emmental


This is a follow up post on Operation Emmental. If you are not aware of Emmental, please read this white paper, and our previous blog post. I wouldn't deserve to sign my posts as 'the Crypto Girl' if I didn't mention crypto in Android's Emmental malware (Android/Emmental.A!tr.spy) ;) Emmental's code uses Spongy Castle. This is the (famous?) Bouncy Castle crypto library repackaged for Android. It is the first time I encounter the library in mobile malware (but it's possible I missed it in other samples). It also loads an elliptic curve library.... [Read More]
by RSS Axelle Apvrille  |  Oct 30, 2014  |  Filed in: Security Research
A long time ago, I posted a video showing how to control Zitmo (the mobile component of ZeuS). It turns out you can (nearly) do exactly the same with Emmental. If you are not aware of Operation Emmental, please jump to this excellent white paper. So, basically, this operation aims at compromising bank accounts, in particular (but not limited to) Swiss banks - where the naming Emmental comes from. Like ZeuS and Zitmo, or SpyEye and Spitmo, Emmental compromises the victim's PC and installs a trojan spyware on the Android phone. The scenario is well... [Read More]
by RSS Axelle Apvrille  |  Oct 21, 2014  |  Filed in: Security Research