Google’s annual Android security report illustrates Check Point’s dominance in mobile threat defense research

 
Google published its annual security report yesterday for the Android ecosystem. The report includes many commendable efforts by Google to improve the security of users, and fight back against the raging surge of malware. One of the major actions Google has introduced this year was working alongside security vendors to eradicate malware from the ecosystem, a task Check Point was happy to contribute to. 70% of the malware Google cites in the report was discovered and brought to the public attention by Check Point’s mobile security researchers. This is a good indication of the major role played by Check Point's researchers in protecting the entire mobile ecosystem, while identifying and ...

Hancitor Makes First Appearance in Top Five ‘Most Wanted’ Malware in Check Point’s February Global Threat Impact Index

 
Hancitor has surged into the top five of our ‘most wanted’ malware families worldwide for the first time, according to the new February Global Threat Impact Index from our Threat Intelligence Research Team. The downloader, which installs malicious payloads such as Banking Trojans and ransomware on infected machines, climbed 22 places after more than tripling its global impact in the past month. Also known as Chanitor, Hancitor is usually delivered as a macro-enabled Office document in phishing emails with "important" messages such as voicemails, faxes or invoices. The index ranked Kelihos, a botnet used in spam campaigns, as the most prevalent malware family overall, with 12% of ...

Charger Malware Calls and Raises the Risk on Google Play

 
Several weeks ago, Check Point Mobile Threat Prevention detected and quarantined the Android device of an unsuspecting customer employee who downloaded and installed a 0day mobile ransomware from Google Play dubbed “Charger.” This incident demonstrates how malware can be a dangerous threat to your business, and how advanced behavioral detection fills mobile security gaps attackers use to penetrate entire networks.   Charger was found embedded in an app called EnergyRescue. The infected app steals contacts and SMS messages from the user’s device and asks for admin permissions. If granted, the ransomware locks the device and displays a message demanding ...

A Whale of a Tale: HummingBad Returns

 
  Check Point researchers have found a new variant of the HummingBad malware hidden in more than 20 apps on Google Play. The infected apps in this campaign were downloaded several million times by unsuspecting users. Check Point informed the Google Security team about the apps, which were then removed from Google Play. This new variant, dubbed ‘HummingWhale,’ includes new, cutting edge techniques that allow it to perform ad fraud better than ever before.   HummingBad is a malware first discovered by Check Point on customer’s devices in February 2016. HummingBad stands out as an extremely sophisticated and well-developed malware, which employed a ...

September’s ‘Most Wanted’ Malware List: Ransomware in Top 3 for First Time

 
The Check Point Research Team revealed this week that ransomware attacks continued to rise in September. For the first time since the team launched the Threat Index, ransomware moved into the top three position of the most prevalent malware, with the Locky ransomware accounting for 6 percent of all recognized attacks globally during the month. The relative presence of ransomware attacks, within the total number of global attacks, increased by 13 percent. In line with recent trends, the number of active malware families remained high, with three new entries making the top ten, including Chanitor, a downloader for malicious payloads, the Blackhole exploit kit, and Nivdort, a multipurpose bot. ...

Gartner Recognizes the Importance of Mobile Threat Defense

 
HummingBad. Stagefright. QuadRooter. Mobile malware and vulnerabilities have been making headlines well over the past year, and attacks are becoming a more common way for cybercriminals to steal sensitive data. We believe this trend – one that our research team encounters daily – is illustrated in the Gartner Market Guide for Mobile Threat Defense Solutions.* This rise in the sophistication and volume of mobile malware and continued exposure to unknown vulnerabilities demonstrates how Android and iOS devices simply aren’t secure on their own. The Mobile Threat Defense Market is Growing Rapidly Mobile malware and vulnerabilities aren’t all that different than their cousins ...

On Their Best Behavior: Securing iOS and Android in the Enterprise

 
In today’s business environment, using mobile devices isn’t just a business requirement, it’s an employee expectation. But for some organizations, these devices present security challenges that prevent or limit their ability to support a fully mobile enterprise. It’s not enough that they just deploy or manage iOS and Android devices, they also need to defend them against advanced attacks with confidence.   Understand your level of risk A recent survey of security professionals showed 75% of companies allow personal devices to connect to corporate networks. Workers use these same devices to download personal apps and email – exposing business networks to phishing scams ...

DIY Attribution, Classification, and In-depth Analysis of Mobile Malware

 
The security research community has been dealing with malware attribution and classification for decades. The benefits of this process for PC-based malware are myriad and well known. Check Point has followed the same process for multiple malware campaigns during the last year, including Volatile Cedar, Rocket-Kitten, and the Nuclear Exploit Kit. In fact, the PC malware research field is so mature that many security-savvy enterprises now have their own internal teams of cyberanalysts. These teams conduct in-depth malware research as part of their incident response and threat intelligence duties with a focus on their organization’s specific needs, domains, and adversaries. However, ...

From HummingBad to Worse: New In-Depth Details and Analysis of the HummingBad Android Malware Campaign

 
For five months, Check Point mobile threat researchers had unprecedented access to the inner-workings of Yingmob, a group of Chinese cyber criminals behind the HummingBad malware campaign. HummingBad is a malware Check Point discovered in February 2016 that establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps. Yingmob runs alongside a legitimate Chinese advertising analytics company, sharing its resources and technology. The group is highly organized with 25 employees that staff four separate groups responsible for developing HummingBad’s malicious components. Download our report “From HummingBad to Worse” ...