New type of auto-rooting Android adware is nearly impossible to remove

November 4, 2015 – 4:25 PM

Researchers have uncovered a new type of Android adware that’s virtually impossible to uninstall, exposes phones to potentially dangerous root exploits, and masquerades as one of thousands of different apps from providers such as Twitter, Facebook, and even Okta, a two-factor authentication service.

The researchers have found more than 20,000 samples of trojanized apps that repackage the code or other features found in official apps available in Google Play. From the end user’s perspective, the modified apps look just like the legitimate apps, and in many cases they provide the same functionality and experience. Behind the scenes, however, the apps use powerful exploits that gain root access to the Android operating system. The exploits—found in three app families known as Shedun, Shuanet, and ShiftyBug—allow the trojanized apps to install themselves as system applications, a highly privileged status that’s usually reserved only for operating system-level processes.

“For individuals, getting infected with Shedun, Shuanet, and ShiftyBug might mean a trip to the store to buy a new phone,” researchers from mobile security firm Lookout wrote in a blog post published Wednesday. “Because these pieces of adware root the device and install themselves as system applications, they become nearly impossible to remove, usually forcing victims to replace their device in order to regain normalcy.”

The Lookout researchers said the apps appear to do little more than display ads, but given their system-level status and root privileges, they have the ability to subvert key security mechanisms built into Android. Under a model known as sandboxing, for instance, Android apps aren’t permitted to access passwords or most other data available to other apps. System applications with root, by contrast, have super-user permissions that allow them to break out of such sandboxes. From there, root-level apps can read or modify data and resources that would be off limits to normal apps.

Source:
http://arstechnica.com/security/2015/11/new-type-of-auto-rooting-android-adware-is-nearly-impossible-to-remove/

Zero-Day Attack Compromises a Half-Million Web Forum Accounts

November 4, 2015 – 4:14 PM

Forum software-makers vBulletin and Foxit Software may have been breached by a hacker claiming to have made off with personal data belonging to some 479,895 users between the two.

“Coldzer0” said in a post co-authored with @Cyber_War_News that he exploited the same zero-day vulnerability for both domains, and was able to access user IDs, full names, email addresses, security questions and corresponding answers (both in plain text) and salted passwords for hundreds of thousands of users.

For its part, vBulletin has confirmed that an attack happened: “Very recently, our security team discovered a sophisticated attack on our network,” the company said in a post. “Our investigation indicates that the attacker may have accessed customer IDs and encrypted passwords on our systems.”

The issue affects vBulletin versions 5.1.4 to 5.1.9, it said, and has issued a patch, presumably for the zero-day, and has also forced a password reset for all of its users.

Tod Beardsley, principal security research manager at Rapid7, said in an email that it looks like the vBulletin attack was due to an SQL injection bug in vBulletin’s forum software.

Source:
http://www.infosecurity-magazine.com/news/zeroday-attack-web-forum-accounts/

Ransomware’s new threat: if you don’t pay, we’ll publish your photos online

November 3, 2015 – 7:53 PM

The ‘scareware’ variant of the Chimera ransomware trojan has been spotted by the Cologne-based anti-botnet advisory centre, Botfrei (‘Botfree’).

The agency says Chimera is a classic blackmail trojan which is now targeting specific employees in German companies with fake emails about job applications or job offers.

The emails point them to a Dropbox address to get more information but if victims click on the link, Chimera instantly starts to encrypt their computer files and the data on their corporate network.

In an extra twist, Chimera also threatens to publish their photos and other personal information online if they fail to pay the 2.45 bitcoin (£450) ransom.

But in a 26 October blog, Botfrei says there is so far no evidence that the criminals have stolen or published any personal data, saying: “Fear and intimidation is their motivation.”

Independent security experts also see Chimera’s latest variant as “new and scary” but are divided on whether its promise to publish personal photos is a bluff.

Source:
http://www.scmagazine.com/ransomwares-new-threat-if-you-dont-pay-well-publish-your-photos-online/article/451473/

Hackers use anti-adblocking service to deliver nasty malware attack

November 2, 2015 – 8:02 PM

More than 500 websites that used a free analytics service inadvertently exposed their visitors to a nasty malware attack made possible by a hack of PageFair, the anti-adblocking company that provided the analytics.

The compromise started in the last few minutes of Halloween with a spearphishing e-mail that ultimately gave the attackers access to PageFair’s content distribution network account. The attacker then reset the password and replaced the JavaScript code PageFair normally had execute on subscriber websites. For almost 90 minutes after that, people who visited 501 unnamed sites received popup windows telling them their version of Adobe Flash was out-of-date and prompting them to install malware disguised as an official update.

“If you are a publisher using our free analytics service, you have good reason to be very angry and disappointed with us right now,”. PageFair CEO Sean Blanchfield wrote in a blog post published Sunday. “For 83 minutes last night, the PageFair analytics service was compromised by hackers, who succeeded in getting malicious javascript to execute on websites via our service, which prompted some visitors to these websites to download an executable file. I am very sorry that this occurred and would like to assure you that it is no longer happening.”

Source:
http://arstechnica.com/security/2015/11/hackers-use-anti-adblocking-service-to-deliver-nasty-malware-attack/

Signal, the Snowden-Approved Crypto App, Comes to Android

November 2, 2015 – 7:51 PM

Since it first appeared in Apple’s App Store last year, the free encrypted calling and texting app Signal has become the darling of the privacy community, recommended—and apparently used daily—by no less than Edward Snowden himself. Now its creator is bringing that same form of ultra-simple smartphone encryption to Android.

On Monday the privacy-focused non-profit software group Open Whisper Systems announced the release of Signal for Android, the first version of its combined calling and texting encryption app to hit Google’s Play store. It’s not actually the first time Open Whisper Systems has enabled those features on Android phones; Open Whisper Systems launched an encrypted voice app called Redphone and an encrypted texting program called TextSecure for Android back in 2010. But now the two have been combined into a Signal’s single, simple app, just as they are on the iPhone. “Mostly this was just about complexity. It’s easier to get people to install one app than two,” says Moxie Marlinspike, Open Whisper Systems’ founder. “We’re taking some existing things and merging them together to make the experience a little nicer.”

That streamlining of Redphone and TextSecure into a single app, in other words, doesn’t actually make Open Whisper System’s encryption tools available to anyone who couldn’t already access them. But it does represent a milestone in those privacy programs’ idiot-proof interface, which in Signal is just as straightforward as normal calling and texting. As Marlinspike noted when he spoke to WIRED about Signal’s initial release last year, that usability is just as important to him as the strength of Signal’s privacy protections. “In many ways the crypto is the easy part,” Marlinspike said at the time. “The hard part is developing a product that people are actually going to use and want to use. That’s where most of our effort goes.”

Source:
http://www.wired.com/2015/11/signals-snowden-approved-phone-crypto-app-comes-to-android/

Page 20 of 353« First...10...1819202122...304050...Last »