The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception.
As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very popular among malicious actors who attack mobile devices. That said, we recently discovered a new banker, SoumniBot, which targets Korean users and is notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest.
Read more…
Source: Kaspersky
Related:
- Debenhams Data Breach Affects 26K Customers, Payment Details Exposed
May 5, 2017
Personal data of up to 26,000 people was exposed due to a data breach affecting customers of Debenhams Flowers, the retailer’s florist arm. According to Debenhams, the site is actually operated by Ecomnova, which is a third-party supplier. Therefore, customers of other services it provides have not been affected in any way. On the other hand, Ecomnova ...
- After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts
May 3, 2017
Experts have been warning for years about security blunders in the Signaling System 7 protocol – the magic glue used by cellphone networks to communicate with each other. These shortcomings can be potentially abused to, for example, redirect people’s calls and text messages to miscreants’ devices. Now we’ve seen the first case of crooks exploiting the ...
- Hundreds of Fake UK Bank Sites Exposed, Pose High Risk for Customers
May 3, 2017
Hackers have registered over 300 domains with names similar to those of several popular British banks, which they use to trick customers into handing over personal details or login data. According to DomainTools, a company handling domain names and DNS-based cyber threats, 324 such domains were discovered only in relation to banks in the United Kingdom, ...
- Russian-controlled telecom hijacks financial services’ Internet traffic
April 28, 2017
On Wednesday, large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian government-controlled telecom under unexplained circumstances that renew lingering questions about the trust and reliability of some of the most sensitive Internet communications. Anomalies in the border gateway protocol—which routes large-scale ...
- Hong Kong to tighten cyber security rules after broker hacks
April 20, 2017
Hong Kong plans to toughen information security rules after a series of embarrassing hacks at the city’s brokers, the securities regulator said on Thursday. The draft rules would likely include requirements for two-step authentication for account log-in and for brokers to notify clients when a transaction had been made, a Hong Kong Securities and Futures Commission ...
- ShadowBrokers’ Windows Zero-Days Already Patched
April 17, 2017
Hours after what was thought to be a damaging release of NSA hacking tools for Windows systems, Microsoft quelled some anxiety with a late-night statement on Friday that most of the vulnerabilities disclosed by the ShadowBrokers had already been patched. The biggest surprise was that the most recent updates came in March in a bulletin, MS17-010, ...