INAUTH MALWARE AND MOBILE THREAT UPDATE

INAUTH MALWARE AND MOBILE THREAT UPDATE

SEO-OPTIMZED MALWARE LINKS, IPHONE X JAIL BREAKIMMINENT, OLD BANKING TROJAN MAKES A COMEBACK

Welcome to the latest update from InAuth where we compile recent headlines and top threats affecting mobile devices.  Here are some of the most recent highlights:

Banking Trojan Targets Google Search Results

In a new threat, fraudsters have found a way to take advantage of the prevalence of Google’s search engine use by incorporating Search Engine Optimization (SEO) to promote the return of the Zeus Panda banking trojan malware in search results.

The malware comes up in search results when users search using specific banking-related keywords.  By ensuring that the link to the malware is displayed in search results, the attackers can maximize exposure to the malicious links and then more easily obtain banking credentials, credit card information, and other sensitive information.

Jailbreak for iPhone® X Possible

Liang Chen of Tencent Keen Lab recently demonstrated the first jailbreak to work on iOS version 11.1.1 running on an iPhone® X. This live demo happened at the POC 2017 security and hacking conference in South Korea.

At this time, there is no known release date for the jailbreak. While lauded by Apple fans, jailbreaks can pose serious security and stability concerns for the device and unsuspecting users.

Banking Trojan Corebot Making a Comeback Via Malicious Spam Emails

Cybersecurity firm Deep Instinct recently detected a new variant of a 2015 banking trojan, CoreBot. According to Deep Instinct, CoreBot is a sophisticated banking malware and information stealer.

CoreBot is being spread once again with new, modified versions. In their most recent analysis conducted September, the malware was distributed using malicious spam emails with Microsoft® Office documents as attachments.

As part of the attack, users receive an email notifying them of an invoice attachment. Once the attachment is clicked on, an executable is downloaded to two locations on the victim’s machine.

InAuth Recommendations

To help protect users and organizations, InAuth recommends the following security best practices:

  • Stay current with software updates
  • Do not root or jail break devices
  • Do not install apps from third-party vendors other than the Google Play Store or Apple App Store
  • Lock devices with authentication

To stay up to date on the latest mobile threats, be sure to visit our blog and website regularly. InAuth provides ongoing insights on top trends and technologies to protect your organization’s digital channels in today’s always-on world.

 

 

 

NORTH AMERICA

Headquarters

376 Boylston Street, Suite 501
Boston, MA 02116
+1.855.801.0774

West Coast Office

227 Broadway, Suite 200
Santa Monica, CA 904011

EMEA

Belgrave House
76 Buckingham Palace Road
London, SW1W 9AX

LATIN AMERICA

Eje 5 Norte 990, Building C, 1st Floor
Santa Barbara, Mexico City 02230
+52 (55) 52097037

ASIA PACIFIC

Australia

Level 9, 12 Shelley Street
Sydney, NSW, Australia, 2000
+61 2 9152 2851

Level 14, 360 Collins Street
Melbourne, VIC, Australia 3000
+61 3 9152 2851

Singapore

Level 15, Marina Bay Financial Centre
Tower 1, Singapore 018940
+65 6317 6414