CYBERSECURITY NEWS V. 15.10 – Google October updates, MalLocker ransomware, Fullz House web skimmer

hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts

News for discussion

Google fixes 50 vulnerabilities in October update

Google has released fixes for a variety of vulnerabilities in its Android OS, including two privilege escalation issues in the System component (CVE-2020-0215 and CVE-2020-0416, which attackers could exploit remotely using a specially crafted transfer), several privilege escalation vulnerabilities, and 22 critical issues in Qualcomm (CVE-2020-11125, CVE-2020-11162, CVE-2020-11173, CVE-2020-11174, CVE-2020-3654, CVE-2020-3657, CVE-2020 -3673, CVE-2020-3692, CVE-2020-11154, and CVE-2020-11155). Eight major information disclosure bugs have also been fixed in Android (CVE-2020-0377, CVE-2020-0378, CVE-2020-0398, CVE-2020-0400, CVE-2020-0410, CVE-2020-0413, CVE-2020 -0415, and CVE-2020-0422). In addition to that, Google has also patched 37 vulnerabilities in the Chrome browser, the most dangerous of which could be exploited by a remote attacker to execute arbitrary code on a system or gain access to confidential information.

hexway commentary:

In general, anyone who is in any way connected with software development understands that the process of eliminating vulnerabilities is a routine that all developers live with, and Google is no exception. Vulnerabilities will always exist. So we only have one question: why only 50? Well, and the traditional advice - do not rush to click "cancel" when the browser once again prompts you to install updates, because a lot of people from different countries have worked on it. Be a good fellow - update the software. Done? Oh, you are our fellow! Now read something about phishing.

News FYI

New Android ransomware MalLocker

The new Android ransomware hides inside applications that are distributed through various forums and third-party sites. Like most mobile ransomware, MalLocker does not encrypt user files, but simply blocks access to the phone. Having penetrated the device, MalLocker grabs the screen, locks it, and demands a ransom from the victim. To make the threat look more impressive, the malware pretends to be law enforcement and demands a fine. Malvar uses new and unique tactics. MalLocker first misuses the incoming call notification to display a window that covers the entire screen. Then, the blocker abuses the onUserLeaveHint () function to prevent the user from moving the application to the background. It is launched when buttons such as Home or Recents are pressed. Thus, the malware locks the phone and the ransom note is always in the foreground, preventing the user from returning to the home screen or switching to another application.

Android apps attacked 14 million users with aggressive ads

Google has removed 240 apps that bombarded their users with non-contextual advertising from the official store. The ads were designed to look as if they come from legitimate applications. RainbowMix, the group behind the campaign, disguised their adware as retro games, Nintendo NES emulators, or clones of popular applications. Once installed, the malicious apps displayed intrusive ads posing as messages from Chrome or YouTube. 240 apps have been downloaded over 14,000,000 times, and if the scammers get one cent per view, they could make at least $ 150,000 on better days. The RainbowMix apps' code kept track of the current screen state (on / off). Thus, the ad was shown at the right time.

Fullz House hacked mobile provider to steal credit cards

Fullz House hacked Boom! Mobile and installed a web skimmer. Fullz House, first discovered in November 2019, has been active for over a year, focusing on phishing for personal information, bank credentials, and credit card details. Attack on Boom! involved an injection of malicious code containing a Base64-encoded URL to load a JavaScript library from a remote domain. The injected URL loads a fake Google Analytics script, which is a credit card skimmer designed to search for specific input fields and extract data from them. On the phishing page, the buyer enters payment details that are sent to the attackers' servers after the Pay button is clicked. After that, the victim is immediately redirected to the page of the real payment processor to complete the purchase.