Malware Displaying Porn Ads Discovered in Game Apps on Google Play

 
In the past, cyber-criminals have targeted businesses, hospitals, and governments; today, we’ve seen them begin to focus on games and apps intended for children.   Check Point Researchers have revealed a new and nasty malicious code on Google Play Store that hides itself inside roughly 60 game apps, several of which are intended for children. According to Google Play's data, the apps have been downloaded between 3 million and 7 million times.   Dubbed ‘AdultSwine’, these malicious apps wreak havoc in three possible ways: Displaying ads from the web that are often highly inappropriate and pornographic. Attempting to trick users into installing fake ...

LightsOut: Shining a Light On Malicious Flashlight Apps on Google Play

 
Check Point researchers have detected a new type of adware roaming Google Play, the official app store of Google. The suspicious scripts overrides the user’s decision to disable ads showing outside of a legitimate context, and then, in many of the apps, hides its icon to hinder efforts to remove it. This is a purely malicious activity, as it has no other possible purpose other than eluding the user.   Dubbed ‘LightsOut’, the code hid itself in 22 different flashlight and utility apps, and reached a spread of between 1.5 million and 7.5 million downloads. Its purpose? To generate illegal ad revenue for its perpetrators at the expense of unsuspecting users.   The ...

The Skinner adware rears its ugly head on Google Play

 
A new member of the ever growing adware-found-on-Google-Play-list has been found. Previous members include Viking Horde, DressCode and CallJam, among many others. The malware, dubbed "Skinner", was embedded inside an app which provides game related features. The app was downloaded by over 10,000 users, and managed to hide on Google Play for over two months. Skinner tracks the user's location and actions, and can execute code from its Command and Control server without the user's permission. The app was removed from the play store after we contacted the Google security team. While Adware are a common threat to users, Skinner displayed new elaborate tactics used to evade detection and ...

Introducing Check Point vSEC for Google Cloud Platform

 
Cloud Security Puzzle – Solved! If you are deploying workloads (like web servers) or migrating back office apps into Google Cloud Platform (GCP), you will be happy to know that you can now do it securely in a turn-key way without sacrificing the agility & business elasticity provided by GCP. Check Point’s vSEC cloud security solution delivers advanced security that is virtually built into the Google environment using Google’s APIs. Together, Google and Check Point enable a multilayer security solution that comprehensively protects customers’ assets and data in the cloud with advanced threat prevention security. Why do we really need another security layer? While the ...

Choice, Flexibility and Advanced Security – Now with Google Cloud Platform

 
As a general rule of thumb, it has been a long accepted strategy in IT to avoid vendor lock in, or trusting too much in a single equipment provider that you get stuck because changing to another vendor would be too costly or inconvenient. This is especially true with public cloud providers, and fear of vendor lock in is often cited as a major road block to further cloud adoption. So how do you eliminate the risks of putting all your IT eggs in a single virtual network basket? One approach to solving this dilemma is a multi-cloud strategy. A multi-cloud approach provides benefits beyond simply eliminating financial risk; it can also help businesses redefine their software ...

Gartner Recognizes the Importance of Mobile Threat Defense

 
HummingBad. Stagefright. QuadRooter. Mobile malware and vulnerabilities have been making headlines well over the past year, and attacks are becoming a more common way for cybercriminals to steal sensitive data. We believe this trend – one that our research team encounters daily – is illustrated in the Gartner Market Guide for Mobile Threat Defense Solutions.* This rise in the sophistication and volume of mobile malware and continued exposure to unknown vulnerabilities demonstrates how Android and iOS devices simply aren’t secure on their own. The Mobile Threat Defense Market is Growing Rapidly Mobile malware and vulnerabilities aren’t all that different than their cousins ...

Security Disclosure: Google’s iOS Gmail App Potential Target for Threat Actors

 
As part of our ongoing research into Apple’s iOS environment, we analyze mobile apps from various perspectives. During a routine analysis of the Gmail iOS app we unexpectedly came across a vulnerability which enables a threat actor that is performing a Man-in-the-Middle attack to view, and even modify, encrypted communications. Secure  Mobile Communications 101 In general, secure communications rely on encryption, i.e. SSL, between an app and the back-end server to prevent prying eyes from seeing into content during transmit. The problem with using just SSL is that a threat actor can impersonate the back-end server ...