The malware operators always keep finding new ways to target and spy on victims. Joker, one of the most prominent malware families active right now, has been targeting Android users for quite some time. Recently, the malware was observed using Github to hide its payload.
A new variant of the Joker malware has been discovered on Google Play, which uses Github pages and repositories to evade detection. This particular version was observed to be targeting mobile operator users in Thailand.
The app laden with Joker promised wallpapers in HD or 4K quality. This app was downloaded over a thousand times. The app injects malicious code into a new location, instead of application class or launcher activity.
The victims may be unaware of any compromise initially because the malware has a functioning app.After infection, the malware subscribes users to a WAP service without their consent.
To counter attackers’ new approach, experts suggest having an updated anti-malware application on a smartphone, paying closer attention to what the apps are actually doing, and always using official sources to download apps.
Kaspersky this week said its threat-monitoring systems had detected malware known as the Wroba Trojan, which targets Android and iOS device owners in the US with a fake package-delivery notification.
Android device users who click on a link in the notification are taken to a malicious site with an alert that warns users about their mobile browser being out of date and needing to be updated. Users tricked into clicking “OK” to download the purported browser update end up installing the malware on their device instead.
The download does not work on iPhones. So, users of iPhones who fall for the fake package-delivery notification are instead sent to a phishing page designed to look like Apple’s login page, which attempts to steal their Apple ID credentials.
Once Wroba is installed on a device, it can carry out a variety of malicious activities, according to Kaspersky. This includes sending fake SMS messages, checking installed packages, accessing financial transaction data, stealing the user’s contact list, and serving up phishing pages for stealing credentials, including those associated with bank accounts.
Wroba is not unlike other mobile malware — like its distribution via SMS. “But it utilizes some unusual techniques to hide its communication with its command-and-control [C2] server, like using MessagePack format and DES encryption to send the data.”
Wroba also has the ability to update its list of C2 servers with the help of information in social media accounts. The C2 information, for example, might be stored in encrypted form in the “Bio” or similar field in a social media account, Eremin says.
Kaspersky has described Wroba as being part of a broader mobile malware campaign called “Roaming Mantis.” Earlier versions of the malware were distributed via DNS hijacking. The operators of the malware basically hijacked DNS settings on home routers and redirected users of those routers to malicious sites.
The latest Wroba campaign is another sign of the growing threat that mobile users and organizations face from malware, adware, and other unwanted software on smartphones and other mobile devices. Thirty-nine percent of more than 875 mobile security professionals surveyed for the 2020 edition of Verizon’s Mobile Security Index said their organizations had experienced a security compromise involving a mobile device in the past year. Two years ago, only 27% reported such a breach. Two-thirds of those who experienced a mobile-related breach described the impact as major.
Cybersecurity concerns reportedly prompted India to ban more than 100 mobile apps with links to China on Wednesday, according to TechCrunch. The banned apps include popular mobile game PUBG, along with VPN for TikTok and WeChat Work.
The full list of apps appears in a press release reportedly from India’s Ministry of Electronics and Information Technology, which said the ministry had received complaints about the apps’ data handling.
“Several reports about misuse of some mobile apps available on Android and iOS platforms for stealing and surreptitiously transmitting users’ data in an unauthorized manner to servers which have locations outside India. The compilation of these data, its mining and profiling by elements hostile to national security and defense of India, which ultimately impinges upon the sovereignty and integrity of India,”.
India banned wildly popular Chinese video-sharing app TikTok and 58 others — including WeChat and Weibo — in June after a border clash between troops from both countries left at least 20 Indian soldiers dead.
StrandHogg 2.0 vulnerability in Android lets hackers hijack apps to steal victims’ data
Researchers at a Norwegian cybersecurity firm have discovered a vulnerability in Android that can be exploited by malicious apps to steal user data such as passwords, files and text message conversation logs.
The vulnerability, dubbed StrandHogg 2.0, affects the 2018 Android Pie release and all earlier versions, which power about 90% of mobile devices that run on Google’s operating system. The latest Android 10 release is not affected. Hackers who manage to sneak a malicious app onto a handset could exploit StrandHogg 2.0 to place a data-stealing overlay on top of legitimate apps and intercept input entered by the user.
“By exploiting this vulnerability, a malicious app installed on a device can attack and trick the user so that when the app icon of a legitimate app is clicked, a malicious version is instead displayed on the user’s screen,” Promon researchers detailed in a blog post. “If the victim then inputs their login credentials within this interface, those sensitive details are immediately sent to the attacker, who can then login to, and control, security-sensitive apps.”
Login credentials aren’t the only type of data that may potentially be at risk from StrandHogg 2.0-based cyberattacks. Malware can generate a deceptive overlay when a legitimate app requests operating system permissions, say to view the user’s photos or location, and hackers can then hijack those permissions to gain broader access to the user’s data or Android installation.
StrandHogg 2.0 is named after a similar flaw in Android that was spotted last year. This latest vulnerability is believed to be more dangerous because, unlike its namesake, it can be exploited without requiring that the user grant a malicious app any operating system permissions. Moreover, it’s harder for security tools to detect.
Update you Android phone with May 2020 update , rolled out recently