Posts tagged Malware

In The U.S., The Feds Are A Bigger Threat To Your Phone Than Malware

Mobile malware is exploding, though it’s mostly not where you live. If you live in Russia, where 10 gruesome factories churn out 30% of the world’s malware, you’re far more likely to have malware infect your mobile phone than, say, if you live in Sweet Home Alabama. That’s the good news.

The bad news is that Americans are at far greater risk of having their phones hacked by their government than by Russian malware hackers.

Android: Popular With The Malware Crowd

Russia has been busy. According to a 2013 report, roughly a third of all malware globally is produced by 10 Russian firms. According to the Lookout Mobile report, which traced the malware back to its point of origin:

These “malware HQs” are pumping out nasty toll fraud apps, largely aimed at Android users, which force the user to call premium rate numbers.

While the malware infects users globally, the Russian hackers seem happy to focus on Android users close to home, according to a joint Kaspersky Lab/INTERPOL study

With Android accounting for 84.6% of all smartphones shipped in Q2 2014, according to IDC, it’s not surprising that Android would get hit the most. What is surprising, however, is that attacks against Android significantly outstrip its market share:

Source: Kaspersky Lab, 2014

It’s a booming business on Android, as the report points out: “[I]n the first half of 2014 alone, 175,442 new unique Android malicious programs were detected. That is 18.3% (or 32,231 malicious programs) more than in the entire year of 2013.” 

Other findings include:

  • Over the course of a year, Kaspersky Lab security products reported 3,408,112 malware detections on the devices of 1,023,202 users; 
  • In the past year, the number of attacks per month was up nearly 10x, from 69,000 in August 2013 to 644,000 in March 2014; 
  • The number of users attacked also increased rapidly, from 35,000 in August 2013 to 242,000 in March; 
  • 59.06% of malware detections related to programs capable of stealing users’ money; 
  • Trojans designed to send SMS messages were the most widespread malicious programs in the reporting period, accounting for 57.08% of all detections.

And one particularly interesting point? Nearly 52% of all malware attacks stay within Russian borders, according to Kaspersky Lab:

Source: Kaspersky Lab, 2014

The report authors are quick to point out that this percentage is skewed by the high number of devices they track in Russia, coupled with Russia’s heavy reliance on mobile payment services, making it a ripe target for hackers. But even if we cut its number in half, it still looks much more susceptible to malware.

The Malware Is Us

Not that we have it any better in the US. In part because Android isn’t as dominant here, the US gets off with just 1.13% of all malware attacks. And yet we may have far more “malware” coming from our government than others do.

As the Electronic Frontier Foundation declares:

The US government, with assistance from major telecommunications carriers including AT&T, has engaged in a massive illegal dragnet surveillance of domestic communications and communications records of millions of ordinary Americans since at least 2001. 

Such surveillance doesn’t come through the front door. As Apple indicates, less than 0.00385% of Apple customers had data disclosed due to government information requests. That’s 250 or fewer such requests. 

Even despite the Lilliputian number, Apple announced that it’s shutting down backdoor access to iOS device data, encrypting all iPhone data, and not just the small sliver it used to encrypt. This is a good start, but it won’t be enough to thwart a dedicated hacker … or CIA bureaucrat.

Security expert Bruce Schneier explains:

The recent decades have given [law enforcement] an unprecedented ability to put us under surveillance and access our data. Our cell phones provide them with a detailed history of our movements. Our call records, e-mail history, buddy lists, and Facebook pages tell them who we associate with. The hundreds of companies that track us on the Internet tell them what we’re thinking about. Ubiquitous cameras capture our faces everywhere. And most of us back up our iPhone data on iCloud, which the FBI can still get a warrant for. It truly is the golden age of surveillance.

This isn’t to suggest that we’re immune to hackers, Russian or otherwise, or that the US government is an evil Big Brother determined to spy on our every move. (I have four kids and my night life is considered wild if I have steamed milk and honey before going to sleep at 10:00. I’d be boring to watch.)

But it does reflect the perverse realities of mobile security today. In Russia, the greatest threat is the black-hatted hacker. In the U.S., it’s the white-hatted spy.

I’m not sure which is worse. 

Lead image courtesy of Shutterstock

View full post on ReadWrite

Thanks GitHub! Now Anyone Can Download This Unpatchable USB Malware

How do you get people to take your unpatchable malware program like the serious threat it is? You release it into the wild where anybody can get their hands on it.

That’s the method behind the madness of security researchers Karsten Nohl and Jakob Lell. Their proof-of-concept malicious software indicates a huge hole in a commonly used technology—USB storage—and is now available for download on GitHub.

See also: Microsoft Patches Hollywood-Style USB Windows Exploit

USB sticks have become so cheap and easy to use that companies often hand them out like calling cards at conferences. Nohl and Lell, however, have found a flaw in USB security that allowed them to do some really scary things. Their malware, named BadUSB, can be installed on a USB stick to take over a PC simply by being plugged into the computer.

The researchers, who work for security consultancy SR Labs, demonstrated BadUSB to a packed crowd at the Black Hat conference in Las Vegas. There will be no quick fix for the vulnerability they’ve found, so the researchers have decided to open source it.

At first glance, it seems like a terrible idea to put malware where anybody can access it. However, this is a pretty standard practice in the online security world. In fact, it’s not even against GitHub’s terms of service since the researchers are upfront about their reasons.

“Security researchers often release a proof of concept to raise awareness of the vulnerability in the security community, and to encourage people to protect themselves,” a GitHub spokesperson told ReadWrite. “A repository that contains a proof of concept but isn’t maliciously or covertly distributing malware would not be in violation of our terms of service.”

See also: How To Win Friends And Make Pull Requests On GitHub

Now that the researchers have opened the floodgates, more security experts may be motivated to begin working on a fix soon. And until then, stick to the USB sticks you already trust. 

Photo by Ambuj Saxena

View full post on ReadWrite

New Mac OS X Malware Steals Your Bitcoins

There’s a new piece of Mac malware that can spy on your web browser to steal your bitcoins.

The trojan, which was discovered by SecureMac on Sunday, is disguised as a downloadable Bitcoin app called “StealthBit,” which says it can send and receive anonymous bitcoin payments. The trojan horse is named “OSX/CoinThief.A.”

The malware’s author may be connected to reddit user “trevorscool,” who advertised StealthBit on reddit on February 1. That username is similar to the one used to upload StealthBit to GitHub—”Thomasrevor.” (At the time of this writing, the GitHub account for “Thomasrevor” has been deleted—but here’s a web cache from Google.) This same user advertised a similar Mac app called “BitVanity” in 2013, which also reportedly emptied out bitcoin wallets. According to more Google web caches, “trevorscool” has also been deleting old posts that invite people to download and use his new Bitcoin apps.

I’ve reached out to this individual and will update this story if we get a response.

A number of users have already reported infected systems. Over the weekend, one Reddit user claimed to lose 20 Bitcoins (worth upward of $12,000 at the time of writing) as a result of the “Coin Thief” trojan embedded in StealthBit.

The StealthBit app was first posted on the open-source repository GitHub, but the precompiled version of the app contained a malicious payload. When users download the app, the trojan quietly installs extensions into the Google Chrome or Safari web browsers (we’ve inquired about Mozilla’s Firefox), and then sifts through those browsers looking for login credentials for Bitcoin-related websites like Mt. Gox, BTC-e, and Blockchain. Once the “StealthBit” app finds a set of login credentials, it sends that information back to remote servers owned by the malware’s developer.

The data that’s sent back to the developer’s remote servers isn’t limited to Bitcoin login information, however. The usernames and unique identifiers (UUIDs) for infected Macs are also transmitted to the servers, in addition to any Bitcoin-related apps already installed on the system.

If you’ve already downloaded the StealthBit app, it’s important to isolate the extensions that spy on your browser’s activity to prevent data theft or loss. The author of this malware gave the extensions the name “Pop-Up Blocker,” with the description “Blocks pop-up windows and other annoyances.” If you find these files on your browser, delete them, and report the issue directly to Apple.

Speaking of Apple, we’ve reached out to the company to see if they’re aware of the reported trojan horse, and what steps the company is taking to solve this issue, and we’ll update the story as soon as we learn more.

Although OS X has long had a reputation as a secure platform, malware and adware attacks that target it have been on the rise over the last two years. In April 2012, more than 600,000 Mac computers were affected by the Flashback Trojan, which exploited several vulnerabilities in Java to similarly install itself onto user’s browsers without any action on the user’s part.

Last March, a piece of adware called the Yontoo Trojan was found installing itself directly onto users’ browsers as a plug-in, embedding third-party code onto any pages viewed by those users.

Lead image by fdecomite on Flickr. Right image courtesy of Wikimedia Commons

View full post on ReadWrite

Don’t Download StealthBit: New Mac OS X Malware Steals Your Bitcoins

There’s a new piece of Mac malware that can spy on your web browser to steal your bitcoins.

The trojan, which was discovered by SecureMac on Sunday, is disguised as a downloadable Bitcoin app called “StealthBit,” which says it can send and receive anonymous bitcoin payments. The trojan horse is named “OSX/CoinThief.A.”

The malware’s author may be connected to reddit user “trevorscool,” who advertised StealthBit on reddit on February 1. That username is similar to the one used to upload StealthBit to GitHub—”Thomasrevor.” (At the time of this writing, the GitHub account for “Thomasrevor” has been deleted—but here’s a web cache from Google.) This same user advertised a similar Mac app called “BitVanity” in 2013, which also reportedly emptied out bitcoin wallets. According to more Google web caches, “trevorscool” has also been deleting old posts that invite people to download and use his new Bitcoin apps.

I’ve reached out to this individual and will update this story if we get a response.

A number of users have already reported infected systems. Over the weekend, one Reddit user claimed to lose 20 Bitcoins (worth upward of $12,000 at the time of writing) as a result of the “Coin Thief” trojan embedded in StealthBit.

The StealthBit app was first posted on the open-source repository GitHub, but the precompiled version of the app contained a malicious payload. When users download the app, the trojan quietly installs extensions into the Google Chrome or Safari web browsers (we’ve inquired about Mozilla’s Firefox), and then sifts through those browsers looking for login credentials for Bitcoin-related websites like Mt. Gox, BTC-e, and Blockchain. Once the “StealthBit” app finds a set of login credentials, it sends that information back to remote servers owned by the malware’s developer.

The data that’s sent back to the developer’s remote servers isn’t limited to Bitcoin login information, however. The usernames and unique identifiers (UUIDs) for infected Macs are also transmitted to the servers, in addition to any Bitcoin-related apps already installed on the system.

If you’ve already downloaded the StealthBit app, it’s important to isolate the extensions that spy on your browser’s activity to prevent data theft or loss. The author of this malware gave the extensions the name “Pop-Up Blocker,” with the description “Blocks pop-up windows and other annoyances.” If you find these files on your browser, delete them, and report the issue directly to Apple.

Speaking of Apple, we’ve reached out to the company to see if they’re aware of the reported trojan horse, and what steps the company is taking to solve this issue, and we’ll update the story as soon as we learn more.

Although OS X has long had a reputation as a secure platform, malware and adware attacks that target it have been on the rise over the last two years. In April 2012, more than 600,000 Mac computers were affected by the Flashback Trojan, which exploited several vulnerabilities in Java to similarly install itself onto user’s browsers without any action on the user’s part.

Last March, a piece of adware called the Yontoo Trojan was found installing itself directly onto users’ browsers as a plug-in, embedding third-party code onto any pages viewed by those users.

Lead image by fdecomite on Flickr. Right image courtesy of Wikimedia Commons

View full post on ReadWrite

Yahoo Confirms Its Ads Spread Malware to Users

Hundreds of thousands of Yahoo users in European countries may have been infected with malware injected into advertising hosted on Yahoo websites. The ads were served in iframes by Yahoo’s advertising service, and were hosted on external sites.

View full post on Search Engine Watch – Latest

How To Protect Against PrisonLocker, The Next Major Malware Threat

Just when you’ve guarded your computer against CryptoLocker, there’s a newer threat that’s capable of holding gigabytes of your computer’s data hostage at a time.

Unlike Cryptolocker, which was custom-made for one ring of thugs, any criminal with $100 and a computer can easily purchase a copy of PrisonLocker—alternately called PowerLocker—for themselves.

See also: How To Fight CryptoLocker And Evade Its Ransomware Demands

Make no mistake: PrisonLocker is ransomware. It encrypts your personal data until you cough up hundreds of dollars for the decryption key, and even then, since you’re negotiating with criminals, there’s no guarantee they’ll make good on their promise.

Malware Must Die, an independent group of security analysis vigilantes based in India, said it had been monitoring a discussion about PowerLocker on a forum for hackers, where its anonymous programmer was selling licenses of the ransomware for $100 apiece.

Aside from being more easily accessible than CryptoLocker, PrisonLocker also boasts additional deterrents to security analysis like the ability to disable functions built into the Windows OS, according to the researchers. 

Last October, CryptoLocker, which was run by just one group, netted 10,000 victims in one week. Since PowerLocker is up for sale, it has the potential to wreak exponentially more havoc. 

How To Protect Yourself

Fortunately, the threat of PrisonLocker is, so far, just that—a threat. Nobody has been infected with the malware yet because its criminal creator is still developing it. 

According to Harry Sverdlove, CTO of threat assessment company Bit9, this is both good and bad for users. On the one hand, we have an advantage since it isn’t out yet. But on the other hand, all the press and hype about CryptoLocker meant hackers had plenty of information to improve the program. 

For example, with CryptoLocker, users could preemptively protect themselves by regularly backing up their data. But with PrisonLocker, even data backups might not be enough to save you, according to Sverdlove. PrisonLocker is designed to seek out connected drives with even more power and accuracy than its predecessor. 

“Depending on the backup policy and user access, your backups also could be encrypted and unusable,” he said. “If your backups are inaccessible to the system in question, then yes, it can save your data, at least since your last backup. But it can’t save your time. If you have to restore your entire system from a backup and possibly reinstall Windows and all your applications, well then you can kiss your weekend goodbye.”

In other words, there’s an additional step to staying safe. You don’t just need to make regular backups; you need to keep your backups on a drive that isn’t connected to your computer at all times, like an external hard drive that you keep offline. 

But more importantly, Sverdlove says to be very careful about which links you click and which files you download. PrisonLocker can’t work if it can’t trick you into installing it. Even if you’re too tech savvy to fall for this (or simply not running a Windows computer), be sure to let your less geeky friends, family, and coworkers know. It’s a reminder we can’t share often enough.

Photo by Don Jenkins

View full post on ReadWrite

Go to Top
Copyright © 1992-2014, DC2NET All rights reserved