Weekly Mobile Security News Roundup

This week’s summary is a mix of articles that magnify the fact that boundaries between legitimate apps and malware, as well as the gaps between nation states and private hackers – are fading.

  • A new iPhone app invites not just your friends but also strangers to eavesdrop on your conversations and offer advice. Crowdpilot allows the user to invite as many people as they like to provide text based encouragement to their real-life conversations.http://onforb.es/McUlU4

    Why is this signigicant?
    Apart from being a slightly disturbing concept this a perfect example of how a completely legitimate App has adopted malware-style behavior. Some of the most advanced mRATs (mobile remote access Trojans) attempt to surreptitiously do exactly what Crowdpilot does. Not only does this show how generic acquiring room audio has become, it just makes it all that much easier for future malware to disguise itself.

  • Another prime example of apps behaving like malware was reported in Spain this week. Visitors to a popular Spanish news site automatically initiated the download of a third-party marketplace app. Although legit, this process somewhat reminds of infection tactics used by attackers:
    1. Drive-by download: it’s aggressively pushed onto your device.
    2. It sends a list of all applications installed on your device as well as your MAC
      address to their servers. Furthermore, it does this in cleartext.


    Why is this significant?
    As in the previous item – this is another alarming example of how malware and genuine apps can exhibit similar behavior. This Spanish app is a bona-fide one, but it is downloaded to your phone without the user’s request, grabs information from the device and allows remote code execution to be performed. Caution should be taken when dealing with developers of legitimate apps almost as much as when protecting from hackers.

  • New reports have been published discussing the increase in fake SSL certificates attempting to defraud users who bank online with their smartphones. Fake SSL certificates impersonating banks, e-commerce sites and social networks are exchanged in forums – waiting to create a means for attackers to perform man-in-the-middle attacks.Several studies show that around 40% of iOS based banking apps are vulnerable to such attacks because they fail to validate the authenticity of SSL certificates presented by the server.


    Why is significant?
    This isn’t necessarily a new problem, but it’s perhaps the first time that its severity has been measured. With the number of people performing sensitive actions on their mobile devices growing – MitM attacks based on certificate procedure deficiencies are a threat that has to be taken into account.

  • 300,000 Android devices have been infected by a premium-SMS malware agent. Several fake apps have been discovered on the Google Play Store that, once installed, sign users up for a 20$ (at least) SMS service. The apps get hold of the user’s number from WhatsappSo far, the apps that have been discovered are “Easy Hairdos”, “Abs Diets”, “Workout Routines” and “Cupcake Recipes”.


    Why this is significant?
    This is one more example of malware penetrating Google Play for distribution. We’ll keep looking out for more information, but for the time being, it’d be best to make sure to read all the fine print and permissions when downloading a new app.

  • Another leak has shed more light on the NSA’s mobile capabilities. The report describes the technologies and abilities given to Intelligence assets. Ironically, only a few years ago, it took a team of NSA engineers to achieve what anyone with a smartphone and an mRAT can do today.Capabilities such as GPS data collection, room audio and call recording are present in so many malwares today that it’s almost hard to believe that they where once available only to the most powerful of nations.

    This just goes to show what a major leap forward malware has made. The trend doesn’t show any signs of stopping, either.