Wednesday, October 5, 2016

Dress Code

How to get dressed to get into to a place? There are certain areas where a dress code is mandatory, places where you can’t get in if you are not dressed as they say. In some pubs in Berlin, for instance, if you don’t wear extravagant clothes, the doorman doesn’t let you in, it doesn’t matter if you had been waiting for one hour or two in the queue. In Barcelona, it’s usually to see a latex-lover festival where all the assistants look like Batman or Catwoman.

DressCode is also the name of a malware for mobile phones that has just been discovered by a group of researchers from Trend Micro. According to Security Week, this malware has infected more than 400 apps that were uploaded on Google Play. Researchers believe, however, that the number could be higher, and they talk about more than 3,000 infected apps, distributed by several well-known Android mobile markets.
The malware would be spreading since April and it has been found in different types of apps, such as games, skins, themes, phone optimization boosters, and more. The detection is very difficult, because the malicious code affects a small part of the Trojanized application. Once the infected app has been installed in the victim’s device, the malware connects to the command and control server (C & C). The device is then turned into a proxy that can relay traffic between the attacker and the internal servers which the device is connected.

According to the researchers from Trend Micro: “The attackers can bypass the NAT device to attack the internal server or download sensitive data by using the infected mobile as a springboard. Due to the increase of BYOD (Bring your Own Device) software, many companies are exposing themselves to risk without any precaution”.

Because of the SOCKS proxy installed, the device can be used as a bot, especially if the attacker decides to ensnare it into a botnet. This way, it can be used in different types of attacks, including DDoS, or spam email campaigns, which means the malware opens the door for other types of attacks, such as creating fake traffic or disguising ad clicks. 

Just like it’s difficult to recognize someone wearing a mask at a costume party, certain types of malware will try to get into the party of the electronic devices. This week, the Unit 42 from Palo Alto Networks has released an important study: researchers discovered a series of attacks that use written texts found in forums to send Command and Control (C & C) instructions in order to introduce malware and avoid detection. The researchers have named it Confucius, after the Chinese politician and philosopher. According to these scholars, the malware has been developed in India and its main purpose would be targets in Pakistan.

Image original source: Freeimages


Post a Comment