Anti-Malware

Given the rise in smart phone usage over the past few years, QR (Quick Response) codes have increasingly become a popular tool for traditional retail outlets trying to connect with online audiences., with Village cinemas being just one of  a string of Australian businesses to adapt the technology recently.

Now that QR codes can now be found on flyers, websites, buses and billboards they have become a new target for cyber criminals – always looking to exploit the latest technology for their own gain. Malicious QR codes can easily be placed over legitimate QR codes using printed stickers for small and widespread attacks on your personal and financial details.

Not only could these savvy criminals target legitimate forms of advertising, but they could also easily distribute their own flyers and advertisements via guerrilla marketing techniques offering up enticing deals. It shouldn’t come as a surprise, cyber-criminals have been doing this for years in the form of email phishing campaigns. Just as with that form of attack, QR codes could send mobile web browsers to malicious websites to complete web forms and download malware, infecting your device or stealing your details for more sinister use.

Llyod Borrett, AVG security expert:

“You must think of your device as the being the powerful mobile computer it is. Take similar security precautions when out and about with your smartphone or tablet as you do when using a personal computer at home or work. Have always on, up-to-date security software installed on your device. And, always think through every action before you click on a bargain.”

 

“Our surveys show that the majority of people aren’t even password protecting their smartphone and tablet devices,” said Borrett. “Yet they need to be doing much more, including installing a good security solution like AVG Mobilation for Android. Then they will have protection in place that will check apps and web site content for malware should they be tricked into using a malicious QR code.”

For further information and security tips, see the AVG website.

Continue Reading

A 50,000 surge in Android Market applications in the last year has taken the total number of apps to over 200,000 but has come at a cost – the huge growth has brought with greater attention from cyber criminals with a sharp rise in malicious apps designed to steal user data appearing.

Since the middle of last year there has been a 400% increase in the detection rate of malware on the Google Android platfom, leading to several Android antivirus programs being released onto the market. Some have blamed the open source nature of the Android platform for these figures compared to Apple’s heavily moderated iTunes App store.

These figures were released during a recent mobile security study by Juniper Networks which concluded that the Android Market was the largest distribution network of malware on mobile devices. One particular Android app called DroidDream has been blamed for infecting up to 50,000 Android users before Google could remove the rouge app.

Security firms AVG and Webroot have recently released free and paid versions of their mobile security programs, with software specifically for the Android operating system.

Continue Reading

Mobile Applications installed on Google Android phones that are infected with Malware have managed to make there way onto some users phones via the Android Market, prompted internet search giant Google to remotely activate a ‘kill switch’ that allows them to remotely destroy the apps in question.

Malware threats on mobile devices are a growing concern in the telecommunications industry, with a increasing number of threats being geared specifically towards the Android mobile operating system.

Google has claimed in a blog post that the applications where removed within minutes, and has now taken further action to prevent these attacks occuring in the future. For the post:

“We are remotely removing the malicious applications from affected devices. This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications”

“You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.”

Google says the the kill switch feature has been available to them since 2008, but was only used for the first time in June 2010 on two apps.

Continue Reading

Leading security software vendor McAfee has warned SMEs to implement measures that encrypt or give the ability to format (erease all data) smartphones and other mobile devices incase they are lost or stolen.

The warning comes of the back of  a report issued by the company revealing there were over 20 million new malware threats identified last year alone, many of which are specifically targeted towards mobile devices. The report also makes mention of the Zeus Trojan which successfully infected Bristish Goverment computer networks.

Cheif  Technology officer for McAfee Asia Pacific explains:

“You need to look at the risk profile of your devices. First of all, identify what you are doing on that device? What are you actually using it for?”.

“Then you can make a decision about adding security. The first thing I would recommend is that people look at securing the actual data on their device… but that doesn’t mean you have to have a next-generation security product on there.”

“The creators of the Zeus botnet repurposed an old version of a commercial spyware package. Android/Geinimi, a Trojan inserted into legitimate mobile applications and games for the Android platform, was one of the most important threats of the quarter.”

“But this is a scenario that made people stock and look at what was happening. It’s going to get to a situation where people decide they need to add protection to their phones because we’re seeing so much action in this space.”

“You need to make sure that you are using the inherent features of the device. Most smartphones come now with some sort of password identification, and you should configure that and make it strong. Few people actually leverage these features.”

“You also need to make sure that if the device is lost, the data that sits on that device is secure. That’s more important than anything else and is typically overlooked because it’s been so difficult.”

“This year was massive for us, and we’re seeing an average of 55,000 new threats every day. It puts significant strain on the security model people are using, on whatever device they are using.”

Continue Reading

BBC News has shown just how easy it can be to create and malicious application to run on a smartphone. The BBC spent a few weeks putting together a crude game for a smartphone that secretly spied on the owner of the phone.

Using the standard Software Developer Kits SDKs used by all application developers, the BBC was easily able to diguise their malware in the game without detection. This is because the legitimate applications are using the same functions according to security experts.

The BBC notes:

While the vast majority of malicious programs are designed to attack Windows PCs, there is evidence that some hi-tech criminals are starting to turn their attention to smartphones.

Booby-trapped applications for smartphones have been found online and in recent weeks Apple and Google have removed applications from their online stores over fears that they were malicious.

You can read the fully story on the BBC website.

Continue Reading

Researchers at Trend Micro have announced the discovery of the first known Android Trojan running on Google’s Android OS smartphones.

According the Trend Micro, the malware is disguised as a Windows Media Player icon attempts to send text messages via the Short Message Service Center (SMSC). Similair to the Symbian malware that posed as a application that also sent text messages, this new piece of malware obtains permission from the function (android.permission.SEND_SMS) to sent it messages.

According to Trend Micro:

According to advanced threats researcher Ivan Macalintal, the payload of this attack is not new since in the past, we’ve seen mobile threats that perform the same fraudulent routines. “This income-generating scheme is a low-hanging fruit for cybercriminals. What makes it unique is the use of Android as the targeted platform and, with the increasing popularity and usage of Android, we can expect more malicious code served up in that alley.”

Trend Micro products detect this as TROJ_DROIDSMS.A.

Continue Reading

Earlier this week a developed known as Comex released a jailbreak for the new Apple iPhone 4 which enables users to jailbreak their iPhones just by visiting a specially designed website, making the process a whole lot easier than before. Older models of Apple products that run on iOS can also be broken in this manner.

Worth noting though is the way in which the phone is being jailbroken. The jailbreak exploits two separate vulnerabilities in iOS:

1. PDF files opened by the Safari browser that contain specially crafted embedded fonts can be used to cause arbitrary code execution. This appears to be similar or related to a flaw that was patched in match for Mac OS X users.
2. The second vulnerability allows elevated privileges to be obtained, however the details for this have not been made publicly available.

Of major concern is the fact there is no reason why the very same techniques could not be used for something far more sinister or malicious, such as the distribution of malware onto iOS devices.

Continue Reading