Endpoint //

Privacy

1/3/2019
06:00 PM
50%
50%

Android Malware Hits Victims in 196 Countries

Malware disguised as games and utilities struck more than 100,000 victims before being taken out of Google Play.

New Android malware hit more than 100,000 users in 196 countries before Google removed it from Google Play — and it continues to steal personal information from users across the globe.

Researchers at Trend Micro found ANDROIDOS_MOBSTSPY, spyware that disguised itself as six different Android apps, five of which were removed from Google Play in February 2018. One of the apps, Flappy Birr Dog, remained available in the store until the beginning of 2019.

According to the researchers, the malware collects personal information, including user location and SMS conversations, using Firebase Cloud Messaging to send information to its command and control server. That same server can instruct the software to gather data that could include downloading files located on the Android device and conduct a phishing campaign by displaying fake Google and Facebook pop-up ads to encourage the victim to give up credentials.

While the greatest number of victims were in India, which accounted for nearly one-third of the total, the malware's reach extended to nearly every continent.

For more, read here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
nickolaenfold
50%
50%
nickolaenfold,
User Rank: Apprentice
2/6/2019 | 3:49:43 AM
Re: No apps
There is an app that checking safety of the others apps that you instaled from google play. It's probably the greatest way to minimize the risk.
REISEN1955
0%
100%
REISEN1955,
User Rank: Ninja
1/4/2019 | 6:48:14 AM
No apps
My wife has her Chase account app onher IPhone and I have recommended it be removed.  There is little protection on these devices and why be exposed at all if you can minimize the risk.  Waiting a few hours to check balances on either ARM or a computer with proper protection is well worth the trouble.  I see no reason to be totally android or IPhone connected with the world.  The risks outweigh the benefits. 
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10014
PUBLISHED: 2019-03-24
In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.
CVE-2019-10015
PUBLISHED: 2019-03-24
baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BG_SITE_NAME field in the opt_base.inc.php file.
CVE-2019-10017
PUBLISHED: 2019-03-24
CMS Made Simple 2.2.10 has XSS via the advanced_search.php Name field, which is reachable via an "Add a new Profile" action to the File Picker.
CVE-2019-10010
PUBLISHED: 2019-03-24
Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583.
CVE-2019-9978
PUBLISHED: 2019-03-24
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.