Security Roundup: Remote Workers, Bitdefender-Splashtop, Wandera-Microsoft
… differentiate from their peers who insist on selling multiple point solutions.”
Wandera works in tandem with Microsoft Intune, integrating mobile threat defense with an array of management tools to provide flexibility in reporting, enforcement and granular control. The integration also provides enterprise customers with device risk-based conditional access, powered by Azure Active Directory. Administrators can set policies that ensure only compliant devices are allowed access to Microsoft Office 365 services.
The integration with Intune is the latest initiative from Wandera to offer enhanced security to Microsoft customers. It’s available to all Microsoft customers and is compatible with all iOS and Android devices.
Group-IB Sheds Light on Malware Targeting 100-Plus Global Banking Apps
Cybersecurity company Group-IB has uncovered Gustuff, a mobile Android trojan that targets banking, cryptocurrency and marketplace apps.
Gustuff is a new generation of malware complete with fully automated features designed to steal both cash and cryptocurrency from user accounts en masse. The trojan uses the accessibility service, intended to assist people with disabilities.
Gustuff could potentially target users of more than 100 banking apps, including 27 in the United States, 16 in Poland, 10 in Australia, nine in Germany, and eight in India; and users of 32 cryptocurrency apps.
“In order to better protect their clients against mobile trojans, the companies need to use complex solutions which allow [them] to detect and prevent malicious activity without additional software installation for [the] end-user,” said Pavel Krylov, Group-IB’s head of product development. “Signature-based detection methods should be complemented with user and application behavior analytics. Effective cyberdefense should also incorporate a system of identification for customer devices (device fingerprinting) in order to be able to detect usage of stolen account credentials from [an] unknown device. Another important element is cross-channel analytics that help to detect malicious activity in other channels.”
The analysis of Gustuff revealed that the trojan is equipped with web fakes designed to potentially target users of Android apps for top international banks including Bank of America, Bank of Scotland, J.P. Morgan, Wells Fargo, Capital One, TD Bank, PNC Bank, and crypto services such as Bitcoin Wallet, BitPay, Cryptopay and Coinbase.
Gustuff infects Android smartphones through text messages with links to a malicious Android Package (APK) file, the package file format used by the Android operating system for distribution and installation of applications. When an Android device is infected with Gustuff, at the server’s command, the trojan spreads further through the infected device’s contact list or the server database. Gustuff’s features are aimed at mass infections and maximum profit for its operators, according to Group-IB.
The trojan can perform a number of actions. For example, at the server’s command, Gustuff is able to change the values of the text fields in banking apps. Using the accessibility service mechanism means the trojan is able to bypass security measures used by banks to protect against older generations of mobile trojans and changes to Google’s security policy introduced in new versions of the Android OS. Moreover, Gustuff knows how to turn off Google Protect. According to the trojan’s developer, this feature works in 70 percent of cases.
Gustuff also is able to display fake push notifications with legitimate icons of the targeted apps. Clicking on fake push notifications has two possible outcomes: Either a web fake downloaded from the server pops up and the user enters the requested personal or payment details; or the legitimate app that purportedly displayed the push notification opens — and Gustuff can automatically fill payment fields for illicit transactions.