FortiGuard Labs recently discovered a running Google Docs malware campaign that uses the names of Fortinet and FortiGuard. When we examined the documents, we encountered a long chain of redirects inside a malicious network, and the destination of this chain was dependent on our IP and the user-agent that was used. This malicious network targets all major platforms: Windows, Android, and MacOS.
FortiGuard Labs has encountered a lot of packed Android malware recently. One interesting aspect to this malware is that even though the packer being used is consistently the same, the malware that it drops changes quite frequently. In this blogpost we will demonstrate how to unpack the malware deployed by today’s most common dropper using only open-source free tools.
Cryptocurrencies don't all work the same way. Some are minable, some aren't. For example, Ripple (XRP), Cardano (ADA) and Tether (USDT) aren't minable.
Over the past few years, I have been giving workshops on Android reverse engineering - my next one will be an advanced session at Virus Bulletin in October. As with most other researchers on Android, I typically start off with a slide explaining that an Android Package (APK) is just a ZIP. Since Android 7.0, however, this is no longer true.
We have recently stumbled on several active samples of an Android spyware. They belong to a family we have named BondPath (also known as PathCall or Dingwe), which was first reported in May 2016. While our customers have been protected against that malware since 2016, in July 2018 we discovered that some samples are still in the wild and continue to be a threat to unprotected smartphones.
Recently, the FortiGuard Labs team noticed that one of the most successful applications on the market, “WhatsApp Messenger” developed by “WhatsApp Inc.”, has been the target of a lot of attention by scammers and criminals alike.
BankBot is a family of Trojan malware targeting Android devices that surfaced in the second half of 2016. The main goal of this malware is to steal banking credentials from the victim’s device. It usually impersonates flash player updaters, android system tools, or other legitimate applications. Once installed, it hides itself and then tricks the user into typing his or her credentials into fake bank web pages that have been injected onto the device’s screen.
ToorCon 19 San Diego was held Monday August 28th to Sunday September 3rd, 2017 at The Westin San Diego. It included three parts. The first was training workshops focused on various aspects of computer security. These took place on Aug 28-31. The second was a Seminar held on Sep 1. The third part was the formal Conference that ran from Sep 1-3. I was honored to be able to present my research, Dig Deep into FlexiSpy for Android at ToorCon 19. FlexiSpy for Android is a spy app with full IM tracking, VoIP call recording, and live call interception....
Bluetooth is one of the most widely deployed and used connectivity protocols in the world. Everything from electronic devices to smartphones uses it, as do a growing number of IoT devices. Now, a new Bluetooth exploit, known as BlueBorne, exploits a Bluetooth, making literally billions of devices potentially vulnerable to attack. BlueBorne is a hybrid Trojan-Worm malware that spreads thru the Bluetooth protocol. Because it includes worm-like properties, any infected system is also a potential carrier, and will actively search for vulnerable hosts....