Android Users Should Avoid Porn sites
The Reveton Gang is at it again. This time, though, they're targeting users of Android phones -- typically visitors to porn sites.
The gang that pioneered the idea of locking up a target's computer and demanding a ransom to unlock it has turned its attention to the rapidly growing mobile market.
Once Reveton mobile infects a phone, it will display a bogus warning from a fractured local law enforcement authority. In the U.S. it's "Mandiant U.S.A. Cyber Security/FBI Department of Defense/U.S.A. Cyber Crime Center."
Needless to say, the gang doesn't know a lot about the U.S. government or law enforcement, but that's irrelevant to someone whose phone is suddenly bricked until the online extortionists get their payment.
The gang's tactics haven't changed since they introduced their malware years ago.
"Just as its Windows-based variant, it performs a geolocation lookup for the device's IP and displays a customized page using some local law enforcement branding," explained Bogdan Botezatu, a senior e-threat analyst with Bitdefender.
"In order to get their phones back," he told The media, users must "pay a $300 fine via untraceable payment mechanisms such as Paysafecard or uKash."
A phone can acquire the ransomware just by visiting an infected porn site, Botezatu explained. However, some user interaction is needed to install the bad app once it reaches a phone.
Ransomware malware
Although the malware's warning screens claims the app encrypts all data on the phone, making the data inaccessible, that claim may be dubious.
"It's been hard for anyone to find any evidence of that," David Britton, vice president of industry solutions for 41st Parameter, told The press.
"This is more scareware than anything else. What we find is that when these things are marketed to the world, the claims about what they can do are sometimes more robust than what they actually do," he said.
"The marketing efforts of the bad guys can be impressive," added Britton, "but the capability of the actual technology can be less than that."
Rather than encrypt all the data on the phone as CryptoLocker does on a PC, mobile Reveton is pure ransomware. "It puts a wrapper over all the interfaces and UIs," JD Sherry, vice president of technology and solutions for Trend Micro, explains. "So a user can't do anything because malware has system-level access."
The malware doesn't make the effort to obtain the permissions it would need to encrypt data on an Andoid phone, Botezatu explained.
"The cybercriminals wanted to keep it simple," he said. "This might be the first iteration -- a test case, if you will -- of a very successful breed of mobile ransomware."
The arrival of ransomware on the mobile scene is just the beginning of a gathering storm.
"This is going to be massive," Sherry said. "This will be the year that we see a tremendous amount of malware hitting mobile phones, and I don't think consumers and organizations are prepared to handle these attacks once they migrate to mobile devices."
Dropbox vulnerability
Dropbox grappled last week with vulnerability in its user file-sharing system. It seems that there are activities performed with the links -- typing them into a search engine, for example -- that can allow unintended parties to use them.
The problem, discovered by Intralinks, isn't limited to Dropbox, said Sri Chilukuri, vice president of enterprise product marketing at Intralinks.
Most file-sharing services allow you to share files with others by sending them a link. Whoever clicks on that link -- whether it's who you thought you sent the link to or not -- can see the file at the end of the link.
To address that issue, some sharing services allow a user to require authentication by the person who's supposed to click the link -- perhaps requiring the recipient to log into the file-sharing service, for instance, before the link can be executed.
"With Dropbox's consumer product, there's no choice at all for authentication," Chilukuri explains. That can create some security risks for consumers.
People have shared links to tax records and market statements -- very highly sensitive documents," Chilukuri said.
In addition to its consumer product, Dropbox has an enterprise product. However, authentication is turned off by default.
"Since those users don't know about this issue, they send unauthenticated links as well. In fact, many of the files we found when we uncovered these links were business files related to company IP," Chilukuri pointed out.
"The key message here," he said, "is that people have to very cautious about using this type of product for sharing sensitive information."
No comments:
Post a Comment
Comments