A new version of Android malware has been tweaked so it doesn’t require user interaction for an attacker to own the device, according to research published by Lookout Mobile Security yesterday.
Browsing Category: Mobile Security
Good Samaritans are few and far between when it comes to lost cell phones, according to the conclusions of a social experiment conducted by security firm Symantec. Smart phones are unlikely to be returned by those who find them, but very likely to be perused for sensitive data including photos, social media applications and banking applications.
Call it a “rocky start”: U.S. Ambassador to Russia Michael McFaul used his Twitter account to lash out at domestic news operation NTV, which he accused of hacking his e-mail account and cell phone in order to follow the Ambassador about town. The accusation has prompted a sharp response from critics in Russia.
Alternative mobile app markets have become a great place to find new games, utilities and other apps. But mostly they’re great if you’re looking for the latest stealthy Android malware. The newest example is a piece of malware called TGLoader that is showing up in repackaged legitimate apps and has the ability to get root privileges on victims’ phones and also cost them quite a bit of money by sending SMS messages to premium-rate numbers.
Spam volume is down, there are fewer unpatched software holes and oftware application developers did a better job of writing secure code over the last year. But IBM’s X-Force Trend and Risk Report still found plenty to worry about in 2011, according to a copy of the report released this week.
Threatpost spent much of the last year chasing after Greg Hoglund, the founder and CEO of HB Gary. First, it was to get his reaction to the bruising encounter his firm had with the hacking group Anonymous. Then it was an endless series of requests on the aftermath of that hack, including the departure of HBGary Federal CEO Aaron Barr, and the company’s decision to pull out of the RSA Conference in 2011. When Greg finally did speak out it wasn’t to us.So we were happy when Hoglund, whose firm was recently acquired by the company Mantech International Corp., agreed to speak at the Kaspersky Lab Security Analysts’ Summit in Cancun, Mexico in February. His talk there on “Lateral Movement and Other APT Interaction Patterns Within the Enterprise” reinforced Hoglund’s reputation as one of the top experts on malicious code.Threatpost editor Paul Roberts caught up with Hoglund after the speech. And, while Anonymous and HBGary Federal were not up for discussion on the record, Hoglund offered some great insights into the delicate art of tracking down remote access trojans (or RATs) after they have a foothold in your network, as well as the mistakes companies make in trying to prevent and respond to security incidents.
Malware that targets Android phones has been on a steady rise for the last couple of years, and much of it has come in the form of compromised apps or outright malicious apps disguised as games or utilities. But now researchers have come across a new Android threat that is designed specifically to steal users’ online banking credentials and create persistent, silent access to the compromised handset.
Those multi-gesture passcode locks on Android phones that give users (and their spouses) fits apparently present quite a challenge for the FBI as well. Frustrated by a swipe passcode on the seized phone of an alleged gang leader, FBI officials have requested a search warrant that would force Google to “provide law enforcement with any and all means of gaining access, including login and password information, password reset, and/or manufacturer default code (“PUK”), in order to obtain the complete contents of the memory of cellular telephone”.
Attackers are using a some new schemes that combine old phishing tactics with some newer techniques in order to steal or disable the SIM cards in victims’ mobile phones and then take them over for use in bank fraud transactions.