Light Dark
September 2, 2019 By David Bisson 3 min read

Last week in security news, researchers came across a new variant of TrickBot that arrived with new features allowing it to target U.S. mobile users. Speaking of mobile threats, analysts spotted several Android Trojans, including one that potentially infected up to 100 million users on the Google Play store. Security researchers detected plenty of other malware attacks as well. In one case, they succeeded in shutting down a worm by cooperating with law enforcement overseas.

Top Story of the Week: TrickBot’s New Features

Last week, Secureworks discovered that the GOLD BLACKBURN threat group had modified TrickBot’s dynamic webinjects to target Verizon Wireless, T-Mobile and Sprint. Those features enabled the malware to intercept a server response whenever a victim decided to navigate to the websites of one of those U.S. mobile carriers. At that point, TrickBot proxied the response through its command-and-control (C&C) server.

The threat’s C&C server in turn injected HTML and JavaScript into the webpage, code that, when rendered in a victim’s browser, added a field for users to supply their PIN codes. With this information, attackers could perpetuate port-out or SIM swap fraud against their victims.

Source: iStock

Also in Security News

  • China Chopper Still Relevant After Nine Years: Cisco Talos found that the China Chopper web shell has remained relevant nine years after it was first spotted. Researchers attributed this ongoing relevance to the fact that several threat groups staged their own China Chopper attack campaigns over the previous two years.
  • New Ares ADB Botnet Targeting Android-Based Internet of Things (IoT) Devices: While investigating Android set-top boxes, WootCloud Labs uncovered the botnet targeting Android-based IoT devices. Researchers specifically witnessed the botnet leveraging the Android Debug Bridge (ADB) interface to discover additional Android devices and installing other malicious payloads.
  • 100 Million Users Potentially Exposed to Trojan via Google Play: Kaspersky Lab examined CamScanner – Phone PDF Creator and found that the app used an advertising library containing the malicious dropper Trojan-Dropper.AndroidOS.Necro.n. Based on researchers’ analysis, this Trojan might have affected more than 100 million users who downloaded the app from the Google Play store.
  • Dropper Earns Spot on Top 10 List of Mobile Malware: Over the summer, Malwarebytes Labs witnessed a dropper, dubbed Android/Trojan.Dropper.xHelper, earn a spot on its list of the top 10 most detected mobile malware strains. Researchers took a closer look and determined that the Trojan came in semi-stealth and full-stealth modes; in either case, the malware avoided creating an icon and shortcut on an infected device.
  • Joint Effort Shuts Down Retadup Worm: Avast revealed that it first began actively monitoring the Retadup worm in March 2019. This investigation uncovered a design flaw in the threat’s C&C protocol, which the security firm then leveraged in collaboration with the French National Gendarmerie to neutralize 850,000 infections and shut down the malware.
  • Nemty Ransomware Shows No Kindness to Antivirus Industry: A deep dive into the code of Nemty ransomware revealed several hidden messages. In particular, Bleeping Computer found that the threat used a strongly worded message directed at the antivirus industry as the name for its key that decodes base64 strings and creates URLs.
  • Attackers Leverage Two Remote Access Trojans (RATs) to Target Various Sectors: Near the end of August, Cisco Talos revealed that it had spotted attackers using RevengeRAT and Orcus RAT to target government entities, financial services organizations and other companies. Researchers observed the malware using persistence mechanisms typical of fileless attacks along the way.

Security Tip of the Week: Defending Against Mobile Malware

In its analysis of Android/Trojan.Dropper.xHelper, Malwarebytes Labs emphasized how important it is for organizations to leverage best practices in the fight against mobile malware:

“If confirmed to be true, our theory highlights the need to be cautious of the mobile websites you visit. Also, if your web browser redirects you to another site, be extra cautious about click anything. In most cases, simply backing out of the website using the Android’s back key will keep you safe.”

For added protection, security professionals should leverage mobile security solutions that can account for context and correlate it with facts to deter mobile threats. Organizations should do this in tandem with a unified endpoint management (UEM) platform that monitors all endpoints and automatically flags instances of suspicious activity.

 |  |  |  |  |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

April 25, 2024

NIST’s role in the global tech race against AI

4 min read - Last year, the United States Secretary of Commerce announced that the National Institute of Standards and Technology (NIST) has been put in charge of launching a new public working group on artificial intelligence (AI) that will build on the success of the NIST AI Risk Management Framework to address this rapidly advancing technology.However, recent budget cuts at NIST, along with a lack of strategy implementation, have called into question the agency’s ability to lead this critical effort. Ultimately, the success…

April 24, 2024

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

April 23, 2024

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature