Mobile Security Weekly: Android mRATs, Paid Apps Hacked, Whatsapp Talks Privacy

Ohad Babrov is co-founder and CTO at <a href=

Lacoon Mobile Security.” width=”115″ height=”75″ /> Ohad Bobrov is co-founder and CTO at Lacoon Mobile Security.

As we draw nearer to the end of 2014, the world of mobile malware is reminding us just how many steps forward it has taken over the past 11 months. This weeks edition is dominated by NotCompatible, an advanced mRAT that we haven’t heard the last of. On the other end of the spectrum, Whatsapp, one of the most popular messaging apps in the world is moving with times and addressing a major worry of many users – privacy.

“NotCompatible” – The Most Advanced Android mRAT Yet?

NotCompatible, a strain of Android malware, has evolved into a threat comparable to PC malware. It boasts various data collection methods as well as increased resilience to network-based detection and blocking.

First detected in 2012, this is the 3rd incarnation of NotCompatible. NotCompatible.C uses a peer-to-peer control technique normally associated with only the most advanced Windows PC malware. NotCompatible has been used for a vast range of different attacks – ranging from fraudulent ticket purchases (against some of the most popular services, including Ticketmaster, Live Nation & StubHub), spam, click fraud, and brute forcing passwords. It has also been witnessed infiltrating several different corporate networks.

Researchers say the attackers have established an advanced C&C (Command and Control) infrastructure tied to drive-by-download attack campaigns (victims visit an infected site on their mobile browser) that attempt to trick user into initiating the process which installs NotCompatible. Other social engineering methods, such as emails with malicious links, are also being used.

It seems the attackers intend to infect as many device as possible and turn them into a so-called botnet, a network of infected devices that can be used by attackers for various malicious purposes. The infected devices are actively searching other infected phones for exactly this purpose. There is also quite a bit of evidence that NotCompatible’s developers are renting out control of infected mobile devices to criminals for various devious tasks.

Why is this Significant?

The paragraphs above speak for themselves. NotCompatible has raised the bar in terms of both the technological capabilities of mobile malware as well as operational complexity. We will undoubtedly be seeing and hearing a lot of NotCompatible in the coming weeks.

New Report claims that Nearly ALL of top 100 Android & iOS Paid Apps have been Hacked

Over the past year, mobile malware has taken a significant leap. A new report shows that the number of Top 100 iOS apps that have been hacked over the past year increased from 56% in 2013 to 87% in 2014. Moving to Google’s side – the majority (97%) of top paid Android apps have also been hacked.

The statistics literally speak for themselves. The vast majority (95%) of the top Android finance apps were hacked in 2014, compared with only 53% in 2013. Nine of the 10 top retail Android apps were hacked in 2014, compared with 36% of iOS retail apps.

A “hacked” or “cracked” app is essentially involves dissecting the original app and turning it into a malicious version that may look and feel the seem. In most cases, the attacker has added or modified the attributes and behaviours of the original app – removing security features or turning it into an mRAT.

Why is this Significant?

We hardly needed another reminder of just how critical it is to only download apps from legitimate sources. In some cases, even that might not be enough. But the story above proves just how dangerous 3rd party marketplaces can be, regardless of which app you’re downloading.

WhatsApp Upgrades User Privacy for Android app

WhatsApp has announced that it will encrypt all its 600m users’ text messages by default, which is a serious stride forward for privacy. On the flip side, this step will likely be strongly criticized by governments and police forces worldwide.

The feature which aims to protect messages from eavesdroppers by encrypting the chats between people is not 100% hermetic yet. . At the moment, it only covers text messaging between two users (as opposed to group messages or pictures) and only works on Android. Furthermore, Whatsapp is still susceptible to MitM (man-in-the-middle) due to the fact there isn’t really a way to verify who’s on the other side.

Why is this Significant?

Your basic day-to-day messages and personal information are well on their way to being covered in fiendishly complicated encryption. With Whatsapp (and previously iMessages) opting to provide this as a default, gone are the days where encryption either required effort, knowledge and/or extra services.