Popular on EntSun
- How can You Protect Yourself from Scam Moving Companies Prevailing in The Market? 112
- Escape the Room Locations Reopen Nationwide For a Safe And Exciting Night Out
- Author and Radio Host Claudette Milner Releases " We Give You Praise" featuring Lindsey Bitler on June 26, 2020
- Air France policy for missed connections
- Newest Analysis from ImmersivEdge Advisors Helps Investors Make the Right Moves in the Dynamic AR & Smartglasses Industry
- The Questions You've Always Wanted To Ask About Burqas
- EVERGREEN IS THE BLOOD from Polestar Studios Stars Dawna Lee Heising, John Reign and Aki Aleong
- Aarika Honey Inks Voice & Executive Producer Deal With Naimah's Global Podcast!
- Jurllyshe Back To School Outfits & Clothes Ideas 2020--Jumpsuits, Matching Sets, Dress etc
- Evolve IP Releases RECAP – AI Driven Speech Analytics And Voice Recording Platform For Microsoft Teams, Unified Communications and Contact Center
Similar on EntSun
- Tom Urquhart, Ph.D., joins IOTech Systems as SVP of Professional Services
- CEO Coaching International Client, StoneAge Inc., Acquires Breadware, A Leader in Industrial IOT Product Development
- Evolve IP Delivers World's Only Omnichannel Contact Center Integrated with Microsoft Teams and Virtual Workspaces
- AutoQuotes And UL Announce Strategic Partnership
- NACCE and Bridge for Billions Team Up to Offer "The Leap" to Community College Entrepreneurs Across the Nation
- Legacy Park Sports Launches GoDog GameStream To Live Stream Baseball and Softball Tournaments
- Onlive Server Launched UK VPS Server Hosting Service with Hypervisor KVM Cloud Panel and SSD Storage
- Alpega Partners with project44 to Deliver Advanced Visibility in North America and Europe
- How To Buy Drone Accessories On A Budget: Drones Guide
- FigBytes Integrates SASB Standards in its Enterprise Sustainability and ESG Platform
EclecticIQ and ThreatFabric investigation reveals evidence of malicious Android packages posing as legitimate Covid-19 contact tracing apps
EntSun News/10832067
Threat actors exploit consumer trust in legitimate government apps to plant malicious packages
AMSTERDAM - EntSun -- EclecticIQ, the global provider of cyber threat intelligence (CTI) technology solutions, has teamed up with fraud and cybercrime prevention experts at ThreatFabric to publish the findings of an investigation into instances of threat actors actively pushing malicious Android packages disguised as legitimate contact tracing applications.
Key analysis points by ThreatFabric and EclecticIQ reveal that:
The findings of the report suggest that threat actors will almost certainly continue to use commodity and open source-based malware disguised as legitimate contact tracing applications for financial gain. The low barrier to entry provided by these tools and the continued rollout of contact tracing applications by nations, presents continued financial opportunity for cybercriminals into the near future. Malicious actors have shown their willingness to exploit the current pandemic by targeting legitimate contact tracing applications consistently in recent months. Samples analyzed by EclecticIQ and ThreatFabric researchers had an earliest estimated build time of April 12th, 2020 with the latest being June 23rd, 2020.
More on EntSun News
Peter Ferguson, Cyber Threat Intelligence Specialist at EclecticIQ's Fusion Center commented:
"Users should never download contact tracing android applications from links sent to them or from third party stores. If they are interested in downloading their nation's contact tracing application, they should use the official site or the Google Play Store."
Gaetan van Diemen, General Manager at ThreatFabric commented:
"Threat actors have become very efficient in tricking users into downloading and installing a phenomenal variety of malicious apps on their mobile devices. To avoid fraud and brand or reputation damage, we strongly recommend app developers and online service providers to adapt their security strategy based on the factual evolution of the mobile threat landscape."
Additional Resources:
About EclecticIQ
EclecticIQ enables intelligence-powered cybersecurity for government organizations and commercial enterprises. We develop analyst-centric products and services that align our clients' cyber security focus with their threat reality. The result is intelligence-led security, improved detection and prevention, and cost-efficient security investments.
Our solutions are built specifically for analysts across all intelligence-led security practices such as threat investigation and threat hunting, as well as incident response efforts. We tightly integrate our solutions with our customers' IT security controls and systems. EclecticIQ operates globally with offices in Europe, the United Kingdom and North America, and via certified value-add partners.
More on EntSun News
Learn more at www.eclecticiq.com
About ThreatFabric
ThreatFabric helps financial institutions protect their online services, stop fraud and enhance customer experience. Powered by threat intelligence, ThreatFabric's solutions offer a holistic approach to risk detection and fraud prevention. MTI (Mobile Threat Intelligence) provides global visibility and context on the mobile banking threat landscape. It is the threat intelligence solution to use to protect personal data, customers and brand from financially motivated threat actors. It includes the strategic overview of threats and context as well as all relevant technical indicators. CSD (Client Side detection) provides the answer to the constantly-evolving fraud landscape and regulatory challenges. An omnichannel solution that empowers financial institutions to pro-actively detecting known and unknown threats to mitigate fraud and build trust across their online services.
Learn more at www.threatfabric.com
Key analysis points by ThreatFabric and EclecticIQ reveal that:
- Threat actors have been disguising Android packages as legitimate government-backed contact tracing applications for financial gain.
- There is evidence to suggest that actors have used repackaged commodity and open-source malware to lower the investment required in the observed campaigns.
- Third-party port forwarding, and secure tunneling services have probably been used to provide anonymization to command and control (C2) infrastructure.
- The Android packages were probably delivered through links pointing to phishing pages.
The findings of the report suggest that threat actors will almost certainly continue to use commodity and open source-based malware disguised as legitimate contact tracing applications for financial gain. The low barrier to entry provided by these tools and the continued rollout of contact tracing applications by nations, presents continued financial opportunity for cybercriminals into the near future. Malicious actors have shown their willingness to exploit the current pandemic by targeting legitimate contact tracing applications consistently in recent months. Samples analyzed by EclecticIQ and ThreatFabric researchers had an earliest estimated build time of April 12th, 2020 with the latest being June 23rd, 2020.
More on EntSun News
- The Chatterbox Dine-In Theater Opens at Paragon Village, Fredericksburg, VA
- Emmy Winning Producer Lisa L. Wilson & RHOBH Star Garcelle Beauvais Presents "Cooking with Critters"
- Dental Prosthetics Market Outlook Analysis By Size, Share, And Growth 2020-2026
- Legends of Tomorrow, Hallmark Movies, X-Men Animated Among New Wizard World Virtual Experiences
- 78-year old Pro Gamer DieHardBirdie and Rumble Gaming Take a Stand against Ageism and Sexism in Esports
Peter Ferguson, Cyber Threat Intelligence Specialist at EclecticIQ's Fusion Center commented:
"Users should never download contact tracing android applications from links sent to them or from third party stores. If they are interested in downloading their nation's contact tracing application, they should use the official site or the Google Play Store."
Gaetan van Diemen, General Manager at ThreatFabric commented:
"Threat actors have become very efficient in tricking users into downloading and installing a phenomenal variety of malicious apps on their mobile devices. To avoid fraud and brand or reputation damage, we strongly recommend app developers and online service providers to adapt their security strategy based on the factual evolution of the mobile threat landscape."
Additional Resources:
- Read full report here
About EclecticIQ
EclecticIQ enables intelligence-powered cybersecurity for government organizations and commercial enterprises. We develop analyst-centric products and services that align our clients' cyber security focus with their threat reality. The result is intelligence-led security, improved detection and prevention, and cost-efficient security investments.
Our solutions are built specifically for analysts across all intelligence-led security practices such as threat investigation and threat hunting, as well as incident response efforts. We tightly integrate our solutions with our customers' IT security controls and systems. EclecticIQ operates globally with offices in Europe, the United Kingdom and North America, and via certified value-add partners.
More on EntSun News
- Marshals Of The Revolution-New Roots Country Music and Lifestyle Brand Has Arrived
- COVID-19 Impact on Cosmetic Dentistry Market 2020
- Christian single hitting music platforms highlights work of changemakers
- Julia's Back to school deal 2020
- Various Types of Laces to Embellish Dresses and Craft Projects
Learn more at www.eclecticiq.com
About ThreatFabric
ThreatFabric helps financial institutions protect their online services, stop fraud and enhance customer experience. Powered by threat intelligence, ThreatFabric's solutions offer a holistic approach to risk detection and fraud prevention. MTI (Mobile Threat Intelligence) provides global visibility and context on the mobile banking threat landscape. It is the threat intelligence solution to use to protect personal data, customers and brand from financially motivated threat actors. It includes the strategic overview of threats and context as well as all relevant technical indicators. CSD (Client Side detection) provides the answer to the constantly-evolving fraud landscape and regulatory challenges. An omnichannel solution that empowers financial institutions to pro-actively detecting known and unknown threats to mitigate fraud and build trust across their online services.
Learn more at www.threatfabric.com
Source: EclecticIQ
Filed Under: Technology, COVID-19
0 Comments
Latest on EntSun News
- Why You Should Start Shopping for Your Special Occasion Dress Early
- Kupit Kickstarter Campaign by Burgeón Brands Attempts to Reduce Waste from Single-Serving Coffee Pods
- News: Claxy Lighting Fixture Offers 25% Discount and Secure Transaction on All Orders
- Latino Leaders Network to Host Virtual Panel Discussion with Democratic Latino Delegates
- Ultrasound Probe Disinfection Market Forecast By 2020-2026
- Evolve IP Delivers World's Only Omnichannel Contact Center Integrated with Microsoft Teams and Virtual Workspaces
- Neuronavigation Systems Market Outlook By Size, Share, And Trends 2020
- StoweAway Productions Develops New Scripted Series "Slave Stealers"
- How to Make New Bookings on United Airlines?
- Music News: Yzhood's New Album Black Out Got number 12 on iTunes music electronic chart
- Yzhood's New Album Black Out Got number 12 on iTunes music electronic chart and number 2 in Canada
- Mahmood Khan hits number 1 on Billboard
- How to issues resolved change icloud password?
- Scream Queen, Sparkle Soojian, star of "Strange Files", in Ms. Health & Fitness Competition
- High Throughput Industrial NAS Storage Server Solution For Real-Time Data processing, Recording and Streaming
- Deadly Night Out Starts Filming In September
- Mission Fat Hearts Movie Campaign Hopes to Inspire Ripples of Kindness That Turn Into Waves
- Virtual Play in Pre-Production on The Story Of First Civil Rights Martyrs Harry T. & Harriette Moore
- Barks in the Bottoms During These Dog Days of Summer in Kansas City's West Bottoms
- Snoop Dogg Teams Up With Bumpboxx Launching the first in the celebrity collection Flare8 " Doggy Style"