Post by account_disabled on Nov 25, 2023 9:40:55 GMT 2
Android smartphones give rise to a criminal industry that is particularly active in the creation of malware. As it is in old pots that the best soups are made, the developers of historical viruses constantly renew them, rent them monthly, which generates a recurring turnover for those who have purchased them, and who exploit them like milking a herd of cows.
Android preferred target
This is what Adrien Petit of the company CEIS, a strategy and risk C Level Executive List management consultancy, describes. He spoke on January 11 during the presentation of the cybersecurity panorama by Clusif, an association which brings together around a hundred CISOs from large companies and specialist security service providers.
Android is a favorite target for hackers. Comparatively, Apple's iOS smartphones are little impacted. “ There was AceDeceiver in March 2016, which attacked the Fairplay DRM system, and in August 2016, there was the Pegasus malware of state origin,” specifies the expert.
There are several reasons why hackers favor Android. “ There is the size of the installed base, 84% of smartphones sold in the 1st quarter of 2016 were under Android, and 16% under iOS. Additionally, there is a strong level of control over the development and distribution of applications on the Apple Store ,” he says. GooglePlay is more permissive.
900,000 new virus strains
Android is a favorite target for cybercriminals. In 2015 alone, there were 900,000 new malicious strains of viruses detected. In July 2016, there was the availability of the HummingBad rootkit, and in November of the same year, there was Gooligan who hacks the Google account and related software, and performs fraudulent actions. “ There is more and more ransomware ,” adds the expert. This type of software blocks the terminal or encrypts its data, and only returns control to the user upon payment of a certain amount of money.
Old malware is enriched from one version to another. Typical case: Mazar malware. It is particularly evolved. There was a wave of attacks in early 2016 with this malware. Via a backdoor, it monitors and completely controls the phone, it generates income for the hacker by sending SMS to premium rate numbers. It intercepts SMS messages via 2FA mechanisms.
It can disable the terminal, mute the sound or vibration, and defend itself against antiviruses by blocking them. This malware, which is now circulating under the name Mazar 3, has been sold under the name GM Android VBV Grabber Bot on Russian-speaking underground forums since 2014.
Permanent evolution
Viruses have a very short lifespan and they continue to evolve whether it is the GM family (from which Mazar comes), the Rasche family or others such as Cron Bot, Abrvall, Alten, etc. Many sophisticated malware appeared throughout 2016. We will cite Android KNL, offered by Rasche, a historical competitor of Ganja_man since 2014, the new version is called Marcher.
We will also mention Bilal, which has few functionalities but has great stealth. There is also Cron bot, available for Android (APK) and for Windows (EXE). However, it is historical malware that is the most powerful. These are Exo Android Bot and Mazar 3. They go so far as to grab (capture information) bank cards and contact lists in apps.
Two wounds
At the end of 2016, these two wounds were very functionally developed. Exo Android Bot is the successor to Android KNL and Marcher. It works with Android version 7.1.19. It benefits from a weekly update from its developers. It is available only for rental for $750 per week or $2400 per month. But it's the jackpot for whoever rents it.
As for Mazar 3, it is sold by GM_Project. It works up to Android version 6. It grabs bank cards and contact lists in apps. He creates html injects and Apps Inject. It costs $2500 (APK version), the price dropped to $999 on December 1st.
Android preferred target
This is what Adrien Petit of the company CEIS, a strategy and risk C Level Executive List management consultancy, describes. He spoke on January 11 during the presentation of the cybersecurity panorama by Clusif, an association which brings together around a hundred CISOs from large companies and specialist security service providers.
Android is a favorite target for hackers. Comparatively, Apple's iOS smartphones are little impacted. “ There was AceDeceiver in March 2016, which attacked the Fairplay DRM system, and in August 2016, there was the Pegasus malware of state origin,” specifies the expert.
There are several reasons why hackers favor Android. “ There is the size of the installed base, 84% of smartphones sold in the 1st quarter of 2016 were under Android, and 16% under iOS. Additionally, there is a strong level of control over the development and distribution of applications on the Apple Store ,” he says. GooglePlay is more permissive.
900,000 new virus strains
Android is a favorite target for cybercriminals. In 2015 alone, there were 900,000 new malicious strains of viruses detected. In July 2016, there was the availability of the HummingBad rootkit, and in November of the same year, there was Gooligan who hacks the Google account and related software, and performs fraudulent actions. “ There is more and more ransomware ,” adds the expert. This type of software blocks the terminal or encrypts its data, and only returns control to the user upon payment of a certain amount of money.
Old malware is enriched from one version to another. Typical case: Mazar malware. It is particularly evolved. There was a wave of attacks in early 2016 with this malware. Via a backdoor, it monitors and completely controls the phone, it generates income for the hacker by sending SMS to premium rate numbers. It intercepts SMS messages via 2FA mechanisms.
It can disable the terminal, mute the sound or vibration, and defend itself against antiviruses by blocking them. This malware, which is now circulating under the name Mazar 3, has been sold under the name GM Android VBV Grabber Bot on Russian-speaking underground forums since 2014.
Permanent evolution
Viruses have a very short lifespan and they continue to evolve whether it is the GM family (from which Mazar comes), the Rasche family or others such as Cron Bot, Abrvall, Alten, etc. Many sophisticated malware appeared throughout 2016. We will cite Android KNL, offered by Rasche, a historical competitor of Ganja_man since 2014, the new version is called Marcher.
We will also mention Bilal, which has few functionalities but has great stealth. There is also Cron bot, available for Android (APK) and for Windows (EXE). However, it is historical malware that is the most powerful. These are Exo Android Bot and Mazar 3. They go so far as to grab (capture information) bank cards and contact lists in apps.
Two wounds
At the end of 2016, these two wounds were very functionally developed. Exo Android Bot is the successor to Android KNL and Marcher. It works with Android version 7.1.19. It benefits from a weekly update from its developers. It is available only for rental for $750 per week or $2400 per month. But it's the jackpot for whoever rents it.
As for Mazar 3, it is sold by GM_Project. It works up to Android version 6. It grabs bank cards and contact lists in apps. He creates html injects and Apps Inject. It costs $2500 (APK version), the price dropped to $999 on December 1st.