Malware roundup: Tiffany's, Tibetans, iOs are targeted
Malware writers turned their attention this week on Tiffany's and Tibetan activists, as well as targeting Mac computers and Android phones.
Spam messages claiming to be from upscale retailer Tiffany & Co. began appearing in inboxes this week.
Spotted by security firm Sophos, the text of the messages inform the recipient that they've received a payment from the company, and they need to open an attachment to the message to confirm the payment.
The attachment contains the Mal/BredoZp-B Trojan. The malware will install a backdoor on your computer as well as steal all your user names and passwords.
Like the Tiffany malware, the Tibetan bad app installs a backdoor on an infected machine, which is used by a miscreant to issue commands to the computer. While Eset couldn't pinpoint the purpose of the malware's pusher, it noted that the threat is similar to other espionage campaigns against Tibetan activists.
The malware, which has various names including KitM, Kumar, and HackBack, is another backdoor program that captures screenshots of an infected machine and ships them back to a command-and-control server operated by cyber bandits. It also allows them to execute commands on the infected machine.
What's alarming about all variants of the malware is they're signed with a valid Apple developer's ID, which allows them to be trusted by OS X's Gatekeeper security subsystem.
The malware can be thwarted, however, by changing the security settings in OS X to allow only software from the Mac App Store to be installed on your computer.
Attacks on Android
The Android world was also afflicted with a new malware program this week. Called Android.Pincer.2.origin, it was discovered by Russian security firm Dr. Web.
What the Trojan does is intercept SMS messages and forward them to a server operated by byte thieves. Since a growing trend in online authentication is to verify a user's login with a code sent by SMS message to a cell phone, grabbing those messages could be handy for unauthorized access to an account.
If Android users are careful, however, they can avoid the malware. It's spread through a bogus security scam. That means it must be installed manually on an Android device by its owner.
Moreover, the NextWeb reports that the malware hasn't been found on Google Play, where most Android users get their apps.
"[I]t appears to be meant for precise attacks, as opposed to being aimed at as many users as possible," the NextWeb said.