Hackers Breach 1M Smartphones, Brick Home Routers and Hold a Subway for Ransom
A woman uses an Android smartphone in Brussels on Wednesday April 20, 2016. Geert Vanden Wijngaert/AP
Another week, another breach.
Follow Nextgov's regulary updated index of cyber breaches, Threatwatch.
Android Malware Infects More Than 1M Phones, Adds 13,000 Devices a Day
A new strain of malware has breached more than 1 million Google accounts, allowing attackers to access data from users’ Google accounts including Gmail, Photos, Docs, Drive, Play and more.
Rather than harvesting data, the attackers seem to be motivated by money, using the malware to crack into devices to install apps and serve up ads.
“After an app is installed, the ad service pays the attacker. Then the malware leaves a positive review and a high rating on Google Play using content it receives from the [command and control] server,” states a report from Check Point researchers and the Google Security Team.
A similar plot by the HummingBad group netted about $320,000 a month, according to Forbes.
The malware, dubbed Gooligan, can steal a user’s Google authentication token on Androids running Jelly Bean, KitKat and Lollipop. The malware hides in "legitimate-looking" apps users download from third-party stores or can be downloaded directly through malicious links. The malware also installs adware.
The researchers say Gooligan continues to infect about 13,000 devices a day and they have set up a tool for Google users can check if their accounts have been breached.
New Mirai Variant Targets Home Routers
Hackers added a new feature to the family of malware that caused massive internet outages in October.
The Mirai malware behind the record-setting botnets that targeted Dyn and security journalist Brian Krebs’ website usually infect internet of things devices like DVRs and webcams. The new variant, however, hones in on a vulnerability in DSL routers.
German telecommunications company Deutsche Telekom said the variant hit 900,000 of its customers’ routers Nov. 28, knocking them offline. The malware attack failed to infect the routers, but caused a small percentage to crash. The company implemented a filter on its network traffic and suggested customers unplug routers to reboot them.
Security experts told Threatpost attacks on the vulnerable ports of the routers are increasing around the globe, but are relatively easy to fix.
San Francisco Subway Responds to Ransomware with Free Rides
As the San Francisco subway system worked to rid itself of ransomware, customers enjoyed free rides over the holiday weekend.
To keep operating, the San Francisco Municipal Transportation Agency turned off ticket machines and gates at subway stations Nov. 25 through Sunday morning. “This action was to minimize any potential risk or inconvenience to Muni customers,” according to an agency statement.
SFMTA reached out to the Homeland Security Department and the FBI Friday when malware encrypted some of its systems, including about 900 office computers, email and payroll systems. The agency said the attack didn’t affect train and bus operations, nor did it impact customer payments data.
Compromised computer screens read, “You hacked” and asked for 100 bitcoins, or about $73,000, according to SFGATE.
“The SFMTA has never considered paying the ransom. We have an information technology team in place that can restore our systems, and that is what they are doing,” SFMTA said.
The agency expects finish restoring systems from its backups in the next couple of days.