Exploit This

Security News, Exploits, and Vulnerabilities.

Mobile apps and stealing a connected car

The concept of a connected car, or a car equipped with Internet access, has been gaining popularity for the last several years. By using proprietary mobile apps, it is possible to get some useful features, but if a car thief were to gain access to the mobile device that belongs to a victim that has the app installed, then would car theft not become a mere trifle?

Expensive free apps

Fraudulent apps trying to send Premium SMS messages or trying to call to high rate phone numbers are not something new. It is much more interesting to talk about how certain groups bypass detection mechanisms such as those used by Google Play, since this has become difficult to achieve in the past few years.

Gugi: from an SMS Trojan to a Mobile-Banking Trojan

In the previous article, we described the mechanisms used by Trojan-Banker.AndroidOS.Gugi.c to bypass a number of new Android 6 security features. In this article, we review the entire Gugi mobile-banking Trojan family in more detail.

The Evolution of Acecard

After analyzing all the known malware modifications in Acecard family, we established that they attack a large number of different applications. In particular, the targets include nine official social media apps. Two other apps are targeted by the Trojan for their credit card details. But most interestingly, the list includes nearly 50 financial apps and services.

SMS Trojan bypasses CAPTCHA

Trojan-SMS.AndroidOS.Podec proved to be remarkable: it can send messages to premium-rate numbers employing tools that bypass the Advice of Charge system. It can also subscribe users to premium-rate services while bypassing CAPTCHA.

%d bloggers like this: