Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Avast Blog_Security News: ICE under fire, SimBad the epic malware, and more weekly ne
#1
Information 
Quote:
[Image: TVDumYE.png]

[Image: avast-security-news-roundup-5-4.jpg?width=900]

The ACLU accuses ICE of skirting the law, over 200 malware-infected Android apps are discovered, a bank bot gets a major evil upgrade, and more.ICE skates around privacy

The American Civil Liberties Union (ACLU) issued grave concerns this week over the recent revelation that the US Immigrations and Customs Enforcement (ICE) holds a $6.1M contract with Vigilant Solutions, an automatic licence plate reader (ALPR) company. The contract grants ICE access to over 5 billion location records, which include coordinates, time, and date. ALPRs store data for years, making it possible to map out the travel patterns of any and all cars photographed by the machines, and Vigilant Solutions collects ALPR data from the 50 most populated areas of the country. ICE has also been accessing a pool of 1.5 billion records of ALPR data held by local governments.

The ACLU argues that local governments, when handing over the ALPR data to ICE, are sometimes breaking privacy laws and sometimes breaking sanctuary city laws. The organization is calling for an immediate end to the data sharing.

SimBad the malware and Operation Sheep

Cybersecurity researchers this week have identified two large-scale malware campaigns targeting Android devices through infected apps. Already boasting more than 250 million downloads in total, more than 220 malicious Android apps were exposed in the discovery.

SimBad is the first campaign, and it comprises 210 of those apps, which had somehow outsmarted Google’s vetting process and were selling in the official Google Play store. The name “SimBad” derives from the fact that most of the apps are simulator games. Together, they had been downloaded almost 150 million times. The SimBad campaign uses multiple strategies on the user — adware, phishing techniques, and cross-app exposure. Google Play has removed all 210.

Operation Sheep is the second campaign, and it was found only on 12 apps, all being sold in Chinese third-party app stores. Together, the 12 apps have been downloaded more than 111 million times. Operation Sheep’s sole purpose is to steal contact data from the devices. The infected apps can still be found on some third-party app stores.

“Third-party app stores usually are plagued with malicious apps,” corroborates Avast security expert Luis Corrons. “Unlike official stores, there are not exhaustive security controls. It is really common to find malware in them, and I would avoid them at all costs. At the very least, nobody should install anything from a third-party store without first having a proper antivirus solution in place, protecting their device.”   

Ursnif, the bank Trojan evolved

Like something out of a comic book, the bad guy bank bot Ursnif, who first showed up on the scene to steal data in 2007, has now re-emerged, tricked out with the latest tech and some disturbing state-of-the-art features. One of these features is being called “last minute persistence,” and it is a sneaky way of installing the malware payload in the least likely manner to get detected, using the moments right before the machine shuts down and right when the machine turns on to execute its commands. Another Ursnif upgrade is its sophisticated dropping process, using phishing techniques to coax user involvement in the least suspicious way possible, and then using another lesser bank bot as the shell in which Ursnif hides until it’s safe to come out. If the malware senses it is in a sandbox or other environment where it can be studied, Ursnif will not be deployed. The advanced bot can also steal more than bank info — it can also access certain emails and browsers and can reach its virtual fingers into cryptocurrency wallets. To date, the attacks have only been in Japan.

“These hiding techniques being used to bypass security solutions are very creative and could be effective against those who do not have advanced security layers, such as behavior shields,” notes Luis Corrons. “However, this attack also illustrates that the weakest link in the chain is the user. At the end of the day, to get this nasty malware into our computer, we first need to open a malicious email, then open the attached Word document in it, and then enable macros in order to have the malicious payload started. The lesson is to avoid attachments and never click on links in emails where we do not know the sender. And even if we make the mistake of opening the document, simply not activating macros from the document will save us.”  
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Microsoft Edge 123.0.2420.61
Version 123.0.2420...harlan4096 — 10:01
Opera 109.0.5097.35
Opera 109.0.5097.3...harlan4096 — 09:58
LibreOffice 24.2.2
LibreOffice 24.2.2...harlan4096 — 09:58
AdGuard Browser Extension 4.3.35
AdGuard Browser Ex...harlan4096 — 09:56
AVLab.pl - Product Of The Year 2024 – Re...
Just in time for t...harlan4096 — 09:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>