Evasi0n7 JB– the first iOS7 Jailbreak

 
We’ve been expecting an iOS7 jailbreak tool for some time. After all, researchers have been working towards this for the past few months, and the rumor mill was working overtime. Timing its release on 22nd of December, evasi0n7 JB was one holiday gift we weren’t excited about. Overview A jailbreak removes all the built-in iOS security mechanisms (such as the iOS Sandbox model). Ultimately, it enables the execution of non-Apple certified code. The evasi0n7 JB is the first jailbreak tool which affects all iOS7-based devices – versions 7.0-7.0.4. More so, it leaves the device in a jailbroken ...

Hand of Thief (HoT) Moves its Way to Android

 
A relatively new commercial mobile bot, Hands of Thief (HoT) for Android, which targets users of online banking has been circulating the underground forums for the past three months. As its owner claims, this bot variant is “better than Perkele” – the notorious Android malware kit used to bypass multi-factor authentication. HoT originally made some waves this past August as the (not too mature) Linux-targeting banking Trojan.  It looks like the owner has now decided to expand the business to the more lucrative and pervasive mobile platform. The seller is currently advertising the Android-version HoT in a Russian underground forum. ...

The 2013 Android Vulnerability of the Year

 
Were we to pick the most notorious 2013 Android vulnerability - the dubious award would undoubtedly go to CVE-2013-6282. A privilege escalation flaw released in October and affects all Android versions 4.0-4.3. What makes this vulnerability so abysmal? After all, it hardly gained any press coverage and was mainly discussed in smaller highly technical and focused forums. However, both our research and that of fellow researchers, has proved that behind the scenes lies a basic operating system vulnerability that: 1. Affects most devices running Android versions 4.0-4.3 Including Samsung Galaxy S3/4, ...

Check Point Threat Emulation Finds “Joke-of-the-day” Chain Letter is No Joke

 
Summary Check Point’s Threat Emulation Cloud Service recently detected an Excel document that runs a macro in order to change the computer’s background “as a joke”. Like other email chain letters, the message propagates when end users receive the document via email, open it, and then forward it to colleagues and friends at other organizations. An analysis shows that while this document does not carry a malicious payload, it highlights how even today end users remain unwary of simple attacks, creating a ready distribution mechanism for a malware among many organizations. Details Detection of Suspicious Document in an Email Message On October 28, a user working at a large ...

Android Rooting Tools Recently Released: “VROOT” and “Motochopper”

 
Two new rooting tools against a wide spectrum of Android devices, ranging from version 4.0 till 4.4, were recently found. These tools allow an adversary to bypass the Android permission model and gain full control of the smartphone/ tablet - essentially enabling an attacker to execute attacker-controlled code under system (administrator) privileges, access files and sensitive information on the device. Furthermore, these tools allow an attacker to inject a persistent backdoor on the device for complete remote control of the device. Both rooting tools are available as a free download in various mobile forums. The tools require minimal ...

Defeating Cryptolocker with ThreatCloud and Gateway Threat Prevention

 
Summary Check Point’s Malware Research Group has been investigating the ‘Cryptolocker’ malware that has recently been reported to be on the rise. As part of the analysis, the researchers created a ‘sinkhole’ – a system pretending to be a Cryptolocker command and control (C&C) server – in order to study and gauge infections in the wild. An analysis of live communication from infected clients confirms that the number of victims is rising, with the majority of victims affected being in the US and UK. This research yielded smart Anti-Bot and Antivirus signatures that were then relayed to Check Point ThreatCloud. These signatures block all C&C communications, ...

Threat Emulation Exposes Widespread Malware Campaign

 
Summary On October 24, 2013, the Check Point ThreatCloud Emulation Service received six PDF document files from a European Union official agency running a Check Point threat prevention gateway. Automated analysis in the Threat Emulation sandbox determined that these documents exploited an Adobe Reader vulnerability, and additional research revealed that these files were delivered via a dynamic URL scheme and were, at the time, detected by only 8% of antivirus solutions. The result was a potentially powerful targeted attack tool that would have evaded many other vendors’ defenses. After we added detections to ThreatCloud, where they became available to Check Point threat prevention ...

LinkedIn Intro – A FAQ

 
There’s a lot of buzz regarding LinkedIn’s new iOS app – Intro. Some are hailing it, others hate it. To clarify what’s going on, we’ve put together this FAQ. Q: What’s LinkedIn Intro? A: It’s LinkedIn’s iOS extension for mail. As opposed to other mail apps which “simply” provide you with the name of the sender, Intro allows you also to see the sender’s LinkedIn profile info. Q: Why the complaints? A: It’s how LinkedIn does this email enhancement. In order to add the LinkedIn info, incoming emails through Intro actually make a stop at LinkedIn servers before proceeding to your ...

Viewpoints on Launching Lacoon

 
Michael Shaulov, CEO, Lacoon Mobile Security As a founder, I view the launch by first looking back at all that we've accomplished in the past two years. The first four months that Ohad and I began diligently working at the cozy office room in my previous apartment in north Tel-Aviv. The key researchers that we strategically recruited to work on our sanbox, static code analysis and behavioral detection. The first time we nervously met each of our investors - Shlomo, Mickey, Rakesh, Amichai and Ralph - and the intense conversations we've had ever since. And last but not least, the initial customers who immediately grasped how we're approaching mobile security in a fundamentally better ...

Why the Feds are Getting the Mobile Threat Wrong

 
Yesterday, Public Intelligence - mainly, a public repository of government documents - released a joint DHS-FBI report “Threats to Mobile Devices Using the Android Operating System” (find it here). Granted, the report hasn’t been validated as official as we write this post so it definitely may be a hoax. But assuming its authenticity - there is much to say about it. The report calls out Android a “primary target for malware attacks” given that 44% of Android devices run Gingerbread (Android v.2.3.x) which is known to have numerous vulnerabilities. We have no qualms regarding that threat – as we constantly research new ...