Sophisticated Surveillance Malware Spotted on Android and iOS Phones
Most of the malware targeting phones is the product of, at most, a handful of disaffected people looking to make a quick buck. That’s not the case with a new strain of malware found on both Android and iOS devices. Security researchers believe this malware is based on so-called “lawful intercept” software in use by law enforcement and governments.
The privacy organization Security Without Borders detected the Android malware first, which it dubbed Exodus. The installer package was bundled inside APKs on numerous phishing sites, as well as in several apps that snuck into the Play Store. Users needed to install the app manually in either case, but it was much harder to do so with the phishing sites because of Android’s security features. You don’t pick up Exodus just browsing the web, but that doesn’t appear to be the creator’s goal.
Exodus is a sophisticated piece of malware. The infected app includes a dropper that collects basic details about the phone like the IMEI and phone number. It sends those to a command and control server, which almost immediately pushes down the next phase of the malware. This phase consists of multiple binary packages aimed at tracking the device. The third stage uses Linux exploit called DirtyCOW to attempt root access, which would allow it to collect any and all data on the phone.
With a rooted phone, Exodus could extract passwords, chat logs, contacts, and create local audio and video recordings. Luckily, Google patched DirtyCOW in 2016, so any recently updated phone is immune. Without the third phase, Exodus is limited to only gathering data available to other apps.
The iOS variant was harder to find because the distribution was somewhat sneakier, but antimalware form Lookout detected it. The attackers set up websites that appeared to belong to Italian and Turkmenistani mobile carriers. They used Apple’s Developer Enterprise program, which allows companies to install custom apps on employee devices. The apps pretended to be mobile carrier assistance apps, but they could exfiltrate data like contacts, photos, GPS locations, and more.
Currently, the number of infected devices is believed to be quite small — in the hundreds or possibly thousands. This is a targeted attack, suggesting an intelligence motive rather than general mayhem. It is unlikely your phone is affected unless you’ve been cruising suspicious Italian websites.
Continue reading
Apple Swears Governments Can’t Co-Opt Its Child Abuse Detection Tools for Surveillance
Apple recently confirmed a report that claimed it was planning to go hunting for illegal materials on iPhones. This, from a company that has long promoted its privacy protections. Condemnation was swift from civil liberties groups, but many have withheld judgment because of Apple's intended target: images of child sexual abuse.
Report: Minnesota Secretly Runs a Surveillance Program to Track Activists and Journalists
Authorities insist the program wrapped up after the Derek Chauvin trial, but a report from MIT Technology Review claims Operation Safety Net is still active and continues to accumulate data on activists and journalists in Minnesota.
US Government Confirms Unauthorized Cell Phone Surveillance in Washington
DHS officials have told the AP that the agency detected unauthorized Stingray activity during a 90-day sweep that started in January 2017.
Video Surveillance: Best Security Camera Options of 2019
2019 brings new and improved products for creating a home video surveillance system as part of a security system. Options range from easy-to-deploy products tied to subscriptions to rolling your own. We take a look at some of the most effective.