android | Page 11


As explained in our previous post (DroidKungFu is getting smarter), DroidKungFu now comes in 7 different flavors. Here is an updated graph of their similarities. Just like our previous graph (Clarifying Android DroidKungFu variants), each block represents a variant, intersections showing how many similar methods are implemented*. All variants can download and install new packages, start an application (activity), open a URL in the browser and delete a package**. Although the F variant intentionally piggybacks legitimate applications that use... [Read More]
by RSS Karine de Ponteves  |  Jun 01, 2012  |  Filed in: Security Research
Vulnerabilities and more vulnerabilities plagued the security landscape the week of April 30-May 5. Adobe patched a major Flash flaw, while security experts warned of gaping holes in PHP. Meanwhile, it appears that Intel is going to do something with its McAfee purchase after all. Here's a look at this week in security. Adobe Patches Critical Flaw: Adobe released a patch last week for a critical Flash vulnerability pivotal in targeted attacks that exploit a vulnerable version of Flash on Windows running the Internet Explorer Web browser. Altogether,... [Read More]
by RSS Stefanie Hoffman  |  May 08, 2012  |  Filed in: Industry Trends
Among other things, Anonymous was up to its usual shenanigans, a new Android attack that emerged already tainted a brand new photo app and Apple malware continued to baffle inexperienced Mac users naive to the ways of security threats. Here's a look at the security landscape for April 16-20. Surprise! Another Mac Threat: Last week, yet another Mac Trojan was found on the security threatscape wreaking havoc on the once typically sheltered Mac OS X users. Specifically, the new Mac Trojan, dubbed Backdoor OSX SabPub.a, exploits a Java vulnerability... [Read More]
by RSS Stefanie Hoffman  |  Apr 23, 2012  |  Filed in: Industry Trends
Security took a few unexpected twists and turns for the first week of April. For one, Mac owners received a bit of a jolt when a rapidly spreading botnet ran rampant on their machines. Meanwhile, Anonymous is expanding its reach to the world's most populous nation and the public white board Pastebin appears to be cracking down on data dumps from its hacker users. Here's a look at last week's security landscape. Flashback Attacks Macs: Last week, Apple Mac owners stood in the shoes of their Windows loving peers when a massive strain of malware—known... [Read More]
by RSS Stefanie Hoffman  |  Apr 09, 2012  |  Filed in: Industry Trends
It doesn't happen that often altogether that mobile malware specifically come from France and propagate in France. It however seems to be the case this time for an Android malware named Foncy - not that there should be any national pride in creating malware. Foncy has first been spotted by Denis Maslennikov. It is a dialer, i.e it sends SMS messages to premium numbers, without user's consent. It does not spread by itself: victims are infected when they download and install the malware, likely from an alternate marketplace. They probably just wanted... [Read More]
by RSS Axelle Apvrille  |  Dec 15, 2011  |  Filed in: Security Research
A few days ago, Jon Larimer and Jon Oberheide published a vulnerability for Android platforms < 2.3.6. David Maciejak and I were curious to run it on an Android phone. Result: it runs perfectly :( So, what is this to us? Well, it’s a new way to root Android phones running 2.3.4. We already had exploits for that on versions prior to 2.1 or 2.2. (uDev and rageinthecage exploits), or prior to 2.3.4, or 3.0 (gingerbreak/honeybomb), but nothing in between for 2.3.4/2.3.5. And because rooting a phone is particularly valued by malware... [Read More]
by RSS Axelle Apvrille  |  Nov 25, 2011  |  Filed in: Security Research
Much like Ninja Turtles, DroidKungFu now comes in different flavours (5 so far), discovered by Pr. Xuxian Jiang (and research team) and Lookout. If, like me, you are having difficulties keeping track of those variants, this post is for you :) The similarities and differences between all 5 variants are depicted below. The various blocks represent each variant, and their intersection shows how many methods they share exactly*. All variants share the same malicious commands (CMD box). They can download and install new package, start a program (called... [Read More]
by RSS Axelle Apvrille  |  Oct 26, 2011  |  Filed in: Security Research
Yes, you have probably heard the news: a new variant of Spitmo - Zitmo/ZeuS's counterpart for SpyEye, which previously targeted Symbian phones only - has recently been spotted on Android. The scenario is the same as before: a victim, browsing on a PC infected with SpyEye, logs in her bank's website. SpyEye injects forms and elements directly into the webpages she is viewing, so as to lure her into installing a fake security application on her phone, thinking it's required by the bank. That application actually intercepts SMS messages - especially... [Read More]
by RSS Axelle Apvrille  |  Sep 16, 2011  |  Filed in: Security Research
This is a short update to our prior post concerning Zitmo on Android. Is this really Zitmo? This fake Trusteer malware shows several differences with prior Symbian variants, but, for simplicity (and because it's easy to remember), we call it Zitmo. This does not mean this variant was written by the same authors (no proof on that account, one way or another) nor that it has exactly the same technical functionalities or even, depending on naming policies, the same name among AV vendors, but what we mean is that this sample was propagated by ZeuS... [Read More]
by RSS Axelle Apvrille  |  Jul 18, 2011  |  Filed in: Security Research
Zitmo has been used by the ZeuS gang to defeat SMS-based banking two-factor authentication on Symbian, BlackBerry and Windows Mobile for a several months (see my ShmooCon slides). Lately, there's been an active discussion on technical forums regarding ZeuS targetting Android users. We finally managed to get our hands on the mobile sample the ZeuS PC trojans are propagating. Actually, it is not a new sample and has been detected under several names (Android.Trojan.SmsSpy.B, Trojan-Spy.AndroidOS.Smser.a, Andr/SMSRep-B), but it is far more scary when... [Read More]
by RSS Axelle Apvrille  |  Jul 08, 2011  |  Filed in: Security Research