In addition to the China-based apps, the researchers stated they have identified multiple Android applications on the Play Store that were leaking users’ data through their machine learning-based spyware detection system.

Palo Alto researchers suggested that Android app developers must follow best practices to properly handle users’ data. They said, “Android users should stay informed about the required permissions requested by applications on their devices.”

“While not a definitive violation of Google’s policy for Android apps, the collection of identifiers, such as the IMSI or MAC address, is discouraged based on Android’s best practice guide. Palo Alto also notified Google’s Android team, who confirmed the findings, identified unspecified violations, and removed the applications from Google Play globally on October 28, 2020. A compliant version of Baidu Search Box became available on Google Play globally on November 19, 2020, while Baidu Maps remains unavailable globally,” the researchers added.

Android Adware: A Rising Issue

Adware is a kind of software that hijacks mobile devices to spam the victim with unwanted ads and steals user data. Recently, Google removed 21 malicious Android apps from its Play Store after discovering intrusive adware and Trojans in them. According to security solutions provider Avast, the fraudulent apps were disguised as gaming apps and contained “HiddenAds Trojan.” Read the full story here…

The post Google Delists Chinese Baidu Apps for Stealing Users’ Data appeared first on CISO MAG | Cyber Security Magazine.

By Augustin Kurian, Senior Feature Writer, CISO MAG

“There is a significant crossover in attackers. It’s not very often you will see state entities subcontracting the online illegal activities to independent hackers. A lot of the Russian military capability around cyber, was actually recruited directly from criminals,” Rik Ferguson, world-renowned cybersecurity expert and Vice President of Security Research at Trend Micro,  told CISO MAG.

He continued, “And their problem is that they then expect these criminal recruits to stop being criminals while they’re now in the army, and that’s an unrealistic expectation to have. So, there is and always has been a significant crossover between patriotic hackers and nation-state employees. But I would argue that, from a victim perspective, victims of criminal attacks are far more than victims of nation-sponsored attacks. It is much more numerous because the aim of a nationally aligned attack, whether it’s sponsored or not, are much more restrictive than the aims of a financially motivated attack. So, your potential victim pool is much smaller.”

Verizon recently released its Cyber-Espionage Report (CER), which is their first-ever data-driven publication on advanced cyberattacks. The report asserted that in 85% of cyber espionage breaches, threat actors were state-affiliated, while 8% were nation-state affiliated, and just 4% were linked with organized crime. The report also noted that 2% of breaches were by former employees. When it comes to overall breaches by Incident Classification Pattern for the 2014-2020 Data Breach Investigation Report (the seven years of the reports which has been the basis for CER) timeframe, it was seen that Cyber Espionage ranked sixth (10%) — albeit within close striking distance of fourth: Privilege Misuse (ranked fourth at 11%) and the sagging Point of Sale intrusions (ranked fifth at 11%).

“Unsurprisingly the top industries targeted are Public Sector (31 percent) followed by Manufacturing (22 percent) and Professional (11 percent), this is due to the fact that they hold the majority of secrets, sensitive information, and intellectual property which are most desired by cyber espionage criminals,” Ashish Thapar, Managing Principal and Head – APJ, Verizon Business Group, told CISO MAG.

Thapar added, “Cyber espionage, like other cyber-attacks, has become more sophisticated over time. However, many don’t realize their role in geopolitical conflicts and has been regarded like any other type of cyber-attack for far too long. With nation-states now waging almost-constant cyberwars, cyber espionage has reached a new level of strategic value — and enterprises have to give it significant attention.”

For the percentage of cyber espionage breaches within all breaches by industry, manufacturing topped the list at 35%, it was followed by mining and utilities at 23%, public enterprises at 23%, professional sector at 17%, education at 8%, information at 7% and financial sector at 2%.

It was noted that financial motivations were higher (between 67-86%) and those by Cyber Espionage were comparatively lower (between 10-26%). When asked about why such a huge disparity, Thapar said, “Given their nature (e.g., stealthy tactics, specific targeting), espionage attacks can be difficult to detect and identify as an actual espionage-related attack (given scant IoCs and other details). Whereas financial attacks — if not detected while occurring or soon thereafter — eventually become apparent when money goes missing. At that point, the financial motive, if not already ascertained, can be determined.”

He concluded, “Cyber Espionage breaches pose a unique challenge. Through advanced techniques and a specific focus, Cyber Espionage threat actors seek to swiftly gain access to heavily defended environments, laterally move with stealth and efficiently obtain targeted assets and data.”

About the Author 

Augustin Kurian is part of the editorial team at CISO MAG and writes interviews and features.

The post With Cyberwars, Cyber Espionage has Reached New Level appeared first on CISO MAG | Cyber Security Magazine.

Once an unsuspecting user clicks on the link, it goes either of the two ways depending on the OS on the mobile device.

If a user of an Android device clicks “OK,” they are redirected to a malicious site that reads, “Your browser is out-of-date and needs to be updated.” If the user clicks “OK,” the malicious application is downloaded onto the device. For iPhone users, the download doesn’t work. Instead, the iPhone users are greeted with a phishing page designed to look like Apple’s login page — in a bid to steal the credentials of the users.

Once the Trojan is installed on a device, it can perform several nefarious activities like sending fake SMSs, access financial transaction data, check installed packages, and steal contact list and credentials for financial data.  According to Kaspersky, Wroba belongs to a family of malware that attempts to steal mobile banking accounts as well as one-time passwords sent by banks for client authentication.

Related News: FBI Warns About Fake Mobile Banking Apps, Trojans

Geographical distribution of attacks by the Trojan-Banker.AndroidOS.Wroba family

According to Malwarebytes, associated families of the mobile bank Trojan include:

• Trojan.Bank.Marcher
• Trojan.Bank.Perkel
• Trojan.Bankun
• Trojan.Spy.FakeBank
• Trojan.Spy.FakeKRBank
• Trojan.Spitmo
• Trojan.Zitmo

What is Wroba Trojan?

For the uninitiated, Wroba is not altogether a new malware. Back in 2013, Wroba Trojan masqueraded itself as a legitimate application on Google Play Store. Also known as FunkyBot, Wroba had mainly targeted users in Korea, China, Russia, Japan, and other countries in the APAC region.

What is a Trojan horse?

A Trojan horse or Trojan is a malicious program or malicious code disguised to look like a popular or legitimate application. Unlike viruses, Trojans cannot replicate and spread on their own, but depending on user action for infecting other systems. The user has to open the Trojan application for it to spread.

What is malware?

Malware is a generic or collective term for malicious software code. It includes viruses, Trojans, ransomware, and spyware. Typically malware is delivered as a link in email or as an email attachment. Clicking the link will lead to a malicious website. Opening a malicious attachment will execute the malicious program or code.

The post Wroba Trojan Resurfaces, Targets U.S. Users appeared first on CISO MAG | Cyber Security Magazine.

The security researchers from Avast stated that the HiddenAds malware disguises itself as a normal application. The malware can hide the app’s icon, evade security scans, and hide behind malicious advertisements. It is found that the malicious apps were downloaded nearly eight million times. Threat actors often use this technique to steal sensitive data/generate revenue by redirecting users to unwanted ads.

The 21 malicious apps include:

Jakub Vávra, Threat Analyst at Avast, said, “Developers of adware are increasingly using social media channels, like regular marketers would. This time, users reported they were targeted with ads promoting the games on YouTube. In September, we saw adware spread via TikTok. The popularity of these social networks makes them an attractive advertising platform, also for cybercriminals, to target a younger audience.”

“While Google is doing everything possible to prevent HiddenAds from entering its Play Store, the malicious apps keep finding new ways to disguise their true purpose, thus slipping through to the platform and then to users’ phones. Users need to be vigilant when downloading applications to their phones and are advised to check the applications’ profile, reviews, and to be mindful of extensive device permission requests,” Vávra added.

Android Adware- A Rising Issue

Earlier, Avast revealed that Android adware is responsible for 72% of all mobile malware and the remaining 28% related to banking trojans, fake apps, lockers, and downloaders. Read the full story here.

Related Story:

• How to Spot Malicious or Fake Apps

The post Google Delists Fraudulent Gaming Apps Spreading “HiddenAds Trojan” appeared first on CISO MAG | Cyber Security Magazine.

Adware is a type of malware (malicious software) which displays unwanted advertisements on the user’s device. These ads are generally in the form of a pop-up and at times without a “Close Popup” option. This form of a malware is less serious than others but has a ton of nuisance value to it. Adware implementers can sell your browsing history and behavior to interested clients which they could in turn use to target you with more such ads customized as per your likes and dislikes.

In a similar finding earlier in the week, Tatyana also found three hidden Ad apps on the Play Store which had close to 12,000 installs. Digital adverts are no longer just used to pursue the user to only buy products, but this set of information is also used to earn profits by selling it to interested third-party clients.

Google advises against downloading unknown third-party apps. Do a thorough research before downloading any app. Reading the app information, reviews, ratings and app permissions will certainly help. Turn on the “Scan device for security threats” in Google Play Store’s Play Protect. Additionally, Google also recommends purchasing and downloading an anti-malware app like Malwarebytes to add an added layer of security against such malicious Adware apps.

Earlier last year, a malware developed using the Kotlin programming language was a cause of concern for the Google Play Store. It was found that Kotlin could be used to develop nasty apps, which were difficult to detect. Trend Micro, a cyber-defense and security firm, discovered a malicious app posing as Swift Cleaner for optimizing Android devices. The Kotlin-developed app was capable of information theft and click ad fraud amongst its other noted damages.

The post Researcher Finds 5 Malicious Adware Apps on Play Store appeared first on CISO MAG | Cyber Security Magazine.