Ghost Push malware affecting Android devices

what-is-malware-as-a-serviceThe latest version of the Ghost Push trojan discovered in 2015 has been found by researchers at Cheetah mobile. This latest variant is able to root almost all Android devices except those running the Android 6.0 Marshmallow or higher.

The malware hides its core coding in the system directory, disguising itself as a built-in app of the phone and prevents third parties from taking over root privilege in order to hide and evade detection.

Cheetah Mobile reported that the highest percent of infection was in Malaysia (14%), followed by Vietnam (13%) and Colombia (10%).

Android users can stay immune by upgrading to version 6.0. But most android smartphone manufacturers apart from Google do not get updates pushed out to users in a reasonable amount of time as the manufacturers, carrieers and Google have to work together to push out updates to users.

Apps with DressCode malware found on Google Play

what-is-malware-as-a-serviceCheckpoint researchers found forty applications on Google Play Store that contains a new family of malware named DressCode.  The malware is able to infect corporate BYOD mobile devices and access internal network or corporate web servers. It is possible for an attacker to establish communication with infected mobile devices and send a command to retrieve files from internal networks if the device is on the internal corporate network.

Some of the applications of Google play that are infected are Dress up Musa winx, Dress up princess Apple White, Forsaken House and Dark Goddess and another 400 applications carrying the malware were discovered on third party app stores.

This is a warning that enterprises shouldn’t rely only on the protections that Google offers for its apps, considering the vulnerable nature of Android devices.

Video-Jacking Attack: Attacker can see everything you see.

Aries Security researchers have described how you could fall victim of a video-jacking attack by docking your phone at unfamiliar charging stations.

A device that is hidden in what appears to be a charging station, worth $220 is used for the attack. A device connected to the charging station exposes virtually everything to the attacker. The attacker can see user passwords when entered, all taps and whatever the user is seeing and doing on their device.

Devices vulnerable to this attack includes several Androids, iPhones and other HDMI ready smartphones manufactured by Asus, Blackberry, HTC, LG, Samsung and ZTE.

New Android vulnerabilities! Over 900 million devices affected.

92073c5d66265bda3119a53f7bd816281-pagespeed-ce-vkkuw8e5jrA set of four vulnerabilities named QuadRooter has been discovered by Check Point Researchers. Any of the vulnerabilities, if exploited gives an attacker privilege to gain root access to a device. Consequently, the attacker can modify system-level files, add or remove apps and access the screen, camera and microphone of the device.

QuadRooter affects only Android devices with Qualcomm chipset but Qualcomm chipsets account for about 80% of chipsets in the Android world making the vulnerabilities very prevalent.

QuadRooter scanner app has been released by Check Point to help users scan their device for the QuadRooter vulnerability.

QuadRooter can only be fixed by installing patches released by manufacturers to fix the issue.

No. 1 Android Trojan in the World – Hummer

12055-trojan_articleA new mobile trojan family originating from China is now the world’s No. 1 Android malware. Hummer as the malware is named has infected almost 2 billion devices around the world, especially in India, Indonesia and Turkey.

Characteristic of the Hummer trojan is to root an infected device to gain administrator privileges, pop up unwanted ads, push mobile games and porn applications to the infected device and reinstall these unwanted apps shortly after users uninstall them.

Once a device is infected, ordinary antivirus as well as factory resets become ineffective in tackling the malware.

The best defense against Hummer and other malwares is to install only trusted apps from a trusted app store.

Why Preventing Rooting and Jailbreaking is so Important

One of the most controversial topics when it comes to mobile devices is the idea of rooting and jailbreaking.

Although rooting and jailbreaking are technically different processes on different platforms, the end-goal is the same: to gain higher-level privileges and access to sensitive functionality that isn’t normally available (for simplicity, we’ll use the word “rooting” to refer to both). Let’s look at the pros and cons of rooting and examine how and why we need to protect against it.

Rooting is a technical process driven by practical and philosophical desires. The practical aspect is that rooting lets you install apps that you wouldn’t otherwise be able to use, either because the platform is locked to a single app store (iOS) or because the app requires access to sensitive internal functionality (Android and iOS). Philosophically, some technically-minded people (including most white hat hackers) want the ability to access everything on their smartphones, which is why many Android smartphones come with unlocked bootloaders. However, rooting is also complex for most people and can cause issues with system stability, software updates, warranties, and most of all security.

The Root of the Problem

Preventing and detecting rooting is one of the most difficult games of cat-and-mouse in all of security. Hackers are constantly looking for new vulnerabilities and many devices are rooted before they’re even released. A well-designed piece of malware with super user permissions can easily hide itself from a simple root-detection app that’s just looking for flags typically associated with rooting. The most effective way to detect rooting is to use a hardware root of trust to integrate the solution across the hardware, OS and app layers. Continue reading

Free Android App “Black Jack” uncovered as a Trojan

google-play-store-5-12-10-google-play-store-android-tvA free gambling app, Black Jack which has been downloaded by as many as 5,000 users from Google Play Store has been found to be a banking Trojan,  reports HELPNETSECURITY .

The App’s main goal is to steal users’ personal and banking information and login credentials to a handful of popular online services and social networks by presenting fake pop-up windows to users containing forms to be filled with credentials.

The app was also found to contain a variant of the Acecard malware family which has the ability of intercepting and sending sms messages, forwarding phone calls, locking the device screen and wiping all user data from the device.

It also attempts to download another app name Play Store Update (cosmetiq.fl).

Lookout researchers who uncovered this malware have advised users who downloaded Black Jack to uninstall it as well as the cosmetiq.fl app and change their online accounts passwords immediately.