Checkpoint researchers identified a mobile malware named Copycat found infected with more than 14 million Android devices worldwide. The infected devices are found to perform ad fraud and has helped hackers make more than $1.5 million in the past 60 days. Once the malware is infected, it tries to root the device allowing the bad guys to gain full control of the device.
CopyCat has the ability to replicate referrer id of its own. (Referrer id is used to track ads from google ads or bing ads). This means any ad revenue generated is sent to the hackers instead of the original intended recipient. The malware uses 5 different exploits which includes CVE-2013-6282, CVE-2015-3636 and CVE-2014-3153 infected devices running Android 5.0 and earlier.
280,000 of infected devices are from US, 381,000 devices are from Canada and the rest belong to the users from India, Indonesia, Myanmar & Pakistan. If the victim belongs to China, the app would not perform any activity. Hence Checkpoint researchers believe that the cybercriminals are Chinese and trying to avoid any possible legal troubles. Although there is no direct evidence of who is behind the attack.
Adding to that the researchers also have found evidence of several connections between CopyCat and the Chinese ad network MobiSummer. It also has been found that the malware and the ad company originate from the same server and the malware has been found to have been signed by MobiSummer, a Chinese ad company.
Google has been tracking this malware and has necessary measures to block CopyCat with Play Protect. However not all the Android devices are updated nor even possible to update and many fall victim due to phishing or by installing third party apps after rooting resulting in the same. However there is no evidence that this malware has been distributed by Google Play store.
Petya has impacted all over the world starting from pharmaceutical companies, oil gaints, airports, hospitals, ports and many banks. The method of infection is similar to Wannacry with leaked NSA EthernalBlue, (MS17-010) infected thousands of people including hospital networks. Petya differs from typical ransomware as it also overwrites and encrypts the master boot record (MBR) […] Continue reading →
Trend micro researchers have discovered a Android Trojan ad library named Xavier that steals user’s information without user knowledge. More than 800 Android apps which embedded the ad library appears to have infected with the malware. Xavier has self-protect mechanism that allows it to escape both static and dynamic analysis making it harder to detect. […] Continue reading →
Microsoft published an article about the exploitation of Intel’s AMT tools stealing government data for espionage purposes. The hack works independently of the Operating system which can bypass any windows firewall at the moment. The malware has been active since at least 2009 primarily responsible for spear phishing attacks on ISPs, government organizations, intelligence agencies, […] Continue reading →
New Variant of HummingBad malware found inside more than 20 apps on Google play infects millions Researchers from Checkpoint have discovered a dubbed HummingWhale Android malware, Hummingbad was found inside more than 20 Google play apps. One of the apps inside Google play with Hummingbad infection appears to have been downloaded more than a millions […] Continue reading →
The first Android banker malware (Android.BankBot.149.origin) of 2017 is already out and its source code is put on the web. This Android malware can steal users banking information and send it to CnC servers. The source code available on the web also means more variants of this malware will be seen in the wild very […] Continue reading →
As security controls and defense measures for computer systems become more sophisticated, cyber criminals have taken one step ahead in the world of Ransomware. The most profitable ransomware attacks has taken a leap with doxing. What is Doxware ? “Ransomware is the art of encrypting data on a network, users PC or Mac and asking for […] Continue reading →
Security researchers from Malwarebytes have identified strange traffic originating from a Mac. The unusual traffic was identified by IT admins when investigated led to espionage malware describes as Quimitchin. (Apple calls this as ‘Fruitfly’) The malware appears to have been existed for a while and undetected for quite a long time. One of the timestamp […] Continue reading →
Researchers from Checkpoint have identified that a dubbed malware Gooligan has infected more than 1.3 million Android users globally. Android targeted malware campaign infects devices and steals authentication tokens which is then used to access data from Google apps such as Google play, Gmail, google photos google docs, google drive and many others. The malware […] Continue reading →
During the month of August, motherboard one of prominent online magazine released a report that more than 60 million account details were stolen from the cloud storage provider Dropbox. However now approx. 68 million Dropbox accounts are available to download by anyone.( Exact number as publish on ibtimes :68,680,741 accounts) During the month of September, […] Continue reading →