Of Smurfs, a Real Estate Mogul (who just happens to be running in the presidential primaries) and Vigilantes

Things are always changing in the world of malware and cyber threats. Every day there is a new bad guy and another exploit trying to sink its claws into some innocent victim. There is so much happening that it can send your head into a tail spin just to keep up with it all.

To help you stay on top, we are introducing a new feature to the Reason Security blog called “ The Weekly Security Roundup” where we highlight the most important happenings in the malware-o-sphere. Knowledge is power so keep yourself up to date by reading each week.

This week’s top honors go to mobile malware, hotel breaches and shockingly, a few hackers who infect routers to help keep viruses and other bad stuff off computers. Go figure!

Mobile Malware

It’s pretty clear by now that malware just loves androids. This week alone brought tidings of:

Kemoge – By disguising itself as commonly bought legit apps, Kemoge has already been spotted in more than 20 countries including the US. It is sold on third-party app stores and promotes itself via websites and in-app ads. On the surface Kemoge is just annoying, delivering unwanted ads but behind the scenes it’s far more malicious than that. The root exploits also contained therein allow a crafty hacker to take control of an infected device. Then it can access all sorts of private information which gets shipped off to a remote server.

Spying Smurfs – Then there was talk of hacking smartphones for surveillance purposes. In an interview with the BBC earlier this week Edward Snowden (maybe you’ve heard of the guy) told the Brits on the telly about the US Government’s oddly named smartphone surveillance tools used to track and spy (appropriately named Tracker Smurf). It can even turn your phone on and off without you knowing it (This one is called Dreamy Smurf). So the next time you are sure you left your phone off but somehow now it’s clearly on, as if done by magical little blue creatures, you’ll know why.

YiSpecter – Android fans, you can take a breath now, this one isn’t out to get you. YiSpecter is actually affecting Iphones. It poses as a legit, Apple-signed app and according to researchers at Palo Alto Networks who discovered the malware “can download, install and launch arbitrary iOS apps, replace existing apps with those it downloads, hijack other apps’ execution to display advertisements, change Safari’s default search engine, bookmarks and opened pages, and upload device information to the C2 [command and control] server.” And you Iphone Fanbois thought you were invincible. Ha!

Trump Hotel Hacks

Donald seems to be a bit busy at the moment but that didn’t stop the gazillionaire presidential hopefuls’ hotel chain from being the victim of a security breach. Trump Hotels announced this week that they were operating with malware on its payment system for over a year, from May 2014-July 2015. Among the stolen data could likely be full names and credit card numbers of patrons of the hotels in numerous locations. The high-end chain will be offering a free year of identity protection to potentially affected guests.

Perhaps the next presidential primary debates will include questions like “Let’s say you were the owner of a huge hotel chain and got hacked. What would you do?”…

Keep watching to find out!

Linux.Wifatch, the Good Malware?!

In what is clearly the most noteworthy security event of the week, a group malware creators used their power for good in creating Linux.Wifatch. First observed by security giant Symantec, Linux.Wifatch appears to be regular malware on the surface, infecting routers and performing covert operations. But there is a twist – what the security firm noticed was that the malware seems to block other malicious malware from entering routers, one of the most easily hacked devices.

The group who created Linux.Wifatch came forward later this week and published the entire source code on GitLab so it can be reused and incorporated into other systems. According to the creators who call themselves The White Team, “Apart from the learning experience, this is a truly altruistic project, and no malicious actions are planned”. Further, they stated that they only infiltrated routers that were covered by the bare minimum of protecting, using passwords like “password”.

Our opinion here at Reason is to take everything we hear with a grain of salt and wait before passing judgement (hey, some of us are New Yorkers and we don’t trust nothin’) but it may be interesting to see how this plays out.

As for next week, what, a banking trojan that gives you money?

Only time will tell!

Leave a Reply