This Week in Security: Backdoors, Ransomware, Enigma

There’s a (Spy)App for That

The proliferation of mobile phones and their accompanying app store ecosystems have made mobile applications an enticing target for malicious developers. Researchers at Lookout discovered the Igexin advertising library contained a backdoor, allowing Igexin to execute arbitrary code.

The advertising library was used by over 500 applications on the Google Play store which were downloaded over 100 million times. The affected applications allowed Igexin to surreptitiously steal call histories, GPS location, and other phone metadata.

In an age where there (apparently) needs to be an app for everything, developers are heavily relying on third party libraries to quickly publish an application. This approach of bolt-on development means there’s plenty of un-vetted code running on users’ devices.

The developers of the affected applications were likely unaware of the backdoor functionality hidden in the Igexin advertising library. In a different case, two malicious apps were spotted on the Google Play store which abuse the Accessibility features to install mobile malware.

Take the following steps to protect yourself:

  • Avoid installing unnecessary applications
  • Restrict the permissions granted to applications
  • Keep your phone’s operating system up to date
  • Be cautious with applications requesting accessibility permissions

Accounting for Ransomware Attacks

The servers of Crystal Finance Millennium (CFM), an accounting software firm in Ukraine, were hacked to serve up a malware dropper. This discovery comes on the heels of a notification sent out by the Ukraine Central Bank of an impending attack.

Hackers behind the attack sent phishing emails to various targets which contained a ZIP file attachment. Inside the ZIP archive was a JavaScript file which would download and execute the dropper from CFM’s webserver which installs the Purge ransomware.

The notification sent out by the Ukraine Central Bank pointed towards emails containing Microsoft Word document attachments as the infection (Read more...)

This is a Security Bloggers Network syndicated blog post authored by The Cylance Team. Read the original post at: Cylance Blog