Pirate app copies for macOS contain crypto-malware

Jamf Treat Labs found crypto-mining malware in pirate copies of Final Cut Pro.

macOS malware becomes more and more sophisticated and harder to detect. Crypto-mining processes are hidden from user and much harder to detect.

Experts forecast more malware targeting Apple Silicon Macs soon.

Recent report from Malwarebytes highlights rise of malware attacks and vectors.

Jamf Blog: Evasive cryptojacking malware targeting macOS found lurking in pirated applications

Malwarebytes Labs: The 5 most dangerous cyberthreats facing businesses this year

References:

Google Play full of Trojans

Cybersecurity experts from SecneurX have recently compiled a long list of Google Play apps infected with dangerous Trojans, including:

  • Color Paint & Draw Master – Harly Trojan
  • Real Photo Editor - Joker Trojan
  • Coloring Painting - Joker Trojan
  • Happy Voice Changer - Harly trojan
  • Emoji Live Wallpaper - Joker trojan
  • Screen Mirroring Cast - Joker Trojan
  • Advanced Cast Screen - Joker Trojan
https://twitter.com/SecneurX/status/1619202483993169920?s=20&t=BrBOAe-mab7qbxXVT6DCBw

What can the Joker and Harly Trojans do?

A trend is emerging from the above reports. Most often, mobile applications with Joker and Harly Trojans impersonate relatively simple applications. Some of them are games, others are used for simple entertainment or personalization of the smartphone by changing the wallpaper or screensaver. Screen mirroring and screen casting applications are also popular. Viruses are designed to steal data, e.g. taking over our contacts or reading e-mails, text messages or conversations on messengers. Malware can also enable premium services and charge us a high phone bill.

Source: SecneurX 

Samsung, LG, Mediatek certificates compromised to sign Android malware

Multiple platform certificates used by Android OEM device vendors to digitally sign core system applications have also been used to sign Android apps containing malware.

The biggest problem here is the fact that, are signed with the same platform certificate and assigned the highly privileged 'android.uid.system' user id, these apps will also gain system-level access to the Android device. Which mean that they can check and do much more than standard apps.

more:

https://arstechnica.com/gadgets/2022/12/samsungs-android-app-signing-key-has-leaked-is-being-used-to-sign-malware/

List of hashes: https://bugs.chromium.org/p/apvi/issues/detail?id=100

Apple made significant changes to macOS malware protection during 2022

Apple updated anti-malware protection tools to macOS. Now macOS scans for malware proactively.

Until XProtect Remediator arrived in macOS 12.3 last March, system tools for tackling malware were essentially limited to XProtect and MRT. XProtect was mainly used to check apps and other code which had a quarantine flag set, against a list of signatures of known malware, and can only detect. While Apple has broadened its scope to check more frequently, and continues to update those signatures every couple of weeks, they have their limits. MRT ran scans to both detect and remove (‘remediate’) known malware, most noticeably shortly after startup, but infrequently.

The Electric Light Company

References:

Malicious app on Google Play drops banking malware

A malicious app on the Google Play Store automatically installed malware called Vultur which targets financial services to steal users’ banking information. Infected "2FA Authenticator" was removed from the store after 15 days during which more than 10000 users have downloaded it. Quote strange is that the app required much more permissions than its main functionality would suggest and was published via Play Store without.

more:

https://blog.pradeo.com/vultur-malware-dropper-google-play