Labs Report Sees Mobile Malware Abuse Trust in Early 2014

McAfee Labs today released the McAfee Labs Threats Report: June 2014, revealing mobile malware tactics that abuse the popularity, features, and vulnerabilities of legitimate apps and services, including malware-infested clones masquerading as the popular mobile game Flappy Birds. The report highlights the need for mobile app developers to be more vigilant about the security of their apps, and encourages users to be mindful when granting permission requests that criminals could exploit for profit. The manipulation of legitimate mobile apps and services played a key role in the expansion of mobile malware at the beginning of 2014. McAfee Labs found that 79 percent of sampled clones of the Flappy Birds game contained malware. Through these clones, perpetrators were able to make phone calls without user permission, install additional apps, extract contact list data, track geo-location, and establish root access for uninhibited control over anything on the device, including the recording, sending, and receiving of SMS messages. Other examples of trusted mobile app and service features being manipulated for criminal gain include: Android/BadInst.A: This malicious mobile app abuses app store account authentication and authorization to automatically download, install, and launch other apps without user permission Android/Waller.A: This Trojan exploits a flaw in a legitimate digital wallet service to commandeer its money-transfer protocol and transfer money to the attacker’s servers Android/Balloonpopper.A: this Trojan exploits an encryption method weakness in the popular messaging app WhatsApp, allowing attackers to intercept and share conversations and photos without users’ permission “We tend to trust the names we know on the internet and risk compromising our safety if it means gaining what we most desire,” said Vincent...

Hackers Arrested by US

U.S. authorities said Monday they have disrupted two sophisticated types of computer malware used to steal millions of dollars from people all over the world. The Gameover Zeus botnet, a network of virus-infected computers, targeted thousands of small businesses. And Cryptolocker, a software that encrypts files on computers, was used to extract ransom payments from computer owners who wanted access to their files Federal prosecutors also announced charges against 30-year-old Evgeniy Bogachev, who they say led a gang of cyber criminals in Russia and Ukraine that was running Gameover Zeus. The United States is in talks with Russian authorities to try to secure Bogachev’s arrest and have him sent to the U.S. for trial. But that remains an unlikely outcome at this point. Gameover Zeus was responsible for more than $100 million in losses among U.S. victims, and up to one million computers worldwide were infected since 2011, according to the FBI. Since emerging in 2013, Cryptolocker has been used to attack about 200,000 computers, half of which were in the U.S. In its first two months, criminals extorted an estimated $27 million from victims, Deputy Attorney General James Cole said Monday. David Hickton, U.S. attorney in Pittsburgh, whose office filed the charges, said the action was intended to help “hundreds of thousands of computer users who were unwittingly infected and victimized.” Among the victims, Hickton said, was the police department in Swansea, Mass.; it paid a ransom to cyber criminals to restore access to its files after its systems were infected by Cryptolocker. In the case of Gameover Zeus, one victim lost $6.9 million from a fraudulent wire...

Lab detects mobile Trojan Svpeng: Financial malware with ransomware capabilities now targeting U.S. users

Although the Gameover Zeus botnet and Cryptolocker ransomware have been disrupted, it is still too early for a victory celebration. First, the two week deadline expires on June, 17th, leaving just one week left before cybercriminals could regain control of their botnet. Second, stories of the Gameover Zeus and Cryptolocker campaign have already spawned a number of copycats, also among mobile malware writers. Last Sunday, June 8th, Kaspersky Lab detected a mobile Trojan now operating in the USA and UK, called Svpeng, which combines the functionality of financial malware with ransomware capabilities. This is the first time that Svpeng, a famous money stealing mobile Trojan in Russia, has turned its attention to other markets. For now, this piece of malware, allegedly of Russian origin, does not steal credentials, but it is only a matter of time, since Svpeng is just a modification of a well-known Trojan that operates in Russia and is used mainly for money stealing. Additionally the Trojan’s code contains some mentions of the Cryptor method which was not used yet, so it is likely that soon it will be utilized for file encryption. In this case Svpeng will become the second most well-known mobile malware, with such functionality after Pletor, which appeared in the wild in May 2014. The Trojan checks a user’s phone for a list of certain financial applications –probably more for future usage, when it starts stealing login/password of online banking as it does now among Russian banks accounts. English-language Svpeng currently checks the following applications presence on a victim’s device: USAA Mobile Citi Mobile Amex Mobile Wells Fargo Mobile Bank of America...

Beware

A Chinese Android smartphone on sale on Amazon, eBay and other online stores has been found to contain a virus that pretends to be the Google Play Store but steals user data. The Star N9500, which closely resembles Samsung’s Galaxy S4 smartphone in appearance, is manufactured in China but sold online through resellers based in Belfast and Hong Kong. The Trojan, known as “Uupay.D”, disguised as the Google Play Store, comes pre-installed on the Android smartphone and cannot be removed by the user, according to German security company G Data, which analysed one of the smartphones purchased directly from the factory in...

Ebay hacked

If you’re a spammer, big news like the recent breach of eBay’s computers is like striking oil in your back yard. Perpetrators of unwanted email live for headline-grabbing events that they can use to separate gullible Web wanderers from their money, so the eBay breach is a perfect vehicle for the scammers, Cloudmark reported last week. “We see this around security events like the eBay breach and natural disasters,” Cloudmark Threat Researcher Andrew Conway told TechNewsWorld. “In some cases, they’ll take you to a malicious site that will try to convince you to install a Trojan on your system,” he said, “but this one is not that bad.” The scam discovered by Cloudmark tries to scare recipients of the spam message into believing that their eBay credentials may be used to give them a criminal record. “My name was used falsely in an arrest, and I didnt even Know it until I checked my public record,” one typical spam message...