msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

19 Jun 12 New Android Malware is Disguised as a Security App


Google’s Android mobile platform is the target of a new variant of a widely used malware capable of stealing personal information.

New Android Malware is Disguised as a Security AppThe latest Zeus malware masquerades as a premium security app to lure people into downloading the Trojan, Kaspersky Lab reported Monday. The fake security app, called the Android Security Suite Premium, first appeared in early June with newer versions released since then.

Such malware presents a threat to consumers, as well as businesses that allow employees to use their personal devices on the corporate network. A Dimensional Research survey of IT professionals found that more than 70 percent said mobile devices contributed to increased security risks and that Android introduced the greatest risk. Issued in January, the report was sponsored by firewall vendor Check Point Software Technologies.

The new Zeus malware steals incoming text messages and sends them to command-and-control servers operated by the attackers. Depending on the apps installed on the Android device, the text could include sensitive data, such as password-reset links.

“It is also important to mention that these malicious apps are able to receive commands for uninstalling themselves, stealing system information and enabling/disabling the malicious applications,” Denis Maslennikov, a Kaspersky security researcher said in a blog post.

The malware installs a blue shield icon on the smartphone or tablet menu and shows a fake activation code when executed, Kaspersky said. The app uses a series of six command and control servers, one of which was linked to Zeus malware found in 2011.

“The newest variant of ZitMo demonstrates the commitment to effective mobile spyware development and distribution that cybercrime has made,” Kurt Baumgartner, senior security researcher at Kaspersky Lab, said by email.

Android application infections increased dramatically in the first quarter of this year, driven by a surge in attacks on personal data, according to the E-Threat Landscape Report released in April by security vendor Bitdefender. Cyber-criminals often hide the malware in apps sold in online stores.

New Android Malware is Disguised as a Security AppThe Dimensional survey found that 65% of the 768 IT pros polled allowed personal devices to connect to corporate networks. Apple’s iOS, used in the iPhone and iPad, was the most common platform, with Android coming in third behind Research in Motion’s BlackBerry. Android was found in companies represented by one in five of the respondents.

A factor that increases the risk of malware such as Zeus is the lack of employee awareness. More than six in 10 of the IT pros surveyed said employee ignorance had the greatest impact on mobile security.

The types of corporate information most often found on mobile devices were e-mail and contacts. Other information cited by the respondents included customer data, network login credentials and data made available through business applications.

Zeus was first discovered in 2007 as a keystroke logger and form grabber that ran in a browser. The malware is primarily downloaded through phishing schemes or by visiting malicious Web sites. The mobile version of Zeus, called ZitMo, was first discovered a couple of years ago.

In other Android security news, Tokyo police have arrested six men accused of distributing malware through an application downloaded from a porn site, the newspaper Yomiuri Shimbun reported. When launched, the Android app would demand fees and steal the victim’s personal information.

The suspects are accused of swindling more than 200 people out of $265,000. Two of the suspects were executives at separate IT companies.

Read more about malware/cybercrime in CSOonline’s Malware/Cybercrime section.

Article source: http://www.pcworld.com/article/257858/new_android_malware_is_disguised_as_a_security_app.html

Tags: , , , , ,

21 May 12 Cross-browser worm spreads via Facebook, security experts warn


IDG News Service - Malware writers have used Crossrider, a cross-browser extension development framework, to build a click-fraud worm that spreads on Facebook, security researchers from antivirus firm Kaspersky Lab said on Monday.

Crossrider is a legitimate Javascript framework that implements a unified API (application programming interface) for building Mozilla Firefox, Google Chrome and Internet Explorer extensions.

The API allows developers to write code that will run inside different browsers and, by extension, on different OSes. The framework is still in beta testing and its creators plan on adding support for Safari soon.

“It is quite rare to analyze a malicious file written in the form of a cross-platform browser plugin. It is, however, even rarer to come across plugins created using cross-browser engines,” said Kaspersky Lab malware expert Sergey Golovanov in a blog post Monday.

The new piece of malware is called LilyJade and is being sold on underground forums for $1,000. Its creator claims that it can infect browsers running on Linux or Mac systems and that since it doesn’t have any executable files, no antivirus program is designed to look for it.

The malware’s purpose appears to be click fraud. It is capable of spoofing rogue advertisement modules on Yahoo, YouTube, Bing/MSN, AOL, Google and Facebook, Golovanov said. When users view or click on these ads, the malware’s creators earn money through affiliate programs.

In order to spread, the malware leverages its control over infected browsers to piggyback on active Facebook sessions and send spam messages on behalf of authenticated Facebook users.

The links included in LilyJade’s Facebook spam messages direct users to compromised websites that load the Nuclear Pack exploit kit into a hidden iframe, Golovanov said.

Exploit kits like Nuclear Pack attempt to exploit vulnerabilities in outdated software — usually browser plug-ins like Java, Flash Player or Adobe Reader — in order to infect computers with malware.

The concept of malware running inside the browser as an extension is not new, but it seems to be increasingly popular with malware writers. Last week, the Wikimedia Foundation warned users that seeing commercial ads on Wikipedia is most likely the result of their browsers being infected with malicious extensions.

Social networking worms also appear to be making a comeback. On Friday, Symantec reported about a new variant of a worm called W32.Wergimog, which spreads by sending spam messages on Facebook, Hi5, Hyves, Linkedin, MySpace, Omegle and Twitter.

On Thursday, researchers from Trend Micro reported about a different worm that spreads through several social networks and instant messaging applications.

Article source: http://www.computerworld.com/s/article/9227351/Cross_browser_worm_spreads_via_Facebook_security_experts_warn?taxonomyId=85

Tags: , , , , ,

08 May 12 Flash Player sandbox available for Firefox


Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company’s online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine’s and Web site’s coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media’s internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan’s activities, follow him on Twitter.

Article source: http://www.zdnet.com/blog/security/flash-player-sandbox-available-for-firefox/11995

Tags: , , , ,

28 Mar 12 Shoplifters hit up Chrome Store for Facebook data



Then Kaspersky’s Fabio Assolini, a lab expert, said one bit of malware especially caught his team’s attention because the malicious extension was hosted on Google’s own Chrome Web Store. “At this time,” Assolini said in a March 23 blog, “the malicious app has 923 users.”

The extension presented itself as Adobe Flash Player. After installation, the extension could gain complete control of the victim’s first by downloading a script file. The script file had instructions to send commands to the victim’s Facebook profile. The result was the eventual spread of a malicious message, inviting more users to install the fake extension.

So what’s in such a scheme for the malware makers? Profit, in the form of selling Facebook “likes” to businesses looking for (ironically) a reputation boost and may be willing to pay the $27 charged for 1,000 “likes.”

According to reports, Google personnel removed the malicious extension after Kaspersky informed them of the hustle – titled Trojan.JS.Agent.bxo—which the Kaspersky experts had discovered on March 6 in a previous similar attack.

According to Ars Technica, a Google response was, “When we detect items containing malware or learn of them through reports, we remove them from the Chrome and from active Chrome instances. We’ve already removed several of these extensions, and we are improving our automated systems to help detect them even faster.”

Beyond the Store, one security plus for Google was the launch, earlier this year, of Bouncer, which scans the Android Market for malicious apps. The scan happens when developers first upload an app to the Market and then periodically after that.

The Bouncer safeguard does not, however, seem to console observers over thieves who find ways to outsmart Facebook and Google.

Those behind the cash-for-likes scheme “are uploading new extensions regularly, in a cat and mouse game,” said Kaspersky’s Assolini.

Kaspersky Lab noticed a “huge wave” of attacks in Brazil. Without naming the miscreants, Assolini’s column warning users to “think twice” before installing Chrome extensions simply referred to “Brazil’s bad guys” turning their attention to Chrome and Facebook, which are now Brazil’s two key go-to places on the Internet. Recent statistics show that Google has become the most popular browser in Brazil with more than 45 percent of market share. is the most popular social network in Brazil, with 42 million users, displacing Orkut.

More information: http://www.securel … e_extensions

© 2012 PhysOrg.com

<!–
–>

Article source: http://www.physorg.com/news/2012-03-shoplifters-chrome-facebook.html

Tags: , , ,

28 Mar 12 Google’s Chrome Web store used to spread malware


Crooks have found a new venue to push malware: the official Google Chrome Web Store. It was recently used to hawk Chrome browser extensions secretly hijacking users’ Facebook profiles.

According to Kaspersky Lab expert Fabio Assolini, one malicious extension hosted on Google’s own servers contained hidden code that “can gain complete control” of the user’s Facebook profile. The extension then used that access to spread malicious messages and register Facebook Likes for certain items, also inviting fellow users to install it. The same operators advertised a service that delivered Likes of companies looking to promote their profiles. It costs about $27 per 1,000 Likes.

The company distributing this malicious extension was unnamed in the report as was the specific app. Assolini said Google personnel removed the malicious extension shortly after Kaspersky reported it to them. “But we noted the bad guys behind this malicious scheme are uploading new extensions regularly, in a cat and mouse game,” he warned. He didn’t elaborate on the number of extensions or how long he’s been observing them other than to say the malicious app Kaspersky discovered had 932 users.

Over the past few years, the openness of Google’s Android Market has represented one of the more conspicuous ways its users are attacked. As the software equivalent of a Wikipedia-like bazaar to which anyone may contribute, it has repeatedly been seeded with applications that take liberties with end users’ phones and data. Kaspersky’s report suggests similar attacks are exploiting Google’s Chrome Web Store.

“It is against the Chrome Web Store Content Policies to distribute malware,” a Google spokesman wrote in an email. “When we detect items containing malware or learn of them through reports, we remove them from the Chrome Web Store and from active Chrome instances. We’ve already removed several of these extensions, and we are improving our automated systems to help detect them even faster.”

Last month, Google unveiled a cloud-based service called Bouncer that scours the Android Market for malicious smartphone apps.

Article source: http://arstechnica.com/business/news/2012/03/googles-chome-web-store-used-to-spread-malware.ars?clicked=related_right

Tags: , , ,

26 Mar 12 Facebook scammers host Trojan horse extensions on Chrome Web Store


IDG News Service - Cybercriminals are uploading malicious Chrome browser extensions to the official Chrome Web Store and use them to hijack Facebook accounts, according to security researchers from Kaspersky Lab.

The rogue extensions are advertised on Facebook by scammers and claim to allow changing the color of profile pages, tracking profile visitors or even removing social media viruses, said Kaspersky Lab expert Fabio Assolini in a blog post on Friday.

Assolini has recently observed an increase in the number of Facebook scams that use malicious Chrome extensions and originate in Brazil.

Once installed in the browser, these extensions give attackers complete control over the victim’s Facebook account and can be used to spam their friends or to Like pages without authorization.

In one case, a rogue extension masqueraded as Adobe Flash Player and was hosted on the official Chrome Web Store, Assolini said. By the time it was identified, it had already been installed by 923 users.

“We reported this malicious extension to Google and they removed it quickly,” Assolini said. “But we noted the bad guys behind this malicious scheme are uploading new extensions regularly, in a cat and mouse game.”

Uploading multiple rogue extensions on the Chrome Web Store and running several Facebook spam campaigns to advertise them allows attackers to quickly compromise thousands of accounts.

The accounts are then used to earn scammers money by Liking particular pages. The people behind these campaigns sell packages of 1, 10, 50 or 100 thousand Likes to companies who wish to gain visibility on Facebook.

The use of Trojan horse browser extensions to hijack accounts is not new, nor is the method specific to Google Chrome. However, it has several advantages over other techniques. For one, users are more likely to trust an extension distributed from the official Chrome Web Store for Chrome, or Mozilla’s add-on repository for Firefox, than a clickjacking or phishing page. Few users are aware that browser extensions can intercept everything they do through the browser.

Security compromises based on rogue browser extensions are also more persistent than those based on password theft or other methods, because these extensions can piggyback on active sessions to perform unauthorized actions even if the account owners change their passwords or enable two-factor authentication.

“Think twice before installing a Google Chrome extension,” Assolini said.

Article source: http://www.computerworld.com/s/article/9225536/Facebook_scammers_host_Trojan_horse_extensions_on_Chrome_Web_Store

Tags: , , ,

26 Mar 12 Facebook Scammers Host Trojan Horse Extensions on the Chrome Web Store


Cybercriminals are uploading malicious Chrome browser extensions to the official Chrome Web Store and use them to hijack Facebook accounts, according to security researchers from Kaspersky Lab.

The rogue extensions are advertised on Facebook by scammers and claim to allow changing the color of profile pages, tracking profile visitors or even removing social media viruses, said Kaspersky Lab expert Fabio Assolini in a blog post on Friday.

Assolini has recently observed an increase in the number of Facebook scams that use malicious Chrome extensions and originate in Brazil.

Once installed in the browser, these extensions give attackers complete control over the victim’s Facebook account and can be used to spam their friends or to Like pages without authorization.

In one case, a rogue extension masqueraded as Adobe Flash Player and was hosted on the official Chrome Web Store, Assolini said. By the time it was identified, it had already been installed by 923 users.

“We reported this malicious extension to Google and they removed it quickly,” Assolini said. “But we noted the bad guys behind this malicious scheme are uploading new extensions regularly, in a cat and mouse game.”

Uploading multiple rogue extensions on the Chrome Web Store and running several Facebook spam campaigns to advertise them allows attackers to quickly compromise thousands of accounts.

The accounts are then used to earn scammers money by Liking particular pages. The people behind these campaigns sell packages of 1, 10, 50 or 100 thousand Likes to companies who wish to gain visibility on Facebook.

The use of Trojan horse browser extensions to hijack accounts is not new, nor is the method specific to Google Chrome. However, it has several advantages over other techniques. For one, users are more likely to trust an extension distributed from the official Chrome Web Store for Chrome, or Mozilla’s add-on repository for Firefox, than a clickjacking or phishing page. Few users are aware that browser extensions can intercept everything they do through the browser.

Security compromises based on rogue browser extensions are also more persistent than those based on password theft or other methods, because these extensions can piggyback on active sessions to perform unauthorized actions even if the account owners change their passwords or enable two-factor authentication.

“Think twice before installing a Google Chrome extension,” Assolini said.

Article source: http://www.pcworld.com/article/252533/facebook_scammers_host_trojan_horse_extensions_on_the_chrome_web_store.html

Tags: , , ,

13 Mar 12 Google zaps ‘PinkiePie’ zero-day flaws in Chrome


Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company’s online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine’s and Web site’s coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media’s internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan’s activities, follow him on Twitter.

Article source: http://www.zdnet.com/blog/security/google-zaps-pinkiepie-zero-day-flaws-in-chrome/10734

Tags: , , ,

14 Jan 12 Google shares Chrome browser security principles


Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company’s online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine’s and Web site’s coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media’s internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan’s activities, follow him on Twitter.

Article source: http://www.zdnet.com/blog/security/google-shares-chrome-browser-security-principles/10069

Tags: , , ,

13 Jan 12 Google shares Chrome browser security principles


Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company’s online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine’s and Web site’s coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media’s internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan’s activities, follow him on Twitter.

Article source: http://www.zdnet.com/blog/security/google-shares-chrome-browser-security-principles/10069

Tags: , , ,