HackDig : Dig high-quality web security articles for hacker

Booking a Taxi for Faketoken

The Trojan-Banker.AndroidOS.Faketoken malware has been known about for already more than a year. Throughout the time of its existence, it has worked its way up from a primitive Trojan intercepting mTAN codes to an encrypter. The authors of its newer modifications continue to upgrade the malware, while its geographical spread is growing. Some of these modifi
Publish At:2017-08-17 05:05 | Read:366 | Comments:0 | Tags:Mobile Google Android Malware Descriptions Mobile Malware Tr

A new era in mobile banking Trojans

In mid-July 2017, we found a new modification of the well-known mobile banking malware family Svpeng – Trojan-Banker.AndroidOS.Svpeng.ae. In this modification, the cybercriminals have added new functionality: it now also works as a keylogger, stealing entered text through the use of accessibility services. Accessibility services generally provide user interf
Publish At:2017-07-31 09:45 | Read:397 | Comments:0 | Tags:Mobile Google Android Keylogger Mobile Malware

Ztorg: from rooting to SMS

I’ve been monitoring Google Play Store for new Ztorg Trojans since September 2016, and have so far found several dozen new malicious apps. All of them were rooting malware that used exploits to gain root rights on the infected device. Then, in the second half of May 2017 I found one that wasn’t. Distributed on Google Play through two malicious a
Publish At:2017-06-20 08:50 | Read:694 | Comments:0 | Tags:Mobile Google Android Mobile Malware Ztorg

Dvmap: the first Android malware with code injection

In April 2017 we started observing new rooting malware being distributed through the Google Play Store. Unlike other rooting malware, this Trojan not only installs its modules into the system, it also injects malicious code into the system runtime libraries. Kaspersky Lab products detect it as Trojan.AndroidOS.Dvmap.a. The distribution of rooting malware thr
Publish At:2017-06-08 15:45 | Read:848 | Comments:0 | Tags:Featured Mobile code injection Google Android Mobile Malware

Ztorg: money for infecting your smartphone

This research started when we discovered an infected Pokémon GO guide in Google Play. It was there for several weeks and was downloaded more than 500,000 times. We detected the malware as Trojan.AndroidOS.Ztorg.ad. After some searching, I found some other similar infected apps that were being distributed from the Google Play Store. The first of them, called
Publish At:2017-05-15 13:40 | Read:1283 | Comments:0 | Tags:Analysis Featured Publications advertisement Google Android

Financial cyberthreats in 2016

In 2016 we continued our in-depth research into the financial cyberthreat landscape. We’ve noticed over the last few years that large financial cybercriminal groups have started to concentrate their efforts on targeting large organizations – such as banks, payment processing systems, retailers, hotels and other businesses where POS terminals are widely
Publish At:2017-02-22 06:30 | Read:1482 | Comments:0 | Tags:Analysis Featured Publications Financial malware Google Andr

Expensive free apps

This post is the result of collaboration between 11paths (Telefonica’s Cybersecurity Global Unit) and Kaspersky Lab. Both companies have used their own expertise, researchers and tools, such as 11path’s Tacyt (Android apps monitoring) and GReAT’s internal tools and resources. Big Brother and Google Play Fraudulent apps trying to send Prem
Publish At:2017-01-23 07:30 | Read:1975 | Comments:0 | Tags:Blog Mobile Google Android Mobile Malware SMS Trojan

Switcher: Android joins the ‘attack-the-router’ club

Recently, in our never-ending quest to protect the world from malware, we found a misbehaving Android trojan. Although malware targeting the Android OS stopped being a novelty quite some time ago, this trojan is quite unique. Instead of attacking a user, it attacks the Wi-Fi network the user is connected to, or, to be precise, the wireless router that serves
Publish At:2016-12-28 11:20 | Read:1243 | Comments:0 | Tags:Blog Mobile DNS Google Android Mobile Malware Router

The banker that encrypted files

Many mobile bankers can block a device in order to extort money from its user. But we have discovered a modification of the mobile banking Trojan Trojan-Banker.AndroidOS.Faketoken that went even further – it can encrypt user data. In addition to that, this modification is attacking more than 2,000 financial apps around the world. We have managed to detect se
Publish At:2016-12-19 22:35 | Read:1992 | Comments:0 | Tags:Blog Research Banking Trojan Encryption Financial malware Go

Disassembling a Mobile Trojan Attack

In early August we detected several cases of a banking Trojan being downloaded automatically when users viewed certain news sites on their Android devices. Later it became apparent that this was being caused by advertising messages from the Google AdSense network, and was not restricted to news sites. In fact, any site using AdSense to display adverts could
Publish At:2016-11-12 08:35 | Read:949 | Comments:0 | Tags:Blog Research Banking Trojan Google Google Android Mobile Ma

The first cryptor to exploit Telegram

Earlier this month, we discovered a piece of encryption malware targeting Russian users. One of its peculiarities was that it uses Telegram Messenger’s communication protocol to send a decryption key to the threat actor. To our knowledge, this is the first cryptor to use the Telegram protocol in an encryption malware case. What is a cryptor? In general
Publish At:2016-11-12 08:35 | Read:1188 | Comments:0 | Tags:Blog Research Google Android Mobile Malware Ransomware explo

Everyone sees not what they want to see

In early March, Kaspersky Lab detected the modular Trojan Backdoor.AndroidOS.Triada which granted superuser privileges to downloaded Trojans (i.e. the payload), as well as the chance to get embedded into system processes. Soon after that, on March 15, we found one of the modules enabling a dangerous attack – spoofing URLs loaded in the browser. The malicious
Publish At:2016-06-06 16:35 | Read:877 | Comments:0 | Tags:Blog Research Google Android mobile browser Mobile Malware R

Who viewed your Instagram account? And who stole your password?

Introduction Mobile applications have become one of the most efficient attack vectors, and one of the favorite methods of cybercriminals is the abuse of popular applications. Maybe you would think twice before installing any application that asks for the credentials you use to connect to your social networks, email accounts or cloud storage services? Recentl
Publish At:2016-03-21 16:25 | Read:1384 | Comments:0 | Tags:Blog Research Google Android Mobile Malware Social networks

Who viewed you Instagram account? And who stole your password?

Introduction Mobile applications have become one of the most efficient attack vectors, and one of the favorite methods of cybercriminals is the abuse of popular applications. Maybe you would think twice before installing any application that asks for the credentials you use to connect to your social networks, email accounts or cloud storage services? Recentl
Publish At:2016-03-21 11:50 | Read:1572 | Comments:0 | Tags:Blog Research Google Android Mobile Malware Social networks

Attack on Zygote: a new twist in the evolution of mobile threats

The main danger posed by apps that gain root access to a mobile device without the user’s knowledge is that they can provide access to far more advanced and dangerous malware with highly innovative architecture. We feared that Trojans obtaining unauthorized superuser privileges to install legitimate apps and display advertising would eventually start
Publish At:2016-03-03 09:00 | Read:2017 | Comments:0 | Tags:Analysis Featured Publications Banking Trojan Google Android

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud