mobile | Page 4

I recently came across an Android malware sample that does your usual data stealing i.e. leaking data from the victim's phone such as the phone number, contact information etc. Most vendors name this sample Uranico (Android.Uranico, Trojan:Android/Uranico.A) based on the package name "". However, a closer look at the sample led to the realization that it looked a lot like a sample I had seen before : Android/Loozfon.A!tr, and was hence a variant of it. Hence, we decided to name it Android/Loozfon.B!tr. What led to this correlation... [Read More]
by RSS Ruchna Nigam  |  Jan 14, 2013  |  Filed in: Security Research
Feel free to browse through our Zitmo timeline. Please note that variant naming depends on many factors including but not limited to chronology. Hence variant letters (.A) don't always reflect the order of appearance in the wild. [Read More]
by RSS Karine de Ponteves  |  Nov 19, 2012  |  Filed in: Security Research
While going through our regular (and never-ending) supply of malicious Android samples, we came across an interesting variant a couple of days back. Like most Android Trojans these days, the piece of malware benefits by sending out SMS messages from the victim's phone, monitoring incoming SMS messages and selectively blocking certain messages. This particular variant, however, has earned itself a notorious reputation after having infected 500,000 Android users in China. The Trojan comes in the form of wallpaper application package files (APKs),... [Read More]
by RSS Ruchna Nigam  |  Sep 18, 2012  |  Filed in: Security Research
Last week the security world was abuzz with news of a new attack vector for mobile attacks. The malware was sent to the accounts of Tibetan human rights advocates and activists from the hacked account of one of the activists regarding the the World Uyghur Congress (WUC) Conference that took place in Geneva from 11-13 March, 2013. What made the piece of malware particularly interesting was the targeted nature of the attack, once again highlighting the political aspect of cyber warfare and making us question whether governments and legitimate organizations... [Read More]
by RSS Ruchna Nigam  |  Jul 30, 2012  |  Filed in: Security Research
In Fortinet's Latest Threat Landscape Report, Fortinet looks back at the security predictions they made at the beginning of the year and compares them to where we are today. How right or wrong were they? See the info graphic below. Download the full report for even more threat landscape news. Report highlights include: - The increase of mobile malware on Android devices including new mobile ransomware - The continued proliferation of the ZeroAccess botnet and which countries are seeing the biggest infection rates - The Citadel botnet takedown -... [Read More]
by RSS Michael Perna  |  Jul 30, 2012  |  Filed in: Industry Trends
BYOD – Lessons From The Past In a recent survey of people in their 20’s conducted by Fortinet, the majority of respondents stated that bringing their own device (BYOD) to their workplace was a right and not a privilege. And nearly a third said that they would contravene a company’s security policy that forbids them to use their personal devices at work or for work purposes. Surely, a client-centric approach to BYOD will face difficulties when so many workers will actively seek... [Read More]
by RSS Kevin Flynn  |  Jul 23, 2012  |  Filed in: Industry Trends
With the migration of most services to the cloud, some enterprising Android malware developers have decided to profit from this. Google provides a service known as Cloud to Device Messaging (C2DM) that allows developers to send messages from Google's servers to their applications on Android devices. Android/FakeInst.C!tr, a malware variant we came across recently, employs exactly this service to carry out its malicious activities. The variant is similar to other samples of the Android/FakeInst family that we have encountered. These samples pose... [Read More]
by RSS Ruchna Nigam  |  Jun 13, 2012  |  Filed in: Security Research
Denis Maslennikov reported a new SMS trojan, Android/Mania, which emanates from France. This malware hasn't any outstanding functionality - it silently sends SMS messages to a short number, something we only see too often in mobile malware - except it happens to clearly originate from France. As our European lab is based in France, we investigated it with particular interest. Thanks Denis for sharing. What we learned in a few points: All samples we got our hands on send 7 SMS messages to the same French short number 84242. This is a "SMS+" short... [Read More]
by RSS Axelle Apvrille  |  Jun 06, 2012  |  Filed in: Security Research
As explained in our previous post (DroidKungFu is getting smarter), DroidKungFu now comes in 7 different flavors. Here is an updated graph of their similarities. Just like our previous graph (Clarifying Android DroidKungFu variants), each block represents a variant, intersections showing how many similar methods are implemented*. All variants can download and install new packages, start an application (activity), open a URL in the browser and delete a package**. Although the F variant intentionally piggybacks legitimate applications that use... [Read More]
by RSS Karine de Ponteves  |  Jun 01, 2012  |  Filed in: Security Research
Mobile botnet Android/RootSmart (aka Bmaster) is making substantial amount of money from premium SMS numbers or services, according to Cathal Mullaney's discovery of a mobile botnet front-end: yes, we had told you so. Glance at Guillaume Lovet's paper at Virus Bulletin back in 2006, where he explains the business behind mobile botnets. His illustration is exactly what Android/RootSmart (aka Bmaster) does: Later, at SAR SSI in 2010, I re-insisted on the potential impact of such strategies: It's interesting to notice my estimate of... [Read More]
by RSS Axelle Apvrille  |  Apr 20, 2012  |  Filed in: Security Research