Researchers uncover latest version of Chinese spyware used to target dissidents

Security researchers believe a newly discovered variant of mobile malware, dubbed xRAT, represents the latest iteration of a sophisticated cyber-espionage tool previously used by the Chinese government against dissidents, according to evidence published by cybersecurity firm LookOut. The first sample of xRAT appeared in April, said Michael Flossman, a security researcher with LookOut, and since then more than 60 unique samples belonging to this same remote access trojan family have been found. RAT is short for remote access trojan, a kind of malicious software program that installs a back door on a device so the attacker can take administrative control. “Initially when we started investigating [xRAT] our attribution suggested the actor behind it was likely Chinese, due to a combination of comments in the code, the types of apps being trojanized, and the location and whois details of command and control infrastructure,” explained Flossman. “Further analysis revealed a strong connection to […]

The post Researchers uncover latest version of Chinese spyware used to target dissidents appeared first on Cyberscoop.

Continue reading Researchers uncover latest version of Chinese spyware used to target dissidents

Android Spyware Linked to Chinese SDK Forces Google to Boot 500 Apps

More than 500 Android mobile apps have been removed from Google Play after it was discovered that an embedded advertising SDK called Igenix could be leveraged to quietly install spyware on devices. Continue reading Android Spyware Linked to Chinese SDK Forces Google to Boot 500 Apps

Chinese ad platform secretly stole phone data from Android devices

A popular Chinese advertising software development kit, used on over 500 Google Play apps with millions of downloads each, spied on unsuspecting users and developers and secretly took data including GPS data, device identifiers and call logs. Investigating suspicious traffic during a review of apps that communicate with IPs and servers that have a history of serving malware, researchers from mobile security company Lookout saw an app downloading large, encrypted files after requests to an endpoint used by the Igexin ad software development kit, behavior typical of malware acting after a temporarily clean app installation. “It is becoming increasingly common for innovative malware authors to attempt to evade detection by submitting innocuous apps to trusted app stores, then at a later time, downloading malicious code from a remote server,” the researchers wrote. “Igexin is somewhat unique because the app developers themselves are not creating the malicious functionality – nor are they […]

The post Chinese ad platform secretly stole phone data from Android devices appeared first on Cyberscoop.

Continue reading Chinese ad platform secretly stole phone data from Android devices

Lippizan: Sophisticated, targeted spyware on Google Play

Google has discovered targeted spyware on Google Play that is likely the work of Equus Technologies, an Israeli cyber surveillance technology dealer. The malware, dubbed Lipizzan, was also discovered on and removed from fewer than 100 Android devices through the use of the Google Play Protect security suite for Android devices. The spyware’s capabilities Aside from rooting the targeted device, Lippizan can: Record calls (even VoIP calls) Record sounds via the device’s microphone Take screenshots … More Continue reading Lippizan: Sophisticated, targeted spyware on Google Play

‘Pegasus for Android’: Newly discovered spyware allows attacker to record conversations

Researchers at Google and mobile cybersecurity firm Lookout discovered a malicious smartphone application allowing the customers of a “cyber arms dealers” named NSO Group to remotely spy on victims. A sophisticated piece of spyware is believed to be embedded in a cohort of different espionage apps, enabling the attacker to record a target’s keystrokes, exfiltrate data and listen in on conversations through the device’s compromised microphone. The malware-laden applications were not available in the Google Play store, leading researchers to believe that targeted downloads were camouflaged and sent to specific victims through phishing emails or SMS messages. The malware was found on a few dozen Android devices. Dubbed Chrysaor, researchers believe the code is related Pegasus, another highly complex piece of malware designed to infect Apple’s iOS. Lookout researchers first discovered Pegasus, another product of NSO Group, last year on a prominent Saudi human rights activist’s phone. “Individual victim identities […]

The post ‘Pegasus for Android’: Newly discovered spyware allows attacker to record conversations appeared first on Cyberscoop.

Continue reading ‘Pegasus for Android’: Newly discovered spyware allows attacker to record conversations

‘Pegasus for Android’: Newly discovered spyware allows attacker to record conversations

Researchers at Google and mobile cybersecurity firm Lookout discovered a malicious smartphone application allowing the customers of a “cyber arms dealers” named NSO Group to remotely spy on victims. A sophisticated piece of spyware is believed to be embedded in a cohort of different espionage apps, enabling the attacker to record a target’s keystrokes, exfiltrate data and listen in on conversations through the device’s compromised microphone. The malware-laden applications were not available in the Google Play store, leading researchers to believe that targeted downloads were camouflaged and sent to specific victims through phishing emails or SMS messages. The malware was found on a few dozen Android devices. Dubbed Chrysaor, researchers believe the code is related Pegasus, another highly complex piece of malware designed to infect Apple’s iOS. Lookout researchers first discovered Pegasus, another product of NSO Group, last year on a prominent Saudi human rights activist’s phone. “Individual victim identities […]

The post ‘Pegasus for Android’: Newly discovered spyware allows attacker to record conversations appeared first on Cyberscoop.

Continue reading ‘Pegasus for Android’: Newly discovered spyware allows attacker to record conversations

New infosec products of the week​: March 24, 2017

Lookout expands mobile endpoint security solution As a new Apple mobility partner, Lookout is introducing enterprise app review to enable enterprises building their own iOS apps to rapidly analyze them for data policy compliance and security risks. With enterprise app review, custom iOS apps are uploaded into the Lookout Security Cloud for correlation against a 40-million-app database to uncover anomalies before distribution via internal app stores. PacketSled releases platform for incident and breach responders The … More Continue reading New infosec products of the week​: March 24, 2017

Your CEO has more control over their mobile security than President Trump

In January, Donald Trump became the 45th president of the United States. During the months leading up to the inauguration, security experts questioned what phone the president would use during his term in office — and reasonably so. Mobile devices are now fully integrated into our personal and business lives, making them a highly attractive […]

The post Your CEO has more control over their mobile security than President Trump appeared first on Cyberscoop.

Continue reading Your CEO has more control over their mobile security than President Trump

How IDF soldiers’ phones got turned into spying devices

For many months now, an unknown threat actor has been tricking servicemen in the Israel Defense Forces (IDF) into installing Android spyware. Israeli media says that the threat actor is likely Hamas, but Lookout researchers aren’t so sure. “ViperRAT [as the researchers dubbed the malware] has been operational for quite some time, with what appears to be a test application that surfaced in late 2015. Many of the default strings in this application are in … More Continue reading How IDF soldiers’ phones got turned into spying devices

Israeli soldiers’ personal Android phones hacked by spies, researchers say

A group of highly talented and well resourced hackers are spying on the Israeli Defense Force by hacking into the personal smartphones of individual soldiers, according to newly released research by Lookout and Kaspersky. More than a 100 Israeli servicemen are believed to have been effectively targeted with the spyware. Dubbed ViperRAT, the clandestine hacking […]

The post Israeli soldiers’ personal Android phones hacked by spies, researchers say appeared first on Cyberscoop.

Continue reading Israeli soldiers’ personal Android phones hacked by spies, researchers say