MEDIAPROJECTION VULNERABILITY, MAC HIGH SIERRA OS LETS ANYONE LOG ON, MULTI-STAGE MALWARE ON GOOGLE PLAY
Welcome to the latest update from InAuth where we compile recent headlines and top threats affecting mobile devices. Here are some of the most recent highlights:
Google’s new MediaProjection service allows app developers to capture screen contents and audio, bypassing the need to obtain root privileges. Developers can request access to MediaProjection via the Internet with no permissions needed to use the MediaProjection service.
The lack of specific Android permissions to use this API means an attacker could overlay the SystemUI pop-up warning with an arbitrary message to trick the user into granting an attacker’s application the ability to capture the user’s screen.
The vulnerability has been addressed in Android 8.0, but no patch has been created to-date for older versions of the operating system.
Macs running the latest version of High Sierra — 10.13.1 (17B48) — allow anyone to log in by simply typing “root” in the user name field. Apple is aware of the issue and has released a security update, but it is recommended that you do not leave your Mac unattended until the security update has been installed.
Additionally, the user should not test this vulnerability themselves, as doing so will create a root account that can be exploited by others if not disabled.
Researchers at ESET discovered a new multi-stage malware on Google Play that can sneak banking trojans onto devices. Multi-stage malware are essentially droppers that hide a malicious application within a fake application that is able to evade Google Play’s malware detection.
Once the victim installs the fake app from Google Play, the malware will begin a series of stages that will ultimately download and install the malicious application. Two of the most recent samples caught contained either spyware or MazerBot, a notorious banking trojan.
To help protect users and organizations, InAuth recommends the following security best practices:
- Stay current with software updates
- Do not root or jail break devices
- Do not install apps from third-party vendors other than the Google Play Store or Apple App Store
- Lock devices with authentication
To stay up to date on the latest mobile threats, be sure to visit our blog and website regularly. InAuth provides ongoing insights on top trends and technologies to protect your organization’s digital channels in today’s always-on world.