• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   google play

Cyberespionage Campaign Sphinx Goes Mobile With AnubisSpy
  • Posted on:December 19, 2017 at 4:07 am
  • Posted in:Mobile
  • Author:
    Mobile Threat Response Team
0

Android malware like ransomware exemplify how the platform can be lucrative for cybercriminals. But there are also other threats stirring up as of late: attacks that spy on and steal data from specific targets, crossing over between desktops and mobile devices.

Take for instance several malicious apps we came across with cyberespionage capabilities, which were targeting Arabic-speaking users or Middle Eastern countries. These were published on Google Play — but have since been taken down — and third-party app marketplaces. We named these malicious apps AnubisSpy (ANDROIDOS_ANUBISSPY) as all the malware’s payload is a package called watchdog.

We construe AnubisSpy to be linked to the cyberespionage campaign Sphinx (APT-C-15) based on shared file structures and command-and-control (C&C) server as well as targets. It’s also possible that while AnubisSpy’s operators may also be Sphinx’s, they could be running separate but similar campaigns.

Read More
Tags: androidAnubisSpygoogle play

Toast Overlay Weaponized to Install Several Android Malware
  • Posted on:November 9, 2017 at 5:58 am
  • Posted in:Exploits, Mobile, Vulnerabilities
  • Author:
    Lorin Wu (Mobile Threats Analyst)
0

We uncovered new Android malware that can surreptitiously install other malware on the affected device via the Toast Overlay attack: TOASTAMIGO, detected by Trend Micro as ANDROIDOS_TOASTAMIGO. The malicious apps, one of which had over 500,000 installs as of November 6, 2017, abuses Android’s Accessibility features, enabling them—at least for now—to have ad-clicking, app-installing and self-protecting/persistence capabilities.

Overlay attacks entail drawing and superimposing Android View (i.e., images, buttons) atop other running apps, windows or processes. A typical scenario for a Toast Overlay attack is to employ it to trick the user into clicking a window or button specified by the attacker instead of the legitimate one. The technique, which was demonstrated earlier this year, leverages a vulnerability in Toast (CVE-2017-0752, patched last September), a feature in Android used to display notifications over other applications.

Read More
Tags: AMIGOCLICKERandroidgoogle playToast OverlayTOASTAMIGO

BankBot Found on Google Play and Targets Ten New UAE Banking Apps
  • Posted on:September 13, 2017 at 3:30 am
  • Posted in:Malware, Mobile
  • Author:
    Trend Micro
0

The Android-targeting BankBot malware (all variants detected by Trend Micro as ANDROIDOS_BANKBOT) first surfaced January of this year and is reportedly the improved version of an unnamed open source banking malware that was leaked in an underground hacking forum. BankBot is particularly risky because it disguises itself as legitimate banking apps, typically using fake overlay screens to mimic existing banking apps and steal user credentials. BankBot is also capable of hijacking and intercepting SMS messages, which means that it can bypass SMS-based 2-factor authentication.

Read More
Tags: androidbankbotgoogle play

DressCode and its Potential Impact for Enterprises
  • Posted on:September 29, 2016 at 8:50 pm
  • Posted in:Mobile
  • Author:
    Echo Duan (Mobile Threat Response Engineer)
0

Threats to mobile users have grown quickly in the span of only a few months. Trend Micro’s Mobile App Reputation Service (MARS) has counted 16.6 million malware detections as of August 2016, a 40% leap from detections listed in January. The Android platform continues to be particularly susceptible, with one specific malware family called “DressCode” steadily and stealthily spreading since April before reports about it surfaced in August. This malware gives attackers an avenue into internal networks which compromised devices are connected to—a notable risk if the device is used to connect to company networks.

Read More
Tags: androidDressCodegoogle play

High-Profile Mobile Apps At Risk Due to Three-Year-Old Vulnerability
  • Posted on:December 3, 2015 at 8:59 am
  • Posted in:Mobile, Vulnerabilities
  • Author:
    Veo Zhang (Mobile Threats Analyst)
3

A total of 6.1 million devices – smart phones, routers, smart TVs – are currently at risk to remote code execution attacks due to vulnerabilities that have been fixed since 2012.

The vulnerability exists in the Portable SDK for UPnP™ Devices, also called libupnp. This particular library is used to implement media playback (DLNA) or NAT traversal (UPnP IGD). Apps on a smartphone can use these features to play media files or connect to other devices within a user’s home network.

Read More
Tags: androidgoogle playlibupnpNetflixTencent QQMusicvulnerability
Page 1 of 212

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Using Insights From DefPloreX-NG to Thwart Web Defacement Attacks
  • North American Malware Trends: Taking a Proactive Approach to Modern Threats
  • Cryptocurrency-Mining Bot Targets Devices With Running SSH Service via Potential Scam Site
  • Understanding Code Signing Abuse in Malware Campaigns
  • The New Face of Necurs: Noteworthy Changes to Necurs’ Behaviors

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.