MALICIOUS CODE ON EQUIFAX SITE, INNOVATIVE ANDROID RANSOMWARE DISCOVERED, EASY ACCESS TO APPLE ID PASSWORD
Welcome to the latest update from InAuth where we compile recent headlines and top threats affecting mobile devices. Here are some of the most recent highlights:
In a report from Reuters, Equifax disclosed that one of its third-party vendors, which the company uses for tracking website performance, had been found to be running malicious code on the Equifax website, but that Equifax systems themselves had not been compromised.
Once discovered, Equifax took the website offline as a precautionary measure, and the third-party vendor’s code has been subsequently removed from the web page.
The malicious content involved serving up bogus popups to consumers checking credit information which could trick visitors into installing fraudulent Adobe Flash updates and infect computers with malware.
A new Android ransomware named DoubleLocker, which was discovered by IT security company ESET, has the ability to change your device’s PIN and also encrypt the data it finds in it.
Distributed as a fake Flash Player update, once launched, the app requests activation of the malware’s accessibility service, called Google Play Service. After the malware obtains the accessibility permissions, it uses them to activate device administrator rights and set itself as the default Home application without the user’s consent.
The ransomware attempts to extort money from victims in two ways. First, by changing the device PIN, the user is locked out of the device and must pay a ransom to gain access; and second, by encrypting information on the device, users must pay a ransom to get access to an encryption key from the attackers.
DoubleLocker has its roots in banking malware and could represent a new form of banking malware which ESET is dubbing “ransom-bankers.” Such malware could operate in two stages: first wiping a victim’s financial accounts and then locking the victim’s device and attempting to extort a ransome to unlock it.
By exploiting a long-running system loophole and common user behavior, criminal actors can easily gain access to Apple customers’ Apple ID passwords, either for use in Apple iTunes or to attempt to test the ID/password combination on other sites.
iOS users are asked to enter their Apple ID passwords for various reasons and are trained to do so whenever iOS prompts them to. Those popup prompts are typically shown on the lock screen, the home screen, and also inside random apps (iCloud, GameCenter, in-app purchases). This could easily be abused by any app, just by showing a UIAlertControllerthat looks exactly like the system dialog box.
One easy way for iOS users to check the validity of prompts for the Apple ID is to press the Home button when served with a popup prompt. If the app and the dialogue box close, then the prompt is a phishing attack. If the app and the dialogue box remain open, however, then the prompt is a legitimate system prompt.
To help protect users and organizations, InAuth recommends the following security best practices:
- Stay current with software updates
- Do not root or jail break devices
- Do not install apps from third-party vendors other than the Google Play Store or Apple App Store
- Lock devices with authentication
To stay up to date on the latest mobile threats, be sure to visit our blog and website regularly. InAuth provides ongoing insights on top trends and technologies to protect your organization’s digital channels in today’s always-on world.