Il y a quelques jours de cela, l’ordre national des pharmaciens signalait l’existence de sites illégaux proposant des médicaments, essentiellement des stimulants sexuels ou des pilules de régime, et utilisant des noms de domaine reprenant ceux de diverses pharmacies existant réellement dans l’hexagone. Ces arnaques se sont en effet multipliées depuis le 12 juillet, date Read more…
When developers are unaware of security they open the door to threats against their customers and users. We are not just talking about exploitable vulnerabilities in their code, but about something much more obvious than that. Here is the curious case of an Android application on Google Play that contains some traces of malware, but Read more…
The current threat landscape is often driven by web-based malware and exploit kits that are regularly updated with newly found vulnerabilities. Recently, we received an interesting malware binary–a JAR package that opens a back door for an attacker to execute commands and acts as a bot after infection. This archive does not exploit any Java Read more…
Last year, my colleague Itai Liba blogged about the association between malware and AutoIt, a very convenient environment for malware and tools development. AutoIt allows both easy interface creation for rapid development and full Windows API access for whatever is not directly supported. We have seen an increase in the use of AutoIt scripts by Read more…
McAfee has been monitoring and reporting extensively on one-click-fraud malware for Android in Japan this year. These attacks, primarily on Google Play, have become more active recently. We have found about 400 fraudulent apps in July alone. We consistently report these issues to Google, which promptly revokes the apps, but the scammers never stop uploading Read more…
McAfee has always been in forefront of finding new ways for securing our customers against threats and risks posed with mobile device. As part of this quest, we have introduced the concept of app reputation as part of our latest release of McAfee Mobile Security (MMS)(Ver 3.1) released on 18th July 2013. From a consumer perspective, Read more…
The Android Master Key vulnerability, which was first reported by BlueBox Security, has been big news this month. McAfee explained the vulnerability and defense against future malware exploiting it in a previous blog. Last week the first malware that exploit the Master Key vulnerability were found in an Android application market in China. The app Read more…
In a recent post, AppAppeal ranked the most popular URL shorteners. The top five includes TinyURL, Goo.gl, Bit.ly, Ow.ly and is.gd. Unfortunately, these helpful services are also used to hide a large number of malicious URLs. This result has made me want to learn more about malicious links that may be hidden behind these shortcuts. Read more…
Big news stories are always an opportunity for scammers and spammers, who attempt to redirect users to malicious exploit kits or other unwanted services. Britain’s royal baby is the latest news to offer cover for malware. We have already found a lot of spam messages regarding the birth and baby that lead users to the Read more…
Techniques used by malware developers to evade detection by security software have changed drastically in recent years. Encryption, packers, wrappers, and other methods were effective for various lengths of time. But eventually antimalware programs gained detection techniques to combat these steps. Malware authors next started frequently changing code and other data; now malware binaries are Read more…