• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Author / Simon Huang (Mobile Security Engineer)

Simon Huang

Mobile Security Engineer

Mobile Malware Gang Steals Millions from South Korean Users

  • Posted on:February 12, 2015
  • Posted in:Mobile
  • Posted by:
    Simon Huang (Mobile Security Engineer)
0

Today we’re releasing our research paper on the operations of the Yanbian Gang—a Chinese cybercriminal group that use mobile malware to siphon off money from account holders of South Korean banks. They are able to transfer up to US$1,600 worth of local currency from victims’ accounts every single day since 2013. This investigation is the result…

Read More
Tags: androidChinese mobile undergroundfake appsMalwareMobileSouth KoreaYanbian Gang

Malformed AndroidManifest.xml in Apps Can Crash Mobile Devices

  • Posted on:January 7, 2015
  • Posted in:Mobile, Vulnerabilities
  • Posted by:
    Simon Huang (Mobile Security Engineer)
10

Every Android app comprises of several components, including something called the AndroidManifest.xml file or the manifest file. This manifest file contains essential information for apps, “information the system must have before it can run any of the app’s code.” We came across a vulnerability related to the manifest file that may cause an affected device…

Read More
Tags: androidmanifest fileMobilevulnerabilityXML

Facebook Users Targeted By Android Same Origin Policy Exploit

  • Posted on:December 26, 2014
  • Posted in:Bad Sites, Mobile, Vulnerabilities
  • Posted by:
    Simon Huang (Mobile Security Engineer)
2

A few months back, we discussed the Android Same Origin Policy (SOP) vulnerability, which we later found to have a wider reach than first thought. Now, under the collaboration of Trend Micro and Facebook, attacks are found which actively attempt to exploit this particular vulnerability, whose code we believe was based in publicly available Metasploit code. This attack targets Facebook…

Read More
Tags: androidBlackBerryFacebookMobilesame origin policySOPVulnerabilitiesvulnerability

Same Origin Policy Bypass Vulnerability Has Wider Reach Than Thought

  • Posted on:September 29, 2014
  • Posted in:Mobile, Vulnerabilities
  • Posted by:
    Simon Huang (Mobile Security Engineer)
0

Independent security researcher Rafay Baloch recently disclosed a serious vulnerability in Android’s built-in browser. The vulnerability allows the same origin policy of the browser to be violated. This could allow a dangerous universal cross-site scripting (UXSS) attack to take place. An attacker could potentially use an IFRAME to load a legitimate site for which the…

Read More
Tags: androidAOSPbrowsermobile vulnerabilityvulnerability

AppLock Vulnerability Leaves Configuration Files Open for Exploit

  • Posted on:September 16, 2014
  • Posted in:Mobile, Vulnerabilities
  • Posted by:
    Simon Huang (Mobile Security Engineer)
0

We have previously discussed about certain file locker apps that fail to hide files properly. We recently came across yet another file locker app, AppLock, which has the same issue. However, the vulnerability concerning this app goes beyond improperly hiding files—the vulnerability can allow other apps to manipulate the app’s configuration files. The configuration files include…

Read More
Tags: androidfile locker appMobilevulnerability
Page 1 of 212

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.