Updates to Mac Virus
John Leyden for The Register: Baddies of the internet: It’s all about dodgy mobile apps, they’re so hot right now “Rogue mobile apps have become the most common fraud attack vector, according to the latest quarterly edition of RSA Security’s global fraud report.” If you don’t mind giving your contact information away, the report is available here.
For Sophos, Matt Boddy explains how to use AppMon to see which of your Android apps are paying more attention to your conversations than you’re comfortable with. Not for beginners, but interesting. Are your Android apps listening to you?
Also for Sophos, Paul Ducklin analyses Patrick Wardle’s 0-day Mac exploit, as discussed recently at Def Con. While there’s no fix as yet, Paul points out that “Fortunately, as zero-days hacks go, this one isn’t super-serious – a crook would have to infect your Mac with malware first in order to use Wardle’s approach, and it’s more a tweak to an anti-security trick that Wardle himself found and reported last year than a brand new attack.” Apple Mac “zero day” hack lets you sneakily click [OK]
Martin Beltov for Security Boulevard: Android Man-in-the-Disk Attack Can Expose Apps & User Data – “Security experts discovered a new Android infection mechanism called the Man-in-the-Disk attack. It takes advantage of a design issue found to be with the operating system itself that takes advantage of the external storage access. Abuse of this possibility can expose sensitive data to the criminal operators.”
AV-Test offers an interesting aggregation of 2016/2017 malware statistics in its Security Report here. Its observations on ransomware may be of particular interest to readers of this blog (how are you both?) The reports points out that:
There is no indication based on proliferation statistics that 2016 was also the “year of ransomware“. Comprising not even 1% of the overall share of malware for Windows, the blackmail Trojans appear to be more of a marginal phenomenon.
But as John Leyden remarks for The Register:
The mode of action and damage created by file-encrypting trojans makes them a much greater threat than implied by a consideration of the numbers…
Looking at the growth in malware for specific platforms, AV-Test notes a decrease in numbers for malware attacking Windows users. (Security vendors needn’t worry: there’s still plenty to go round…)
On the other hand, the report says of macOS malware that ‘With an increase rate of over 370% compared to the previous year, it is no exaggeration to speak of explosive growth.’ Of Android, it says that ‘the number of new threats … has doubled compared to the previous year.’
Of course, there’s much more in this 24-page report. To give you some idea of what, here’s the ToC:
- The AV-TEST Security Report 2
- WINDOWS Security Status 5
- macOS Security Status 10
- ANDROID Security Status 13
- INTERNET THREATS Security Status 16
- IoT Security Status 19
- Test Statistics 22
Because of time issues, I added the malware ESET calls OSX/Filecoder.E to the Specific Ransomware Families and Types page but didn’t give it an article of its own here. Since there is important news (to potential victims) from Malwarebytes and Sophos, I’m repairing that omission here.
Note that both Reed and Cluley sometimes refer to the malware as FileCoder. This is potentially misleading: while ESET, which first uncovered the thing, detects it as OSX/Filecoder.E, the term ‘Filecoder’ is used generically by the company to denote crypto-ransomware, so you/we need to use the full name ‘OSX/Filecoder.E’ to distinguish it from other, unrelated ransomware families.