Exploit This

Security News, Exploits, and Vulnerabilities.

IT threat evolution Q1 2017. Statistics

According to KSN data, Kaspersky Lab solutions detected and repelled 479,528,279 malicious attacks from online resources located in 190 countries all over the world. File antivirus detected a total of 174,989,956 unique malicious and potentially unwanted objects.

IT threat evolution Q1 2017

We’ve become accustomed to seeing a steady stream of security breaches month after month; and this quarter has been no exception, including attacks on Barts Health Trust, Sports Direct, Intercontinental Hotels Group and ABTA.

Ztorg: money for infecting your smartphone

This research started when we discovered an infected Pokémon GO guide in Google Play. We detected the malware as Trojan.AndroidOS.Ztorg.ad. After some searching, I found some other similar infected apps that were being distributed from the Google Play Store. After I started tracking these infected apps, two things struck me – how rapidly they became popular and the comments in the user review sections.

Mobile malware evolution 2016

In 2016, the growth in the number of advertising Trojans capable of exploiting super-user rights continued. Throughout the year it was the No. 1 threat, and we see no sign of this trend changing.

Expensive free apps

Fraudulent apps trying to send Premium SMS messages or trying to call to high rate phone numbers are not something new. It is much more interesting to talk about how certain groups bypass detection mechanisms such as those used by Google Play, since this has become difficult to achieve in the past few years.

Do web injections exist for Android?

Man-in-the-Browser (MITB) attacks can be implemented using various means, including malicious DLLs, rogue extensions, or more complicated malicious code injected into pages in the browser. We’re often asked if there are any web injection attacks for Android devices. This is our attempt to investigate and give as full an answer as possible.

Switcher: Android joins the ‘attack-the-router’ club

Recently, in our never-ending quest to protect the world from malware, we found a misbehaving Android trojan. Although malware targeting the Android OS stopped being a novelty quite some time ago, this trojan is quite unique. Instead of attacking a user, it attacks the Wi-Fi network the user is connected to, or, to be precise, the wireless router that serves the network.

The first cryptor to exploit Telegram

Earlier this month, we discovered a piece of encryption malware targeting Russian users. One of its peculiarities was that it uses Telegram Messenger’s communication protocol to send a decryption key to the threat actor.

Disassembling a Mobile Trojan Attack

In fact, any site using AdSense to display adverts could potentially have displayed messages that downloaded the dangerous Svpeng and automatically saved it to the device’s SD card. We intercepted traffic coming from the attacked device when this sort of “advert” was displayed, and figured out how the malicious program was downloaded and automatically saved.

IT threat evolution Q3 2016. Statistics

The most popular mobile Trojan in the third quarter of 2016 was Trojan-Banker.AndroidOS.Svpeng.q. During the quarter, the number of users attacked by it grew almost eightfold.

%d bloggers like this: