I can honestly admit that today was a great day considering it was high school day for my lovely department of computer science. If I were compensated for the numerous amount of times someone said they're glad i'm in the cyber security field and how it's thriving and evolving, i'd be a very wealthy woman. I'm very thankful and blessed to have the opportunity to share my experience and encourage students to be the future leaders in the stem fields.
What is going on with Instagram and Facebook? I thought my phone had bad connection all day or was the only one who's apps wasn't working. For those of you who are not aware or do not use social media all together, Facebook owns Instagram and the both of them were down today, causing several users to become upset and express their thoughts through Twitter. They still have not announced what caused the application to be down for several hours, nearly the entire day. “We’re aware that some people are currently having trouble accessing the Facebook family of apps. We’re working to resolve the issue as soon as possible,” Facebook tweeted. However, the social networking site did confirm that the outage was not a result of a distributed-denial-of-service attack, which is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. Imagine being a computer science major and constantly receiving questions about the outage. A horrible sight right? People were being logged out and locked out of their accounts, their feed was not loading, they could not send messages, and could not post to their page nor Instagram story. It was a very dark day on the web for social media users. Were you affected? How did you feel and what was your reaction?
In addition, i'd like to mention earlier I came across an article about android phones and malware infections. Now, myself and most of my peers are iPhone users so obviously we were anxious to find out about the latest news. If we can all recall for a second, not too long ago apple had a bug with their FaceTime application and it was the popular buzz in the wind.
Seems like yesterday I was defending the iOS application against the android application and one of my friends persisted in believing their android was much safer. The only thing that is safe is how easy it is to compromise someone's data and they don't even know it. What has been uncovered? Two large-scale malware campaigns have been infecting Android applications with 250 million downloads in total. 250 million everyone.
The first campaign, SimBad, infected 210 apps found in the official Google Play Store. Many of the infected applications were simulator games. The second, known as Operation Sheep, only infected 12 apps but they have so far been downloaded more than 111 million times. These apps were not in the Google Play Store and can still be found within major Chinese third-party app stores. According to the researchers, SimBad has three main capabilities: displaying adverts, phishing and exposure to other applications. It's adware first and foremost, used to display background ads. As a way to outsmart Google's app store scanning, SimBad would open a backdoor to install additional malware unbeknownst to the application developer. Once installed, the downloaded malware also removes the app icon and persists in the background, loading each time the device boots up.
Imagine finding out all your contacts has been seized and stored in a server without your consent. It's data stealing malware and invasion of privacy combined. This is known as the Operation Sheep and it is the first known campaign to exploit the Man-in-the-Disk vulnerability that Check Point discovered last year. Apparently, only devices running Android Marshmallow or above are impacted by this malware; small comfort considering that's 70% of them. To sum it up, this malware harvests contact information from android users without their consent.
There is a full list of applications that are known to have been infected by the malware and can be found online. You should uninstall any apps that you have downloaded, but consider that some of the malware obfuscates the uninstallation process. Also, any other application that you may have downloaded from an unofficial app store needs to be uninstalled and no additional application should be installed. "To uninstall an app that removes or hides its icon" Hazum says users should "go to settings|applications and uninstall the app from the list there."
Or, you can see the light and switch over to apple! I'm just throwing that suggestion out there, lol.
If you would like to discuss further, please leave a comment or ask a question. I'd love to chat with my readers and hear your thoughts. Thank you for dropping in and remember ToBeSecured!
Comments