Malware Inside Applications
A few days ago, I stumbled upon a post by a certain user in a public forum that advertised a little application developed to check the credit scores and criminal records of Brazilian citizens.
Looking at the application, I found out that it basically makes HTTP requests to public sites to get the information and to display the results. Nothing particularly malicious, right?
 |
However, upon checking the code, I was able to locate a function called “Virus.” The said function, unsurprisingly, downloads one Bancos Trojan detected by Trend Micro as TROJ_BANKER.LEB.
 |
This kind of instance is definitely not uncommon. I’ve seen instances wherein cybercriminals tried to deceive the users to download and use an application. What the users don’t know is that the real intention of the author is to steal bank credentials and other personally identifiable information (PII).
Users should always keep in mind that a certain level of trust should be involved when it comes to installing and utilizing applications. Any software, once installed gains access to a system. This may include access to critical user information. Thus, users should only install software that come from trusted developers or from verified sources.
Post from: TrendLabs | Malware Blog – by Trend Micro
Malware Inside Applications
Spotlight
Cloud Computing
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- Businesses demand stronger app security
- Twitter now offers two-factor authentication
- DHS needs better sharing plan, experts say
- Cloud security group develops third-party certification program
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet