Categories
Android

How Advertising Malware smuggles Malware into the Google Play Store

“Always download apps from the official app store.” – that’s what people arguing in order to stay away from malware but is this true? Several malware was already found during the past years within the official Store, Google reacted and hardened their systems, as a result, your device gets regularly scanned in order to find malware apps. Google also increased their own security mechanism, so their contribution rules and app restrictions in order to prevent bad people abusing some permissions are a bit better restricted.

Google Malware
Picture Source: gizbot.com

 

Categories
World

New California Law Finally Makes Ransomware official Illegal

Michigan Governor Rick Snyder signed last Monday two bills into law that criminalize the possession of ransomware. Up to three-year prison sentence, respectively is what you get if you possess any ransomware software. Legislators initially sought a ten years prison sentence but this was knocked down to three years in subsequent deliberations.

Ransomware
Picture Source: epatientfinder.com
Categories
Browser extensions

Do you really need HTTPS Everywhere extension?

It isn’t a must-have extension (in my opinion) and it can break some websites but it can be beneficial if it works. I remember it used to very popular and the popularity died down a bit because certificates are very cheap these days. I once used it and liked it at the time, but I removed it a very long ago because I’ve not a need for it anymore.

https-everywhere
Official HTTPS Everywhere Logo

By the way just as a general note, about the encrypted traffic between the browser and the target destination. Banking malware can actually intercept SSL and this technique is known as “WebInject“. The older technique for banking malware is called “Form-grabbing“, but that only covers HTTP communication, not HTTPS. SSL data will be decrypted by the browser client post-communication, and this is where banking malware can abuse this (exploit) to retrieve the decrypted SSL data via WebInject. Another would be messing with the certificates on the system. Some Anti-Virus programs do this and it can open opportunity for a Man-In-The-Middle (MITM) attack.

Problems

  • Johnny assumes HTTPS Everywhere automatically switches sites to HTTPS when available. So when he hits a login over HTTP he shrugs and says “I guess they don’t have HTTPS” and fills in the login anyway.
  • Johnny realizes that more and more, with HTTPS Everywhere installed he doesn’t need to worry about the lock icon in the URL bar. After all, if HTTPS is available HTTPS Everywhere will automatically switch him over, and if it isn’t, there is nothing he can do about it anyway.
  • Johnny isn’t aware that HTTPS Everywhere is automatically sending a fingerprint of every HTTPS site he visits to HTTPS Observatory (allowing them to track his browsing if they wanted).
  • The extension might be infected/faked or collects data. Less extension -> lower attack surface.
  • High memory usage to parse the integrated rule list.

Malware these days is using HTTPS (as mentioned) more than ever before, increasing by the day. This is why modern gateway appliances are all going to be required to do SSL scanning. Deep inspection takes a locally installed Root certificates but normal SSL inspection doesn’t. HTTPS Everywhere isn’t required at all when you do SSL validation at the UTM level.

Categories
Android

Loapi trojan can physical damage your Android

This is a new level of trojan, it is not just another one, it’s a swiss army knife when if comes to features because if offers so many of them. Kaspersky found the trojan first and wars about its behavior.

Loapi
The trojan activities were so hard on the CPU that after only two days the battery simply gave up and started to bend the battery. Picture: Kaspersky
Categories
Security Windows Windows 10

Process Doppelgänging: Bypasses all Anti-Virus and works on all Windows Versions

A new day – another malware. Well, this one is maybe a bit different, it bypasses all Windows mechanism and even all well-known Anti-Virus programs such as Windows Defender, Kaspersky Labs, ESET NOD32, Symantec, Trend Micro, Avast, McAfee, AVG, Panda + even advance forensic tools.

Process Doppelgänging Bypass
All well-known Engines are bypassed

The new fileless code injection technique takes advantage of a built-in Windows function and an undocumented implementation of Windows process loader.