malware' | Page 23


Recently I received this SMS on my mobile phone. Basically, it tells me I have to call back 018377xxxx to collect a parcel. As this phone number is not premium and I was indeed waiting for a parcel, I nearly fell in for the trick. Figure 1. SMS scam received on the phone. It says: "E-Relay Hello, your parcel Ref: M794610 is waiting for you since July 8th, 2013. More details at 018377xxxx" I guess that AV analysts get suspicious about everything, and I checked it on a search engine. I quickly found out that plenty of other victims were complaining... [Read More]
by RSS Axelle Apvrille  |  Jul 17, 2013  |  Filed in: Security Research
Last month, Symantec blogged about an Android malware named Android.Fakedefender that is the first example of a Ransomware that we have seen on the Android platform. Fortinet detects this malware as Android/FakeDefend.A!tr The malware's operation can be broken down into 3 rough stages. For details of the modus operandus of this very sophisticated malware, read on.. CONVINCE USER THE PHONE IS INFECTED ('Fake AV' being the term of endearment for this in the security community) The malware disguises itself as an Anti-Virus application and,... [Read More]
by RSS Ruchna Nigam  |  Jul 12, 2013  |  Filed in: Security Research
Our previous post details the history of advanced persistent threats (APTs) as well as some of the most significant attacks, their origins and high-profile targets. In this post, we'll break down the stages of an attack, as well as APT attack tools and defensive solutions, as described by Fortinet's Richard Henderson's in the report "Threats on the Horizon: The Rise of the Advanced Persistent Threat." One of the many factors that distinguish advanced persistent threat (APT) attacks are their multiple components. First things first, though: The... [Read More]
by RSS Stefanie Hoffman  |  Jul 11, 2013  |  Filed in: Industry Trends
The concept behind advanced persistent threats (APTs) isn't new. Cybercriminals have been relying on advanced software to leverage attacks that steal data or disrupt systems since the dawn of the computer age. But what distinguishes modern APTs from previous advanced malware? According to Richard Henderson's Fortinet report "Threats on the Horizon: The Rise of Advanced Persistent Threats ," their distinguishing factors are sophistication and stealth, along with diverse attack vectors, copious resources and relentless perseverance. While the... [Read More]
by RSS Stefanie Hoffman  |  Jul 10, 2013  |  Filed in: Industry Trends
Insomni'hack 2013 took place last week at Geneva and I had the opportunity to attend. Insomni'hack DAY 1 consisted of one day workshops on subjects ranging from "Linux exploitation" to "How to make sure your Pentest Report is never empty". I had the chance to attend a workshop on "Practical ARM exploitation" given by black Steve (@s7ephen) and white Steve (Stephen Lawler). We initially had trouble getting the Gumstix we were supposed to work on running due to the difference in voltage levels between the US and Europe (it's about time the world... [Read More]
by RSS Ruchna Nigam  |  Mar 25, 2013  |  Filed in: Security Research
Android/Claco.A!tr is a new mobile malware that has been in the news recently for it's unique ability to infect PCs. Even though we've seen an attack vector of this kind on the Symbian OS before (SymbOS/CardTrap), this would be the first of it's kind on the Android platform. The malicious packages come under the names SuperClean and DroidCleaner and claim to be applications that can speed up your phone. Upon looking into the code, we realize that the "strategy" used to speed up the phone is to mainly restart the running applications. BOTNET... [Read More]
by RSS Ruchna Nigam  |  Feb 06, 2013  |  Filed in: Security Research
I recently came across an Android malware sample that does your usual data stealing i.e. leaking data from the victim's phone such as the phone number, contact information etc. Most vendors name this sample Uranico (Android.Uranico, Trojan:Android/Uranico.A) based on the package name "com.link.uranai". However, a closer look at the sample led to the realization that it looked a lot like a sample I had seen before : Android/Loozfon.A!tr, and was hence a variant of it. Hence, we decided to name it Android/Loozfon.B!tr. What led to this correlation... [Read More]
by RSS Ruchna Nigam  |  Jan 14, 2013  |  Filed in: Security Research
Zitmo Attack Scenario - taken from my slides at ShmooCon, January 2011 Zitmo's attack scenario, taken from CheckPoint's and VerSafe's white paper (Dec 2012) Recently, Check Point and Versafe published a white paper on a mobile banking trojan they named Eurograbber. In fact, this is not new, it is called Zitmo, and s21sec, and Fortinet (and others !) have been talking about it for nearly two years. In January 2011, Kyle Yang and I presented full details of Zitmo at ShmooCon: the attack scenario, the syntax of commands, the processing of incoming... [Read More]
by RSS Axelle Apvrille  |  Dec 07, 2012  |  Filed in: Security Research
Feel free to browse through our Zitmo timeline. Please note that variant naming depends on many factors including but not limited to chronology. Hence variant letters (.A) don't always reflect the order of appearance in the wild. [Read More]
by RSS Karine de Ponteves  |  Nov 19, 2012  |  Filed in: Security Research
Another Android malware is currently in the wild in France, as we have recently discovered. This malware poses as a Flash Player installer and steals your incoming SMS messages by forwarding them to a remote server. We have named it Android/Fakelash.A!tr.spy. Contrary to many Android malware which are downloaded from underground or legitimate marketplaces (see here, here, here, here... ), this one is propagating via a link in a SMS. For example, the victim below complains he received an SMS from 10052 saying "For proper function of your device,... [Read More]
by RSS Axelle Apvrille  |  Sep 21, 2012  |  Filed in: Security Research