A Week in Security (Apr 05 - 11)

A Week in Security (Sept 28 – Oct 04)

Last week, we at Malwarebytes Unpacked tackled on topics related to a phishing campaign targeting AOL and Outlook users, Android, gaming, threat analysis, a study on children’s behaviour online, more malvertising attacks, Ello, and Twitch.

Security researcher Joshua Cannell revealed five tricks malware authors employ to make debugging a laborious hurdle for malware analysts. These tricks also gives us a glimpse of how these authors can determine if their malware file is being analyzed. You can read more about the blog in the link below:

Malware Intelligence Analyst Christopher Boyd published the final instalment to the “Press H to Hack” blog series. Part I was published in June 2014. In this series, Boyd discussed hacking in video games, how the hacking was designed by the developers, and his thoughts about each.

Boyd also took a stab on the security settings and user accounts of Ello, today’s “social networking rising star.” The brand promised to bring in more features that would further enrich user experience in the future as it’s still on beta.

Finally, we published a blog on a couple of files claiming to be Twitch bots, which is the usual tool used to perform bombings or raids on the live streaming sites. One of the files is malicious, which we detect as Trojan.Crypt and one is a PUP, which we detect as PUP.Optional.OutBrowse.

Notable news stories:

  • JPMorgan Chase Hacking Affects 76 Million Households. “A cyberattack this summer on JPMorgan Chase compromised the accounts of 76 million households and seven million small businesses, a tally that dwarfs previous estimates by the bank and puts the intrusion among the largest ever.” (Source: The New York Times)
  • Smart Meter Hack Shuts Off The Lights. “The smart meter device Vazquez Vidal and Garcia Illera tested stores the same pair of symmetric AES-128 encryption keys inside every such device. An attacker who lifted these keys would be able to send commands — including an order to shut down power — directly to the smart meter. The microchip inside the device contains the readable keys, the researchers say.” (Source: Dark Reading)
  • Security company finds many popular Android flashlight apps could compromise your data. “Security company Snoopwall has published a report on the top ten Android Flashlight apps, and found that all of them require and obtain permissions giving them much greater access to your data and phone settings than necessary. The company warns that using your device for anything sensitive like mobile banking, could put you at serious risk if you have one of these Flashlight apps installed.” (Source: Softonic)
  • Investigating Twitter Abuse. “Twitter is an important means of communication for many people, so it shouldn’t be a surprise that it has become a medium that is exploited by cybercriminals as well. Together with researchers from Deakin University, we have released an in-depth paper titled An In-Depth Analysis of Abuse on Twitter that looks at the scale of this threat.” (Source: Trend Micro’s Security Intelligence Blog)
  • Voice-activated devices pose security threat. “Problems with voice-activated systems were found by Yuval Ben-Itzhak, chief technology officer at anti-virus firm AVG who managed to turn on and control a smart TV using a synthesised voice. The attack worked, he said, because the gadget did nothing to check who was speaking.” (Source: The BBC)
  • Shellshock DDoS Attacks Spike. “Shellshock-targeting DDoS attacks and IRC bots were spotted less than 24 hours after news about the Bash bug went public last week. Since then, security software vendor Trend Micro says it’s also seen Shellshock-related IP address probes directed against unnamed institutions in Brazil, as well as at least one financial services firm in China.” (Source: Gov InfoSecurity)
  • Malvertising campaign delivers digitally signed CryptoWall ransomware. “Researchers from network security firm Barracuda Networks found new CryptoWall samples that were digitally signed with a legitimate certificate issued by Comodo. The samples were distributed through drive-by download attacks launched from popular websites via malicious advertisements.” (Source: CSO)
  • A mobile spyware used to track activists in Honk Kong. “A Fake Occupy Central app is targeting the smartphones of the activists belonging to the Occupy Central pro-democracy movement with spyware. The malicious app  has circulated online claiming to be an instrument to coordinate the members of the Occupy Central pro-democracy movement. In time I’m writing it is not clear the number of mobile users infected by the app.” (Source: Security Affairs)
  • Snapchat hit by weightloss spam scam. “User profiles were used to send out advertisements for a weightloss site. It’s not clear how many people have been affected, but Snapchat users in several countries took to Twitter to complain about the problem.” (Source: The BBC)

Stay safe, everyone!

The Malwarebytes Labs Team