Month: February 2019

    Some people like to look their best and sometimes reality just isn’t enough. With the addition of an altered reality landscape we can add and modify our worlds and ourselves through the lens of our phones. There are apps that can access your phone’s camera, detect your facial position, add features, correct color imbalances, enhance traits that we find desirable, and can remove elements that aren’t so desirable. 

    Researchers at Trend Micro have found 29 beauty apps in the Google Play store that have malicious traits. These apps take a user’s desire to be more than what they are to open themselves up for attack. They are connected to remote ad configuration servers that receive data about the device the malicious app is installed upon and directs the victim to attacks tailored for that device.

    The authors of these malicious apps have included efforts to hide traces of their existence in a feeble attempt at permanence. Once downloaded, one of the packages included in these apps will provide the user a shortcut icon to impale themselves upon, but it will hide the app icon from the application list in an attempt to prevent its own deletion. 

    These apps have several methods of monetizing their targets including phishing for personal information, collecting freshly taken photos, or even just accepting payments for services not rendered. They can include false “contests” that result in a request for personal information to deliver a promised prize. One app offers beautification of an image uploaded to its server but never gets it, while the attacker compiles a data set full of images that can be used for future fraudulent social media profiles. Another app pushes an ad for a paid online pornography player which accepts payment and likely collects payment information. The researchers have found that the player does not play despite payment.

    The Google Play Store has already removed these apps from their roster. The top three (Pro Camera Beauty, Cartoon Art Photo, & Emoji Camera) have had over one million downloads each. The next eight have already had downloads in the hundreds of thousands. The large majority of these downloads occurred in Asia, particularly India. 

   The best recommendation is to read reviews in any app that you want to try out. Any reviews that are indicative of malicious behavior is sufficient warning. Anything produced by an untrusted source should be subject to scrutiny, and anything requesting information should be doubly so.
Source

• https://blog.trendmicro.com/ trendlabs-security-intelligence/ various-google-play-beauty-cameraapps-sends-users-pornographiccontent-redirects-them-to-phishingwebsites-and-collects-their-pictures/

• https://www.dpreview.com/ news/0890709908/google-removes29-malicious-android-camera-appsfrom-play-store

• https://securityaffairs.co/ wordpress/80666/malware/ malicious-beauty-apps.html

     Siri sets alarms, calls your mother, and finds you that piece of trivia that’s been itching in your brain for the past week. Siri helps people manage their electronic fears and control their digital world in a human way. So when Siri Shortcuts came along with iOS 12, I’m sure many people were elated at the thought of automating their daily ritual and streamlining repeated complex tasks. 

    While it’s doubtful that most users will automate their household energy consumption or repeatedly perform multi step computations via voice command, the average user might be interested in shortcuts designed by business owners trying to make it smoother to exchange money for services and goods. Also, it just feels a bit cool to do many things with just a click. However, with automation and complexity there’s always an avenue for abuse. Security Intelligence from IBM has outlined a few methods for a pseudo ransom attack involving many of the capabilities of Siri Shortcut.

    The app has the ability to perform many of the phone’s basic functions which can be used to confuse then scare a user into paying a ransom to the attacker. Some of Siri Shortcuts’ capabilities include text to speech, flash light control, vibration control, volume and brightness control, clipboard data collection, data storage manipulation, IP address collection, GPS location information collection, and other forms of information collection.

   The most alarming capability is message creation and deployment along with contact list access. A maliciously crafted shortcut could send a copy of itself to each person in the victim’s contact list. It has been advised time and again to never download anything from an untrusted source, but who would think your grandson would send you anything malicious? Suddenly you’re at an ATM, your phone is vibrating and flashing, it snaps a picture of your face and your bank card, and tells you that you’re being tracked repeating your location and reading your browsing history. Even the most cool-headed person would be shaken and might fall for  the ruse. And if you’re savvy enough to remain composed and ignore it, a co-worker or a cousin might not be.

   A pound of cure is worth an ounce of prevention. Never install shortcuts from untrusted sources. Never allow anything to exist on your phone that requires permissions outside your comfort zone. Take advantage of the “Show Actions” button to see what a shortcut actually does before using it. Constant vigilance when it comes to anything that can run without your direct control is the minimum in this day and age.

Sources:
 • https://securityintelligence.com/hey-siri-get-my-coffee-hold-the-malware/
 • https://securityaffairs.co/wordpress/80592/hacking/siri-shortcutsabuses.html
 • https://www.securityweek.com/malicious-hackers-can-abuse-siri-shortcuts -ibm