INAUTH MALWARE AND MOBILE THREAT UPDATE

INAUTH MALWARE AND MOBILE THREAT UPDATE

MEDIAPROJECTION VULNERABILITY, MAC HIGH SIERRA OS LETS ANYONE LOG ON, MULTI-STAGE MALWARE ON GOOGLE PLAY

Welcome to the latest update from InAuth where we compile recent headlines and top threats affecting mobile devices.  Here are some of the most recent highlights:

Google MediaProjection Service Able to Be Exploited

Google’s new MediaProjection service allows app developers to capture screen contents and audio, bypassing the need to obtain root privileges. Developers can request access to MediaProjection via the Internet with no permissions needed to use the MediaProjection service.

The lack of specific Android permissions to use this API means an attacker could overlay the SystemUI pop-up warning with an arbitrary message to trick the user into granting an attacker’s application the ability to capture the user’s screen.

The vulnerability has been addressed in Android 8.0, but no patch has been created to-date for older versions of the operating system.

Latest High Sierra OS for Mac Lets Anyone Log In with User Name “Root”

Macs running the latest version of High Sierra — 10.13.1 (17B48) — allow anyone to log in by simply typing “root” in the user name field. Apple is aware of the issue and has released a security update, but it is recommended that you do not leave your Mac unattended until the security update has been installed.

Additionally, the user should not test this vulnerability themselves, as doing so will create a root account that can be exploited by others if not disabled.

Multi-Stage Malware Found on Google Play Store

Researchers at ESET discovered a new multi-stage malware on Google Play that can sneak banking trojans onto devices. Multi-stage malware are essentially droppers that hide a malicious application within a fake application that is able to evade Google Play’s malware detection.

Once the victim installs the fake app from Google Play, the malware will begin a series of stages that will ultimately download and install the malicious application. Two of the most recent samples caught contained either spyware or MazerBot, a notorious banking trojan.

InAuth Recommendations

To help protect users and organizations, InAuth recommends the following security best practices:

  • Stay current with software updates
  • Do not root or jail break devices
  • Do not install apps from third-party vendors other than the Google Play Store or Apple App Store
  • Lock devices with authentication

To stay up to date on the latest mobile threats, be sure to visit our blog and website regularly. InAuth provides ongoing insights on top trends and technologies to protect your organization’s digital channels in today’s always-on world.

 

 

 

NORTH AMERICA

Headquarters

376 Boylston Street, Suite 501
Boston, MA 02116
+1.855.801.0774

West Coast Office

227 Broadway, Suite 200
Santa Monica, CA 904011

EMEA

Belgrave House
76 Buckingham Palace Road
London, SW1W 9AX

LATIN AMERICA

Eje 5 Norte 990, Building C, 1st Floor
Santa Barbara, Mexico City 02230
+52 (55) 52097037

ASIA PACIFIC

Australia

Level 9, 12 Shelley Street
Sydney, NSW, Australia, 2000
+61 2 9152 2851

Level 14, 360 Collins Street
Melbourne, VIC, Australia 3000
+61 3 9152 2851

Singapore

Level 15, Marina Bay Financial Centre
Tower 1, Singapore 018940
+65 6317 6414