RiskIQ this morning warned of information-stealing ad-clicking malware that’s being offered via warning pop-ups on Samsung Android devices. The malicious app represents itself as a battery saver, and indeed it does perform as advertised. But its unadvertised performance with its clicks, theft, and a backdoor, are the unwanted part of this potentially-unwanted-program.
Deep Instinct describes Mylobot, a new and sophisticated botnet currently active in the wild. It’s not clear what Mylobot’s controllers are after, and it’s also unclear how it’s delivered, but it’s not an amateur performance. Among its features are methods of evading sandboxes and debuggers, and of reflective execution of EXE files directly from memory. It’s also patient, remaining quiescent for two weeks after installation before it makes its calls to the command-and-control servers. It also removes competing malware from the systems it infects. Researchers say it bears some similarity to Locky ransomware. Mylobot can establish complete control over victim devices, delivering whatever payloads its unknown masters may wish to install.
Vectra’s long retrospective look at the Equifax breach has led it to conclude that attackers are interested in using hidden tunnels to get into otherwise well-protected networks. Financial services are particularly attractive targets.
Google Play is adding security metadata to Android apps in the store, the better to secure offline distribution.
Cisco patched two dozen issues with its switches, next generation firewalls and security appliances.
Tesla is suing a former employee for a million dollars, alleging he hacked them for trade secrets, which he subsequently gave competitors.