SEO-OPTIMZED MALWARE LINKS, IPHONE X JAIL BREAKIMMINENT, OLD BANKING TROJAN MAKES A COMEBACK
Welcome to the latest update from InAuth where we compile recent headlines and top threats affecting mobile devices. Here are some of the most recent highlights:
In a new threat, fraudsters have found a way to take advantage of the prevalence of Google’s search engine use by incorporating Search Engine Optimization (SEO) to promote the return of the Zeus Panda banking trojan malware in search results.
The malware comes up in search results when users search using specific banking-related keywords. By ensuring that the link to the malware is displayed in search results, the attackers can maximize exposure to the malicious links and then more easily obtain banking credentials, credit card information, and other sensitive information.
Liang Chen of Tencent Keen Lab recently demonstrated the first jailbreak to work on iOS version 11.1.1 running on an iPhone® X. This live demo happened at the POC 2017 security and hacking conference in South Korea.
At this time, there is no known release date for the jailbreak. While lauded by Apple fans, jailbreaks can pose serious security and stability concerns for the device and unsuspecting users.
Cybersecurity firm Deep Instinct recently detected a new variant of a 2015 banking trojan, CoreBot. According to Deep Instinct, CoreBot is a sophisticated banking malware and information stealer.
CoreBot is being spread once again with new, modified versions. In their most recent analysis conducted September, the malware was distributed using malicious spam emails with Microsoft® Office documents as attachments.
As part of the attack, users receive an email notifying them of an invoice attachment. Once the attachment is clicked on, an executable is downloaded to two locations on the victim’s machine.
To help protect users and organizations, InAuth recommends the following security best practices:
- Stay current with software updates
- Do not root or jail break devices
- Do not install apps from third-party vendors other than the Google Play Store or Apple App Store
- Lock devices with authentication
To stay up to date on the latest mobile threats, be sure to visit our blog and website regularly. InAuth provides ongoing insights on top trends and technologies to protect your organization’s digital channels in today’s always-on world.