Posted by: David Harley | October 13, 2017

Innovative Android Ransomware DoubleLocker

ESET reports that “ESET researchers have spotted the first-ever ransomware misusing Android accessibility services. On top of encrypting data, it also locks the device.”

DoubleLocker: Innovative Android Ransomware

David Harley

Posted by: David Harley | October 12, 2017

Sophos: Three Apple Malware Scams

The estimable Paul Ducklin (sorry not to have seen you at VB this year, Duck!) advises us to Watch out for these high-pressure Apple malware scams. 

To be precise, a couple of tech support scams and a fake Flash Player update. Ho hum… Still, the first one is particularly interesting, if you’re a connoisseur of these things.

David Harley

Posted by: David Harley | September 12, 2017

Blackberry losing the security plot?

Andrew Orlowski for The Register: BlackBerry admits: We could do better at patching – Still the most secure Android? It won’t get last year’s update

Not quite as bad as it sounds, but a bit of a comedown for a company that always prided itself on its security record…

David Harley

Posted by: David Harley | August 24, 2017

Insecure macOS API. Still.

Michael Mimoso for Kaspersky ThreatPost: DEPRECATED, INSECURE APPLE AUTHORIZATION API CAN BE ABUSED TO RUN CODE AT ROOT.  Quote from the blog:

A deprecated Apple authorization API, invoked by third-party installers, is still developers’ preferred choice for updating apps and services on macOS … The situation is known and was raised again last month during DEF CON by noted Mac security researcher Patrick Wardle, chief security researcher at Synack.

David Harley

Posted by: David Harley | August 11, 2017

SMS touch – plain(text)ly an issue

David Bisson for Graham Cluley’s blog: SMS touch a security and privacy nightmare for iOS users – “Plaintext data transmissions make $1.99 app a spoofer’s delight…”

David Harley



Posted by: David Harley | August 11, 2017

Mugthesec Mac adware

Zeljka Zorz for Help Net Security: Stealthy Mughthesec Mac adware exposed: What it does, how to protect yourself.

Original analysis by Patrick Wardle: WTF is Mughthesec!? › poking on a piece of undetected adware

I wish people would include file hashes as text as well as screenshots: it’s a little exasperating having to type a hash like 9c4f74feff131fa93dd04175795f334649ee91ad7fce11dc661231254e1ebd84 from a screenshot in order to make use of it for further research. Much less error-prone if you can copy and paste a text string. 😉

Anyway, VirusTotal currently reports that two companies now detect that adware.


David Harley

Posted by: David Harley | August 10, 2017

Android Patches

Or as The Register puts it: It’s August 2017 and your Android gear can be pwned by, oh look, just patch the things – Google addresses dozens of security flaws in mobile platform

Android’s own security bulletin is here.

David Harley

Posted by: David Harley | August 8, 2017

AV-Comparatives Mac Security Review

AV-C’s Mac Security Test and Review report, July 2017:

Mac Reviews / Tests

Includes testing of the following:

Avast Mac Security
AVG AntiVirus for Mac
Avira Antivirus Pro for Mac
Bitdefender Antivirus for Mac
BitMedic AntiVirus
ESET Cyber Security Pro
Intego Mac Premium Bundle X9
Kaspersky Internet Security for Mac
Webroot SecureAnywhere Internet Security Complete

David Harley

Posted by: David Harley | August 1, 2017

Pre-Installed Android Trojan

The Trojan Dr. Web calls Android.Triada.231 comes pre-installed (but not for your convenience) in the firmware of a number of Android mobile devices ‘ including Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20.’

For Graham Cluley’s blog, David Bisson points out that ‘The security firm has contacted the manufacturers with the request that they push out updates to the affected devices…But as we all know by now, updates are too few and far between on too many Android devices.’

David Harley

Posted by: David Harley | July 25, 2017

Return of the Fruitfly

Well, personally, I’m more bothered with flying ants right now, but quite a few users of macOS/OS X are unsurprisingly concerned right now about the resurgent Fruitfly backdoor/spyware, the subject of an upcoming Black Hat presentation by Synack researcher Patrick Wardle that has attracted a great deal of attention:  Offensive Malware Analysis: Dissecting OSX/Fruitfly via a custom C&C Server. I talked (briefly) about an earlier iteration of the Fruitfly/Quimitchin malware  in January.

Further commentary:

Wardle told Mashable that ‘the entire Fruitfly malware net appears to be shut down at this time.’

David Harley

« Newer Posts - Older Posts »