Cyber Security

GOT(IT) #3: CCleaner got infected, new SMS scam on Android, plus UK’s request to WhatsApp

The third one’s the lucky charm, right? Well, it doesn’t quite work that way for IT security news. Software is as volatile as ever and another one bit the dust: CCleaner.

 With GOT(IT) #3 we took our eyes out of Equifax’s chaos and looked up to discover CCleaner has been infected, Android reported a new malicious app attack that implements an SMS scam, and WhatsApp refused to create a backdoor for the UK Government

Infected CCleaner Spread Malware

Avast CCleaner Malware SpreadWhat do you get when you have a popular, useful, and widely distributed piece of software, and you combine it with a malicious attack that enables a backdoor for malware? Well, it could have been the perfect storm, but the attack seems to have been stopped in time.

Avast’s tool, CCleaner, was breached by a group of hackers who managed to infect the downloads with a “multi-stage malware payload” that remotely allowed the installation of ransomware, such as keyloggers. Over 130 million users utilize the tool, but only 700,000 computers were affected according to Avast’s report.

The security company forced an update and “managed to disarm the threat on time” before the attackers could make use of the connections; however, further investigations lead by Cisco’s Talos Security division gave a new angle to this story. Hackers behind the attack were trying to filter the affected users to identify computers inside top-notch technology firms, like Intel, Google, Microsoft, and HTC.

Industrial espionage is currently theory number one, since 8 out of 18 targeted firms were breached with a second malicious injection that would have served as a greater access for the attackers. If affected, a full backup restoration was recommended by Talos’ Research Manager Craig Williams.


Android Malware Claims 4.2M Victims

Android Attacks on the RiseGOT(IT) PreyCyberattacks are going mobile at bigger and meaner scales. Ever since wallets went virtual and banking took an app form, hackers started to gain interest in breaching Android devices over desktop computers. However this time, the attackers went old-school and infected 4.2 million users with a malware that cashed victims through SMS subscriptions.

Researchers at Check Point discovered that at least 50 malicious apps infiltrated the Play Store through low-key tactics that include the use of packers to encrypt all malicious files. If the user granted permissions to, for example, the app I Love Filters, it would enable its hidden ExpensiveWall malware to work.

ExpensiveWall accesses the phone’s number, and then utilizes it to run a script that subscribes it to paid services with monthly fees (charged through SMS). Google responded quickly to the report and took down all apps, but their store’s automatic detection hasn’t been consistent enough to ensure the malware isn’t going to re-appear.

There’s a recurrent tendency that shows how apps breach Google’s store. They start off as legitimate apps and lay low for a while, gaining users and hiding the possible exploit some time has passed. Then, they flip the switch and take advantage of their user-base.


WhatsApp Refused to Create Backdoor for UK’s Govt

WhatsApp refuses UK request access to messages.By now, encryption in mobile messaging services is sort of a standard. Still, there’s a fine line between how it protects daily users, and how it helps people with malicious intents… Well… Hide their malicious intents. Once again, terrorist attacks have refueled a fiery question: Could we sacrifice privacy in the name of security?

WhatsApp’s answer, as Apple once also said to the FBI, is: No. An Anonymous security source quoted by Sky News reportedly revealed a meeting between the British Government and WhatsApp, where the messaging service was asked to create a backdoor that gave access to encrypted messages.

The company supposedly refused to what could have been the second attempt made by the UK’s Government: after the Westminster’s attack early this year, UK’s Home Secretary Amber Rudd declared it was “unacceptable” that intelligence service couldn’t access the perpetrator’s WhatsApp history.


That’s a wrap up! What do you think? In a time where personal privacy has been proved extra-vulnerable, it’s unlikely trusts information requests like these. 

About the author

Nicolas Poggi

Nicolas Poggi is the head of mobile research at Prey, Inc., provider of the open source Prey Anti-Theft software protecting eight million mobile devices. Nic’s work explores technology innovations within the mobile marketplace, and their impact upon security. Nic also serves as Prey’s communications manager, overseeing the company’s brand and content creation. Nic is a technology and contemporary culture journalist and author, and before joining Prey held positions as head of indie coverage at TheGameFanatics, and as FM radio host and interviewer at IndieAir.