Tag Archive for: Part

Singapore Android users to be blocked from installing certain unverified apps as part of anti-scam trial


In a previous update of Google Play Protect, users were recommended to conduct a real-time app scan to better detect whether an Android app may be infected with malware. When the scan was completed, users were notified about whether it could be safely installed. 

Eugene Liderman, director of Android security strategy at Google, told CNA the real-time scanning enhancement to Google Play Protect was fully rolled out in Singapore in November 2023.

Since the launch of real-time scanning last October, Google said it has helped identify over 515,000 potentially harmful apps, and blocked or warned users almost 3.1 million times when they attempted to install such apps. 

Scam victims are often directed to download an Android package kit (APK) file through sources such as websites, messaging apps or file managers. 

“Members of the public are advised not to download any suspicious APK files on their devices as they may contain malware which will allow scammers to access and take control of the device remotely as well as to steal passwords stored in the device,” the police said in an advisory last July. 

Sideloaded apps typically ask for permission to read and receive SMSes and notifications, and grant accessibility to devices.

These permissions enable scammers to intercept one-time passwords via SMS or from notifications and spy on screen content, said Google.

The tech giant’s newest security feature is designed to look out for such permissions, which are “frequently abused by fraudsters”, and block the app’s installation.

“Based on our analysis of major fraud malware families that exploit these sensitive runtime permissions, we found that over 95 per cent of installations came from internet-sideloading sources,” it added. 

Source…

Understanding Cybersecurity on Smartphones (UCSph) Part 1


The smartphone is one of the most remarkable inventions in contemporary human history and is currently the most widely utilized electronic device globally. Its evolution has transformed modern communication technology, allowing us to communicate efficiently and instantly across vast distances worldwide. This series delves into the historical evolution of the modern smartphone, shedding light on its significant contributions and addressing cybersecurity-related concerns associated with smartphones and their diverse applications (apps).

The previous series, entitled Understanding Android Malware Families (UAMF), showcased six articles focusing on Android malware’s primary categories and families, guiding readers to understand the threats’ behavior and explore mitigation procedures. It presented the findings of our ongoing Android malware analysis research project initiated in 2017, which included the creation of four datasets—AAGM2017, AndMAl2017, InvestAndMAl2019, and AndMal2020. The series also encompassed related academic articles proposing solutions and techniques for detecting and characterizing Android malware.

In this series, Understanding Cybersecurity on Smartphones (UCSSph), we will conduct an in-depth analysis of various smartphone operating systems, including iPhone, Windows, Symbian, Tizen OS, Sailfish OS, Ubuntu Touch, KaiOS, Sirin OS, and Harmony OS. This five-article series aims to provide valuable insights and recommended practices for researchers, developers, and users. The series draws from the content of the recent book, Understanding Cybersecurity on Smartphones, published by Springer this year. The first article focuses on Apple’s iOS, a global leader in mobile systems, exploring cybersecurity vulnerabilities, associated risks, malware families, attacks, and mitigation techniques.

1       iOS fundamentals.

2       Getting into cybersecurity – recognizing iOS vulnerabilities.

3       Exploring adversarial tactics in iOS..

3.1        Propagation.

3.2        Activation.

3.3        Carrier.

3.4        Execution.

3.5        Persistence.

4       Analyzing iOS malware varieties & tools.

Source…

The Brazilian financial malware you can’t see, part one


Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme.

PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this malware attacking banks in Brazil.

A hidden threat

Within IBM Trusteer, we saw several different techniques to hide malware from its victims. Most banking malware conceals its existence on the mobile device by hiding its launcher icon from the victim using the SetComponentEnabeldSetting application programming interface (API). However, since Android 10, that technique no longer works due to new restrictions imposed by Google.

To address this new challenge, PixPirate introduced a new technique to hide its icon that we have never seen financial malware use before. Thanks to this new technique, during PixPirate reconnaissance and attack phases, the victim remains oblivious to the malicious operations that this malware performs in the background.

PixPirate abuses the accessibility service to gain RAT capabilities, monitor the victim’s activities and steal the victim’s online banking credentials, credit card details and login information of all targeted accounts. If two-factor authentication (2FA) is needed to complete the fraudulent transaction, the malware can also access, edit and delete the victim’s SMS messages, including any messages the bank sends.

PixPirate uses modern capabilities and poses a serious threat to its victims. Here is a short list of PixPirate’s main malicious capabilities:

  • Manipulating and controlling other applications
  • Keylogging
  • Collecting a list of apps installed on the device
  • Installing and removing apps from the infected device
  • Locking and unlocking device screen
  • Accessing registered phone accounts
  • Accessing contact list and ongoing calls
  • Pinpointing device location
  • Anti-virtual machine (VM)…

Source…

Ukrainian hackers hack servers of Moscow Internet provider M9com as part of attack on Kyivstar – source


Ukrainian hackers hack servers of Moscow Internet provider M9com as part of attack on Kyivstar – source

Hackers from the Blackjack group, allegedly related to the Security Service of Ukraine (SBU), hacked the Moscow Internet provider M9com and demolished its servers, an informed source told Interfax-Ukraine on Tuesday.

“We are talking about 20 TB of deleted data: the company’s official website, branch websites, mail server, cyber protection services, and so on. As a result, some Moscow residents were left without the Internet and television,” the agency’s interlocutor said.

Data from the company’s mail server and client databases were also posted online. Hackers called the attack on M9com a “warm-up” as part of a retaliation campaign for a hacker attack on the servers of the Ukrainian mobile operator Kyivstar.

Source…