Pre-installed malware discovered on 5M Android smart phones

According to Check Point Mobile Security team researchers, millions of brand new Android smartphones manufactured by Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung and GIONEE came out of production with pre-installed malware.

 

Researchers report that all these affected devices were shipped through Tian Pai, a Hangzhou-based mobile phone distributor, however it is not clear if the company has direct impact on this matter.

 

Dubbed RottenSys, the malware was pre-installed as a "System Wi-Fi service" app on millions of brand new smartphones taking almost all sensitive Android permissions to enable its malicious activities.

 

To check if your device is infected with RottenSys, go to Android system settings→ App Manager, and then look for the following possible malware package names:

• com.android.yellowcalendarz
• com.changmi.launcher
• com.android.services.securewifi
• com.system.service.zdsgt

If any of above is in the list of your installed apps, simply uninstall it.

Read more »

mobile malware Daily update ⋅ March 15, 2018

	NEWS
	Cybercriminals pivot to cryptomining, fileless malware – McAfee Rappler McAfee said new ransomware grew 35%, and 2017 ended with a 59% growth of ransomware attacks year over year. While new mobile malware decreased by 35%, most notably in terms of Android screenlocking ransomware, the cybersecurity firm added new Mac OS malware samples increased 24% ... Flag as irrelevant
	APAC security chiefs expect imminent attack on critical systems ComputerWeekly.com Cyber criminals will ramp up efforts to mine cryptocurrencies, while mobile malware will rear its ugly head across the APAC region in 2018. The computer networks of two universities in Singapore were breached in April 2017 by hackers looking to steal information related to government or research. Flag as irrelevant
	Eight new cyber threat samples emerging per second Technology Decisions In 2017 total mobile malware experienced a 55% increase, while new samples declined by 3%. New malware samples increased in Q4 by 32%. The total number of malware samples grew 10% in the past four quarters. 97% of spam botnet traffic in Q4 was driven by Necurs — recent purveyor of 'lonely ... Flag as irrelevant
	Asia Pacific countries are a melting pot of cyber threats SecurityBrief NZ Asia Pacific (APAC) countries remain a popular melting pot for cyber threats of all kinds, including online banking malware, ransomware, malicious mobile app downloads and exploit kit attacks. APAC accounted for almost 40% of the 1.7 billion ransomware attacks between 2016-2017, according to ... Flag as irrelevant
	Cyberattacks to increase in 2018 on IoT and mobile devices: SonicWall Cyber Threat Report Wire19 (press release) (blog) Malware attacks increased from 7.87 billion in 2016 to 9.32 billion in 2017, while ransomware attacks decreased from 638 million to 184 million, according to SonicWall Cyber Threat Report. SonicWall, the cybersecurity solutions provider, revealed the findings, intelligence, analysis, and research about ... Flag as irrelevant
	Mobile Anti-Malware Market Analysis, Overview, Growth, Demand And Forecast Research Report ... MilTech Mobile Anti-Malware Market report provides key statistics on the market status of the Mobile Anti-MalwareManufacturers and is a valuable source of guidance and direction for companies and individuals interested in the Mobile Anti-Malware Industry. The Mobile Anti-Malware industry report firstly ... Flag as irrelevant
	Mining Malware was used by Hackers for 400,00 Computers Canadian Homesteading However, the antivirus program managed to recognize all these attempts. The miner was supposed to mine Electroneum, which is a less known coin that also uses mobile mining that is app based. Malware also generated traffic that was really suspicious, and the command and control server were ... Flag as irrelevant

Read more »

New router-based solution protects home IoT devices

As we bring more and more smart devices into our homes, we potentially open ourselves up to a variety of new risks with devices opening back doors into networks or falling prey to botnets.

German antivirus company Avira is launching a new approach to home security which needs no new infrastructure on the domestic network and no configuration done by the user.

SafeThings sits within the home router and works with cloud-based machine learning. Avira licenses the product to router manufacturers and internet service providers, enabling them to protect networks from misuse and to deliver value-added IoT security services directly to end users.

"At Avira, we have been at the forefront of Artificial Intelligence innovation for a decade, being the first vendor within the security industry to identify how to apply AI to our field and to do it," says Travis Witteveen, CEO of Avira. "We have a wealth of experience in protecting both the privacy of end-users and the security of their traditional devices. Today we stand alone in the cyber security industry with the introduction of Avira SafeThings, an innovative router app and behavioral threat intelligence platform that secures all IoT devices in the home. We've designed SafeThings to effectively solve the IoT vulnerabilities without being too invasive, expensive, or complicated for the end user -- and we've done this in a way that provides additional benefits for the internet service providers and router manufacturers."

SafeThings is made up of a number of modules, Protection Cloud builds category and individual device profiles to create device management and rule definitions and automatically protect the device functionality. By analyzing metadata on gateway traffic, no invasive deep packet inspections are needed.

The Sentinel module is a software agent positioned at the gateway to each smart home, embedded in the firmware on the router, Sentinel fingerprints IoT devices and collects packet header metadata for AI analysis. After communicating with Protection Cloud, Sentinel enforces protection and communication rules.

A web-based user interface shows users in real time what each IoT device in their network is doing and enables them to see and modify firewall policies and device rules. There's also a Data Forefront API service that lets service providers and OEMs access and control SafeThings functionality, for example to drill down into specific details and control rules and actions to be taken in case of a compromised device.

It also allows for custom plugins to let SafeThings clients offer their end users additional security apps via a branded secure app store. These integrated services such as VPN or parental controls would operate at router level with management in the cloud.

"We see SafeThings as a 'B2B2C' product, providing consumers with the security and privacy protection they need while delivering it to them via the internet service providers and router manufacturers. As an embedded software solution, SafeThings is imminently flexible according to each client’s technical and marketing needs,” adds Witteveen.

You can find out more on the Avira website.

Image Credit: lucadp / depositphotos.com

via betanews

Read more »

How to Prepare Wi-Fi Networks for Smart Devices

Before you plug in and fire up those smart light bulbs, appliances or television you need to prepare your Wi-Fi network to ensure your speeds and security are not affected by the presence of this new equipment.

It is estimated by research firm IHS that the IoT market will grow from an installed base of 15.4 billion devices in 2015 to 30.7 billion devices in 2020 and 75.4 billion in 2025. Our washing machines, coffee pots, thermostats, lights, probably even the toilet and the kitchen sink will all be hooked up to our home Wi-Fi networks. While this will likely lead to more convenience when it comes to home management and maintenance it will also create bottlenecks on home networks slowing down your smart phone, tablet and laptops.

Before you plug in and fire up those smart light bulbs, appliances or television you need to prepare your Wi-Fi network to ensure your speeds and security are not affected by the presence of this new equipment. Most people plug in their Wi-Fi router and never worry about it again, unless they are calling their internet provider to complain about an outage or slow connection. It might not be your provider though, your type of router, where it is placed, the bandwidth of the router and the number of devices you have connecting to it at home could be to blame for your Wi-Fi headaches.

1. Location, location, location. Router location plays a major role in the range and efficiency of a Wi-Fi network. Placing a router in a cabinet or an out of the way room might make your home look less cluttered but this also blocks the signal with doors and walls, plus everything inside your walls, from reaching the areas of your home where you are trying to use your devices. Use a Wi-Fi analytics app to check your Wi-Fi signal strength at each of the locations that you plan to put smart home devices. Be sure that the signal strength is at least 60% at each of those locations. Also check the signal strength where you normally sit to use your laptop, tablet and phone.

2. Flex Wi-Fi muscle. If you have a smaller home and need more coverage look for a high-power router that has more internal and external antennas than your current router model. If you have a larger home, consider using range extenders or a whole home Wi-Fi system.

3. Read the label. When shopping for a new router some of the key terms to look for include AC1900 as a minimum speed and MU-MIMO Technology. While your connection speeds will ultimately be determined by the level of speed you pay for through your internet service provider if you do not have a router equipped to handle the fastest speeds available today you will always experience a slower connection. MU-MIMO is desirable in homes with multiple devices and internet users. Instead of creating a queue of connection requests that are handled in order like a traditional router would do, MU-MIMO routers serve data to more devices at once without limiting speeds. This is critical in homes with smart devices as the total count of devices can add up quickly.

4. Make it ironclad. We all know that hackers have a variety of ways to trick us into giving them access to our digital accounts and methods of stealing account information and passwords from companies we do business with; however, that doesn’t mean we should just give up and let them into our networks freely. You need to make sure your network is secure as possible. If you are deciding between two routers and one offers added layers of security with virus protection and malware detection, for example, pick the one that is focused on security. Also, be sure to set up complex, hard to crack passwords. Never leave your Wi-Fi open without a password. Even guest networks should require one for access. Also, any time you have an issue with your email being hacked or one of your online accounts is breached, change your Wi-Fi password along with all your other accounts, just to be safe.

To recap;

1. Position your router in an optimal location, as central as possible.
2. Test your Wi-Fi signal strength with a signal strength tool, be sure to check all locations where smart devices will live.
3. If weak spots are found, try a High-Power Router or a Range Extender. If you want a seamless network, try a Whole Home Wi-Fi System.
4. Use a router that supports at least AC1900 speeds and MU-MIMO technology.
5. Keep your network secure with hard-to-crack passwords and built-in protection from other web threats like Malware.

via HomeToys

Read more »

Update your Android now – many holes fixed including ‘BroadPwn’ Wi-Fi bug

Google’s July 2017 security fixes for Android are out.

As far as we can see, there are 138 bugs listed, each with its own CVE number, of which 18 are listed with the tag “RCE”.

RCE stands for Remote Code Execution, and denotes the sort of vulnerability that could be abused by a crook to run some sort of program sent in from outside – without any user interaction.

Generally speaking, RCE bugs give outsiders a sneaky chance to trigger the sort of insecure behaviour that would usually either pop up an obvious “Are you sure?” warning, or be blocked outright by the operating system.

In other words, RCEs can typically be used for so-called “drive-by” attacks, where just visiting a web page or looking at an email might leave you silently infected with malware.

The majority of the July 2017 RCE bugs in Android appear under the heading “Media framework”, which means they are Android flaws that are exposed when files such as images or videos are processed for display.

Like the infamous Stagefright bug in Android back in 2015, bugs of this sort can potentially be triggered by actions that don’t arouse suspicion, because images and videos can unexceptionably be embedded in innocent-looking content such as MMS messages and web pages.

There’s also an RCE bug in Android’s built-in FTP client – this one affects all Android versions still getting patches, from 4.4.4 all the way to 7.1.2.

We’re not sure how easy it is to trigger this bug, but we’re assuming it’s tricky to exploit because Google gives it only a moderate rating.

(Mild risk ratings are unusual for RCEs – they usually attract a high or critical rating because there’s a lot at stake if an RCE vulnerability does get exploited.)

“Proximate attacker” warning

The most intriguing bug this month, however, is an RCE flaw in the Broadcom Wi-Fi code that’s used by Android devices equipped with certain Broadcom wireless chips.

According to Google, “a proximate attacker [could] execute arbitrary code within the context of the kernel”.

In plain English, that means a crook who’s within Wi-Fi range could fire off booby-trapped network packets at your Wi-Fi hardware, trigger a bug in the wireless device…

…and end up with the same programmatic powers as the Android operating system on your device.

Given that the Android kernel is responsible for keeping your apps apart, for example by preventing the new fitness app you just installed from sneaking a look at your browsing history, a security compromise inside the kernel itself is about as serious as it gets.

Unfortunately, we can’t yet give you any real detail about the Broadcom RCE patch.

The researcher who found the bug will be presenting his findings at the end of July 2017 at the Black Hat 2017 conference in Las Vegas.

Until then, all we really have are teasers for his forthcoming talk, and a the funky-sounding name BroadPwn for the vulnerability.

(Understandably, no one who’s about to unveil a cool exploit at Black Hat wants to risk giving away a TL;DR version before the talk takes place – that would be like leaking the names of the Oscar winners a week before the awards ceremony.)

Interestingly, back in April 2017, a number of security issues in Broadcom wireless firmware were found to affect both iOS and Android devices – so if you’re an iPhone user, don’t be surprised if this month’s Google patches are quickly followed by a security patch from Apple, too.

What to do?

As usual, we’re going to repeat our usual mantra: “Patch early, patch often.”

What we can’t tell you is when the vendors of devices other than Google’s own Nexus and Pixel phones will be ready with their patches – if you’re worried, ask your vendor or the carrier who supplied your device.

Also, we can’t give you a handy list of the thousands of different Android devices out there that not only include Broadcom wireless cards but also have firmware that’s affected by the BroadPwn bug.

Once again, if you are worried, ask your supplier or mobile carrier.

Having said that, we can offer you Sophos Mobile Security for Android, 100% free of charge: although it won’t patch the abovementioned security holes for you, it will stop you from browsing to risky websites and from downloading booby-trapped adware and malware apps.

A good Android anti-virus not only makes it harder for crooks to push risky content onto your device but also stops them pulling you towards phishing pages, survey scams and other criminally oriented websites.

via nakedsecurity

Read more »