This week’s blog covers quite a few significant topics. While some broke news around the world (Angry Birds), others might have missed your inbox.
- • New leaked NSA documents reveal massive data collection from mobile apps. Agencies have been targeting metadata that has been leaking from mainstream apps, such as Angry Birds, Google Maps, Facebook, Flickr, LinkedIn & Twitter.
By intercepting this type of traffic, user data ranging from personal details and GPS location to entire messages, is up for grabs.
What’s the significance? Although headlines focused on the NSA, this piece of news demonstrates the actual leakage of personal information caused by mobile apps and ad networks. In a similar fashion, attackers too slurp personal targeted information and carry intelligence against an enterprise or an individual.
- • Researchers discovered a new strain of banking Malware that infects Android-based devices upon connection to a PC. The malware, named ‘Trojan.Droidpak’, is the first android malware to use this infection method. At the moment, the mRAT (mobile Remote Access Trojan) seems to only target Korean online banking applications on the compromised device.
http://thehackernews.com/2014/01/first-ever-windows-malware-that-can_23.html
What’s the significance? Interestingly, while this type of infection method was also used in Red October (a large espionage campaign uncovered last year), there was no component that affected Android-based devices. But as attacks evolve quickly, this is already the second time within a year that this type of infection method was used against Android-based devices.
- • Oldboot, the first Android bootkit malware was uncovered. While we published a blog earlier this week, more reports on the subject have been surfacing – it seems the malware is still showing up mainly in China but has also appeared in Europe, South America and the USA.
http://www.lacoon.com/blog/2014/01/oldboot-a-new-bootkit-for-android/
What’s the significance? This malware serves as an additional reminder that attackers consider mobile as the next viable attack platform and are moving quickly. Comparing to the PC world – various bootkit malware have been in existence for quite a few years already while Oldboot is the first occurrence of its mobile equivalent. Unfortunately, an Android bootkit poses a much bigger threat to users than PC since Android devices are more generic.
- • Four individuals were charged for their alleged roles in an operation that distributed pirated copies of Android applications. The crackdown marks the first time the Department of Justice has worked on a counterfeit mobile apps case. The individuals being charged operated several websites that offered online storage for pirated copies of copyrighted Android apps that were then distributed to their members or subscribers.
http://www.securityweek.com/four-charged-android-mobile-app-piracy-operation
What’s the significance? Apart from highlighting the extents of the pirated app problem, this marks the first time the Department of Justice has worked on a counterfeit mobile apps case. It’s a step in the right direction, but should also make you more aware of where your apps are coming from.
- • A group of Android experts have seemingly uncovered a large-scale fraudulent operation – Salsoft – a company behind a dozen or so app development and design firm websites that have intentionally misrepresented themselves to customers. Their findings show that Salsoft and their affiliate sites have, among other things, been taking credit for and selling apps that don’t belong to them.
What’s the significance? This case highlights a larger problem than the obvious need to crack down on contract breaches and fraud – and that is the rise of non-official app marketplaces. It’s getting more difficult to ensure that apps distributed in these secondary marketplaces are genuine and non-malicious. While Google has put in place measures to secure apps in their marketplace, malicious apps still do escape these checks. All the more in secondary marketplaces which place rudimentary – if at all – security controls.