INAUTH MALWARE AND MOBILE THREAT UPDATE

INAUTH MALWARE AND MOBILE THREAT UPDATE

MALICIOUS CODE ON EQUIFAX SITE, INNOVATIVE ANDROID RANSOMWARE DISCOVERED, EASY ACCESS TO APPLE ID PASSWORD

Welcome to the latest update from InAuth where we compile recent headlines and top threats affecting mobile devices.  Here are some of the most recent highlights:

Third-Party Vendor Runs Malicious Code on Equifax Web Page

In a report from Reuters, Equifax disclosed that one of its third-party vendors, which the company uses for tracking website performance, had been found to be running malicious code on the Equifax website, but that Equifax systems themselves had not been compromised.

Once discovered, Equifax took the website offline as a precautionary measure, and the third-party vendor’s code has been subsequently removed from the web page.

The malicious content involved serving up bogus popups to consumers checking credit information which could trick visitors into installing fraudulent Adobe Flash updates and infect computers with malware.

Innovative Android Ransomware Can Change Device PIN and Encrypt Data

A new Android ransomware named DoubleLocker, which was discovered by IT security company ESET, has the ability to change your device’s PIN and also encrypt the data it finds in it.

Distributed as a fake Flash Player update, once launched, the app requests activation of the malware’s accessibility service, called Google Play Service. After the malware obtains the accessibility permissions, it uses them to activate device administrator rights and set itself as the default Home application without the user’s consent.

The ransomware attempts to extort money from victims in two ways. First, by changing the device PIN, the user is locked out of the device and must pay a ransom to gain access; and second, by encrypting information on the device, users must pay a ransom to get access to an encryption key from the attackers.

DoubleLocker has its roots in banking malware and could represent a new form of banking malware which ESET is dubbing “ransom-bankers.” Such malware could operate in two stages: first wiping a victim’s financial accounts and then locking the victim’s device and attempting to extort a ransome to unlock it.

Cybercriminals Gain Apple ID Password by Exploiting Code and Common Behavior

By exploiting a long-running system loophole and common user behavior, criminal actors can easily gain access to Apple customers’ Apple ID passwords, either for use in Apple iTunes or to attempt to test the ID/password combination on other sites.

iOS users are asked to enter their Apple ID passwords for various reasons and are trained to do so whenever iOS prompts them to. Those popup prompts are typically shown on the lock screen, the home screen, and also inside random apps (iCloud, GameCenter, in-app purchases).  This could easily be abused by any app, just by showing a UIAlertControllerthat looks exactly like the system dialog box.

One easy way for iOS users to check the validity of prompts for the Apple ID is to press the Home button when served with a popup prompt. If the app and the dialogue box close, then the prompt is a phishing attack. If the app and the dialogue box remain open, however, then the prompt is a legitimate system prompt.

InAuth Recommendations

To help protect users and organizations, InAuth recommends the following security best practices:

  • Stay current with software updates
  • Do not root or jail break devices
  • Do not install apps from third-party vendors other than the Google Play Store or Apple App Store
  • Lock devices with authentication

To stay up to date on the latest mobile threats, be sure to visit our blog and website regularly. InAuth provides ongoing insights on top trends and technologies to protect your organization’s digital channels in today’s always-on world.

NORTH AMERICA

Headquarters

2 Pierce Place
Suite 900
Itasca, IL 60143
+1.855.801.0774

EMEA

Belgrave House
76 Buckingham Palace Road
London, SW1W 9AX

LATIN AMERICA

Eje 5 Norte 990, Building C, 1st Floor
Santa Barbara, Mexico City 02230
+52 (55) 52097037

ASIA PACIFIC

Australia

Level 9, 12 Shelley Street
Sydney, NSW, Australia, 2000
+61 2 9152 2851

Level 14, 360 Collins Street
Melbourne, VIC, Australia 3000
+61 3 9152 2851

Singapore

Level 15, Marina Bay Financial Centre
Tower 1, Singapore 018940
+65 6317 6414