Articles
Pages
Products
Research Papers
Search - Easy Blog Comment
Blogs
Search Engines
Events
Webinar, Seminar, Live Classes

[Source: This article was published in infosecurity-magazine.com By Liv Rowley - Uploaded by the Association Member: Jasper Solander]

The surface web poses many threats to organizations, but the deep and dark web has gained notoriety over the years as more and more cyber-criminals make use of underground forums and marketplaces to buy and sell goods such as stolen credentials and personally identifiable information (PII).

Various anonymizing features and a lack of state-based governance has allowed cybercrime to flourish in this relatively safe space. 

Stolen information, illegal services and other illicit offerings and activity can be observed with unnerving regularity on the deep and dark web. Goods can be put together or sold as packages alongside other Cybercrime-as-a-Service (CaaS) offerings, thereby lowering the barrier to entry for novice cyber-criminals and allowing veterans to outsource parts of their operations. 

Dare to delve?

Whilst the darknet is complicated to navigate, it is far from impossible to penetrate. There are public Tor indexers available – such as Torch and Grams – though they are often clunky to use and not comprehensive in their reach.

Threat intelligence companies may offer cybersecurity modules that crawl the darknet, indexing content and providing search engine-like capabilities to defenders who purchase these services. Forums, however, may need to be infiltrated first in the same way as you would a real-world criminal organization.

However, organizations must first determine whether the risks associated with this type of hands-on research are worth it. These risks include the possibility of being unwittingly or unintentionally infected with malware or otherwise exposing yourself to those with malicious intentions. A strong understanding of operational security and acceptance of the risks associated with this type of research is key. In many cases, organizations may find it more prudent to enlist the help of threat intelligence vendors, whose professional expertise may come in useful.

Threat actors utilize Tor, I2P and other darknet browsing software to access hidden forums and marketplaces, while others lurk on the deep web behind password-protected or invitation-only closed forums or groups on Telegram, WhatsApp and other chat platforms. Some expect you to prove technical knowledge to gain entrance to a forum or to actively participate in a cyber-criminal community in order to maintain access. In other cases, you may need to be invited or recommended by a trusted relationship to gain access. 

Keep your enemies close

Organizations looking to conduct dark web research are setting out on a challenging task; dark web research can be similar to knowing that a party is taking place, but not knowing the address. Analysts need to be ready to hunt, dig and immerse themselves in the underground in order to find the action. In doing so, analysts are exposed to the myriad products and conversations surrounding cybercrime in these spaces, training their eye to be able to filter and identify the real threat.

This in turn allows organizations to better understand what they need to defend themselves against. In order to assess a threat actor’s credibility and the legitimacy of a particular threat, researchers may look at factors such as a threat actor’s reputation or length of time on the darknet.

Companies should prioritize monitoring for data related to their organization, such as proactively searching the dark web to find stolen credentials. Doing so at an early stage can massively reduce the risk or impact of an attack.

Detecting them using threat intelligence services can not only prevent additional breaches but also force IT security teams to locate the sources of the initial attacks and fix existing problems so attacks cannot occur again through that vector.

Stay alert and keep watch

In addition to looking for stolen credentials, it is also wise to monitor (using defined search terms) for documents or PII which might have been stolen or unintentionally leaked. Stricter data protection regulations mean that data leaks can have an even larger impact on an organization’s bottom line, as well as its reputation. In the event of a GDPR penalty, a company that can demonstrate robust detection capabilities can vastly reduce its liabilities.

A network of crawlers and sensors can alert organizations when their credentials have been offered for sale on the dark web – if you know what’s been stolen, it’s easier to block and mitigate damage. Good cyber threat intelligence is crucial to providing this feedback of information to build stronger defenses around any business.

Tracking for crimeware kits, malware, threat actors and TTPs that could target their sector more generally can also help security teams strengthen their security posture, broaden their situational awareness and put in place appropriate defense measures before adversaries can strike. 

The best way to fight cybercrime on the darknet is to operate in much the same way as the bad guys. If you understand the scope of what’s available to criminals, it’s a lot easier to rationalize how to defend against cyber-attacks and enable others to do the same. Collaboration and intelligence sharing is crucial in the fight against cybercrime.

Categorized in Deep Web
HIGHLIGHTS
  • Fireball steals sensitive user data and manipulates regular surfing data
  • CERT-In has issued its latest advisory to Internet users
  • It said the virus can be detected by majority of anti-virus solution

Cyber-security sleuths have alerted Internet users against the destructive activity of a browser-attacking virus- 'Fireball'- that steals sensitive user data and manipulates regular surfing activity.

The malware has been spreading across the globe and possesses over two dozen aliases and spreads by bundling and "without the user's consent".

"It has been reported that a malware named as 'Fireball' targeting browsers is spreading worldwide.

"It has the ability to collect user information, manipulate web-traffic to generate ad-revenue, malware dropping and executing malicious code on the infected machines," the Computer Emergency Response Team of India (CERT-In) said in its latest advisory to Internet users.

The CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain.

The agency said the malware or the virus can be "detected by majority of the anti-virus solutions" and it has advised Internet users to install updated anti-virus solutions to protect their computers from this infection.

It said the virus, 'Fireball', "currently installs plug-ins and additional configurations to boost its advertisements but it could be used as distributor for any additional malware in future."

"It is reported that the malware 'Fireball' is used by one of the largest marketing agency to manipulate the victims' browsers and changes their default search engines and home pages into fake search engines.

"It also re-directs the queries to either yahoo.com or Google.com. The fake search engines also collects the users' private information," the advisory said.

'Fireball', it said, is capable of acting as a browser-hijacker, manipulating web traffic to generate ad-revenue, capable of downloading further malware, capable of executing any malicious code on the victim machine and collects user information and steals credentials from the victim machine.

The CERT-In has also suggested some counter-measures: "Do not click on banners or pop-up or ads notifications, do not visit untrusted websites and do not download or open attachment in emails received from untrusted sources or unexpectedly received from trusted users."

It said a user, in order to exercise caution after logging-in the system, should check for default setting of web browsers, such as homepage, search engine, browser extensions and plug-ins installed, and if something is found unknown, then it should be deleted.

Source: This article was published gadgets.ndtv

Categorized in Internet Privacy
Rafotech holds the power to initiate a global catastrophe," claimed Check Point.Markus Spiske/Unsplash

A massive malware campaign that has the power to "initiate a global catastrophe" has currently infected more than 250 million computers worldwide. The software, dubbed "Fireball", can take control of internet browsers, spy on victim's web use and potentially steal personal files.

According to Check Point, a cybersecurity firm, the operation is linked to Rafotech, a Chinese firm claiming to provide digital marketing and game apps to 300 million customers. It is allegedly using Fireball to manipulate victim's browsers, change search engines, and scoop up user data.

But experts warn the malware has the potential to cause a major cybersecurity incident worldwide.

Far from a legitimate service, it has the ability to run code, download files, install plug-ins, change computer configurations, spy on users and even act as an efficient malware dropper.

"How severe is it? Try to imagine a pesticide armed with a nuclear bomb. Yes, it can do the job, but it can also do much more," Check Point researchers wrote in a blog post this week (1 June). "Many threat actors would like to have even a fraction of Rafotech's power."

Rafotech did not immediately respond to a request for comment.

The experts said it observed 25.3 million of infections in India (10.1%), 24.1 million in Brazil (9.6%), 16.1 million in Mexico (6.4%), and 13.1 million in Indonesia (5.2%). In the US it witnessed 5.5 million infections (2.2%). They claimed 20% of all corporate networks globally may be impacted.

How you can be hit by Fireball

A form of "browser-hijacker", Fireball works by bundling itself to seemingly legitimate software. Check Point said Rafotech products such as "Deal WiFi", "Mustang Browser", "Soso Desktop" and "FVP Imageviewer" likely come bundled with the malicious strain of malware.

It is also likely Rafotech is using additional distribution methods, such as spreading freeware under fake names, spam, or even buying installs from threat actors, the security firm added.

The team said that, from a technical perspective, Fireball is sophisticated.

It found evidence of anti-virus evasion techniques and a command-and-control (C&C) infrastructure. Rafotech offers free software, relying on users to agree to install extra features.

Fireball malwareHow Fireball bundling works: Check PointCheck Point Threat Research

In an in-depth research paper, Check Point claimed the massive campaign could possibly be the "largest infection operation in history."

It said the malware distribution is clearly "illegitimate", as the software often cannot be uninstalled by an ordinary user as it can conceal its true nature.

"It doesn't take much to imagine a scenario in which Rafotech decides to harvest sensitive information from all of its infected machines," the team wrote. "Banking and credit card credentials, medical files, patents and business plans can all be widely exposed and abused.

"Rafotech holds the power to initiate a global catastrophe.

"The full distribution of Fireball is not yet known, but it is clear that it presents a great threat to the global cyber-ecosystem. With a quarter billion infected machines and a grip in one of every five corporate networks, Rafotech's activities make it an immense threat."

How to check if you are infected

There are simple ways to check if you are infected with Fireball malware. First, open your internet browser and check if you are able to change it to another such as Chrome, Firefox or Explorer. Second, check your default search engine and ensure that can also be changed. Finally, scan all your browser extensions.

If you are unable to modify the options this is a sign that you're infected with adware, Check Point said.

How to remove Fireball malware

It may be removed from PCs by uninstalling the adware from Programs and Features in Windows Control Panel or by using Mac Finder function in the Applications folder on Apple devices.

All impacted users should restore their internet browser to default settings.

Check Point recently uncovered a number of malware campaigns hitting Google's Play Store, used to download applications. These, which included "FalseGuide" and "BankBot", had slipped through official censors. It also found "Judy", a huge malware strain that hit millions of users.

Source: This article was published ibtimes.co.uk By Jason Murdock

Categorized in Internet Privacy

A single setting could make all the difference when it comes to keeping your device secure.

Apple's iOS is a real walled garden. With the exception of those brave enough to "jailbreak" their phones, Apple controls which apps get into its App Store, and which don't.

 

On Android, it's not so simple. Google similarly vets its own Play store, but there's a huge loophole: Android users can allow third-party software software installations simply by checking off a button in the settings menu.

The reasons for allowing that outside Android software may range from the benign (beta-testing apps) to the nefarious (pirated software). But as ZDNet's Zack Whittaker recently detailed, by allowing app installs from unknown sources, you're essentially opening up your device to potential malware infections.

How to keep your Android device safe

By default, Google prevents users from installing apps from sources other than the Play store.

The best way to protect yourself is to leave the installation of apps from unknown sources disabled. It's a good idea to double-check that the setting is still disabled, just to be safe.

android-unknown-sources-setting.jpg

Leave this setting disabled. Nothing good can come from turning it on.
Screenshot by Jason Cipriani/CNET

Exact placement of the option will vary based on the device you own, but it generally is found in the Settings app under Security > Unknown Source.

To be clear: This doesn't make your phone 100 percent safe. Nor does it protect you from non-software security issues, including phishing attacks and cloud-based password breaches.

That said, keeping unknown sources deactivated on your phone or tablet is a strong first line of protection that will prevent the most egregious malware from having open access to your device.

What you're giving up

While disabling access to unknown sources is the safest course of action, it may involve some sacrifices.

For example, Android app site APKMirror requires unknown source installation to be enabled. More significantly, Amazon Underground, the retailer's third-party app store, requires the "unknown sources" toggle to be switched, too. And that's the only way to get the Amazon Prime Video app on Android devices. (For reasons unknown, most of Amazon's other media apps -- including the Kindle app and the Amazon Music app -- are available in the Google Play store, and thus do not require unknown source access.)

But just remember: By allowing apps from those third parties, you're also opening a de facto security hole on your device. And even if Android security is getting better, it only works if you actually keep Google's safeguards turned on.

That's why you should only install applications from official channels such as Google's Play store, or for Samsung Galaxy users, the Galaxy App Store.

Source: This article was published cnet.com By Jason Cipriani

Categorized in Internet Privacy

Over a million devices have already been affected by an Android malware named Gooligan, which compromises Google account data on these devices, giving the attacker access to user’s Gmail, Google Photos, Google Docs, Google Play, Google Drive and other Google related applications.

According to researchers from Check Point Software Technologies, an Israel-based security firm, this malware has been found in 86 apps on the third party marketplaces.

Gooligan malware has infected more than a million devices in the past few months and 13,000 new devices are being infected every single day.

Once a user downloads any of these apps, the malware roots the device and gains system access to the device, allowing the attacker to phish credentials of the user’s Google accounts.

Devices running on Google’s Android 4 (Ice Cream Sandwich, Jellybean and KitKat) and Android 5 (Lollipop), which account for 74 percent of total Android users, are in threat of being affected by Gooligan.

“We’ve revoked affected users’ Google Account tokens, providing them with clear instructions to sign back in securely, removing apps related to this issue from affected devices, deploying enduring Verify Apps improvements to protect users from these apps in the future and collaborating with ISPs to eliminate this malware altogether,” Adrian Ludwig, Google’s director of Android security stated in a post.

Check if Your Device is Infected

If you’ve been downloading apps from outside the official Google Play Store, then you should access Check Point Software Technologies gateway. It’s easy, just enter your email ID that’s linked with your Android device and it’ll instantly give you a feedback.

gooligan

57% of the total infected devices are located in Asia, 19% in Americas, 15% in Africa and 9% in Europe.

If you wish to personally identify if you haven’t downloaded any app infected by Gooligan, check out the list of apps that carry the malware and delete them as soon as possible to avoid further damage.

If your device is infected, it’ll require ‘flashing’ — a clean installation of the operating system.

This is a complex process and it is recommended that you switch off your device and take it to a qualified technician and request your device to be ‘re-flashed.

After the ‘re-flashing’ is done, you’ll need to change your Google account passwords. It is recommended that you don’t use third-party marketplaces to download Android app as any such app can be a potential threat to your device.

How Gooligan Affects Your Device

As per the findings of Check Point Software Technology’s researchers, “after achieving root access, Gooligan downloads a new, malicious module from the C&C server and installs it on the infected device. This module injects code into running Google Play or GMS (Google Mobile Services) to mimic user behaviour so Gooligan can avoid detection. ”

The module allows Gooligan to:

  • Steal a user’s Google email account and authentication token information
  • Install apps from Google Play and rate them to raise their reputation
  • Install adware to generate revenue

gooligan2

“Nicknamed ‘Gooligan’, this variant used Google credentials on older versions of Android to generate fraudulent install of other apps,” Adrian Ludwig added.

Basically, the attacker can access and use an infected device’s Google accounts after gaining root access to the device using Gooligan malware. Beware of third party marketplaces as they aren’t verified by Google before you download it, as it happens on Google Play, and might carry some other malware if not Gooligan.

Source: This article was published guidingtech.com

Categorized in Internet Privacy

Google just removed 41 apps infected with adware from its Play Store

Forty-one Android apps infected with malicious software were removed from the Google Play Store on Thursday, but cybersecurity experts believe that up to 36.5 million people may have downloaded the "auto-clicking adware."

Dubbed "Judy," the malware was published by South Korean gaming studio Kiniwini under the name ENISTUDIO Corp. It's unclear how the malicious code got there - criminal third parties or the company itself.

According to Tel Aviv-based cybersecurity company Check Point, the apps have been available in Google's Play Store for years, though the length of infection hasn't been determined.

"These apps also had a large amount of downloads between four and 18 million, meaning the total spread of the malware may have reached between 8.5 and 36.5 million users," the company explained Thursday.

"The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it," Checkpoint added.

Applications infiltrated with malware are becoming problematic for Android app developers and consumers. As of last spring, an estimated 1.3 to 1.4 billion people owned Android phones, which are easier to infiltrate than iOS-based devices. The Google-developed operating system is "more open and adaptable," said security software company Sophos.

Apps featured in Apple's iOS store have gone through an in-depth examination. The thorough vetting process blocks "widespread malware infection" among iPhone users, though malicious software targeting Apple devices is on the rise, according to a report from SIXGILL.

Earlier this month, Google revealed "Play Protect," a service that scans Android devices "around the clock" to ensure proper protection.

A full list of the apps' package names and upload dates be seen here.

The following apps were infected:

Animal Judy: Persian Cat Care
Fashion Judy: Pretty Rapper
Fashion Judy: Teacher Style
Animal Judy: Dragon Care
Chef Judy: Halloween Cookies
Fashion Judy: Wedding Party
Animal Judy: Teddy Bear Care
Fashion Judy: Bunny Girl Style
Fashion Judy: Frozen Princess
Chef Judy: Triangular Kimbap
Chef Judy: Udong Maker – Cook
Fashion Judy: Uniform Style
Animal Judy: Rabbit Care
Fashion Judy: Vampire Style
Animal Judy: Nine-Tailed Fox
Chef Judy: Jelly Maker – Cook
Chef Judy: Chicken Maker
Animal Judy: Sea Otter Care
Animal Judy: Elephant Care
Judy’s Happy House


Chef Judy: Hot Dog Maker – Cook
Chef Judy: Birthday Food Maker
Fashion Judy: Wedding Day
Fashion Judy: Waitress Style
Chef Judy: Character Lunch
Chef Judy: Picnic Lunch Maker
Animal Judy: Rudolph Care
Judy’s Hospital: Pediatrics
Fashion Judy: Country Style
Animal Judy: Feral Cat Care
Fashion Judy: Twice Style
Fashion Judy: Myth Style
Animal Judy: Fennec Fox Care
Animal Judy: Dog Care
Fashion Judy: Couple Style
Animal Judy: Cat Care
Fashion Judy: Halloween Style
Fashion Judy: EXO Style
Chef Judy: Dalgona Maker
Chef Judy: Service Station Food
Judy’s Spa Salon

Source: This article was published wtae.com By Abigail Elise

Categorized in Internet Privacy

Android malware is a serious problem that can cause you all kinds of trouble if you’re not paying attention to what you install on your device. Even apps that come from the Google Play store can sometimes contain malware, and researchers have discovered new tools that would allow hackers to take control of an Android device without the user even knowing it.

Described as a “Cloak and Dagger” attack by researchers from UC Santa Barbara and Georgia Tech, the malware would let a malicious app gain complete control of an Android phone or tablet. The user, meanwhile, would not suspect anything, and the malware would even be able to perform tasks with the screen turned off.

“These attacks only require two permissions that, in case the app is installed from the Play Store, the user does not need to explicitly grant and for which [the user] is not even notified,” the researchers explained. “The possible attacks include advanced clickjacking, unconstrained keystroke recording, stealthy phishing, the silent installation of a God-mode app (with all permissions enabled), and silent phone unlocking + arbitrary actions (while keeping the screen off).”

All Android versions to date, including Android 7.1.2, which is the latest stable version of Android, are at risk to this type of attack, according to the researchers.

Hackers exploiting these vulnerabilities would be able to record everything you type on the phone, including passwords and private messages. They would be able to steal PINs, unlock the device while keeping the screen off, and even steal two-factor authentication tokens.

Google is aware of the issue and is working on a fix. But it’s unclear when fixes might be made available, or whether the patches will be applied to older versions of Android.

“We’ve been in close touch with the researchers and, as always, we appreciate their efforts to help keep our users safer,” a spokesperson told Engadget. “We have updated Google Play Protect — our security services on all Android devices with Google Play — to detect and prevent the installation of these apps. Prior to this report, we had already built new security protections into Android O that will further strengthen our protection from these issues, moving forward.”

The full paper describing Cloak and Dagger is available at this link, and the following videos show various exploits in action:

Source: This article was published on bgr.com by Chris Smith

Categorized in Internet Privacy

The new malware emerged exploiting vulnerabilities that a researcher reported in March

Over 100,000 internet-connected cameras may be falling prey to a new IoT malware that’s spreading through recently disclosed vulnerabilities in the products.  

The malware, called Persirai, has been found infecting Chinese-made wireless cameras since last month, security firm Trend Micro said on Tuesday. The malware does so by exploiting flaws in the cameras that a security researcher reported back in March.  

The researcher, Pierre Kim, found that the vulnerabilities can allow an attacker to remotely execute code on the cameras, effectively hijacking them.

At least 1,250 camera models produced by a Chinese manufacturer possess the bugs, the researcher went on to claim.

Over a month later in April, Trend Micro noticed a new malware that spreads by exploiting the same products via the recently disclosed flaws.

“It goes to show that the people behind this are probably more aware of how to use these vulnerabilities,” said Jon Clay, Trend Micro’s director of global threat communications.

The security firm estimates that about 120,000 cameras are vulnerable to the malware, based on Shodan, a search engine for internet-connected hardware.

The Persirai malware is infecting the cameras to form a botnet, or an army of enslaved computers. These botnets can launch DDoS attacks, which can overwhelm websites with internet traffic, forcing them offline.

Once Persirai infects, it’ll also block anyone else from exploiting the same vulnerabilities on the device.

Security firm Qihoo 360 has also noticed the malware and estimated finding 43,621 devices in China infected with it. 

Interestingly, Persirai borrows some computer code from a notorious malware known as Mirai, which has also been infecting IoT devices, such as DVRs, internet routers, and CCTV cameras, but by guessing the passwords protecting them. 

Specifically, Persirai lifts certain functions Mirai relies on to scan the internet for new devices to infect, said Marshal Webb, CTO of BackConnect, a DDoS protection provider.

Although the resulting Persirai-powered botnet is capable of launching DDoS attacks, it’s largely refrained from assaulting any websites for the moment, probably because the malware developers are still testing how to use it. 

“The security researcher, a white hat, may have had the best intentions with releasing a full disclosure on these vulnerabilities,” Webb said. “But now they're just out there, making it convenient for anyone to exploit.”

The researcher, Pierre Kim, didn't immediately respond to a request for comment, but he noted "difficulties" with finding and contacting all the vendors involved, in a blog post about the disclosure. 

However, Trend Micro has identified the primary Chinese manufacturer behind the cameras and is working with it to roll out a patch. 

The security firm is declining to name the manufacturer until the patch is published. Until then, it’s hard to know what exact products and brands may be vulnerable, since so many models appear to be affected.

However, owners can protect a vulnerable device by placing it behind a firewall, and blocking access to the malware’s command and control servers, which are located in Iran. Trend Micro has provided more technical details to Persirai in a blog post.  

Source : This article was published itworld.com By Michael Kan

Categorized in Internet Privacy

It looks like security researchers have reached an important milestone in the ongoing war against malware. A new search engine has been revealed which can be used to sniff out malware command-and-control servers around the world. Under the Malware Hunter banner – not to be confused with the Malware Hunter software – this search engine looks to bring malware distribution to a halt in the near future.

MALWARE HUNTER IS A POWERFUL TOOL

It is not hard to see why security researchers around the globe are quite excited about the Malware Hunter search engine. Having a viable solution to discover command-and-control servers will provide to be useful when it comes to thwarting malware and ransomware attacks in the future. The tool is created by Shodan and Recorded Future, who are trying to become an industry leader in the fight against global cybercrime.

The way malware Hunter works is as follows: it uses search bots crawling the Internet for computers configured to act as a command-and-control server. It remains unclear if this will yield a lot of positive results, though, as C&C servers may very well reside on the darknet for all we know. Moreover, not every server will easily give up its location either, which could prove to be quite problematic.

The Malware Hunter search engine comes with a feature that will trick these servers into giving up their location, though. To be more specific, the search engine will pretend to be an infected computer reporting back to the server in question. Assuming the server will acknowledge the request and respond, the search engine will log its IP and update the Shodan interface in real time. This provides researchers with invaluable information when it comes to locating these servers and shutting them down as quickly as possible.

What makes the search engine so powerful is how it is capable of probing virtually every IP address on the Internet today. This means the algorithm is constantly looking for new computers that may act as a malware command-and-control server. Quite an intriguing development, as it should reduce the amount of time during which malware remains a problem.

In most cases, once the C&C server is shut down, the malware will no longer cause harm. Then again, some newer types of malware have shown a way tor remains a big threat even when they fail to communicate with the central server. It remains unclear if Malware Hunter will be capable of doing anything about these attacks as well. For now, this search engine is a big step in the right direction, though.

It is important to note Malware Hunter is capable of identifying several dozen C&C servers used for Remote Access Trojans. Given the recent surge in Remote Access Trojan distribution, this is quite a positive development, to say the least. The team is hopeful Malware Hunter will detect other major threats in the future, including botnets, cryptominers, and backdoor trojans.

This article was published in themerkle.com By JP Buntinx

Categorized in Search Engine

Security researchers have found a music player app in the Google Play Store, which has already been downloaded by thousands of users, to be riddled with malicious malware. Going by the name "Super Free Music Player", the app was uploaded to Google Play on 31 March and has already garnered between 5,000 and 10,000 downloads.

According to SophosLabs researcher Rowland Yu, the malware uses similar sophisticated techniques to evade detection by Google and security researchers that were previously seen in the BrainTest malware, such as the use of time bombs, domain or IP mapping and dynamic code loading.

Yu said the malware is able to download additional encrypted payloads from remote websites and upload a list detailing the infected device's information including its model, manufacture, SDK version, country, language and installed applications among other data.

In 2015, security firm Check Point discovered the BrainTest malware on a Nexus 5 smartphone which used various techniques to avoid detection and persistently remain on unsuspecting victims' infected devices. Although Google Play removed it from the app store, attackers repurposed it in the form of a music app.

"It came back to Google Play as Super Free Music Player and attracted 5,000 – 10,000 downloads," Yu said. "Sophos has detected them as Andr/Axent-DS."

SophosLabs said it has informed Google Play about their discovery.

The latest discovery comes as attackers continue to target Android users through malicious apps found in the official Google Play store. A recently discovered nasty strain of malware dubbed FalseGuide was found in a slew of Android apps including guides for popular games such as Fifa, Pokémon Go and World of Tanks. Experts warned that the malware could have infected nearly two million phones.

Another Android trojan called BankBot also targeted hundreds of applications on Google Play in an effort to steal mobile users' online banking credentials and payment card data.

This article was published in International Business Times By Hyacinth Mascarenhas

Categorized in Internet Privacy
Page 1 of 3

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.
Please wait

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Subscribe to Our Newsletter

Receive Great tips via email, enter your email to Subscribe.
Please wait

Follow Us on Social Media