Popular on s4story
- Sophie Barnes Releases New Regency Romance - The Formidable Earl
- Evolve IP Named To The Gartner Magic Quadrant for Contact Center as a Service
- Budget Brothers offers Permanent and Safe Scorpion Elimination In Phoenix
- Paul Bruno's The Original Jeeps-The Race To Build America's First Jeeps Now Available Internationally
- How To Get Millions Of Traffic To Your Website
- Phinge Granted Patent That Enables Its Individual Smartphones & Tablets to Connect & Become Foldable, Multi-Directional, Dual-Screen Mobile Devices
- Tim Karlos, Michael Jackson's 1st Cousin, Releases "I Like It"
- Writing and Madness in a Time of Terror by Afarin Majidi Awarded 4 out of 4 stars
- The Personal Story Publisher, Legacy Book Press LLC, Releases Hopeful Memoir
- Sybrina Durant Releases New Children's Book - Cleo Can Tie A Bow
Similar on s4story
- Isabella Johnston, aka The Intern Whisperer, is a GUINNESS WORLD RECORD Participant
- The Autonomous Black Friday Blowout!
- L2 Aviation receives FAA STC approval for Ka-band system installations on Boeing 767 aircraft
- Syxsense Announces New Support for Amazon Web Service (AWS) Linux Devices
- edjuster Selects CoreLogic to Deliver Modern Contents Estimating Solution to Claims Process
- Medicom Health Wins 2020 Tekne Award for Rx Savings Assistant®
- Introducing BIAMI.IO Intelligent Automation as a Service Labs
- HexGn & Africa Islamic Economic Foundation Team up to Train 100,000 Youth in Africa for Innovation Economy
- NAC Welcomes New OCC Proposed Rule To Help Provide Access to Banking Services for ATM Operators
- Syxsense Announces New Vulnerability Dashboard as Demand for Securing Remote Workers Surges
EclecticIQ and ThreatFabric investigation reveals evidence of malicious Android packages posing as legitimate Covid-19 contact tracing apps
S For Story/10432412
Threat actors exploit consumer trust in legitimate government apps to plant malicious packages
AMSTERDAM - s4story -- EclecticIQ, the global provider of cyber threat intelligence (CTI) technology solutions, has teamed up with fraud and cybercrime prevention experts at ThreatFabric to publish the findings of an investigation into instances of threat actors actively pushing malicious Android packages disguised as legitimate contact tracing applications.
Key analysis points by ThreatFabric and EclecticIQ reveal that:
The findings of the report suggest that threat actors will almost certainly continue to use commodity and open source-based malware disguised as legitimate contact tracing applications for financial gain. The low barrier to entry provided by these tools and the continued rollout of contact tracing applications by nations, presents continued financial opportunity for cybercriminals into the near future. Malicious actors have shown their willingness to exploit the current pandemic by targeting legitimate contact tracing applications consistently in recent months. Samples analyzed by EclecticIQ and ThreatFabric researchers had an earliest estimated build time of April 12th, 2020 with the latest being June 23rd, 2020.
More on S For Story
Peter Ferguson, Cyber Threat Intelligence Specialist at EclecticIQ's Fusion Center commented:
"Users should never download contact tracing android applications from links sent to them or from third party stores. If they are interested in downloading their nation's contact tracing application, they should use the official site or the Google Play Store."
Gaetan van Diemen, General Manager at ThreatFabric commented:
"Threat actors have become very efficient in tricking users into downloading and installing a phenomenal variety of malicious apps on their mobile devices. To avoid fraud and brand or reputation damage, we strongly recommend app developers and online service providers to adapt their security strategy based on the factual evolution of the mobile threat landscape."
Additional Resources:
About EclecticIQ
EclecticIQ enables intelligence-powered cybersecurity for government organizations and commercial enterprises. We develop analyst-centric products and services that align our clients' cyber security focus with their threat reality. The result is intelligence-led security, improved detection and prevention, and cost-efficient security investments.
Our solutions are built specifically for analysts across all intelligence-led security practices such as threat investigation and threat hunting, as well as incident response efforts. We tightly integrate our solutions with our customers' IT security controls and systems. EclecticIQ operates globally with offices in Europe, the United Kingdom and North America, and via certified value-add partners.
More on S For Story
Learn more at www.eclecticiq.com
About ThreatFabric
ThreatFabric helps financial institutions protect their online services, stop fraud and enhance customer experience. Powered by threat intelligence, ThreatFabric's solutions offer a holistic approach to risk detection and fraud prevention. MTI (Mobile Threat Intelligence) provides global visibility and context on the mobile banking threat landscape. It is the threat intelligence solution to use to protect personal data, customers and brand from financially motivated threat actors. It includes the strategic overview of threats and context as well as all relevant technical indicators. CSD (Client Side detection) provides the answer to the constantly-evolving fraud landscape and regulatory challenges. An omnichannel solution that empowers financial institutions to pro-actively detecting known and unknown threats to mitigate fraud and build trust across their online services.
Learn more at www.threatfabric.com
Key analysis points by ThreatFabric and EclecticIQ reveal that:
- Threat actors have been disguising Android packages as legitimate government-backed contact tracing applications for financial gain.
- There is evidence to suggest that actors have used repackaged commodity and open-source malware to lower the investment required in the observed campaigns.
- Third-party port forwarding, and secure tunneling services have probably been used to provide anonymization to command and control (C2) infrastructure.
- The Android packages were probably delivered through links pointing to phishing pages.
The findings of the report suggest that threat actors will almost certainly continue to use commodity and open source-based malware disguised as legitimate contact tracing applications for financial gain. The low barrier to entry provided by these tools and the continued rollout of contact tracing applications by nations, presents continued financial opportunity for cybercriminals into the near future. Malicious actors have shown their willingness to exploit the current pandemic by targeting legitimate contact tracing applications consistently in recent months. Samples analyzed by EclecticIQ and ThreatFabric researchers had an earliest estimated build time of April 12th, 2020 with the latest being June 23rd, 2020.
More on S For Story
- "Joshua Piecrust and his Alphabet of Rhymes" by Richard Evans is published
- Illustrating History With Tea!
- Mind Shift 2020, New Book by Joshua S. Kangley, Provides Inspiration
- Value Add Industrial Investor Closes on Speculative Financing for the Acquisition of 67,000SF Vacant Warehouse in Montgomery County, PA
- The Big Black Book of Business
Peter Ferguson, Cyber Threat Intelligence Specialist at EclecticIQ's Fusion Center commented:
"Users should never download contact tracing android applications from links sent to them or from third party stores. If they are interested in downloading their nation's contact tracing application, they should use the official site or the Google Play Store."
Gaetan van Diemen, General Manager at ThreatFabric commented:
"Threat actors have become very efficient in tricking users into downloading and installing a phenomenal variety of malicious apps on their mobile devices. To avoid fraud and brand or reputation damage, we strongly recommend app developers and online service providers to adapt their security strategy based on the factual evolution of the mobile threat landscape."
Additional Resources:
- Read full report here
About EclecticIQ
EclecticIQ enables intelligence-powered cybersecurity for government organizations and commercial enterprises. We develop analyst-centric products and services that align our clients' cyber security focus with their threat reality. The result is intelligence-led security, improved detection and prevention, and cost-efficient security investments.
Our solutions are built specifically for analysts across all intelligence-led security practices such as threat investigation and threat hunting, as well as incident response efforts. We tightly integrate our solutions with our customers' IT security controls and systems. EclecticIQ operates globally with offices in Europe, the United Kingdom and North America, and via certified value-add partners.
More on S For Story
- The Autonomous Black Friday Blowout!
- Unrealistic expectations challenge the father-son relationship in "Timothy"
- A.N. Publishing Compiles Broad Audience Data
- Best Selling Author Rolling Out the Red Carpet for New Installment in His Popular YA Series!
- Latest Helpful Tools for Event Promoters and Marketers by Ismail Sirdah
Learn more at www.eclecticiq.com
About ThreatFabric
ThreatFabric helps financial institutions protect their online services, stop fraud and enhance customer experience. Powered by threat intelligence, ThreatFabric's solutions offer a holistic approach to risk detection and fraud prevention. MTI (Mobile Threat Intelligence) provides global visibility and context on the mobile banking threat landscape. It is the threat intelligence solution to use to protect personal data, customers and brand from financially motivated threat actors. It includes the strategic overview of threats and context as well as all relevant technical indicators. CSD (Client Side detection) provides the answer to the constantly-evolving fraud landscape and regulatory challenges. An omnichannel solution that empowers financial institutions to pro-actively detecting known and unknown threats to mitigate fraud and build trust across their online services.
Learn more at www.threatfabric.com
Source: EclecticIQ
0 Comments
Latest on S For Story
- L2 Aviation receives FAA STC approval for Ka-band system installations on Boeing 767 aircraft
- Author Wins Two International Book Awards
- Paul Bruno's The Original Jeeps⸺The Race To Build America's First Jeeps Now In Kindle Format
- Zippy Shell and Subsidiary 1-800-PACK-RAT Secure Financing from The Carlyle Group & PNC Bank
- Elf Prep Academy Trains Elf Recruits to Help Santa Spread Holiday Cheer Just in Time for Christmas
- THE WANDERING PALESTINIAN by Anan Ameri: A Masterful and Riveting Memoir of Activism and Immigration
- Syxsense Announces New Support for Amazon Web Service (AWS) Linux Devices
- Florida Family & Faith International Film Festival Powered by AARP Florida Celebrates Caregivers and Families This Thanksgiving Season
- edjuster Selects CoreLogic to Deliver Modern Contents Estimating Solution to Claims Process
- Medicom Health Wins 2020 Tekne Award for Rx Savings Assistant®
- Introducing BIAMI.IO Intelligent Automation as a Service Labs
- 10 Marketing Tools To Spy On Your Competitors
- Father and Daughter Duo Publish Children's Book!
- Accomplished Children's Author Republishes Popular Book!
- How to sell paparazzi jewelry and use the paparazzi jewelry images you have on your website
- The Voice Season 12 Winner Chris Blue Releases Pulsating New Single,"Back 2 The Future"
- Braeden Lichti: Digital Health Trends in 2020
- Aesthetic MdR Named Best MediSpa and Dr. Luis Macías Named Top Cosmetic Plastic Surgeon
- HexGn & Africa Islamic Economic Foundation Team up to Train 100,000 Youth in Africa for Innovation Economy
- Brian E. Taylor To Be Featured In Groundbreaking Atlanta Bookstore