A new report from Trend Micro showed a 483 percent jump in malware — including “aggressive adware” that harvests person data without permission using legitimate ad networks.It’s no surprise that the open nature of the Android platform makes it a magnet for malware, but the type of malware becoming more prevalent illustrates the blurring lines between legitimate apps that gather data for company use and those that violate users’ privacy.
Browsing Category: Mobile Security
There are thousands of apps in the Google Play mobile market that contain serious mistakes in the way that SSL/TLS is implemented, leaving them vulnerable to man-in-the-middle attacks that could compromise sensitive user data such as banking credentials, credit card numbers and other information. Researchers from a pair of German universities conducted a detailed analysis of thousands of Android apps and found that better than 15 percent of those apps had weak or bad SSL implementations.
Veracode have put out another snazzy infographic, this time to help illustrate the mobile computing boom of the last few years. To accompany the BYOD (Bring Your Own Device) policy that’s becoming commonplace in offices around the world, the web security firm uses two characters, Joe Worker and Joe IT to help break down a slew of stats, including details on the rising cost of mobile phone breaches, the dramatic jump in device adoption and 10 tips to protect smartphones and tablets.
From July to September this year, there’s been an uptick in Zitmo (or Zeus-in-the-Mobile) mobile banking malware according to research revealed this week by network security firm FortiGuard Labs.
Malware intent on SMS fraud, also known as toll fraud, has been a constant on mobile platforms, Android in particular, for some time. And FakeInst is definitely king of the hill when it comes to this type of malware. Prevalent in Russia and the rest of Eastern Europe, the malware poses as popular applications, free games or screensaver and once installed, sends premium SMS messages to a service controlled by an attacker. The malware also intercepts messages confirming the charges from wireless providers and ultimately, the user is socked with a massive phone bill while the attacker quietly cashes in. A recent report from Lookout Security said toll fraud malware accounted for 91% of mobile malware and FakeInst malware has netted more than $10 million this year for the attackers behind the malware.
It might sound like a security researcher’s worst nightmare to string together 300,000 virtual instances of the Android OS, but for scientists at Sandia National Laboratories, it’s just another day.The Department of Energy-sponsored national security-focused laboratory released the MegaDroid project on Tuesday, a cluster of 300,000 networked virtual machines running Android on commodity hardware. The project gives scientist a massively scaled platform to test anything that could cause a network disruption, including malware or an attack on critical infrastructure.
Mobile malware has largely been limited to Trojans buried inside a malicious app targeting sensitive data stored on the phone such as email, contact information and SMS messages. A new proof-of-concept piece of malicious software, however, expands the scope of mobile malware and essentially turns an Android device into a surveillance tool, bringing a while new range of security and privacy implications into the equation.
Smartphone developer Samsung has reportedly fixed a flaw in one of its newest phones, the Galaxy S III, that allows attackers to remotely wipe the phone’s contents.
Dennis Fisher talks with Mike Mimoso, the new editor of Threatpost, about his decade covering security, how the industry and threat landscape have changed and how security researchers are like Bill Parcells.
Two security researchers have already chipped the armor of the new iPhone, scheduled for release tomorrow.Joost Pol and Daan Keuper won the mobile Pwn2Own contest yesterday at EUSecWest event in Amsterdam by compromising a fully patched iPhone 4S device and stealing contacts, browsing history, photos and videos from the phone.