The following is this week’s sample of ThreatScape® Media Highlights – an email roundup of security headlines augmented by insights and analysis from iSIGHT Partners. Our cyber threat intelligence clients receive this update daily.
Thursday, 5 November 2015
MANY U.S. BUSINESSES ARE STILL RUNNING XCODEGHOST-INFECTED APPLE APPS
FROM THE MEDIA
Hundreds of enterprises are still using apps infected with XcodeGhost, according to FireEye. XcodeGhost, first discovered last month modifying 4,000 apps, is a counterfeit version of Xcode, an Apple application development tool. According to FireEye, malicious apps, including older versions of WeChat, are still attempting to connect with the XcodeGhost command and control servers.
Read the Story: PC World
iSIGHT PARTNERS ANALYST COMMENT
The threat XcodeGhost poses to most enterprises is low. Among the affected applications are the WeChat messaging service and the music application Music 163. These applications are very likely rare on corporate devices outside of China. Moreover, we have not determined that XcodeGhost was used for malicious purposes rather than as a proof-of-concept. Regardless, iPhone users should update their OS to iOS9 and update affected applications to secure versions.
RELATED iSIGHT PARTNERS REPORTS
15-00010124 (Xcodeghost iOS Malware Likely Is Proof-of-Concept), 23 Sept. 2015
15-00010902 (iOS Malware Increasingly Targeting Non-Jailbroken Devices, but Threat to Non-Chinese Users is Currently Low), 12 Oct. 2015
GOOGLE’S SECURITY AUDIT OF THE GALAXY S6 EDGE ILLUSTRATES ANDROID’S VULNERABILITY
FROM THE MEDIA
Eleven high-impact security vulnerabilities were discovered in Samsung’s Galaxy S6 Edge, according to Google’s Project Zero team. According to the team, Samsung’s gallery app and e-mail client added risks above those discovered in the Android operating system. Eight of the flaws have had patches issued, while the remaining three are expected to be patched in November.
Read the Story: The Verge
iSIGHT PARTNERS ANALYST COMMENT
Security updates for mobile operating systems like Android are often pushed from the device’s manufacturer, not directly from the software vendor like patches for traditional desktop systems. This audit of Samsung’s Galaxy S6 Edge is an example of a larger security concern: a lack of consistency across devices concerning what updates will be offered to end users and when. This can result in many devices remaining vulnerable for extended periods following initial vulnerability disclosures or patch releases, putting mobile device users and sensitive enterprise data at risk.
RELATED iSIGHT PARTNERS REPORTS
15-00008832 (Mobile Threats: Overview of Current Trends and Predictions), 30 Oct. 2015
15-00012126 (Cyber Crime Threat Summary, Including Android Devices), 2 Nov. 2015
TROJANISED ADWARE, INCLUDING NEWCOMER ‘SHUANET,’ INFECTS 20,000 RECODED ANDROID APPS
FROM THE MEDIA
Over 20,000 Android apps are infected with Trojanised adware, according to security company Lookout. Furthermore, the adware allegedly roots infected devices. The adware continues to spread as malicious actors redistribute malicious versions of popular apps such as Facebook and Google Now. Lookout identified three adware strains: Shuanet, Kemoge and Shedun.
Read the Story: The Stack
iSIGHT PARTNERS ANALYST COMMENT
Mobile adware often demonstrates capabilities similar to cyber crime malware, though the purposes for these capabilities differ. Though many apps have been identified as infected, they do not pose a serious threat to most businesses since the apps are not available on official application stores. Users should always download applications from official application stores and be wary of purportedly free versions of paid apps from unverified publishers.
RELATED iSIGHT PARTNERS REPORTS
15-00008832 (Mobile Threats: Overview of Current Trends and Predictions), 30 Oct. 2015
Threatscape Media Highlights (12 New Malware Strains Are Discovered Every Minute), 27 Oct. 2015
CHINESE MOBILE AD LIBRARY BACKDOORED TO SPY ON iOS DEVICES
FROM THE MEDIA
Researchers have discovered 17 mobiSage SDK versions with backdoors. Popular Chinese mobile ad library versions with backdoors can allow hackers to record audio and steal data housed on iOS devices. According to FireEye, it is not known whether adSage, the developer of mobiSage SDK, created the backdoors or if they were the work of a third party. FireEye identified 2,846 iOS apps with backdoored versions of mobiSage.
Read the Story: Threat Post
iSIGHT PARTNERS ANALYST COMMENT
It is likely the malicious capabilities in some versions of mobiSage are linked to aggressive advertising. While we have not observed any malicious activity using this backdoor, organizations, especially in the Chinese market, should be particularly careful when downloading mobile apps (Android or iOS) from unofficial app stores as the ad libraries often included are becoming an increasingly common target for gaining unauthorized access to iOS and Android devices.
RELATED iSIGHT PARTNERS REPORTS
15-00008832 (Mobile Threats: Overview off Current Trends and Predictions), 30 Oct. 2015
Intel-556120 (Research Paper Highlights Threats Posed by Ad Libraries in Android Apps, But Possibly Outdated), 3 April 2012
MAC OS X MALWARE SOARS IN 2015
FROM THE MEDIA
Five times more Mac malware has appeared in 2015 than in any prior year, according to endpoint security firm Bit9 + Carbon Black. According to Bit9 + Carbon Black, the majority of Mac malware uses only one of seven persistence methods, such as LauchAgents and browser plugins, to stay on a victim’s machine.
Read the Story: Info Security Magazine
iSIGHT PARTNERS ANALYST COMMENT
We have observed malicious actors sell multiple types of Mac OS X malware. While the small number of Mac devices in the wild compared to Windows devices has traditionally lessened users’ relative risk of exposure to ransomware or other malware, the growth in consumer popularity of Mac devices in recent years has made them an increasingly attractive target for cyber criminals. This increased criminal interest in targeting OS X will almost certainly continue in the near- to mid-term, as the types of malware targeting OS X continue to expand.
RELATED iSIGHT PARTNERS REPORTS
15-00003436 (Overview of NetWire RAT Which Targets Mac OS X), 28 April 2015
14-00000079 Chinese Cyber Espionage Activity Leverages Mac Malware), 9 Jan. 2015
Intel-1283632 (‘WireLurker’ OS X Malware), 6 Nov. 2014
The post ThreatScape Media Highlights Update – Week Of November 5th appeared first on iSIGHT Partners.
