Among smartphones, Android devices are the most commonly targeted by malware, finds report

(Last Updated On: December 7, 2018)

According to the latest Nokia Threat Intelligence Report 2019, Android devices are the most commonly targeted by malware. In mobile networks, Android devices were responsible for 47.15% of the observed malware infections, Windows©/ PCs for 35.82%, IoT for 16.17% and Apple’s iPhones for less than 1%.

Malware, Device breakdown 2018, source Nokia Threat Intelligence Report 2019

In the smartphone sector, the vast majority of malware is currently distributed as trojanized applications. The user is tricked by phishing, advertising or other social engineering into downloading and installing the application. The main reason that the Android platform is targeted, is the fact that once side-loading is enabled, Android applications can be downloaded from just about anywhere. In contrast, iPhone applications are for the most part limited to one source, the Apple Store.

Report also noted that Windows/PCs continue to be a target for malware infection. These Windows/PCs are connected to the mobile network using USB dongles and mobile Wi-Fi devices or simply tethered through smartphones. They are responsible for 36% of the malware infections observed. This is because these devices are still a popular target for professional cybercriminals who have a huge investment in the Windows malware ecosystem.

According to the report, IoT devices now make up 16% of the infected devices observed. This is mostly the result of IoT botnet activity. These bots actively scan for vulnerable victims using an increasingly rich suite of attacks. In networks where devices are routinely assigned public facing internet IP addresses we find a high IoT infection rate. In networks where carrier grade NAT is used, the infection rate is considerably reduced, because the vulnerable devices are not visible to network scanning.

The report also found that Android malware samples continue to grow in 2018. Nokia Threat Intelligence Lab now has close to 20 million Android malware samples. This is an increase of 31% since last year.

Of the top 20 malware infections detected in fixed residential networks in 2018, the majority still focus on the traditional Windows/PC platform, however 5 of the top 20 target IoT and 3 target Android.

In 2018 the average percentage of devices infected each month was 0.31%. The peak month was June with 0.46% due to an increase in activity of Android.Adware.Adultswine, malware that displays ads from the web that are often highly inappropriate and pornographic, attempts to trick users into installing fake “security apps” that also serve ads and entices users to register for premium services with hiddenexpenses. It is very persistent and difficult to uninstall.

The report also stessed the emergence of new IoT botnet variants in 2018. In particular – Fbot, which is a Satori related botnet that has two major distinguishing features. It spreads by scanning for devices that have the default Android Debug Bridge (ADB) port open. Very few Androids phones have this port open, but apparently some smart TVs and other Android based IoT devices have been deployed accidentally with this debug port open.

via droidmen

Read more »

Update your iPhone to avoid being hacked over Wi-Fi

It’s only been five days since Apple’s last security update for iOS, when dozens of serious security vulnerabilities were patched.

As we mentioned last week, the recent iOS 10.3 and macOS 10.12.4 updates included numerous fixes dealing with “arbitrary code execution with kernel privileges”.

Any exploit that lets an external attacker tell the operating system kernel itself what to is a serious concern that ought to be patched as soon as possible – hesitation is not an option.

After all, it’s the kernel that’s responsible for managing security in the rest of the system.

Sophos Home

Free home computer security software for all the family

Learn More

Take this analogy with pinch of salt, but an exploit that gives a remote attacker regular user access is like planting a spy in the Naval corps with a Lieutenant’s rank.

If you can grab local administrator access, that’s like boosting yourself straight to Captain or Commodore; but if you can own the kernel (this is not a pun), you’ve landed among the senior Admiral staff, right at the top of the command structure.

So make sure you don’t miss the latest we-didn’t-quite-get-this-one-out-last-time update to iOS 10.3.1:

iOS 10.3.1

Released April 3, 2017

Wi-Fi

Available for: iPhone 5 and later, 
               iPad 4th generation and later, 
               iPod touch 6th generation and later

Impact:        An attacker within range may be able to 
               execute arbitrary code on the Wi-Fi chip

Description:   A stack buffer overflow was addressed 
               through improved input validation.

CVE-2017-6975: Gal Beniamini of Google Project Zero

This is rather different from the usual sort of attack – the main CPU, operating system and installed apps are left well alone.

Most network attacks rely on security holes at a much higher level, in software components such as databases, web servers, email clients, browsers and browser plugins.

So, attacking the Wi-Fi network card itself might seem like small beer.

After all, the attacks that won hundreds of thousands of dollars at the recent Pwn2Own competition went after the heart of the operating system itself, to give the intruders what you might call an “access all areas” pass.

Nevertheless, the CPU of an externally-facing device like a Wi-Fi card is a cunning place to mount an attack.

It’s a bit like being just outside the castle walls, on what most security-minded insiders would consider the wrong side of the moat and drawbridge.

But with a bit of cunning you may be able to position yourself where you can eavesdrop on every message coming in and out of the castle…

…all the while being ignored along with the many unimportant-looking peasants and hangers-on who’ll never have the privilege of entering the castle itself.

Better yet, once you’ve eavesdropped on what you wanted to hear, you’re already on the outside, so you don’t have to run the gauntlet of the guards to get back out to a place where you can pass your message on.

What to do?

As far as we know, this isn’t a zero-day because it was responsibly disclosed and patched before anyone else found out about it.

Cybercrooks have a vague idea of where to start looking now the bug that has been described, but there’s a huge gap between knowing that an exploitable bug exists and rediscovering it independently.

We applied the update as soon as Apple’s notification email arrived (the download was under 30MB), and we’re happy to assume that we’ve therefore beaten even the most enthusiatic crooks to the punch this time.

You can accelerate your own patch by manually visiting Settings | General | Software Update to force an upgrade, rather than waiting for your turn in Apple’s autoupdate queue.

via nakedsecurity

Read more »

Quimitch: The first Mac malware of 2017

The first Mac malware of 2017 has been detected and brings to question whether Macs still safe from bad guys or whether malware lurks there undetected.

Mac users usually feel safe when it comes to malicious software attacking their systems. Viruses, worms and other kinds of malware are relatively rare comparing with Microsoft Windows users. However, in the last couple of years, the situation has been changing and it seems that the attention of malware creators is turning towards Mac users.

Key Points

• The malicious code is extremely simple and consists only of two files.
• The code of malware seems truly ancient with calls dating to pre-OS X times and open source libraries, with the latest update being from the last century.
• Malware targets specific institutions – biomedical research centers. This points to the fact that it could be an attempt to steal research data or other kinds of espionage.
• Malware needs access to the webcam and to capture the screen, exfiltrating data from everything it can access.

Overview

There are few interesting things about Quimitchin, the name comes from the Aztec spies that infiltrated other tribes (That’s because the code of the malware itself is ancient or at least it seems so!) – first and foremost, it might have been running on specific systems undetected for years. Why was it undetected? Targeted attacks are much more difficult to detect because of their limited exposure and this is the case with Quimitchin, which is most likely espionage tool. The malware tries to access the webcam with primitive calls, dating back to pre-OS X times. It also tries to screen capture, has rudiments of a remote control function, with possibility to receive commands like change the position of mouse cursor or simulate mouse clicks.

It consists of two files – one for keeping the client alive and another Perl script – for communication with command and control servers, taking screenshots, accessing the webcam and other activities. It can also scan your network, build a map of all devices, try and connect to them or report IP addresses and other information.

What’s even more interesting, the malware code has Linux shell commands too. This might point that there is similar malware existing in Linux systems. Up to this date, the existence of such cannot be confirmed. However, communications with the same command and control center were reported a couple of times to Virus Total before. 

No one knows how this piece of malware is installed, who created it and for how long it was stealing scientific research data and this mysterious twist is one of the reasons why Quimitchin is one of the most interesting pieces of malware early in 2017. Although who the creators are isn't clear, as researchers dig into it, time will reveal who was standing behind the curtain.

Relevance to your security

This malware can infect your Mac computer. Although, unless you are working at a biomedical research institution, you shouldn’t worry too much. On the other hand, the discovery of this malware, using such ancient techniques, might show that there can be a lot of bad things happening undetected with your OS X and Mac computer.

Webcam access: Possibility to capture images, record video. Though further investigation of code is needed.

Capture screen: Capture what is happening on your screen and transferring images. 

Remote control: It can remotely control your computer – simulate key presses, mouse clicks, cursor position and gather your network data – IP addresses, network names and port that it uses.

Conclusion

Quimitchin is one of the mysteries of early 2017 that surfaced in cyber security field. There are more things unknown than known regarding activities of this malware, creators, purpose and for how long it was being used undetected.

Read more »