Malware Stories July 22

AAPL: 98.66

-0.77
Stock Chart

Security researchers last year discovered what they described as ‘the worst Android vulnerability ever,’ able to infect a phone with malware simply by sending an MMS message to it. The vulnerability, dubbed Stagefright, didn’t even require people to open the message for their phone to be infected.

A Cisco researcher has now discovered a similar vulnerability in OS X and iOS, that could allow an attacker to gain access to your stored passwords and files simply by sending you a malicious image file …

expand full story

Malware Stories July 6

AAPL: 95.53

0.54
Stock Chart

After the first ever example of Mac ransomware was found in the wild earlier this year, Bitdefender Labs has found what it tells us is only the second example of true Mac malware to enter circulation this year, which it has dubbed Backdoor.MAC.Elanor. The malware application was available on a number of (formerly?) reputable download sites such as MacUpdate.

The backdoor is embedded into a fake file converter application that is accessible online on reputable sites offering Mac applications and software. The EasyDoc Converter.app poses as a drag-and-drop file converter, but has no real functionality – it simply downloads a malicious script.

This is a nasty backdoor that can steal data, execute remote code and access the webcam, among other things …

expand full story

Malware Stories March 17

AAPL: 105.80

-0.17
Stock Chart

Non-jailbroken iPhones are usually close to immune from malware thanks to Apple vetting every app before it’s made available in the App Store. So far, malware has relied on abusing enterprise certificates designed to allow companies to distribute apps to their own phones. But security company Palo Alto Networks has discovered a new piece of malware that can infect iPhones by exploiting a vulnerability in Apple’s DRM mechanism.

AceDeceiver is the first iOS malware we’ve seen that abuses certain design flaws in Apple’s DRM protection mechanism — namely FairPlay — to install malicious apps on iOS devices regardless of whether they are jailbroken.

AceDeceiver currently uses a geotag so that it is only activated when a user is located in China, but a simple switch could allow it to infect iPhones elsewhere …

expand full story

9to5toys 

Malware Stories November 10, 2015

AAPL: 116.77

-3.80
Stock Chart

Apple today has pulled a popular Instagram client from the App Store after it was found to be harvesting usernames and passwords. First noticed by developer David L-R on Twitter, the Instagram client InstaAgent has been pulled from the App Store. The app, downloaded more than half a million times, touted that it would let you see who had been viewing your Instagram profile.

expand full story

Malware Stories November 4, 2015

AAPL: 122.00

-0.57
Stock Chart

Security firm FireEye said in a blog post that XcodeGhost – a fake version of Xcode that injected malware into genuine apps – remains a threat. FireEye has identified a more advanced version of the compromised app development tool, XcodeGhost S, which has been designed to infect iOS 9 apps and allow compromised apps to escape detection by Apple.

XcodeGhost is planted in different versions of Xcode, including Xcode 7 (released for iOS 9 development). In the latest version, which we call XcodeGhost S, features have been added to infect iOS 9 and bypass static detection.

We have worked with Apple to have all XcodeGhost and XcodeGhost samples we have detected removed from the App Store.

The company said that by monitoring its customers’ networks, it identified 210 enterprises with infected apps running inside their networks – a third of them in the USA – generating 28,000 attempts to connect to the XcodeGhost Command and Control (CnC) servers …  expand full story

Malware Stories September 30, 2015

AAPL: 110.30

1.24
Stock Chart

A security researcher has found an extremely simple way to bypass Gatekeeper to allow Macs to open any malicious app, even when it is set to open only apps downloaded from the Mac App Store.

Patrick Wardle, director of research at security firm Synack, told arsTechnica that once Gatekeeper okays an approved app, it pays no more attention to what that app does. The approved app can then open malicious apps – which Gatekeeper doesn’t check.

Wardle has found a widely available binary that’s already signed by Apple. Once executed, the file runs a separate app located in the same folder as the first one […] His exploit works by renaming Binary A but otherwise making no other changes to it. [He then] swaps out the legitimate Binary B with a malicious one and bundles it in the same disk image under the same file name. Binary B needs no digital certificate to run, so it can install anything the attacker wants … 

expand full story

9to5google 

Submit a Tip

cancel

Submitting a tip constitutes permission to publish and syndicate. Please view our tips policy or see all contact options.

Powered by WordPress.com VIP