• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Sniffin' Android VPN – WSWiR Episode 92

January 24, 2014 By Corey Nachreiner

Energetic Bear APTs, Bugged Browsers, and Trojaned Extension

Another week, another pile of scary sounding security stories. But don’t freak out… If you know how to protect yourself, you can easily avoid most of these vulnerabilities and issues. Enjoy another episode of WatchGuard Security Week in Review for a quick recap of the Infosec news from the week, and what to do about it.  .

Today’s show includes how shady advertisers are booby-trapping Chrome extensions, a speech recognition issue that might allow malicious websites to bug your browser, and news of a Russian APT campaign targeting the foreign energy sector. For all that and more, watch the video below, and don’t forget to peruse the Reference section for links to some extra security stories too!

Keep vigilant and have a great weekend!

(Episode Runtime: 9:31)

Direct YouTube Link: http://www.youtube.com/watch?v=c8N2c1q8TXc

Episode References:

  • Google extension auto updates result in adware – The Guardian
    • How to Geek’s list of shady extensions – HowtoGeek
  • Chrome’s speech recognition can be used to bug your browser  – Tal Ater Blog
    • Video demonstrating Chrome bugging – YouTube
    • Source code for “Chrome-is-listening” issue – Github
  • Israeli university researcher discover Android VPN vulnerability – The Register
    • Video demonstrating the Android VPN issue – YouTube
  • Researchers discover the first Android bootkit trojan – 360 Technology
  • Crowdstrike Global Threat Report highlights Energetic Bear – Crowdstrike

Extras:

  • Vietnamese attackers target EFF – EFF
  • Insider steals 20 million South Korean customer records with USB key – Mashable
  • NSA’s Dishfire campaign collect millions of text messages – The Guardian
  • 95% of ATMs use Windows XP… Uh Oh! – Digital Trends
  • Russian teens associated with BlackPOS malware (but not necessarily Target attack) – TechWorld
  • Ars Technica doubts an Internet of Things botnet – Ass Technica
  • China says hackers took down the Internet, Experts say it was the Chinese censors– The Washington Post
  • Facebook pays $33K bounty for a major RCE vulnerability – ThreatPost
  • Obama’s Privacy Review board says NSA phone data collection is not legal – CNN
  • SEA hacks Microsoft blog again! – BBC
  • More Foscam Web IP camera vulnerabilities (sigh) – KrebsonSecurity
  • Neiman Marcus releases some breach details, 1.1 million cards affected – Neiman Marcus
  • New Snapchat verification feature hacked in 30 minutes – Business Insider
  • Windows malware moves to Android phones – The Inquirer
  • Researchers mass scan for the Sercomm backdoor – Quarks Lab
  • Ask Snowden Twitter chat – FreeSnowden.is
  • Recent Snowden interview – The New Yorker
  • Famous hacker, Guccifer, suspect arrested – Phys.org
  • Is the US’s crackdown on hackers the new “War on Drugs?” – Wired
  • Microsoft aggressively removes botnet’s from your machine, including Tor service – NetworkWorld

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: bootkit, Chrome, Engergetic bear, extensions, Google, Hacking, Infosec news, mobile security, oldboot, POS, SEA, Security breach, Software vulnerabilities, speech recognition, trojan, VPN, watering hole

Comments

  1. Alexander Kushnarev (Rainbow Security) says

    January 26, 2014 at 11:26 am

    Let me be a little bit skeptical about some points of Qihoo 360 Technology Co. Ltd research, related to Oldboot trojan (“Researchers discover the first Android bootkit trojan” article). Some uncertainty regarding such trojan structure drills my mind…
    Let’s analyze what imei_chk module/service can do:

    – execute some code which read two data blocks from its read-only data segments
    – extract the libgooglekernel.so into /system/lib during the boot process
    – extract the GoogleKernel.apk into /system/app during the boot process
    – re-check if these files are in place, and if not – extract them once again during the boot process
    – creating socket and listening (as a system service) for any other process
    – execute the commands from GoogleKernel.apk with root permission
    – as the trojan tries to connect to C&C (with a help of procedures, programmed inside the libgooglekernel.so) and download new apps and modules – then, obviously, imei_chk should support more command calls from other parts of the “malicious complex”? Every professional trojan will use the advantages of service, which can execute commands under root…isn’t it?
    – as it can’t be removed by AVs due to it;s location – then how it can be updated?

    The final question of my uncertainty – isn’t too many “technical magic” for one bootstrap module? What do you think, colleagues?

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use