WIFI VULNERABILITY EXPOSES SENSITIVE INFORMATION, 8 GOOGLE PLAY APPS DISCOVERED WITH POTENTIAL TO EXECUTE DDOS ATTACKS, FIRST HYBRID ANDROID MALWARE DISCOVERED
Welcome to the latest update from InAuth where we compile recent headlines and top threats affecting mobile devices. Here are some of the most recent highlights:
A serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks, was discovered by researchers at imec-DistriNet, which can be used to read information that was previously assumed to be safely encrypted.
According to the research group, the weakness can be exploited to steal sensitive information like credit card numbers, passwords, chat messages, emails, photos, and more. All modern protected Wi-Fi networks can be affected. Depending on the network configuration, it is also possible that an attacker might also be able to inject ransomware or other malware into websites.
The researchers noted that any device supporting WiFi are most likely infected, including Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, which are all affected by some variant of the attacks.
To prevent the attack, users must update affected products as soon as security updates become available.
Symantec found eight apps infected with the Sockbot malware on Google Play that can add compromised devices to a botnet and potentially perform DDoS attacks. According to Symantec, the apps have been installed on anywhere from 600,000 to 2.6 million devices.
The malware is disguised as a legitimate app for modifying the look of the characters in Minecraft: Pocket Edition (PE)., while in the background, well-disguised attacking functionality is enabled.
Once the app with Sockbot is installed, it will try to communicate to a C&C server using port 9001. Once established, the server will request the app to open a network socket using SOCKS to proxy the connection, giving it the potential to perform DDoS attacks.
Researchers at Sfylabs have discovered a new variant of Android banking malware, called LokiBot, which is well-developed and provides numerous unique features such as a ransomware module. According to Sfylabs, the actors behind this new Android malware are successful cybercriminals with over 1.5 million dollars in Bitcoin.
LokiBot has been found to overlay on a large amount of banking apps (often around 100) and a handful of other popular apps such as Skype, Outlook and WhatsApp. The ransomware stage is activated when victims disable the administrative rights of the malware or try to uninstall it. The typical requested ransom amount between $70 and $100; however Sfylabs does not believe the ransomware attack to be the main focus of their campaign.
LokiBot works on Android 4.0 and higher and can also steal the contacts, as well as read and send SMS messages. It has a specific command to spam all contacts with SMS messages to spread the infection. Additionally,. Victims’ browser history can be uploaded and there is also an option to lock the phone, preventing the user from accessing it.
Sfylabs believes LokiBot has the ability to become a strong trojan, since new features emerge in the bot almost weekly, targeting many banks and popular apps.
To help protect users and organizations, InAuth recommends the following security best practices:
- Stay current with software updates
- Do not root or jail break devices
- Do not install apps from third-party vendors other than the Google Play Store or Apple App Store
- Lock devices with authentication
To stay up to date on the latest mobile threats, be sure to visit our blog and website regularly. InAuth provides ongoing insights on top trends and technologies to protect your organization’s digital channels in today’s always-on world.