Hacker

HUMMINGBAD MALWARE COULD BE A GATEWAY FOR ADDITIONAL ROOTKITS
August 12, 2016 9:12 am

There has been a lot of buzz in the tech community recently about a particularly bad piece of Android malware called HummingBad. The malware infects Android phones when users accidentally download a malicious third-party app, or opt for an unverifiable download on a website which comes loaded with the HummingBad package.

Once HummingBad has infected the device, it establishes a persistent rootkit and takes over its native functions.  According to Check Point, an I.T. security company, once HummingBad has infected a device it can install fraudulent apps and even generate false revenue by tricking users into clicking fake ads and links. Check Point estimated that HummingBad was able to yield cyber-criminals nearly $300,000 a month, through this process of click fraud.

The group effectively controls an arsenal of over 85 million mobile devices around the world. – Check Point

1451931217_682_How-to-remove-the-virus-police-If-your-cell-phone-has-been-infected-

These types of click fraud campaigns are common, although often not as financially successful, and can present real issues when it comes to security. Rootkits are packets of malware that establish themselves at the core of the device, or “root,” and they are dangerous because they often hide their existence by maintaining the appearance of something that is not harmful. 

Many people whose devices have been infected with this type of malware are entirely unaware that they are being victimized by a cyber-attack, while at the same time their information is being stolen and sold to the highest bidder.

According to Check Point, the dangers of these types of malware go beyond individual users. Malware packages like HummingBad could be used to target government agencies and businesses. 

Emboldened by financial and technological independence, [cybercriminals’] skillsets will advance putting end users, enterprises, and government agencies at risk. – Check Point

According to Check Point, this malware attack was part of an elaborate scheme by the Chinese Yingmob, in which the malware was sending notifications to the Umeng tracking and analytics service.  Devices have been infected world-wide, with the primary number of infected users in China.

Malware attacks like this that rely on click fraud and that are money-generating are certainly dangerous, but what is perhaps even more frightening is the potential that these rootkits, and the access to your device, has the potential to be sold.  We are entering a time when access to certain peoples’ or companies’ device root is a highly valued black-market commodity.

“Check Point believes this dangerous trend will escalate as other groups learn from Yingmob and find new ways to achieve the independence they need to launch larger and more sophisticated attack campaigns in the future.” – Check Point

Regardless, taking the necessary precautions to ensure that a device does not become infected with malicious malware in the first place is the best step towards protection. Stay away from unverified third party apps, and make sure you know the source of files that you are downloading.

FACEBOOK MESSENGER ADDS END-TO-END ENCRYPTION
August 2, 2016 11:16 am

Encrypted web browsers and online privacy protection services are steadily increasing in popularity.  Many people browsing the web now wish to keep all of their online activity private. Tools like Tor and DuckDuckGo are used by many as a full substitute for more popular browsers and search engines. (i.e. Chrome, Google, Safari, etc.)  Naturally, messaging applications are incorporating methods for maintaining privacy as well.

Messaging services like WhatsApp and Signal have been on the tech scene for some time.  Now, Facebook Messenger is joining the ranks with the addition of Secret Conversations

According to Facebook, Secret Conversations in Messenger employs end-to-end encryption. This means that the messages you send will not be able to be accessed other than on the phone they are sent from and the phone on which they are opened.

End-to-end encryption can prevent numerous potential privacy dangers, including things like unwanted surveillance, malicious third-party intrusions and tampering with data. Without the cryptographic key, the encrypted information is extremely difficult to access. Theoretically, this means that even Facebook would not be able to access your messages, regardless if they are in the Facebook Messenger App.  Even with all that, even end-to-end encryption does not absolutely guarantee that these messages will not be leaked according to Facebook.

Keep in mind that the person you’re messaging could choose to share the conversation with others (ex: a screenshot).  -Facebook

Facebook has incorporated a function called “device keys” in which you can compare a key with the other person in the Secret Conversation, in order to make sure that the conversation will remain encrypted. There are some limitations to what you can send in a Secret Conversations, including the fact that as of yet, the new feature does not support group messages.

Secret conversations don’t support group messages, gifs, videos, voice or video calling or payments.  -Facebook

According to Facebook, the service is still in the preliminary phases and is being released on a “limited test basis.  That said, now that widely used messaging applications such as Facebook Messenger are incorporating end-to-end encryption as a primary feature, this may become the industry standard for messaging services developed in the future.

Featured Image Source – TechCrunch