Tag: mobile security threat

The Selfmite malware has been spreading its way through smartphones by way of links in text messages.

A new mobile security threat in the form of the Selfmite Android malware has been making the rounds through a malicious link that is being distributed by way of text messages to the contacts on the device user’s list.

This link leads to a rare Android worm that has now been discovered by security researchers.

By the time this Selfmite mobile security threat is installed onto a device, this malware texts 20 contacts from the address book of the smartphone owner. This is a different type of threat from what is usually seen over Android devices, as the majority of those problems are in the form of Trojan apps that do not have their own mechanisms for self propagation. Instead, they are distributed to smartphone and tablet users by way of non-official app stores.

This new mobile security problem is the second threat of this nature that has been discovered in the last 2 months.

This may suggest that the number of malware attacks in the form of worms could be on the rise into the future. The text message that is sent by the Selfmite worm contains the name of the contact, so that it says “Dear [Contact’s Name], Look the Self-time,” and is followed by a URL that has been goo.gl shortened.

This infected link directs the user to an APK file that is called “TheSelfTimerV1.apk”. This Android application file is hosted on a remote server, according to the AdaptiveMobile security firm researchers who identified the threat. If the user chooses to install this APK, then “The self-timer” is placed into the app list.

From that point, it not only spreads itself to 20 contacts through texts from that device, but it also attempts to encourage that device’s user to download and install another file, which is called mobogenie_122141003.apk through their mobile browser.

That is actually a legitimate app called Mobogenie, which gives Android users the chance to synch their devices with their PCs so that they can download applications form an alternative app store. That application has already received over 50 million downloads from Google Play but is heavily promoted through affiliate marketing strategies, which can incentivize fraudulent distribution by unethical individuals willing to use mobile security threats to try to make money.

A new opportunity for attackers to gain access to smartphone apps from these networks has been discovered.

This week, mobile security experts demonstrated an example of the discovery that was recently made that allows a very simple attack to be made which exploits a code vulnerability in Apple iOS applications.

This vulnerability gives attackers the ability to persistently alter server URLs from which the data is loaded to the apps.

This means that the attacker will be able to change the URL from which the iOS application is loading its data, presenting a massive mobile security threat. This is particularly unpleasant as the victim will not know when it is happening nor that it has occurred. It means that the attacker could invisibly use the data to be able to load malicious links or to insert false news regarding market movements into a news application.

The makers of the applications were not notified of the mobile security threat ahead of the announcement to the public.

The mobile security threat was identified by Skycure and it has, in the past, already notified app makers of this type of threat’s existence. Typically, the developers are provided with this knowledge ahead of the public announcement. However, in this circumstance, they stated that it was not possible for them to wait to notify developers before making this information public. They felt that because the vulnerability was present in hundreds of different apps – including stock management applications – it was important for people to be notified as soon as possible, without waiting to tell the app makers, first.

Skycure, a mobile security expert firm, declined to provide the names of the specific apps that were tested positive for the threat. The reason was that they didn’t want to provide this information to potential attackers who could exploit this knowledge before a solution to the issue could be found. The company’s chief technology officer, Yair Amit, said that “The vulnerability affects so many apps that it’s virtually impossible to alert app makers.” The researchers from the company also assembled a short video to demonstrate how an app could be manipulated by an attacker.