In response to a new piece of research from ESET which shows that cybercriminals are using popular arcade games such as Plants vs Zombies, Candy Crush or Super Hero Adventure to deliver backdoor Trojans directly onto victims‘ devices, Craig Young, security researcher at Tripwire have the following comments.
[su_note note_color=”#ffffcc” text_color=”#00000″]Craig Young, Security Researcher at Tripwire :
“The approach of infecting popular software packages is a long-standing tradition with malware authors stemming back to the earliest days of the Internet. Back then it was warez sites distributing pirated software and key generators laden with trojans and today it is taking Android APK installers repackaging them with spyware and trying to get it into app stores. The Android application format lends itself to this technique very well as the installers themselves can be easily extracted, modified, and repackaged with a fresh signature. The more sophisticated malware authors however have shifted their target to developer systems to plant malware into build tools as we’ve seen with the recent XCodeGhost disclosure of trojaned iOS apps discovered by Palo Alto in Apple’s curated app store.
For instance, have we seen malware like this in the past? What is the best way for Android users not to fall victim? Is the security industry in general seeing an increase in mobile malware?”
We have seen quite a bit of malware like this, particularly in 3rd party app stores prevalent in Asia. As far as the time delayed attack, this is an old trick used to bypass detection by automated scanning tools used by Google Play, iTunes, and others. In fact, specific research demonstrated that this tactic could previously slip malicious programs past Google’s “Bouncer” protection and Apple’s rigorous screening process.
Overall the mobile target has been expanding rapidly and we are naturally seeing a dramatic rise in mobile malware. The wealth of data stored on these devices as well as their integration in security sensitive activities (like banking and 2-factor authentication) means that if an attacker can control the mobile device, they can potentially steal the owner’s identity.”[/su_note][su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.