Tag Archives: Android

Posted on Author Atlantic Computer Services Categories Blog

Android Malware Named MasterFred Seeks User App Login Information

If you have an Android device be aware that there’s a new strain of malware out there. Called MasterFred this new malware utilizes well-constructed fake login overlays in order to steal the login and credit card information for Twitter Instagram and Netflix users.

A sample of the code was submitted to VirusTotal in June of 2021 when the malware was first spotted in the wild.

Independent analyst Alberto Segura shared a second sample online a week ago with the note that the malware he sampled was used against Android users in Turkey and Poland.

Avast Threat Labs got their hands on the sample and discovered APIs provided by the built-in Android Accessibility Service were utilized to display the malicious overlays.

Avast Threat Lab had this to say about their research:

“By utilizing the Application Accessibility toolkit installed on Android by default, the attacker is able to use the application to implement the Overlay attack to trick the user into entering credit card information for fake account breaches on both Netflix and Twitter.”

While not new or innovative it is a clever bit of code relying on elements native to the device under attack to help the malware accomplish its mission. That’s not to say that MasterFred isn’t innovative in other ways however. For instance it uses a dark web gateway called Onion.ws to deliver the login and credit card information it steals to its command and control server.

Note that briefly MasterFred was found on the Google Play store embedded in a legitimate app. That app was removed but given its presence there (however temporarily) it stands to reason that the hackers are also pushing their malware out to third party app vendor sites as well.

Stay vigilant. MasterFred certainly won’t be the last threat we see this year.

0
Posted on Author Atlantic Computer Services Categories Blog

New Android Malware Wreaks Havoc For Some Users

There’s a nasty new strain of malware you need to be aware of that targets Android devices. Don’t let the funny name fool you because AbstractEmu is a serious threat. Not only will it root an infected device but it will allow the controller of the malware to take total control of the device. It will alter its settings and attempt to evade detection via a combination of anti-emulation checks and code abstraction.

The new strain was discovered by security researchers at Lookout Threat Labs. They discovered it bundled with a collection of legitimate utility apps distributed via the Google Play Store and other third-party app repositories.

Google has removed the malware from the Play Store at this point but not before several thousand people had already downloaded it. The malware remains available on a few different third-party repositories. If you’re in the habit of picking up apps outside of the Play Store an extra measure of caution is prudent.

The team that discovered the new strain had this to say about it:

“AbstractEmu does not have any sophisticated zero-click remote exploit functionality used in advanced APT-style threats, it is activated simply by the user having opened the app. As the malware is disguised as functional apps, most users will likely interact with them shortly after downloading.

By using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant themselves dangerous permissions or install additional malware — steps that would normally require user interaction.”

Needless to say the group behind AbstractEmu has some skill and some serious coding chops. Although the malware strain’s removal from the Google Play Store has limited the rate of its spread you can bet the threat group will be on the lookout for other opportunities.

0
Posted on Author Atlantic Computer Services Categories Blog

Android Users Will Get Additional Gmail Features

If you access your Gmail account via your PC it currently has features that simply don’t exist on the Android Gmail app. Specifically with regards to its email search options.

These make it easy to find the exact email you’re looking for no matter where it might be buried in your inbox.

The good news is that Google has recently upgraded the Android app.

They gave it the same email search functionality you have access to when switching from your PC to your Android device. This includes the same feature set and a seamless experience.

The latest Android update adds the new functionality by way of four buttons below the search box.

These four buttons are:

  • From
  • Sent To
  • Date
  • And Attachments

These new search filters may be used either pre or post search. This would allow you to quickly drill down and filter your way toward a short list of emails to find exactly the message you’re looking for. That is no matter how many messages are in your inbox.

The company began rolling out the change on September 20th. So by the time you read this the new functionality may already be available to you. If not upgrade your Android Gmail at your next convenience and give the new more robust search a try.

Note that the feature is being rolled out to all Gmail users and there’s no way for Workspace or G Suite admins to disable it. Although in fairness only a few people would want to. If you decided you didn’t want to make use of the new feature it’s as simple as not taking advantage of it.

The bottom line is that it is a handy time saving feature that will make your life easier. Kudos to Google for constantly striving to improve the products in the Google ecosystem and for working tirelessly to create a seamless user experience.

0
Posted on Author Atlantic Computer Services Categories Blog

WhatsApp Mods On Android Devices May Contain Malware

Are you a WhatsApp user? If you are you may have heard of the FMWhatsApp mod.

It promises to improve the WhatsApp user experience by improving user privacy, giving access to custom chat themes, emoji packs from other social networking sites, app locking via a customizable PIN, and more.

Hackers have hijacked this legitimate and helpful mod. It’s somewhat hard to detect because the poisoned mod does what it promises. In addition to providing the promised features, it also installs the Triadatrojan malware.

Triadatrojan isn’t harmful in and of itself but the hackers have seen fit to bundle the XHelper trojan with the malware. Triadatrojan plants seeds in any Android device it infects that allow the hackers to install other malware as well.

The poisoned version of FMWhatsapp was found by researchers at Kaspersky. They discovered that FMWhatsapp 16.80-.0 will install the following additional malware (taken from a recent Kaspersky post on the topic).

According to the Kaspersky post:

  • Trojan-Downloader.AndroidOS.Agent.ic, which downloads and launches other malicious modules.
  • Trojan-Downloader.AndroidOS.Gapac.e, which installs other malicious modules and displays full-screen ads.
  • Trojan-Downloader.AndroidOS.Helper.a installs the xHelper Trojan installer module and runs invisible ads in the background.
  • Trojan.AndroidOS.MobOk.i signs the Android device owner up for paid subscriptions.
  • Trojan.AndroidOS.Subscriber.l also signs up victims up for premium subscriptions.
  • And Trojan.AndroidOS.Whatreg.b harvests the info and requests the verification code to sign into the victims’ WhatsApp accounts.

The best way to avoid the poisoned version of the app is to be sure you’re getting it from the Google Play Store. So far it has not made it past Google’s stringent checks but the Kaspersky researchers did discover it on a number of popular WhatsApp mod distribution sites.

The FMWhatsApp mod is excellent. Just be sure you’re getting the non-poisoned version of it.

0
Posted on Author Atlantic Computer Services Categories Blog

Recent Android App Update Caused Calling And Answering Issues

Google’s Android app is the most installed app of all time with more than 5 billion installations. That matters because recently the company reported the existence of a serious bug in the app’s latest update.

The company had this to say about the issue:

“After the latest update to the Google Search App on Android, the users of certain mobile phones are experiencing difficulty in receiving and making calls. We are currently looking into the matter and have released a new version of the app which should address the issue.”

Fortunately the issue only affects a relatively small percentage of Android phones. The bad news is that given the sheer number of Android devices there are on the market today, even a tiny slice amounts to a lot of impacted users.

If you’re currently using an Android device and recently you’ve discovered that you can’t make or answer calls this may well be the reason why.

If you’re like most users you probably have automatic updates turned on. Assuming that you do have them turned on you won’t have to do anything when the new version becomes available. You’ll simply wake up one morning in the near future to find it installed and your call functionality restored.

If you do not have automatic updates turned on you will definitely want to watch Google’s blog and keep an ear to the ground so you know when the new update is available.

Needless to say this has caused quite an uproar in the Android ecosystem. Users have been taking to a variety of social media platforms to express their displeasure and to demand that Google do better.

The company is by no means perfect but they have a solid reputation when it comes to improving user experience. We can expect that this issue will be resolved soon if there isn’t already a fix available by the time you read these words.

0
1 5 6 7 8 9 17