Artificial Intelligence | News | Insights | AiThority
[bsfp-cryptocurrency style=”widget-18″ align=”marquee” columns=”6″ coins=”selected” coins-count=”6″ coins-selected=”BTC,ETH,XRP,LTC,EOS,ADA,XLM,NEO,LTC,EOS,XEM,DASH,USDT,BNB,QTUM,XVG,ONT,ZEC,STEEM” currency=”USD” title=”Cryptocurrency Widget” show_title=”0″ icon=”” scheme=”light” bs-show-desktop=”1″ bs-show-tablet=”1″ bs-show-phone=”1″ custom-css-class=”” custom-id=”” css=”.vc_custom_1523079266073{margin-bottom: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”]

EclecticIQ and ThreatFabric Investigation Reveals Evidence of Malicious Android Packages

SecurityNews
By AIT News Desk

EclecticIQ, the global provider of cyber threat intelligence (CTI) technology solutions, has teamed up with fraud and cybercrime prevention experts at ThreatFabric to publish the findings of an investigation into instances of threat actors actively pushing malicious Android packages disguised as legitimate contact tracing applications.

Key analysis points by ThreatFabric and EclecticIQ reveal that:

  • Threat actors have been disguising Android packages as legitimate government-backed contact tracing applications for financial gain.
  • There is evidence to suggest that actors have used repackaged commodity and open-source malware to lower the investment required in the observed campaigns.
  • Third-party port forwarding, and secure tunneling services have probably been used to provide anonymization to command and control (C2) infrastructure.
  • The Android packages were probably delivered through links pointing to phishing pages.

Recommended AI News: Netfin Acquisition Corp. To Combine With Triterras Fintech Pte Ltd.

The findings of the report suggest that threat actors will almost certainly continue to use commodity and open source-based malware disguised as legitimate contact tracing applications for financial gain. The low barrier to entry provided by these tools and the continued rollout of contact tracing applications by nations, presents continued financial opportunity for cybercriminals into the near future. Malicious actors have shown their willingness to exploit the current pandemic by targeting legitimate contact tracing applications consistently in recent months. Samples analyzed by EclecticIQ and ThreatFabric researchers had an earliest estimated build time of April 12th, 2020 with the latest being June 23rd, 2020.

Related Posts

From Innovation to Infiltration: The New Cyber Threat Landscape

Lightning AI Raises $50Million to Simplify and Scale AI Development For Enterprises and Developers

Teach Mode Is Here: rabbit Gives Consumers Power to Create Custom AI Agents

1 of 40,574

Recommended AI News: Phenom Launches HR Resiliency Playbooks & Products

Peter Ferguson, Cyber Threat Intelligence Specialist at EclecticIQ’s Fusion Center commented:

“Users should never download contact tracing android applications from links sent to them or from third party stores. If they are interested in downloading their nation’s contact tracing application, they should use the official site or the Google Play Store.”

Gaetan van Diemen, General Manager at ThreatFabric commented:

“Threat actors have become very efficient in tricking users into downloading and installing a phenomenal variety of malicious apps on their mobile devices. To avoid fraud and brand or reputation damage, we strongly recommend app developers and online service providers to adapt their security strategy based on the factual evolution of the mobile threat landscape.”

Recommended AI News: Feedvisor Launches Next-Generation, AI-Powered Platform

AIT News Desk

AIT News Desk is a trained group of web journalists and reporters who collect news from all over the technology landscape. The technical space includes advanced technologies related to AI, ML, ITops, Cloud Security, Privacy and Security, Cyberthreat intelligence, Space, Big data and Analytics, Blockchain and Crypto.
To connect, please write to AiT Analyst at news@martechseries.com.

You might also like More from author

Comments are closed, but trackbacks and pingbacks are open.