Tag Archive for: Backups

GravityRAT Android Malware Variant Steals WhatsApp Backups

/in


Heads up, Android users! The latest GravityRAT malware variant now targets Android devices and steals WhatsApp chat backups. The malware reaches the devices by posing as a chat app. Again, this highlights the essentiality of downloading only known apps from trusted sources.

GravityRAT Android Malware Steals WhatsApp Backups

According to a recent report from ESET, a new GravityRAT malware variant has been actively targeting Android devices.

GravityRAT is a spyware known since 2015 as a potent remote access trojan targeting Windows, macOS, and Android systems. It has run numerous malicious campaigns with different iterations, each bearing more advanced malicious capabilities.

The recent GravityRAT variant targets Android devices and steals various files, including WhatsApp backups. To achieve this goal, the threat actors rolled out “BingeChat,” – a supposed chat app. The app offers numerous attractive features, including end-to-end encryption, voice chats, file sharing, an easy user interface, and free availability to lure users.

To further instigate curiosity and add a sense of legitimacy to the app, the threat actors have restricted the app download to an “invite-only” mode with registration requirements. This seemingly prevents the app analysis from potential researchers and ensures a targeted victim base.

Apparently, the app functions usually because the threat actors have developed it on the open-source Android messenger OMEMO IM. That’s how it avoids alarming users about the embedded GravityRAT malware in this trojanized app.

After being downloaded and installed, the app requests risky permissions, which any legit messaging app would request. These include access to SMS messages, contact lists, call logs, location, and device details. Once obtained, the app transmits all this information to the attackers’ C&C.

Alongside these capabilities, the new GravityRAT malware hidden inside the BingeChat app also receives commands regarding file deletion, call log deletion, and contact list deletion. Moreover, it steals files with various extensions, including crypt14, crypt12, crypt13, and crypt18 extensions that often represent WhatsApp chat

Source…

Arcabit Internet Security Tested 5.30.22

/in



How to Beat Hackers Targeting Backups with Ransomware Attacks

/in


If your business is like most, chances are it has a pretty good backup strategy. You’re probably backing up critical data regularly, and that’s a good thing. But it’s not nearly enough. In fact, if your backups haven’t yet been targeted by ransomware, it’s only a matter of time.

Ransomware attacks grew by more than 365% in 2019 alone, and a growing number of those target backups. If you are attacked, your business could be forced to decide whether to pay the ransom. Plenty of people are doing just that, and it’s expensive. One recent report found that the average cost of getting back to normal, including the ransom, costs nearly $1.5 million.

There are very good reasons why hackers are attacking backups: They know that the data in those backups are the keys to the kingdom, and they are extremely profitable.

“It’s big business. In fact, it’s one of the bigger software ventures where you can make money quickly, and the bad guys know it,” said Marc Staimer, a storage industry analyst at Dragon Slayer Consulting. “It’s organized, state-sponsored crime, and like any business, they reinvest the profits in R&D and go after anything that threatens those profits.”

The result is a high-stakes cat-and-mouse game that sees backup vendors figuring out how to stop one type of threat, only to have hackers come up with new ways to get at backups. It’s a never-ending cycle.

The Game of Whack-a-Mole Begins

So how did we get to this place? Ransomware has been a problem for a long time, but hackers didn’t get around to effectively targeting backups with ransomware attacks until a few years ago. In 2017, the industry got a big shock with the Veeam ransomware incident, which put everyone on high alert. As one of the largest backup vendors in the world, hackers knew it was a good target. Hackers who found the backup repositories on the network would delete them, and then detonate ransomware’s payload so the data could no longer be recovered.

Bolstered by that success, hackers kept pushing the envelope, and backup vendors pushed back. First, they did what they could to educate their customers to make sure backups were up-to-date and tested often,…

Source…

New Report Says Apple Dropped Plans To Fully Encrypt Backups After FBI Complained

/in

As Attorney General William Barr and other law enforcement officials continue to insist (falsely) that Apple refuses to cooperate with them in undermining encryption and security on all iPhones, plenty of people have been pointing out for years that the reality is that most iPhone encryption is effectively meaningless, because if a user has iCloud backups on, Apple retains the key to that data and can (and does!) open it up for legitimate law enforcement requests. In other words, it’s extremely rare that full device encryption actually keeps law enforcement out (and that leaves aside the fact that technological solutions exist for law enforcement to hack into most iPhones anyway). Indeed. as you might recall, during the FBI’s last big fight about encryption with Apple, over San Bernardino shooter Syed Farook’s iPhone, it was revealed that the FBI’s own incompetence resulted in Farook’s backups being wiped out before the FBI had a chance to access them.

For quite some time now, EFF and others have urged Apple to close this loophole and allow for truly encrypted iCloud backups, such that even Apple can’t get in. Apple has toyed with the idea, but as Tim Cook has said a few times, the company chose not to do it this way after weighing the pros and cons from a user’s perspective. The key issue: if something is fully encrypted and Apple doesn’t have the key, if you lose your password, the data is effectively gone. There is no “password reset” if Apple doesn’t retain the key:

There our users have a key and we have one. We do this because some users lose or forget their key and then expect help from us to get their data back.

However, in that same interview, Cook did suggest that Apple would move towards encrypting backups as well:

It is difficult to estimate when we will change this practice. But I think that will be regulated in the future as with the devices. So we will not have a key for it in the future.

I think that there are legitimate user-centric reasons for the decision that Apple made, though it seems clear that many, many people don’t realize that Apple still has the key to their backups. However, a new report from Reuters says that Apple killed plans to offer fully encrypted backups after the FBI got upset about it:

Apple Inc dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.

The tech giant’s reversal, about two years ago, has not previously been reported. It shows how much Apple has been willing to help U.S. law enforcement and intelligence agencies, despite taking a harder line in high-profile legal disputes with the government and casting itself as a defender of its customers’ information.

At the very least, this shows (yet again) that Barr and other law enforcement officials are blatantly lying when they say that Apple does not cooperate with law enforcement or that it doesn’t take the concerns they raise seriously. On the flip side, it is a bad look for Apple, in that it has chosen to avoid a more secure option for its users’ data, going against the company’s long-standing public support for encryption and protecting users’ data.

Again, even if there is a legitimate reason for not encrypting backups — and it’s equally true that if Apple did offer it, there would be public complaints of people no longer having access to their data — it’s troubling that Apple won’t even make this an option (with clear warning statements) for end users, and that they’re doing so because of blatant fearmongering by law enforcement officials.

Of course, the other way one might look at this decision is that if Apple had gone forward with fully encrypting backups, then the DOJ, FBI and other law enforcement would have gone even more ballistic in demanding a regulatory approach that blocks pretty much all real encryption. If you buy that argument, then failing to encrypt backups is a bit of appeasement. Of course, with Barr’s recent attacks on device encryption, it seems reasonable to argue that this “compromise” isn’t enough (and, frankly, probably would never be enough) for authoritarian law enforcement folks like Barr, and thus, it’s silly for Apple to even bother to try to appease them in such a manner.

Indeed, all of this seems like an argument for why Apple should actually cooperate less with law enforcement, rather than more, as the administration keeps asking. Because even when Apple tries to work with law enforcement, it gets attacked as if it has done nothing. It seems like the only reasonable move at this point is to argue that the DOJ is a hostile actor, and Apple should act accordingly.

Permalink | Comments | Email This Story

Techdirt.