Jul. 3, 2018
In late 2016, Google’s security team scrambled to fix a critical vulnerability that allowed attackers to gain unfettered root access to Android devices by using a relatively new class of exploit that manipulates data stored in memory chips. Now, 21 months later, many of the same researchers behind the attack, dubbed Drammer, are back to say that a large number of Android phones and tablets remain vulnerable to the rooting attacks because the patches Google deployed weren’t adequate. The original Rowhammer attack against PCs made it possible for an untrusted computer application to gain nearly unfettered system privileges or to bypass security sandboxes designed to keep malicious code from accessing sensitive operating system resources.
Jun. 13, 2018
The issue is not new, being first spotted by the team at Qihoo 360 Netlab in February, this year, when they detected an Android worm that was spreading from Android device to Android device, infecting them with a cryptocurrency miner named ADB.Miner. The ADB.Miner worm exploited the Android Debug Bridge (ADB), a feature of the Android OS used for troubleshooting faulty devices. In the default version of the Android OS, the ADB feature is turned off, and users need to manually enable it while connecting their device via a USB connection.
May. 25, 2018
News of this group first surfaced after a report in December 2016, when Russian antivirus vendor Dr.Web disclosed that a mysterious threat actor had found a way to penetrate the supply-chain of several mobile carriers, infecting phones with malware. At the time, experts said they found malware in the firmware of at least 26 low-cost Android smartphone and tablets models. Once ousted, Dr.Web hoped crooks would pack up and move on to another operation.
May. 14, 2018
THE ACCC is investigating accusations Google is using as much as $580 million worth of Australians’ phone plan data annually to secretly track their movements. Australian Competition and Consumer Commission chairman Rod Sims said he was briefed recently by US experts who had intercepted, copied and decrypted messages sent back to Google from mobiles running on the company’s Android operating system. The experts, from computer and software corporation Oracle, claim Google is draining roughly one gigabyte of mobile data monthly from Android phone users’ accounts as it snoops in the background, collecting information to help advertisers.
May. 4, 2018
ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind the operation infect Android devices using several generations of malware, with the attackers including new features in each iteration. We label them from v1-v4, with v4 being the most recent version deployed in 2017.
From the technical point of view, the evolution of ZooPark has shown notable progress: from the very basic first and second versions, the commercial spyware fork in its third version and then to the complex spyware that is version 4. This last step is especially interesting, showing a big leap from straightforward code functionality to highly sophisticated malware.
May. 4, 2018
The proof of concept attack the researchers created to demonstrate their technique takes about two minutes, from a malicious site loading their javascript in the browser to running code on the victim’s phone. It can only run that code, however, within the privileges of the browser. That means it can potentially steal credentials or spy on browsing habits, but it can’t gain deeper access without a hacker exploiting other bugs in the phone’s software.
Apr. 17, 2018
In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. According to our telemetry data, this malware was detected more than 6,000 times, though the reports came from just 150 unique users (from February 9 to April 9, 2018).
Apr. 13, 2018
SRL researchers Karsten Nohl and Jakob Lell spent two years analyzing Android devices, checking to see if the phones actually had installed the security patches that the software said it had. The pair found that many devices had what they call a “patch gap,” where the phone’s software would claim it was up to date with security patches but was, in reality, missing up to a dozen of the patches.
Apr. 3, 2018
Several days ago, EST Security published a post concerning a fake antivirus malware targeting the Android mobile platform. In the Korean media, it was mentioned that there could be a link between this Android malware and Group 123. Talos decided to investigate this malware.
And due to our reporting and history of following of Group 123, we discovered some interesting elements.
Source: talosintelligence.com
Mar. 20, 2018
This series of posts recounts how, in November 2016, we hunted for and took down Gooligan, the infamous Android OAuth stealing botnet. What makes Gooligan special is its weaponization of OAuth tokens, something that was never observed in mainstream crimeware before. At its peak, Gooligan had hijacked over 1M OAuth tokens in an attempt to perform fraudulent Play store installs and reviews.
Mar. 19, 2018
Once installed the malware will intercept mobile calls you attempt to make to your bank, and instead direct them to a scammer impersonating an agent working for the bank.
Source: grahamcluley.com
Mar. 16, 2018
Security researchers have discovered a massive continuously growing malware campaign that has already infected nearly 5 million mobile devices worldwide. Dubbed RottenSys, the malware that disguised as a ‘System Wi-Fi service’ app came pre-installed on millions of brand new smartphones manufactured by Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung and GIONEE—added somewhere along the supply chain. All these affected devices were shipped through Tian Pai, a Hangzhou-based mobile phone distributor, but researchers are not sure if the company has direct involvement in this campaign.