. Cellular, the mobile threat protection company stated in its press release.

“Eavesdropper poses a serious enterprise data threat because it allows an attacker to access confidential company information, which may include a range of sensitive information often shared in an enterprise environment, such as negotiations, pricing discussions, recruiting calls, product and technology disclosures, health diagnoses, market data or M&A planning,” said Seth Hardy, Appthority director of Security Research in the release. “An attacker could convert recorded audio files to text and search a massive data set for keywords and find valuable data.”

via pymnts

Read more »