Kervin Alintanahin (Threats Analyst) | Security Intelligence

May 2013
S	M	T	W	T	F	S
« Apr
	1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Dec8	The Real Issues About Carrier IQ 11:14 pm (UTC-7) \| by Kervin Alintanahin (Threats Analyst)

For the past week or so, the Internet has been buzzing over Carrier IQ – an application that is apparently preinstalled in devices to monitor network and handset performance – and the privacy issues surrounding it.

There are several issues surrounding the reports about Carrier IQ, issues around the kind of information it gathers, the fact that it comes preinstalled in certain devices without asking for user consent, and about what users can do about it.

According to reports, Carrier IQ logs information such as sent or received text messages, Internet searches made, and phone numbers typed into devices. This routine was confirmed through the video posted by Trevor Eckhart, the researcher who initially raised the flag on Carrier IQ.

All Part of the Service

Let us consider the purpose of Carrier IQ: it is an application designed to monitor the performance of the network and the handset. The performance of the carrier can be measured by checking if the services they offer are served properly, services such as text messaging, calls, Internet connection, and others.

Based on this, we can say that collecting information related to the usage of the aforementioned phone features makes a whole lot of sense, or is even a necessity for carriers to effectively monitor and troubleshoot the services they offer.

Read the rest of this entry »

Posted in Mobile | TrackBacks (3) »

Aug17

Premium Abusers Also Check for Keywords

8:05 am (UTC-7) | by Kervin Alintanahin (Threats Analyst)

A new threat wants to subscribe your device to premium services.

A few months back, we reported about an Android malware targeting China Mobile subscribers by abusing premium services, and more recently, one that monitors for certain keywords in text messages. What’s the connection between these two? Well, we were able to analyze an Android malware sample that does both of the previously mentioned routines.

Detected as ANDROIDOS_AUTOSUBSMS.A, this sample was found in Trojanized versions of certain applications, which are still currently available for download in certain Chinese third-party app stores.

It installs the receiver called util.Smsreceiver, which executes every time an infected device receives a message. It also asks for certain permissions that the receiver requires to work. These permissions are not included in the app’s original version.

Read the rest of this entry »

Posted in Malware, Mobile | Comments Off

Jul7	New Android Malware on the Road: GoldDream “Catcher” 4:27 am (UTC-7) \| by Kervin Alintanahin (Threats Analyst)

We recently discussed a new Trojanized Android app sample. Today, we will discuss yet another one. This new Android malware is known as GoldDream and is detected by Trend Micro as ANDROIDOS_SPYGOLD.A.

The particular app that was Trojanized in this attack was a racing game called “Fast Racing.” For a game, this Trojanized version needs a lot of permissions—more than is typical for something similar.