More Ransomware Plaguing Android
Android users have been warned again that they too can become victims of ransomware.
A Cryptolocker-style Android virus dubbed Simplocker has been detected by security firm Eset, which confirmed that it scrambles files on the SD cards of infected devices before issuing a demand for payment.
The message is in Russian and the demand for payment is in Ukrainian hryvnias, equating to somewhere between £15 and £20.
Naturally, the warning also accuses the victim of looking at rather unsavoury images on their phone. However, while the source of the malware is said to be an app called “Sex xionix”, it isn’t available at the Google Play Store, which generally means that anyone who sideloads it is asking for trouble.
Eset believes that this is actually more of a “proof of concept” than an all-out attack, and far less dangerous than Cryptolocker, but fully functional.
Robert Lipovsky of Eset said, “The malware is fully capable of encrypting the user’s files, which may be lost if the encryption key is not retrieved. While the malware does contain functionality to decrypt the files, we strongly recommend against paying up – not only because that will only motivate other malware authors to continue these kinds of filthy operations, but also because there is no guarantee that the crook will keep their part of the deal and actually decrypt them.”
Eset recommends the usual – use a malware app. It recommends its own, obviously, and advises punters to keep files backed up. Following such advice, said Lipovsky, ensures that ransomware is “nothing more than a nuisance”.
This is not the first Android cryptolocker style virus. Last month a similar virus was found, which Kaspersky said was “unsurprising, considering Android’s market share”.
Will Google’s Project Shield Work?
Google has opened Project Shield, its service for small websites that don’t have the forces to repel denial of service attacks that might come their way.
Google introduced the service on Google+, saying that it is aimed at websites that might otherwise be at risk of online disruption.
“Project Shield, [is] an initiative that enables people to use Google’s technology to better protect websites that might otherwise have been taken offline by “distributed denial of service” (DDoS) attacks. We’re currently inviting webmasters serving independent news, human rights, and elections-related content to apply to join our next round of trusted testers,” it said.
“Over the last year, Project Shield has been successfully used by a number of trusted testers, including Balatarin, a Persian-language social and political blog, and Aymta , a website providing early-warning of scud missiles to people in Syria. Project Shield was also used to protect the election monitoring service in Kenya, which was the first time their site stayed up throughout an election cycle.”
Interested websites should visit the Google Project Shield page and request an invitation to the experience. They should not try to do the same at Nvidia’s website, as they will probably just come away with a handheld games console. This will not offer much assistance against DDoS attacks.
According to a video shared by Google last night, Project Shield works by combining the firm’s DDoS mitigation technologies and Page Speed Service (PSS).
Are Russian Hackers Exploiting Android?
Comments Off on Are Russian Hackers Exploiting Android?
Russian mobile malware factories are working with thousands of affiliates to exploit Android users, a security company has claimed.
According to Lookout Mobile Security the system is so efficient that almost a third of all mobile malware is made by just 10 organisations operating out of Russia. These “malware HQs” are pumping out nasty toll fraud apps, largely aimed at Android users, which force the user to call premium rate numbers the report said.
Thousands of affiliate marketers are also profiting from the scheme and helping spread the malware by setting up websites designed to trick users into downloading seemingly legitimate apps. Affiliates can make up to $12,000 a month and are heavy users of Twitter.
The report’s release at the DEF CON 21 conference in Las Vegas indicated that Lookout Mobile Security are working with the spooks to bring the crooks down. The malware HQs had gone to great lengths to obfuscate and encrypt their code to make detection tricky, but their advertising was pretty brazen.
Is Android Safer Than iOS?
The general consensus is that iOS apps tend to be somewhat safer than their Android counterparts. Apple goes to great lengths to have apps vetted and as a result far fewer iOS apps end up with malware or security issues.
However, a new report fresh out of Appthority claims iOS apps have their fair share of issues and in some respects then can pose an even greater security risk than Android apps. The report covered the top 50 apps from the Apple App Store and Google Play and found that iOS apps exhibited riskier behaviour.
“The majority of iOS apps track for location (60%), share data with advertising or analytics networks (60%) and have access to the user’s contact list (54%). A small percentage of iOS apps also had access to the user’s calendar (14%),” the report found.
However, Android fans shouldn’t be too happy since their platform is not far behind. Half of them share data with ad networks or analytics companies, while 42 percent tracked location. Slightly better, but nothing to be proud about.
One of the most worrying findings is that both Android and iOS apps don’t do much to prevent personal data from leaking from our devices. Not a single iOS app analyzed in the study used encryption to send and receive data, and neither did 92 percent of Android apps.
So while it might seem that Android is a somewhat better platform for users with privacy concerns, both Google and Apple are pants at that sort of thing.
Adobe Gives Up On Windows XP
Adobe said today that the current CS6 version of Photoshop will be the last one to support the operating system.
Adobe Product Manager Tom Hogarty said in a blog post that the Photoshop team would like to provide advanced notice that Photoshop CS6 (13.0) will be the last major version of Photoshop to support Windows XP. He said that modern performance-sensitive software requires modern hardware graphics interfaces that Windows XP lacks, in particular a way to tap into the power of GPUs. By only working on newer operating systems and hardware Adobe can bring in significantly better performance.
Photoshop CS6 already demonstrates that relying on a modern operating system, graphics cards/GPUs and graphics drivers can lead to substantial improvements in 3D, Blur Gallery and Lighting Effect features not available to Windows XP customers, he said.
Adobe hopes that by providing this information early it will help you understand our current decisions around operating system support and where we we’re headed with future releases of Photoshop. It is hard to see how any serious user of Adobe products could be using an XP machine anyway. The move away from XP started with CS 5 which only ran on Vista.
Kaspersky Finds New Malware
Kaspersky Lab has discovered three Flame spyware related malware threats that it said use “sophisticated encryption methods”.
Kaspersky claims that it uncovered the three new hostile programs while analysing a number of Command and Control (C&C) servers used by Flame’s creators.
“Sophisticated encryption methods were utilised so that no one, but the attackers, could obtain the data uploaded from infected machines,” the firm’s statement read.
“The analysis of the scripts used to handle data transmissions to the victims revealed four communication protocols, and only one of them was compatible with Flame.
“It means that at least three other types of malware used these Command and Control servers. There is enough evidence to prove that at least one Flame-related malware is operating in the wild.”
The discovery of the three programs indicates that Flame’s Command and Control platform was being developed in 2006, four years earlier than first thought.
Flame was originally uncovered in May targeting Iranian computer systems. The malware drew widespread concerns within the security industry regarding its advanced espionage capabilities.
The full scale of Flame and its overarching implications remain unknown, despite the ongoing joint research campaign being mounted by Kaspersky, IMPACT, CERT-Bund/BSI and Symantec.
“It was problematic for us to estimate the amount of data stolen by Flame, even after the analysis of its Command and Control servers,” said Kaspersky’s chief security expert, Alexander Gostev.
Following the discovery of the three new related programs, Kaspersky’s chief malware expert Vitaly Kamluk told The INQUIRER that Flame is not the only one in this big family.
“There are others and they aren’t just other known malwares such as Stuxnet, Gauss or Duqu,” he said. “They stay in the shadows and no one has published anything about them yet. Others were probably used for different campaigns.”
Kamluk added that it is “very possible” there are more than the three listed in Kaspersky’s report.
“They started building RedProtocol, yet another ‘language’ for unknown malware. No known client types are using that one, which means that there is even more malware out there,” he added.
Windows Malware Hides In iOS App
Windows malware slipped past Apple’s eye and has been found tucked into software available on the company’s iOS App Store.
Although the malware, labeled a worm by Microsoft and tagged as “Win32/VB.CB” by the company, is harmless against Apple’s iOS and OS X operating systems, it may pose a threat to iTunes customers who download iPhone and iPad apps to their Windows PCs before syncing to their mobile devices.
A user reported Win32/VB.CB to Apple’s support forum around 10:30 a.m. ET Tuesday. The user, identified only as ”deesto,” said that his or her OS X antivirus warned that “Instaquotes-Quotes Cards for Instagram” was infected.
Hacker Writes Trojan For Apple’s Mac
As Apple’s popularity continues to increase, so too does the malicious interest of hackers in their famed products. Researchers at Sophos say they’ve uncovered a new Trojan horse program written for the Mac.
It’s called the BlackHole RAT (the RAT part is for “remote access Trojan”) and it’s pretty easy to find online in hacking forums, according to Chet Wisniewski a researcher with antivirus vendor Sophos. There’s even a YouTube video demo of the program that details what its capable of doing.
Sophos hasn’t seen the Trojan used in any online attacks -it’s more a bare-bones, proof-of-concept beta program right now – but the software is pretty easy to use, and if a criminal could find a way to get a Mac user to install it, or write attack code that would silently install it on the Mac, it would give him remote control of the hacked machine. Read More….