New Android malware on Play Store disables Play Protect to evade detection

Por  Sudais em 13/01/2020 no site HackHead

This malware disables Google’s only security mechanism against malware-infected apps on the Play Store.

While the Android and iOS fanbase can be found constantly at war over the advantages one offers as compared to the other, there is one place where iOS wins by miles. We are talking about security with the latest malware discovered by Kaspersky Lab among an app on the Play Store. 

Dubbed “Trojan-Dropper.AndroidOS.Shopper.a,” the trojan tricks users into being downloaded by posing with a system icon and a similar name to a legitimate Android application. Once the fish (YOU) takes the bait, it starts with its magic by collecting your device’s sensitive and not-so-sensitive information including the IMEI Number, IMSI number, the network type and the country it is in. 

Once done, it sends the data to its command & control server (C&C) from which attackers behind the campaign can coordinate their future moves. These include tasks such as “Opening links received from the remote server in an invisible window (whereby the malware verifies that the user is connected to a mobile network)” as detailed by researchers.

See: Popular Android Emoji keyboard app makes millions with unauthorized purchases

But this isn’t where it ends. Additionally, the trojan helps boost the popularity of other “sister-malicious-apps” on the Play Store by posting overly optimistic reviews. Leaving the user little to do, it also happens to install certain apps from a third party store named Apkpure[.]com with the victim’s permission. 

How it does this is by abusing an accessibility service present to facilitate the disabled. To prevent any detection, it also disables the “Google Play Protect” which is normally used to protect Android users from such malware.Currently, (as shown above) with the statistics released by researchers, it was revealed that it is the most widespread in Russia with 28.46% of infected users. Brazil and India conveniently follow at 18.70% and 14.23% respectively.

Texas School District Lost $2.3M to Phishing Email Scam

Por David Bisson em 13/01/2020 no site The State of Security

A school district in Texas announced that it lost approximately $2.3 million after falling victim to a phishing email scam.
On January 10, the Manor Independent School District (MISD) published a statement on Twitter and Facebook in which it revealed that it was investigating a phishing email scam that cost it $2.3 million.

In the statement, MISD Director of Communications Angel Vidal Jr said that the Federal Bureau of Investigations and the Manor Police Department were pursuing “strong leads” as part of their investigation but that their efforts were ongoing.
Vidal also took the opportunity to thank the Manor Police Department for working with MISD to notify the community about the security incident.
MISD’s statement didn’t disclose any information about the phishing email scam including how it occurred or how the school district, which serves 9,600 students, detected it.
Anne Lopez, a detective with the Manor Police Department, provided some details about the attack to television station KVUE:

It was three separate transactions. Unfortunately they didn’t recognize the fact that the bank account information had been changed and they sent three separate transactions over the course of a month before it was recognized that it was a fraudulent bank account.

Lopez’s insights suggest that the attack consisted of a business email compromise (BEC) scam in which digital fraudsters tricked an employee at MISD into changing the payment instructions for a vendor or supplier. Those attacks have individually cost companies like Nikkei and Toyota millions of dollars. Between June 2016 and July 2019, BEC scams were responsible for $26 billion in damages globally.
The attack described above highlights the importance of organizations taking steps to protect themselves against malicious emails. They can do so by educating their employees about some of the most common types of phishing attacks circulating in the wild today. This resource is a good place to start.