Lacoon Discovers Xsser mRAT, the First Advanced Chinese iOS Trojan

 
Hong Kong Activists May be Part of a Larger Cross-Platform Attack Shalom Bublil, Daniel Brodie, and Avi Bashan contributed to the post, and are credited with Lacoon's discovery of the Xsser mRAT.  The Lacoon Mobile Security research team has discovered a new mRAT it calls “Xsser mRAT.” The Xsser mRAT specifically targets iOS devices, and is related to Android spyware already distributed broadly in Hong Kong. A link to the Android spyware, disguised as an app to help coordinate Occupy Central protests in Hong Kong, was sent as an anonymous message to Whatsapp users there on Thursday. In its investigation of that spyware, Lacoon uncovered the Xsser mRAT hosted on the same Command ...

Chinese Government Targets Hong Kong Protesters With Android mRAT Spyware

 
Protesters in Hong Kong are being targeted by a social engineering campaign aiming to infect Android devices with an advanced surveillance mRAT A malicious, fake Android mRAT app claiming to coordinate the Occupy Central pro-democracy movement has been circulating online since last week. Activists have been receiving a link to the application via Whatsapp phishing messages from an unknown phone number with the message “Check out this Android app designed by Code4HK, group of activist coders,  for the coordination of Occupy Central!”. Code4HK is a group of activist coders trying to improve government transparency ...

Shellshock A.K.A Bash Bug – A Serious Vulnerability That Could Affect Rooted or Jailbroken Mobile Devices

 
The security world is buzzing with news regarding the “Bash Bug”, also known as Shellshock,  a vulnerability discovered in one of the most fundamental interfaces powering the internet that is already being described as being ‘bigger than Heartbleed'. What does Shellshock do? The flaw (officially CVE-2014-6271) has been found in a software component known as Bash, which is a part of many Linux systems as well as Apple's OSX operating system. The vulnerability allows an attacker to execute code on a device that has the vulnerable version of bash installed. To be specific, in order to exploit this vulnerability ...

Vulnerability Discovered Within Default Android Web Browser

 
A Vulnerability That Could Enable a Threat Actor to Run Malicious Code on a Victim's Device Has Been Disclosed by Google Several weeks ago, Google discretely disclosed a vulnerability within the ASOP browser, the browser that serves as the default web browsing app for all versions of Android before 4.2. The vulnerability allows malicious sites to inject JavaScript into other sites. Those malicious JavaScripts can then read cookies and password fields, submit forms, grab keyboard inputs and quite a bit more. Android Browser used to be the default browser on Android OS, but this changed in Android 4.2, when Google switched to ...

Mobile Security Weekly – Just How Shellshocked is the Mobile World?

 
Had it not been for the new “Shellshock” vulnerability, the release of the iPhone 6 and iOS 8 would be our main focus this week. This new vulnerability is just as dangerous as Heartbleed, affects more users, and can be exploited much more easily, making it this week’s biggest issue. Shellshock - A Serious Vulnerability That Could Affect Rooted or Jailbroken Mobile Devices The security world is buzzing with news regarding the “Bash Bug,” also known as Shellshock. Without going into too many technical details, the flaw has been found in a software component known as Bash, which is a part ...

Protecting Yourself Against Shellshock

 
Note: This is a developing story. Check Point will provide updates as additional information becomes available. Check Point strongly encourages organizations to take action and understands how fixes and protections work in order to minimize their exposure and avoid introducing new problems. What is Bash and Shellshock? Bourne Again Shell, also referred to as Bash is a command-line shell used commonly in Apple MAC OS X and Linux/UNIX operating systems. On September 25th, “Shellshock”, a critical vulnerability related to Bash was discovered (CVE-2014-6271 and CVE-2014-7169). According to the US-CERT, if exploited, this vulnerability enables attackers to remotely execute shell ...

Mobile Security Weekly – A Whole New iWorld

 
This edition of the Mobile Security Weekly couldn’t start with anything but the release of the iPhone 6 and 6 Plus. With it, all the old discussions of Android vs iPhone have risen again, along with a series of new events that may make the decision even harder. The only thing that’s obvious is that whatever Google & Apple say, neither can provide a completely secure experience -- something made exceedingly evident by this weeks stories. iOS8 has arrived and brought more than 50 security fixes with it Apple has released a substantial list of iOS 8 security updates and ...

iOS 8: Newer, better, but is it safer?

 
Can Apple's New Features Expose You to New Mobile Security Risks? With the iCloud scandal seemingly in its past, Apple announced new iPhones, updates to iPad and Macbooks as well as news on OSX Yosemite. Although consumers will have to wait to get their hands on some of that new stuff, what they can get is the latest release of iOS 8 which Apple made available for most in-market iPhones and iPads today. Originally announced at WWDC (Apple’s annual developers conference) in June, iOS 8 seems to spearhead Apple’s newfound focus upon greater integration of their products into everyday tasks, cross-platform mobility and ...

Don’t Let Mobile Spy App Windseeker Get Caught in Your Sail

 
As Mobile Malware evolves, how do you protect yourself from Mobile Spy Apps like Windseeker? Recently, our research team spotted a new Chinese Android surveillance app that implements a new, unique injection technique. How is this significant? It clearly demonstrates the ongoing evolution of malware capabilities in mobile operating systems -- adopting the same methods from the PC world. This new mobile spying app, named “Windseeker," runs on rooted Android devices and enables the threat actor to eavesdrop on popular Chinese Instant Messaging (IM) apps. What’s the Threat? Windseeker runs on rooted Android devices and ...

Mobile Security Weekly – iPhone 6 is Here – Mobile Security Doesn’t Stop to Wait.

 
Amazingly, things that aren’t related to either the iCloud Scandal or the iPhone 6 have made big impacts on the world of mobile security this week. Google is taking another step towards the enterprise, while many famous and hugely popular apps have again been discovered to be providing sub-standard security to their users. Google unveils iOS sync security service Google has launched an iOS Sync service for Google Apps, marking its latest attempt to push its enterprise services into mixed office environments. The feature, which will support all devices running iOS 7 or later (including the new ...