We’ve intercepted two, currently circulating, malicious spam campaigns enticing users into executing the malicious attachments found in the fake emails. This time the campaigns are impersonating Vodafone U.K or pretending to be a legitimate email generated by Sage 50’s Payroll software.
More details:
By Nathan Collier
Last Friday we blogged about the radical Android OS bug 8219321, better known as the “Master Key” bug, which was reported by Bluebox Security. Check out last weeks blog if you haven’t already: “The implications are huge!” – The Master Key Bug. We mentioned how we have been diligently working on protecting those not yet covered by patches or updates, and finding a solution for older devices as well. We are happy to report we have the solution! The newest version of Webroot SecureAnywhere Mobile with a patch for the “Master Key” bug can be found on the Google Play store now: Webroot SecureAnywhere Mobile.
Malware is always evolving, and so are we. No matter what new exploits are thrown our way, we have you covered. From all of us at the Webroot Mobile Team, stay safe.
By Dancho Danchev
Looking for legitimate online gambling services? You may want to skip the rogue online casinos that I’ll highlight in this post. Over the past few days, we intercepted multiple spam campaigns launched by the same party, enticing users into downloading fake online casinos most commonly known as the Win32/PrimeCasino/Win32/Casonline PUA (Potentially Unwanted Application).
More details:
By Nathan Collier and Cameron Palan
Last week, Bluebox Security reported they’d found a new flaw with the Android OS, saying “The implications are huge!”. The bug, also known as the “Master Key” bug or “bug 8219321”, can be exploited as a way to modify Android application files, specifically the code within them, without breaking the cryptographic signature. We call these signatures the “digital certificate”, and they are used to verify the app’s integrity. Since the bug is able to modify an application and still have the certificate appear valid, it is a big deal. read more…
In a clear demonstration of low QA (Quality Assurance) applied to an ongoing malicious spam campaign, the cybercriminals behind the recently profiled ‘Cybercriminals spamvertise tens of thousands of fake ‘Your Booking Reservation at Westminster Hotel’ themed emails, serve malware‘ campaign, have launched yet another spam campaign.
Despite the newly introduced themed attempting to trick users into thinking that they’ve received a ‘iGO4 Private Car Insurance Policy Amendment Certificate‘, the cybercriminals behind it didn’t change the malicious binary from the previous campaign.
More details:
For many years now, cybercriminals have been efficiency abusing both legitimate compromised and automatically registered FTP accounts (using CAPTCHA outsourcing) in an attempt to monetize the process by uploading cybercrime-friendly ‘doorways’ or plain simple malicious scripts to be used later on in their campaigns.
This practice led to the emergence of DIY (do-it-yourself) tools and managed service platforms that allow virtually anyone to start monetizing these fraudulently or automatically registered accounting data, signaling a trend towards an efficiency-driven cybercrime ecosystem – a concept that’s been materializing on a daily basis for a couple of years.
In this post, I’ll profile a desktop-based tool that allows cybercriminals to automatically syndicate lists of free/paid proxies — think malware-infected hosts — adding an additional layer of anonymity in the process of uploading their doorways/malicious scripts on any given FTP server whose accounting data they’ve managed to compromise or automatically register.
More details:
By Dancho Danchev
Cybercriminals are currently mass mailing tens of thousands of fake emails impersonating the Westminster Hotel, in an attempt to trick users into thinking that they’ve received a legitimate booking confirmation. In reality through, once the socially engineered users execute the malicious attachments, their PCs automatically join the botnet operated by the cybercriminals behind the campaign.
More details:
By Dancho Danchev
We’ve just intercepted a currently circulating malicious spam campaign consisting of tens of thousands of fake ‘Export License/Invoice Copy’ themed emails, enticing users into executing the malicious attachment. Once the socially engineered users do so, their PCs automatically become part of the botnet operated by the cybercriminals behind the campaign.
More details:
By Dancho Danchev
From managed ransomware as a service ‘solutions‘ to DIY ransomware generating tools, this malicious market segment is as hot as ever with cybercriminals continuing to push new variants, and sometimes, literally introducing novel approaches to monetize locked PCs.
In this case, by forcing their users to complete a survey before they receive the unlock code.
More details:
In May of 2012, we highlighted the increasing public availability of managed SMS spam services that can send hundreds of thousands of SMS messages across multiple verticals. These services are assisted through the use of proprietary or publicly obtainable phone number harvesting and verifying DIY applications.
In this post, I’ll profile one of the most recently advertised managed mobile phone number harvesting service which allows full customization of the harvesting criteria based on the specific requirements of the customer.
More details:
We’ve just intercepted yet another campaign serving deceptive ads, this time targeting German-speaking users into downloading and installing the privacy-invading ‘FLV Player’ Potentially Unwanted Application (PUA), part of Somoto’s pay-per-install network.
More details:
By Nathan Collier
There’s one variant of Android.Bankun that is particularly interesting to me. When you look at the manifest it doesn’t have even one permission. Even wallpaper apps have internet permissions. Having no permissions isn’t a red flag for being malicious though. In fact, it may even make you lean towards it being legitimate.
There is one thing that thing that gives Android.Bankun a red flag though. The package name of com.google.bankun instantly makes me think something is fishy. To the average user the word ‘Google’ is seen as a word to be trusted. This is especially true when it comes to the Android operating system which is of course created by the search engine giant. read more…