Two Italians referred to as the “Occhionero brothers” have been arrested and accused of using malware and a carefully-prepared spear-phishing scheme to spy on high-profile politicians and businessmen. This case has been called “EyePyramid”, which we first discussed last week. (Conspiracy theories aside, the name came from a domain name and directory path that was found as part of the research.)Read More
65 million: the number of times we’ve blocked mobile threats in 2016. By December 2016, the total number of unique samples of malicious Android apps we’ve collected and analyzed hit the 19.2 million mark—a huge leap from the 10.7 million samples collected in 2015.
Indeed, the ubiquity of mobile devices among individual users and organizations, along with advances in technologies that power them, reflect the exponential proliferation, increasing complexity and expanding capabilities of mobile threats.
While the routines and infection chain of mobile threats are familiar territory, 2016 brought threats with increased diversity, scale, and scope to the mobile landscape. More enterprises felt the brunt of mobile malware as BYOD and company-owned devices become more commonplace, while ransomware became rampant as the mobile user base continued to become a viable target for cybercriminals. More vulnerabilities were also discovered and disclosed, enabling bad guys to broaden their attack vectors, fine-tune their malware, increase their distribution methods, and in particular, invade iOS’s walled garden.Read More
Kernel debugging gives security researchers a tool to monitor and control a device under analysis. On desktop platforms such as Windows, macOS, and Linux, this is easy to perform. However, it is more difficult to do kernel debugging on Android devices such as the Google Nexus 6P . In this post, I describe a method to perform kernel debugging on the Nexus 6P and the Google Pixel, without the need for any specialized hardware.Read More
Two Italian citizens were arrested last Tuesday by Italian authorities (in cooperation with the FBI) for exfiltrating sensitive data from high-profile Italian targets. Private and public Italian citizens, including those holding key positions in the state, were the subject of an effective spear-phishing campaign that reportedly served a malware, codenamed EyePyramid, as a malicious attachment. This malware has been used to successfully exfiltrate over 87 gigabytes worth of data including usernames, passwords, browsing data, and filesystem content.Read More
In early December, GoldenEye ransomware (detected by Trend Micro as RANSOM_GOLDENEYE.A) was observed targeting German-speaking users—particularly those belonging to the human resource department. GoldenEye, a relabeled version of the Petya (RANSOM_PETYA) and Mischa (RANSOM_MISCHA) ransomware combo, not only kept to the James Bond theme of its earlier iteration, but also its attack vector.
Given ransomware’s likely outlook to reach a plateau, persistence in the threat landscape and diversification of target victims are the names of the game. GoldenEye exemplifies bad guys trying to gain scale, leverage, and profit with rehashed malware.Read More