Endpoint //

Privacy

1/3/2019
06:00 PM
50%
50%

Android Malware Hits Victims in 196 Countries

Malware disguised as games and utilities struck more than 100,000 victims before being taken out of Google Play.

New Android malware hit more than 100,000 users in 196 countries before Google removed it from Google Play — and it continues to steal personal information from users across the globe.

Researchers at Trend Micro found ANDROIDOS_MOBSTSPY, spyware that disguised itself as six different Android apps, five of which were removed from Google Play in February 2018. One of the apps, Flappy Birr Dog, remained available in the store until the beginning of 2019.

According to the researchers, the malware collects personal information, including user location and SMS conversations, using Firebase Cloud Messaging to send information to its command and control server. That same server can instruct the software to gather data that could include downloading files located on the Android device and conduct a phishing campaign by displaying fake Google and Facebook pop-up ads to encourage the victim to give up credentials.

While the greatest number of victims were in India, which accounted for nearly one-third of the total, the malware's reach extended to nearly every continent.

For more, read here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
0%
100%
REISEN1955,
User Rank: Ninja
1/4/2019 | 6:48:14 AM
No apps
My wife has her Chase account app onher IPhone and I have recommended it be removed.  There is little protection on these devices and why be exposed at all if you can minimize the risk.  Waiting a few hours to check balances on either ARM or a computer with proper protection is well worth the trouble.  I see no reason to be totally android or IPhone connected with the world.  The risks outweigh the benefits. 
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Ricardo Arroyo, Senior Technical Product Manager, Watchguard Technologies,  1/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3906
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
CVE-2019-3907
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
CVE-2019-3908
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
CVE-2019-3909
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
CVE-2019-3910
PUBLISHED: 2019-01-18
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.