• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Author / Weichao Sun (Mobile Threats Analyst)

Weichao Sun

Mobile Threats Analyst

Vulnerability in In-App Payment SDKs May Lead to Phishing

  • Posted on:August 21, 2014
  • Posted in:Mobile, Vulnerabilities
  • Posted by:
    Weichao Sun (Mobile Threats Analyst)
0

Vulnerabilities in apps are always a cause for concern, especially when said apps handle sensitive information, particularly financial. We examined two popular in-app payment (IAP) SDKs—Google Wallet and the Chinese payment platform Alipay—and discovered that these contain a vulnerability that can be exploited for phishing attacks. The versions we analyzed were Google IAP versions 2…

Read More
Tags: AlipayandroidGoogle Walletin-app paymentMobilevulnerability

Evernote Patches Vulnerability in Android App

  • Posted on:August 4, 2014
  • Posted in:Mobile, Vulnerabilities
  • Posted by:
    Weichao Sun (Mobile Threats Analyst)
0

We have previously discussed an Android vulnerability that may lead to user data being captured or  used to launch attacks. We discovered that the popular Android app for Evernote contained the said vulnerability. We disclosed the details to Evernote, and they took action by issuing an update to the Android version of their app. Evernote has added additional…

Read More
Tags: androidevernoteMobilevulnerability

Vulnerabilities in Alipay Android App Fixed

  • Posted on:July 29, 2014
  • Posted in:Mobile, Vulnerabilities
  • Posted by:
    Weichao Sun (Mobile Threats Analyst)
0

Alipay is a popular third-party payment platform in China that is operated by Alibaba, one of the biggest Internet companies in China. We recently found two vulnerabilities in their Android app that could be exploited by an attacker to carry out phishing attacks to steal Alipay credentials.  We disclosed the said vulnerabilities to Alipay; they…

Read More
Tags: AlipayandroidVulnerabilities

Android Ransomware Uses TOR

  • Posted on:June 17, 2014
  • Posted in:Mobile, Ransomware
  • Posted by:
    Weichao Sun (Mobile Threats Analyst)
3

The recent introduction of ransomware in the mobile threat landscape was followed by a new development: the usage of TOR to hide C&C communication. In our analysis samples we now detect as AndroidOS_Locker.HBT, we found that this malware  shows a user interface that notifies the user that their device has been locked down, and that they need to pay…

Read More
Tags: androidmobile malwareransomwareTor

Android App Components Prone to Abuse

  • Posted on:May 12, 2014
  • Posted in:Mobile, Vulnerabilities
  • Posted by:
    Weichao Sun (Mobile Threats Analyst)
2

We’ve recently found a vulnerability in certain Android apps that may leave user data at risk of being captured or being used to launch attacks. The two affected apps we investigated are both highly popular: The productivity app has at least 10M installs and hundred thousands of customer reviews based on their download page The…

Read More
Tags: androidmobile vulnerabilitysecurity
Page 1 of 3123

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.