2014 marks the 10th anniversary of Cabir, the world's first mobile phone malware. To mark this occasion, Fortinet's FortiGuard Labs is taking a stroll down memory lane to examine the evolution and significance of mobile threats during the last 10 years. From Cabir to FakeDefend, the last decade has seen the number of mobile malware explode. In 2013, Fortinet's FortiGuard Labs has seen more than 1,300 new malicious applications per day and is currently tracking more than 300 Android malware families and more than 400,000 malicious Android... [Read More]
by RSS Michael Perna  |  Jan 21, 2014  |  Filed in: Industry Trends & News
Zitmo Attack Scenario - taken from my slides at ShmooCon, January 2011 Zitmo's attack scenario, taken from CheckPoint's and VerSafe's white paper (Dec 2012) Recently, Check Point and Versafe published a white paper on a mobile banking trojan they named Eurograbber. In fact, this is not new, it is called Zitmo, and s21sec, and Fortinet (and others !) have been talking about it for nearly two years. In January 2011, Kyle Yang and I presented full details of Zitmo at ShmooCon: the attack scenario, the syntax of commands, the processing of incoming... [Read More]
by RSS Axelle Apvrille  |  Dec 07, 2012  |  Filed in: Security Research
Feel free to browse through our Zitmo timeline. Please note that variant naming depends on many factors including but not limited to chronology. Hence variant letters (.A) don't always reflect the order of appearance in the wild. [Read More]
by RSS Karine de Ponteves  |  Nov 19, 2012  |  Filed in: Security Research
Thank you to everyone who tried to solve our FortiChallenge 2k11! We've had way more participants than expected, and two winners : Shirley Chen Nagy Ferenc László Shirley and Nagy found the secret sentence, without even using the hints. A special mention for another participant (StalkR) who tried to solve it in the wake of Insomni’Hack 2011, and managed to reach the md5 collision step. Stay tuned for the official solution! -- the Reverse naM [Read More]
by RSS Alexandre Aumoine  |  Nov 15, 2011  |  Filed in: Security Research
It's high time the Crypto Girl talks about Crypto, isn't it? A few days ago, I analyzed a malicious Opera Updater, named SymbOS/OpFake.A!tr.dial, and was surprised to discover it uses a** 91-byte XOR key** to conceal one of its configuration file. 91 bytes?! Yes, bytes, so 728 bits. This is quite a lot. AES only uses keys up to 256 bits, though I do not mean it would be less secure than this XOR. But it is a first for mobile malware where we had only seen XOR used with a single byte key. Have a look at the disassembled decryption routine below. Actually,... [Read More]
by RSS Axelle Apvrille  |  Nov 08, 2011  |  Filed in: Security Research
Any progress on our FortiChallenge 2k11? After the first clue, here is the second. Just a reminder that the first hint is meant to help you to find the good way with hashes. Don't miss the modification, Crypto Girl hates MD5 for this reason ! By the way, challenge's submission deadline is extended to Nov 13th, 2011. -- The Reverse naM [Read More]
by RSS Alexandre Aumoine  |  Nov 03, 2011  |  Filed in: Security Research
Stuck on our FortiChallenge 2k11? Here's a first hint! Translations: La fin est encore loin surtout quand on est sur le mauvais chemin ! Wrong track, go back! La fin est proche, l'anneau est inclus. Dawn is close, search for the ring. Mon precieux My precious Hint: -6D01BAE018694CDB446DC7EADBA08BE497A8CBE78BCFE91478AB120B4400E357 -ad23ebc59b720eac0979ead3176de3331ddaa1356466ecc8e8c9fb82f62a6dca -BCA85F09D8D174844C5D5B80095E6EF595181AAB0CABA9144324418B9F291645 -3EE90318AA2881118B8C09A777D52129E61760CCAE1EF679C744A25E9EB50789 -5868049FE51A60811D2C75C3B8896B956EE42114C568DE47531E436CEA2E0F77 –... [Read More]
by RSS Alexandre Aumoine  |  Oct 21, 2011  |  Filed in: Security Research
Hello all, At Insomni'Hack 2011, we created a challenge dedicated to static reversing of Symbian executables (using SDK S60 Ed3 FP1). Sadly, nobody found the full solution, so we finally decided to put it online for you to try, until November 1st, 2011. We will then post the winner's solution on this blog, along with the 'official' solution. To help you out - if needed - this post will be updated with a hint in a few days. Challenge prize? the winner (first good solution) receives ... fame and glory :)) i.e. nothing besides marketing goodies,... [Read More]
by RSS Alexandre Aumoine  |  Oct 17, 2011  |  Filed in: Security Research
Last week we attended Insomni'Hack 2011, where our Crypto Girl (Axelle Apvrille) presented on mobile phone threats. Debriefing of the conference may be found here and there. Both blog authors highlighted the main goal of Axelle's talk, which was to raise awareness about existing threats on smartphones. Mobile phones had already been targeted for a long time (by application sending sms for instance) but since recently (approximately one year) it has been hit by more advanced attacks - probably with the help of cybercriminal organizations. Their... [Read More]
by RSS Alexandre Aumoine  |  Mar 18, 2011  |  Filed in: Security Research
Is Symbian still the leader for smartphone operating systems or not? How far have Android and iPhones penetrated the market? Who's the leader for smartphone OS: Symbian? BlackBerry? Android? iPhone? A quick search on Internet provides quite opposite results, and I decided to find out why. There is no official definition of what a smartphone is compared to a feature phone. Steve Litchfield already mentioned the fact in an interesting article and lists several definitions: a phone that can be extended with hundreds of add-on applications a phone... [Read More]
by RSS Axelle Apvrille  |  Mar 01, 2011  |  Filed in: Security Research