Google’s annual Android security report illustrates Check Point’s dominance in mobile threat defense research

 
Google published its annual security report yesterday for the Android ecosystem. The report includes many commendable efforts by Google to improve the security of users, and fight back against the raging surge of malware. One of the major actions Google has introduced this year was working alongside security vendors to eradicate malware from the ecosystem, a task Check Point was happy to contribute to. 70% of the malware Google cites in the report was discovered and brought to the public attention by Check Point’s mobile security researchers. This is a good indication of the major role played by Check Point's researchers in protecting the entire mobile ecosystem, while identifying and ...

Preinstalled Malware Targeting Mobile Users

 
Check Point mobile threat researchers recently detected a severe infection in 36 Android devices belonging to a large telecommunications company and a multinational technology company. While this is not unusual, one detail of the attacks stands out. In all instances, the malware was not downloaded to the device as a result of the users’ use, it arrived with it. According to the findings, the malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain. Six of the malware instances were added by a malicious actor to the device’s ROM using ...

2016 H2 Global and Regional Threat Intelligence Trends

 
Introduction New, sophisticated threats continue to emerge on a daily basis across multiple platforms: social media, mobile platforms, email, and web pages. At the same time, prominent malware and attack methods continue to evolve, bypassing existing security solutions, and tailoring attacks against the largest companies in the world. The devices we use every day are now subject to compromise and can be leveraged for attacks. Even the recent U.S. elections were targeted with significant attacks. The Check Point 2016 H2 Global Threat Intelligence Trends report provides you with the best overview of the cyber landscape; threats, data breaches, trends, attacks and predictions, based on data ...

The SMISHING threat – unraveling the details of an attack

 
  On January 26, a new smishing attack targeted users in the Czech Republic. Smishing, or SMS phishing, is a vector attackers use to send SMS messages from supposedly legitimate organizations.  These messages persuade users to download a malicious app, to provide private information like bank account or credit card details, or to click on a malicious URL. In this campaign, the attackers masqueraded as Czech Post, the Czech postal service to get users to download a malicious app containing a full-scale Trojan horse. Once users click the link, they are led to a fake Czech Post web page with a seemingly legitimate address. From there the malware downloads and installs immediately ...

Android Updates: Hurry Up and Wait  

 
Google, device makers and carriers take too long to update Android vulnerabilities. In fact, while it takes Apple just days to update iOS when it finds a vulnerability, Threatpost points out that it can take Google weeks or even months to do the same for Android. Apple needed only ten days to fix Trident vulnerabilities in iOS, but it took Google over seven months to fix all of the QuadRooter vulnerabilities in Android. While Apple is faster to fix iOS, and although iPhone and iPad devices are wildly popular, Apple doesn't rule the mobile world. Android has over 87% ownership of the global smartphone OS market, and of the top 5 smartphone vendors, 39% make Android devices – ...

On Their Best Behavior: Securing iOS and Android in the Enterprise

 
In today’s business environment, using mobile devices isn’t just a business requirement, it’s an employee expectation. But for some organizations, these devices present security challenges that prevent or limit their ability to support a fully mobile enterprise. It’s not enough that they just deploy or manage iOS and Android devices, they also need to defend them against advanced attacks with confidence.   Understand your level of risk A recent survey of security professionals showed 75% of companies allow personal devices to connect to corporate networks. Workers use these same devices to download personal apps and email – exposing business networks to phishing scams ...

In The Wild: Mobile Malware Implements New Features

 
Malware developers just won’t stand still. They continue developing malware as they go, sometimes to adapt to the changing threat landscape, and sometimes simply to improve their capabilities. Recently, two examples of such advancements presented themselves, one in Triada’s code and one in Viking Horde’s. Triada’s Trident is Getting Stronger As if the original malware wasn’t bad enough, Triada has now received a dangerous update. Triada’s main purpose is to steal money transferred over SMS messages as part of in-app purchases. The malware does so by leveraging its system level malicious compromise to highjack the raw SMS data (PDU) and send it directly to its C&C ...

Hack In The Box: Mobile Attackers Are Listening In

 
While most mobile attacks require some level of interaction with the user, Man-in-The-Middle (MiTM) attacks can achieve their goal without the user ever knowing they occurred. This type of attacks allows attackers to eavesdrop, intercept and alter traffic between your device and any other counterpart. There are several ways by which hackers can execute such attacks, the most prominent of which is using a spoofed hotspot. Many attackers establish fake hotspots with names similar to legitimate hotspot names, for example, “Starbucks Coffee” instead of “Starbucks.” Unaware, the user connects to the malicious hotspot. Once the user tries to connect to the server, the hacker uses his ...

In The Wild: Never a Dull Moment with Mobile Malware

 
Mobile malware learns fast. Every time new security measures come along, malware somehow manages to find a way to overcome them. This week we bring you such a story, with further details about Viking Horde, a botnet found by Check Point on Google Play. The malware is capable of bypassing even Android’s latest OS security mechanisms. Meet the Vikings: Part III The Check Point research team uncovered a new Android malware campaign on Google Play it calls Viking Horde. Viking Horde conducts ad fraud, but can also be a launchpad for attacks like DDoS, spam messages, and more. Viking Horde managed to bypass Google Play malware scans masquerading as five different apps so far. The research ...

Hack In The Box: Mobile Malware Goes In For The Kill

 
For attackers, installing a Trojan on your mobile device is the best way to attack it. Mobile malware provides attackers with a full arsenal of capabilities they can use to conduct several types of attacks including surveillance, info-stealing, ransomware, fraud, and much more. Surveillance malware, for instance, can track location, extract call logs, files, and SMS messages, log keyboard activity, take screenshots, and even record video and audio using the device camera and microphone. However, for each of these features, the malware must have the right code. Malware writers do their best to disguise incriminating code segments. Even code for legitimate apps looks like a tangled map ...