MAC users take note, there's evil malware in the wild - and - according to Checkpoint's Ofer Caspi of the highly competent Checkpoint Malware Research Team, the bits in question are not just pernicous, but tenacious as well, and, interestingly, specifically targeting Mac users. Dubbed OSX/Dok it's time to update your virus prophylaxis on your MAC, forthwith.
The OSX/Dok malware is distributed via a phishing campaign, which is usually not a new or surprising attack vector, however this time it targets specifically macOS users, who are mostly perceived as malware-proof. This phishing campaign is combined with a MiTM attack, allowing complete access to all victim communication, even if it’s SSL encrypted. - via Checkpoint's Ofer Caspi - Checkpoint Malware Research Team
Researchers from antivirus provider Eset report finding at least three such apps in the Google-hosted marketplace. - via Dan Goodin writing at ArsTechnica
via the inimitable Dan Goodin and writing at Ars Technica, wherein the good Mr. Goodin, in a display of remarkable restraint, tells the tale of the discovery of code (in this case not 'authorized') making itself at home in Juniper network componentry. In this case, firewall network componentry. Ooops
In astonishing (yet unsurprising) news - a discovery by FireEye Labs (and published under the company's Threat Research blog) - of a decade-long espionage campaign by miscreants thereto (in thi case, allegation point to entities in the Peoples Republic of China). FireEye has announced the availability of an indicators download on GitHub here; the full report is available here. Clear proof of why security professionals should be quite concerned, specifically those folks who rely on *deeply flawed and nearly useless enterprise anti-virus and anti-malware products employed throughout most, if not all, enterprise IT environments... Ladies and Gentlemen, Girls and Boys, behold the money quote:
"All of the key findings we examined in the report lead us to conclude that APT 30 is a professional, cohesive threat group with a long-term mission to steal data that would benefit a government, and has been successful at doing so for quite some time. Such a sustained, planned development effort coupled with the group’s regional targets and mission, suggest that this activity is state sponsored." - via FireEye Labs and the FireEye Threat Research blog
"The problem gets much, much worse when you try to search for freeware using your favorite search engine. It’s worth noting here that Google has just recently starting trying to ban bundled crapware from their results and ads, but sadly Yahoo and Bing don’t have the same level of awesome. In fact, they are just terrible." - via How To Geek's Lowell Heddings
Going dark in 2014, the Equation Group's malware command and control servers have reportedly been migrated onto United States soil... This, after a nefariously successful run targeting thousands of victims in at least 40 countries. Focusing on vertical industry segments such as medical, telecom and aerospace sectors, including diplomatic missions, research institutions, military, governments, the Equation Groups' malware is apaprently fostering speculation as to connections between and betwixt US agencies.
"In an exhaustive report published Monday at the Kaspersky Security Analyst Summit here, researchers stopped short of saying Equation Group was the handiwork of the NSA—but they provided detailed evidence that strongly implicates the US spy agency." - via ArsTechnica's Dan Goodin
In a typically fascinating post, over at TrendLabs, written by Lambert Sun, Brooks Hong (Mobile Threat Analysts) and Feike Hacquebord (Senior Threat Researcher), we learn of a recently discovered iOS espionage tool. Ladies and Gentlemen, Girls and Boys, behold, the money quote:
"We found two malicious iOS applications in Operation Pawn Storm. One is called XAgent (detected as IOS_XAGENT.A) and the other one uses the name of a legitimate iOS game, MadCap (detected as IOS_ XAGENT.B). After analysis, we concluded that both are applications related to SEDNIT. The obvious goal of the SEDNIT-related spyware is to steal personal data, record audio, make screenshots, and send them to a remote command-and-control (C&C) server. As of this publishing, the C&C server contacted by the iOS malware is live." - via TrendMicro's TrendLabs blog authors Lambert Sun, Brooks Hong and Feike Hacquebord.