Tag Archive for: Zimperium

Zimperium Discovers Novel Predatory Loan Malware In Flutter Apps

/in


Zimperium, have revealed details of a newly discovered Android malware campaign hidden in money lending apps developed with Flutter, a software development kit used to create applications that work across multiple platforms, including Android and iOS

The team at Zimperium zLabs have unearthed MoneyMonger, a menace that takes advantage of personal data taken from a device to extort the victims into paying more than what the usurious loans necessitate.

The malicious code is a part of the predatory loan malware scheme previously discovered by K7 Security Labs.

This recently identified malicious software has been operational since May 2022 and is utilising a variety of methods of manipulating its targets. It starts with a fraudulent loan offer that promises a fast payout.

When the person attempts to access the app, they are informed that certain authorizations need to be granted on their mobile device in order for them to qualify for the loan.

MoneyMonger takes advantage of Flutter’s framework to obfuscate malicious features and complicate the detection of malicious activity by static analysis.

Due to the nature of Flutter, the malicious code and activity now hide behind a framework outside the static analysis capabilities of legacy mobile security products.

The MoneyMonger malware is distributed solely through third-party app stores or is sideloaded onto the victim’s device through phishing messages, compromised websites, social media campaigns or other tactics. It has not been found in any Android app stores.

Upon infiltrating a user’s device, MoneyMonger will send all kinds of private information to their server, including apps that are installed, GPS coordinates, text messages, contact list, device specifications, and other data related to images.

This stolen information is used to blackmail and threaten victims into paying excessively high-interest rates. If the victim fails to pay on time, and in some cases even after the loan is repaid, the malicious actors threaten to reveal information, call people from the contact list, and even send photos from the device.

MoneyMonger is a risk to individuals and enterprises because it collects a wide range of data from the victim’s device,…

Source…

Zimperium reveals new Android threat ‘the Schoolyard Bully’

/in


Zimperium, the mobile security platform purpose-built for enterprise environments, has revealed details of a newly discovered Android threat campaign that has been stealing Facebook credentials from unsuspecting users since 2018.

The Zimperium zLabs threat research team recently discovered and named the Schoolyard Bully Android trojan, which it found in numerous educational applications that have been downloaded from the Google Play Store and third-party app stores by more than 300,000 victims to date, according to a statement from the company.

Applications hiding the Schoolyard Bully trojan and its malicious code have been removed from the Google Play Store, but are still available on third-party app stores.

These applications are often disguised as legitimate, educational applications with a wide range of books and topics for students to consume, but are capable of stealing details including a users name, email, phone number and password.

Richard Melick, Director of Mobile Threat Intelligence at Zimperium, says, “Attackers can cause a lot of havoc by stealing Facebook passwords. If they can impersonate someone from their legitimate Facebook account, it becomes extremely easy to phish friends and other contacts into sending money or sensitive information. It’s also very concerning how many people reuse the same passwords.

“If an attacker steals someone’s Facebook password, there’s a high probability that the same email and password will work with banking or financial apps, corporate accounts and so much more.”

The Schoolyard Bully trojan primarily targets Vietnamese language applications, but has been discovered in 71 countries so far, illustrating the broader-reaching geographic impact of this campaign. However, the actual number of countries where Schoolyard Bully is active could be even higher and could continue to grow because applications are still being found in third-party app stores.

The malware uses native libraries to hide from the majority of antivirus and machine learning virus detections, and uses the same technique with a native library named libabc.so to store the command and control data. The data is further encoded, to hide all the strings from any…

Source…

Mobile security startup Zimperium acquired by Liberty Strategic Capital for $525M

/in


Mobile cybersecurity provider Zimperium Inc. today announced that it has agreed to be acquired by Liberty Strategic Capital in a transaction worth about $525 million.

Former U.S. Treasury Secretary Steven Mnuchin, the founder and managing partner of Liberty Strategic Capital, will become the chair of Zimperium’s board. Existing investor SoftBank Group Corp. is set to retain its stake in the startup following the acquisition.

Founded in 2010, Zimperium provides cybersecurity software that helps companies protect workers’ handsets from hacking attempts. The startup also offers a suite of tools that developers can use to build more secure mobile apps.

Zimperium’s software product for protecting employee devices is known as zIPS. It runs directly on workers’ handsets and uses machine learning to detect cybersecurity issues. Zimperium says zIPS can detect malware and other threats, as well as vulnerabilities such as insecure device settings that could lead to a data breach if left unaddressed.

Zimperium’s second offering is a suite of mobile development tools called MAPS. One of the tools in the suite enables developers to scan the code of their mobile apps for vulnerabilities regulatory compliance issues. Another component of MAPS can be used to equip apps with the ability to detect hacking attempts. 

The MAPS suite also includes tools for more specialized tasks, such as preventing hackers from extracting encryption keys. Accessing an app’s encryption key can allow hackers to decrypt and read user data. According to Zimperium, MAPS prevents breaches by turning the part of an app’s code that is responsible for protecting data into a form that can’t be reverse engineered by hackers. 

“There’s no question that the world is going mobile,” said Zimperium Chief Executive Officer Shridhar Mittal. “And as that happens, modern operating systems like Android and iOS are playing a more prominent role powering the devices people use in their personal and professional lives. But what many people don’t realize is that protecting these devices is much different from protecting traditional endpoints and requires a new approach.”

Zimperium has more than 7,000…

Source…

Liberty Strategic Capital nabs majority stake in mobile security startup Zimperium for $525M – TechCrunch

/in


Liberty Strategic Capital, the private equity firm launched last year by former treasury secretary Steven T. Mnuchin, announced today that it is acquiring a majority stake in mobile security startup Zimperium for $525 million.

With Zimperium, the firm takes a dive into mobile security, which Mnuchin sees at the front line of cyber security today. As he points out with employees using their own devices for years now, companies need to have a way to secure them, even when they don’t control the device directly.

“We all need to increase our focus on the protection of mobile devices and applications. Liberty Strategic Capital is investing in Zimperium because they’ve shown that they can lead the way in this multibillion-dollar market,” he said in a statement announcing the deal.

The company covers three parts of the mobile market looking at device security, mobile applications security and mobile threat intelligence. In fact, last year the company discovered spyware called PhoneSpy in 23 Android apps designed to steal data. As TechCrunch’s Carly Page explained at the time of the news:

Researchers at mobile security firm Zimperium, which discovered PhoneSpy inside 23 apps, say the spyware can also access a victims’ camera to take pictures and record video in real time, and warned that this could be used for personal and corporate blackmail and espionage. It does this without a victim knowing, and Zimperium notes that unless someone is watching their web traffic, it would be difficult to detect.

The company didn’t share specific revenue figures, but reported that annual recurring revenue (ARR) grew 53%. Company CEO Shridhar Mittal is hoping that the investment will continue to drive that growth.

“We’ve helped leading public and private organizations across the globe strengthen mobile security, and as we enter a high growth phase to help even more organizations, Secretary Mnuchin and the team at Liberty Strategic Capital will be a tremendous asset to guide and propel our company forward,” Mittal said in a statement.

Under the terms of the deal, Softbank will own a minority stake in the company, Mnunchin will lead the company’s board of…

Source…