Malware Watch - W/E - 8/16/19
Google Security Researcher Details Dangers of Pre-Installed Android Malware (08/15/2019)
A new BlackHat presentation from Google Project Zero researcher Maddie Stone claims that one of the biggest threats to Android security is the presence of pre-installed malware on smartphones and tablets. According to the security researcher, the number of apps that come pre-installed on many devices has ballooned to anywhere from 100 to 400, depending on the manufacturer. This allegedly make it much easier for malicious parties to slip malware into the mix, often without the device's own manufacturer even knowing. Stone cited multiple instances of such attacks occurring, including a highly successful one in which a SMS and click fraud botnet called Chamois managed to infect approximately 21 million devices beginning in 2016. Pre-installed malware is also more difficult to combat, Stone noted. This is due to its base-level access to the device's operating system, something apps downloaded from Google Play and third party apps stores cannot so easily exploit.
A new BlackHat presentation from Google Project Zero researcher Maddie Stone claims that one of the biggest threats to Android security is the presence of pre-installed malware on smartphones and tablets. According to the security researcher, the number of apps that come pre-installed on many devices has ballooned to anywhere from 100 to 400, depending on the manufacturer. This allegedly make it much easier for malicious parties to slip malware into the mix, often without the device's own manufacturer even knowing. Stone cited multiple instances of such attacks occurring, including a highly successful one in which a SMS and click fraud botnet called Chamois managed to infect approximately 21 million devices beginning in 2016. Pre-installed malware is also more difficult to combat, Stone noted. This is due to its base-level access to the device's operating system, something apps downloaded from Google Play and third party apps stores cannot so easily exploit.
Trend Micro Discovers New Variant of 2016's Remcos RAT (08/15/2019)
Trend Micro detailed the parameters of a newly discovered attack vector for the remote access tool Remcos RAT. According to the security company, the new attack uses an AutoIt wrapper that incorporates "various obfuscation and anti-debugging techniques to evade detection, which is a common method for distributing known malware." Check Point discovered the variant in a phishing email attributed to a legitimate domain. The company notes that Remcos RAT emerged in 2016, and has used various attack vectors since then, including corrupt PowerPoint files and embedded Windows exploits.
Trend Micro detailed the parameters of a newly discovered attack vector for the remote access tool Remcos RAT. According to the security company, the new attack uses an AutoIt wrapper that incorporates "various obfuscation and anti-debugging techniques to evade detection, which is a common method for distributing known malware." Check Point discovered the variant in a phishing email attributed to a legitimate domain. The company notes that Remcos RAT emerged in 2016, and has used various attack vectors since then, including corrupt PowerPoint files and embedded Windows exploits.
Trend Micro Uncovers Spike in New Botnet Threats (08/15/2019)
Trend Micro uncovered a major uptick in botnet and malware activity related to the Neko, Mirai, and Bashlite threats. The surge, which occurred over a three-week period, includes two new variants of Neko, a new Mirai version dubbed "Asher," and a Bashlite variant called "Ayedz." According to the security site, all four new variants are capable employing botnets to launch distributed denial of service (DDoS) attacks. Additional information about all of the newly discovered threats can be found within Trend Micro's report.
Trend Micro uncovered a major uptick in botnet and malware activity related to the Neko, Mirai, and Bashlite threats. The surge, which occurred over a three-week period, includes two new variants of Neko, a new Mirai version dubbed "Asher," and a Bashlite variant called "Ayedz." According to the security site, all four new variants are capable employing botnets to launch distributed denial of service (DDoS) attacks. Additional information about all of the newly discovered threats can be found within Trend Micro's report.