Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us

    We know that threat actors take time to study the network environments of their prey. As employees go more and more mobile, the emergence of mobile malware in targeted attacks seems to be a logical progression. For the past few months, however, this notion has been all speculation—and we wondered, not if, but when it will happen.

    Today, we can say for sure: it has.

    At DEFCON, we presented for the first time that file infector viruses could be written on Android and we are now seeing the first tangible evidence that threat actors are expanding their target base—targeted attacks onto mobile platforms. Specifically, we have discovered 2 APKs in early stages of development while monitoring a Luckycat C&C server. You will recall the Luckycat report as one of the more comprehensive write-ups about a targeted attack operating inside enterprise networks.

    The Android apps we found had RAT-like functionality. They can explore a device to seek out sensitive information. They can upload this information to remote servers. They can also download files to acquire a newer version of the malware.

    A remote shell is also available as one of the commands in the apps but the current APKs appear incomplete in this regard. In fact, overall, the apps look like they are still in the early stages of development.

    What do these findings mean?

    For the BYOD phenomenon, the existence of these apps demonstrate even more vividly the risks of allowing smartphones and tablets to connect to the corporate network in an unsecure manner. Mobile devices may be small, handy, and convenient, but they can open users to the same threats that used to be the sole domain of the desktop.

    When it comes to targeted attacks, this development suggests that threat actors are actively adapting to the specific network environment trends of their targets. In this case, the influx of mobile devices in corporate networks. In the paper, we also touch on SABPUB, a Mac malware used in the Luckycat campaign, where Mac has long been considered an “alternative” OS that cybercriminals overlook in favor of Windows.

    Read about this important finding in Adding Android and Mac OS X Malware to the APT Toolbox authored by our researchers Nart Villeneuve, Ben April, and Xingqi Ding. Click the icon below to download the paper.

    APT Toolbox Android Mac OS X Malware Paper





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice