mobile security


By now, most are familiar with the concept of phishing , when an attacker baits a victim by sending out a persuasive social engineering message coupled with a malicious link or attachment. And even spear phishing , where the attacker similarly reels in an intended target, only with highly personal information available via social media and Internet searches. But SMShing? Perhaps not surprisingly, the same concept applies to SMS messages. As its name might suggest, SMShing is defined as the act of sending a fraudulent URL or phone number via SMS,... [Read More]
by RSS Stefanie Hoffman  |  Aug 14, 2013  |  Filed in:
Android/Claco.A!tr is a new mobile malware that has been in the news recently for it's unique ability to infect PCs. Even though we've seen an attack vector of this kind on the Symbian OS before (SymbOS/CardTrap), this would be the first of it's kind on the Android platform. The malicious packages come under the names SuperClean and DroidCleaner and claim to be applications that can speed up your phone. Upon looking into the code, we realize that the "strategy" used to speed up the phone is to mainly restart the running applications. BOTNET... [Read More]
by RSS Ruchna Nigam  |  Feb 06, 2013  |  Filed in: Security Research
I recently came across an Android malware sample that does your usual data stealing i.e. leaking data from the victim's phone such as the phone number, contact information etc. Most vendors name this sample Uranico (Android.Uranico, Trojan:Android/Uranico.A) based on the package name "com.link.uranai". However, a closer look at the sample led to the realization that it looked a lot like a sample I had seen before : Android/Loozfon.A!tr, and was hence a variant of it. Hence, we decided to name it Android/Loozfon.B!tr. What led to this correlation... [Read More]
by RSS Ruchna Nigam  |  Jan 14, 2013  |  Filed in: Security Research
While going through our regular (and never-ending) supply of malicious Android samples, we came across an interesting variant a couple of days back. Like most Android Trojans these days, the piece of malware benefits by sending out SMS messages from the victim's phone, monitoring incoming SMS messages and selectively blocking certain messages. This particular variant, however, has earned itself a notorious reputation after having infected 500,000 Android users in China. The Trojan comes in the form of wallpaper application package files (APKs),... [Read More]
by RSS Ruchna Nigam  |  Sep 18, 2012  |  Filed in: Security Research
With the migration of most services to the cloud, some enterprising Android malware developers have decided to profit from this. Google provides a service known as Cloud to Device Messaging (C2DM) that allows developers to send messages from Google's servers to their applications on Android devices. Android/FakeInst.C!tr, a malware variant we came across recently, employs exactly this service to carry out its malicious activities. The variant is similar to other samples of the Android/FakeInst family that we have encountered. These samples pose... [Read More]
by RSS Ruchna Nigam  |  Jun 13, 2012  |  Filed in: Security Research
The more I analyze the SymbOS/Album malware, the more it scares me. The main malicious executable, Album.exe, is actually capable of processing incoming commands included in SMS messages sent by the value-added service provider number 106650xxx. Typical commands are: download and install software, get phone information or update software. Now, that starts to look like a botnet, even though it isn't (yet?) a very scalable way to communicate with bots because the bot master must send an SMS to each bot it manages. More in details, the Album... [Read More]
by RSS Axelle Apvrille  |  Jul 15, 2010  |  Filed in: Security Research
A few days ago we encountered a new variant of the Symbian worm, Yxes, that we named SymbOS/Yxes.H!worm. This worm contacts malicious remote servers, which host Java Server Pages, and propagates by sending 'attractive' SMS messages. For instance, this new variant sends an SMS with an URL promising private information concerning a Chinese actress. Globally, the logic (and much of the code) is the same as in previous variants. Yet, there are a few updates, one of the main ones being the use of new remote malicious Java Server Pages. I guess every... [Read More]
by RSS Axelle Apvrille  |  Mar 04, 2010  |  Filed in: Security Research
If smart phones were human, we would most probably compare them to assistants - you know, those organized persons we rely on to cope with our own lack of memory and who will remind us of any important meeting and never lose any valuable phone number. Others would perhaps compare them to close friends to whom one can tell secrets (your bank PIN ?) or with whom one shares a few holiday or family pictures. It looks like few of us consider the betrayal of such a close friend, turning him/her into our worst enemy. Yet, this is exactly what mobile phone... [Read More]
by RSS Axelle Apvrille  |  Oct 27, 2009  |  Filed in: Security Research
Lately, we've been fed with H1N1 flu security measures, with recommendations regarding how to clean our hands, sneeze or cough. I just wonder if we'd be so obedient if the same recommendations were issued for our computers or phones. Have a look at the advice below: on the left are CDC's recommendations against H1N1. On the right... Fortinet's recommendations against SymbOS/Yxes. Convinced? Will you follow them? [Read More]
by RSS Axelle Apvrille  |  Oct 13, 2009  |  Filed in: Security Research