Pokémon Malware

In case you have not heard of the new craze going on with an augmented-reality smartphone app called Pokémon Go. It’s a geocaching game, meaning it’s tied to real-world locations.

It’s a smash hit sending people on the street, trying to catch virtual creatures in real-world locations — called Pokestops — that players can capture, train and trade.

However, the game’s rapid rollout and breakaway success has its risks. Pokémon Go has immediately hit several security and privacy-related speed bumps.

  • The Google Login Permissions Problem

Many security researchers have been warning that the initial release of the Pokémon Go app has access to many more device permissions than needed meaning a possible privacy risk.

  • Trojanized Apps

Just 72 hours after the release of Pokémon, bad guys had Trojanized a legitimate version of the free Android app to include malware and released it via unofficial, third-party app stores, researchers at security firm Proofpoint said.

The malicious Android application file “was modified to include the malicious remote access tool called DroidJack – also known as SandroRAT, which would virtually give an attacker full control over a victim’s phone,” the researchers warn in a blog post. Gaming websites have begun publishing instructions about how users can download the app, including using side-loading – evading Google’s official app store – to install them.

Proofpoint said: “In the case of the compromised Pokémon Go APK we analyzed, the potential exists for attackers to completely compromise a mobile device. If that device is brought onto a corporate network, networked resources are also at risk.”

  • Send this to your employees, friends and family:

You have probably heard about the new Pokémon app. It’s going viral and sends people on the street to catch these little virtual creatures. There are some risks if you have the “gotta catch ’em all” fever.

First, please stick to the vetted app stores, do not download the app from anywhere else. Why? Bad guys have taken the app and infected it with malware, and try to trick you downloading it from untrustworthy websites.

Second, anyone using the app, and especially kids should be VERY aware that they are not lured into a real-world trap which could lead to mugging or abduction. Other players can track you in the real world using this app so be careful.

Third, there are possible privacy issues if you use your Google account to log into the app. Create a throw-away account and use that to log into Pokémon, not your private or business account .

As always, Think Before You Click!

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Locky Ransomware Encrypts Files Even When Machine Is Offline

The Locky ransomware has added a fallback mechanism in the latest strain of  malware created for situations where the code can’t reach its Command & Control server.

Researchers from antivirus vendor Avira blogged about this version which starts encrypting files even when it cannot request a unique encryption key from the Command & Control server because the computer is offline or a firewall blocks outgoing communications.

Calling the mothership is normally required for ransomware that uses public key cryptography. And actually, if the code is unable to call home to a Command & Control server after they infect a new machine, most ransomware does not start the encryption process and is dead in the water.

Why? The encryption routine needs unique public-private key pairs that are generated by the Command & Control server for each infection. How does this work? Here is a simplified sequence of events.

  1. The ransomware program generates a local encryption key and uses an algorithm like AES (Advanced Encryption Standard) to encrypt files with certain extensions.
  2. It reaches out to a Command & Control server and asks that machine to generate an RSA key pair for the newly infected system.
  3. The public key of that pair is sent back to the infected machine and used to encrypt the AES encryption key from step 1. The private key, (needed to decrypt what the public key encrypted), stays on the Command & Control server and is the key that you get when you pay the ransom and is used for decryption.

As you see, a lot of ransomware  strains are useless if a firewall detects their attempt to call home and blocks it as suspicious. There is another scenario however…

As damage control, organizations also cut off a computer from the network the moment a ransomware infection is detected. They might even take the whole network offline until they can investigate if other systems have also been infected.

The silver lining? If someone pays the ransom and gets the private key, that key will work for all other offline victims as well, so expect a free decryptor to become available in the near future.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Apple Releases iOS 9.3.3 With Bug Fixes and Performance Improvements

Apple today released iOS 9.3.3 to the public, marking the third minor update to iOS 9 since iOS 9.3 launched in March of 2016. In testing since May 23, there were five betas of iOS 9.3.3 released to developers and public beta testers ahead of the public release of the software.

Today’s iOS 9.3.3 release is available as an over-the-air update for all iOS 9 users and it can also be downloaded through iTunes.

iOS-9.3.3
As a small update, iOS 9.3.3 focuses mainly on under-the-hood performance improvements and bug fixes rather than outward-facing changes.

iOS 9.3.3 is the ninth update to the iOS 9 operating system. iOS 9 will be followed by iOS 10, which has already been provided to developers.

iOS 10 brings a host of new features, including a revamped Lock screen experience, an overhauled Messages app with new functionality and its own App Store, a new Photos app with object and facial recognition, a redesigned Music app, a centralized HomeKit app, and a Siri SDK for developers.

Facebooktwittergoogle_plusredditpinterestlinkedinmail