2 March 2018
RedDrop: 'Sophisticated' Android malware spies on you and racks up huge phone bills
UK-based security outfit Wandera has sounded the alarm bells after finding the spyware, dubbed 'RedDrop', inside 53 applications masquerading as useful tools such as image editors, calculators and language-learning apps. Each one is intricately built to provide entertaining or useful functionality - to act as a seemingly innocent guise for the malicious content stored within," Wandera researchers said. Wandera's machine learning detections first uncovered one of the RedDrop apps when a user clicked on an ad displaying on popular Chinese search engine Baidu. The user was then taken to huxiawang.cn, the primary distribution site for the attack. These infected-apps request invasive permissions, Wandera notes, enabling it to harvest information including live recordings of its surroundings, user data, photos, contacts, notes, device data and information about saved WiFi networks and nearby hotspots. In addition to its snoopery, RedDrop secretly sends text messages to a premium-rate phone number, which will see affected users whacked with a massive phone bill. An SMS is sent every time a user interacts with an infected app and the malware is able to delete these messages almost instantly, meaning the evidence of these premium SMS is destroyed.
Britons Love of Pornography Puts Them at Risk of 'Digital STI'
Britons’ growing penchant for pornography is putting them at risk of particularly nasty computer viruses that could cost victims their savings, cyber experts have warned. Four in ten British adults watch pornography online every day and nearly a third have been infected with a “digital STI” as a result, according to a new survey. The growing popularity of online pornography has marked it a prime target for cyber criminals, who are booby-trapping websites with malicious software to snare unsuspecting victims. Hackers employ an arsenal of cyber-weapons including viruses that can track the keystrokes on a laptop or smartphone keyboard. The text, which could include online banking passwords and email account details, is sent to criminals over the internet, and could be used to empty bank accounts. In some cases, hackers hijack pornography sites with malware that allows them to mine Bitcoins by stealing the processing power of the person visiting the site. Another scam called “clickjacking” tricks someone into clicking on one object on a web page while they think they are clicking on another. Clickjacking could be used to install malware or to switch on the victim’s webcam without their knowing. Victims are often completely unaware they have been “hacked” until it is too late, although one symptom is a slow running device.
Report Highlights Challenges of Incident Response
Email continues to be the biggest threat vector for attackers looking to compromise organizations, with phishing attempts and malicious attachments comprising over a third of attacks, according to F-Secure. The AV vendor analyzed a random sample of past incident response investigations carried out by its consultants in order to better understand how organizations are breached. It found that the majority of incidents were targeted (55%) rather than opportunistic (45%) attacks, with the former employing a greater range of TTPs than the latter. Phishing emails (16%) and malicious email attachments (18%) together formed the biggest threat. The findings chime somewhat with the Verizon Data Breach Investigations Report 2017, which revealed that phishing was present in over 90% of security incidents and breaches analyzed in the report. However, according to F-Secure, internet exploits (21%) were also popular, especially those targeting unpatched vulnerabilities, while the insider threat (20%) was prominent. Given the popularity of the email channel, it’s perhaps not surprising that attackers favored social engineering (52%) over external exploits (48%). The findings would seem to suggest organizations need to get better at educating their employees to spot the tell-tale signs of a phishing email and/or not to open attachments in unsolicited emails or from suspicious sources.
Google Chrome ALERT - Password stealing malware hits ‘thousands’ of PCs, are YOU affected?
GOOGLE Chrome users have been put on alert about a strain of password stealing malware. However, the way the malware may have been distributed onto Google Chrome users’ machines could leave them stunned. The malware warning first emerged on Reddit, with user crankyrecursion making the discovery. They claimed to have found a suspicious file hidden away on an add-on installer for a flight-simulator. FlightSimLabs (or FSLabs) make add-ons for the hugely popular Microsoft Flight Simulator.And they were accused by the Reddit user of adding a file called ‘test.exe’, which is allegedly a password stealer, to their A320X add-on installer. Andrew Mabbitt, founder of cybersecurity company Fidus Information Security, also flagged the issue to Motherboard. Mabbitt said he scanned the file through malware search engine VirusTotal, and it was flagged up by a number of anti-virus products as malicious. When run, the programme extracts all saved usernames and passwords from the Chrome browser and appears to send them to FSLabs. The installer would check whether a user entered in a serial number that had previously been identified as one used by pirates. If a serial number was entered that matched one that had been flagged up, then the Chrome password dump tool would kick in.
ionCube Malware Infected Numerous Websites
SiteLock security experts have found that hundreds of websites based on WordPress, Joomla and CodeIgniter got infected by the ionCube malware. The ionCube malware is an encoding technology used for protecting PHP software from being viewed, changed, and run on unlicensed computers. While analyzing an infected WordPress website, the experts found many suspicious files, such as “diff98.php” and “wrgcduzk.php”, disguised as legitimate ionCube-encoded files to trick victims. According to the researchers’ analysis, hundreds of websites were infected by exactly the same ionCube malware. While reviewing an infected site, the SiteLock Research team found a number of suspiciously named, obfuscated files that appear almost identical to legitimate ionCube-encoded files. They determined the suspicious ionCube files were malicious, and found that hundreds of sites and thousands of files were affected. Overall, their investigation found over 700 infected sites, totalling over 7,000 infected files. Apart from the sites based on WordPress, deeper analysis of the malware revealed that hackers compromised Joomla and CodeIgniter websites as well. Theoretically, the parasite could infect any website based on a web server running PHP, once decoded, the fake ionCube files compose the ionCube malware.
Cyber Security training from QA
QA have uniquely positioned themselves to help solve the Cyber skills gap from our CyberFirst and Cyber Apprenticeship programmes and Cyber Academies to Cyber Challenges, Training and Certifications and Consultancy for Cyber Security.
They offer end-to-end Cyber training and certifications from Cyber Awareness to deep dive Cyber Programmes and solutions; from Cyber Investigations, Cyber Crisis Management, Proactive Security to Offensive Defence. QA only employ world leading Cyber trainers who have the expertise to deliver bespoke Cyber solutions, GCHQ accredited courses and proudly the CyberFirst programme. This is all to support in tackling the UK's National Cyber Security skills shortage.
QA also have state-of-the-art CyberLabs, where companies can simulate real-life Cyber-attacks on their infrastructure, helping them to prevent & combat breaches without risking their own network.
Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.