Is Coin Miner draining your Android device?

The TrendLabs Security Intelligence Blog has identified the Coin Miner mobile malware back in the Google Play store. The malware takes over a device and uses its resources to mine a selection of different cryptocurrencies. Users will often not realise what is going all. What they will see is poor battery life and degraded performance.

The apps are using several techniques to bypass security. The blog states: “These apps used dynamic JavaScript loading and native code injection to avoid detection. We detect these apps as ANDROIDOS_JSMINER and ANDROIDOS_CPUMINER.”

What apps were used by Coin Miner?

This attack is a change to the way coin mining solutions take control of machines. As the report states: “We’ve previously seen tech support scams and compromised websites used to deliver the Coinhive JavaScript cryptocurrency miner to users.” This move to using apps is different and given the success of other app based malware, could be more effective. Those users who jailbreak their devices to install anything are particularly at risk here, especially with the ANDROIDOS_CPUMINER attack.

The first of the two mining apps, ANDROIDOS_JSMINER takes advantage of two apps:

• Recitiamo Santo Rosario Free: This app helps users to recite the Holy Rosary.
• SafetyNet Wireless App: This is aimed at people enrolled in government assistance programs in the US who would otherwise not be able to get online.

Once installed, the apps download the Coinhive JavaScript library and start mining cryptocurrencies. The apps run in a hidden browser window making it difficult for the user to know they are there. However, they do cause very high CPU utilisation. On most devices this will manifest itself as the device getting warm or even hot when held.

The second mining app, ANDROIDOS_CPUMINER turns any app into a trojan. Apps are modified and then repackaged. When a user downloads the app, often from an unofficial app store or from illegal software site, they will be quickly infected. TrendLabs discovered one such app was the Car Wallpaper HD: Mercedes, Ferrari, BMW and Audi.

TrendLabs says that it detected a total of 25 instances of ANDROIDOS_CPUMINER in addition to the ANDROIDOS_JSMINER infected apps.

What does this mean?

The explosion in cryptocurrencies and the need to mine them early to make a serious profit is driving these attacks. It is highly unlikely that we will see any let up in the number of attacks over the next year or even longer. Criminals are also getting smarter and looking for new ways to infect machines.

The big question here is what value is realistically being gained from using mobile devices? While they are getting more powerful the problems that need to be solved are also getting harder. This means that the return on investment for the hackers is questionable. Of course, it could be that once they realise this they will change their approach and use infected devices for other purposes.

In the blog post the authors state: “These threats highlight how even mobile devices can be used for cryptocurrency mining activities, even if, in practice, the effort results in an insignificant amount of profit. Users should take note of any performance degradation on their devices after installing an app.“

Is Coin Miner draining your Android device? was last modified: October 31st, 2017 by Ian Murphy

via enterprisetimes.co.uk

Update your Android now – many holes fixed including ‘BroadPwn’ Wi-Fi bug

Google’s July 2017 security fixes for Android are out.

As far as we can see, there are 138 bugs listed, each with its own CVE number, of which 18 are listed with the tag “RCE”.

RCE stands for Remote Code Execution, and denotes the sort of vulnerability that could be abused by a crook to run some sort of program sent in from outside – without any user interaction.

Generally speaking, RCE bugs give outsiders a sneaky chance to trigger the sort of insecure behaviour that would usually either pop up an obvious “Are you sure?” warning, or be blocked outright by the operating system.

In other words, RCEs can typically be used for so-called “drive-by” attacks, where just visiting a web page or looking at an email might leave you silently infected with malware.

The majority of the July 2017 RCE bugs in Android appear under the heading “Media framework”, which means they are Android flaws that are exposed when files such as images or videos are processed for display.

Like the infamous Stagefright bug in Android back in 2015, bugs of this sort can potentially be triggered by actions that don’t arouse suspicion, because images and videos can unexceptionably be embedded in innocent-looking content such as MMS messages and web pages.

There’s also an RCE bug in Android’s built-in FTP client – this one affects all Android versions still getting patches, from 4.4.4 all the way to 7.1.2.

We’re not sure how easy it is to trigger this bug, but we’re assuming it’s tricky to exploit because Google gives it only a moderate rating.

(Mild risk ratings are unusual for RCEs – they usually attract a high or critical rating because there’s a lot at stake if an RCE vulnerability does get exploited.)

“Proximate attacker” warning

The most intriguing bug this month, however, is an RCE flaw in the Broadcom Wi-Fi code that’s used by Android devices equipped with certain Broadcom wireless chips.

According to Google, “a proximate attacker [could] execute arbitrary code within the context of the kernel”.

In plain English, that means a crook who’s within Wi-Fi range could fire off booby-trapped network packets at your Wi-Fi hardware, trigger a bug in the wireless device…

…and end up with the same programmatic powers as the Android operating system on your device.

Given that the Android kernel is responsible for keeping your apps apart, for example by preventing the new fitness app you just installed from sneaking a look at your browsing history, a security compromise inside the kernel itself is about as serious as it gets.

Unfortunately, we can’t yet give you any real detail about the Broadcom RCE patch.

The researcher who found the bug will be presenting his findings at the end of July 2017 at the Black Hat 2017 conference in Las Vegas.

Until then, all we really have are teasers for his forthcoming talk, and a the funky-sounding name BroadPwn for the vulnerability.

(Understandably, no one who’s about to unveil a cool exploit at Black Hat wants to risk giving away a TL;DR version before the talk takes place – that would be like leaking the names of the Oscar winners a week before the awards ceremony.)

Interestingly, back in April 2017, a number of security issues in Broadcom wireless firmware were found to affect both iOS and Android devices – so if you’re an iPhone user, don’t be surprised if this month’s Google patches are quickly followed by a security patch from Apple, too.

What to do?

As usual, we’re going to repeat our usual mantra: “Patch early, patch often.”

What we can’t tell you is when the vendors of devices other than Google’s own Nexus and Pixel phones will be ready with their patches – if you’re worried, ask your vendor or the carrier who supplied your device.

Also, we can’t give you a handy list of the thousands of different Android devices out there that not only include Broadcom wireless cards but also have firmware that’s affected by the BroadPwn bug.

Once again, if you are worried, ask your supplier or mobile carrier.

Having said that, we can offer you Sophos Mobile Security for Android, 100% free of charge: although it won’t patch the abovementioned security holes for you, it will stop you from browsing to risky websites and from downloading booby-trapped adware and malware apps.

A good Android anti-virus not only makes it harder for crooks to push risky content onto your device but also stops them pulling you towards phishing pages, survey scams and other criminally oriented websites.

via nakedsecurity

Facebook is rolling out its ‘Find Wi-Fi’ feature worldwide

Facebook is expanding one of its newer features designed to help mobile users find accessible Wi-Fi networks. The company had begun testing a “Find Wi-Fi” option last year on mobile, which highlighted free, public Wi-Fi networks nearby. At the time, the option was only available on iOS in select countries, as something of a test. Today, Facebook announced users worldwide on both iOS and Android devices will soon gain access to “Find Wi-Fi.”

The company explains the addition is useful for those times when you’re traveling, but especially so when you’re in an area where cellular data is “scarce,” it says.

In developed markets like the U.S., that could mean more remote, rural locations, but in emerging markets, it’s an even more powerful tool as users often have limited data plans, and spotty cellular coverage in general.

The feature, like other new additions to Facebook’s portal, is found under the “More” tab in the Facebook mobile app. Once you locate the “Find Wi-Fi” tab, Facebook notes you may need to turn it on. Afterwards, Facebook will display a map showing the closest hotspots, as well as details about the businesses that provide them.

Besides being a handy addition that helps Facebook’s now 2 billion monthly users stay connected to the network and spend more time in its app – something that directly impacts Facebook’s bottom line – the tool also serves as another way to discover local businesses. That means users might start turning to Facebook to find the closest coffee shop with Wi-Fi, instead of Google Maps.

But the feature isn’t as of yet as reliable as it should be, we found – though it easily picked up Wi-Fi hotspots at nearby restaurants and malls, for example, it didn’t include the closest Starbucks or McDonald’s in our list of suggestions. (Your mileage may vary.)

This is because, for the feature to work, a business must first claim their Wi-Fi network by navigating to their “Edit Page Info” on their Facebook Page. Or, more simply put, it’s an opt-in setting. That being said, the feature has seen good adoption during the tests starting last year. And now that businesses know it’s a globally available feature, that adoption may increase.

A tool for listing Wi-Fi networks is hardly Facebook’s only effort with regard to helping users with mobile connectivity. The company has much larger projects underway in this area, including efforts via its Internet.org arm to expand mobile connectivity in emerging markets, infrastructure investments around the world, plans to use solar-powered drones for delivering connectivity and more.

Facebook says “Find Wi-Fi” is beginning to roll out globally on iPhone and Android.

via TC

Unmask Unknown Caller ID

Take back your privacy and know who‘s hiding behind No Caller ID, Restricted, and Unknown numbers. Stop the scams, harassment and more.

Say ‘No’ to blocked calls. 
Forever.

With TrapCall’s patented technology you will always know who is behind anonymous blocked caller ID. Just decline the call and let us work our magic. Calls ring back to you unmasked in just a few seconds.

Watch the Video

Blacklist harassing callers.

We have built a better blacklist to give you back your privacy.

Annoying callers you have added to your blacklist give up when they hear a message that your phone has been disconnected every time they call.

   Hear the message

Spam call blocking. NEW! 

Block annoying telemarketing and robocalls forever with our mobile app. These unwanted calls are automatically blocked on iPhone and are flagged as spam before you answer on Android.

Put names and faces to callers with Live Caller ID. NEW! 

Know more about any number before you answer thanks to Live Caller ID.

We will now show you more than just the caller’s phone number; you will know who they are where they live and how they look, even before you answer the call.

Record incoming calls.

Need evidence to show the police that you are being harassed? Want a record of your conversation for your attorney? With TrapCall Ultimate you can record your incoming calls and know exactly what was said.

Privacy lock. NEW! 
Protection beyond blocked numbers.

Even if a call does not have a real phone number associated with it, you are protected. By forcing 'Unknown' callers to identify themselves, you will know who is calling before you answer.

How TrapCall works

Your phone rings, but it’s blocked

Decline the call, we do our magic

The call rings back - unmasked!

Blacklist and take back control

Take back your privacy. Sign up now.

Starts at $4.95/mo. 5-minute setup.

Get Started