The intelligence in this week’s iteration discuss the following threats: APTs, Credential theft, Iran, Malware, Ransomware, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Figure 1: IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Android Trojan Kills Google Play Protect, Spews Fake App Reviews (January 11, 2019)An Android malware strain has been identified by researchers at Kaspersky Lab. “Trojan-Dropper.AndroidOS.Shopper.a” is being used by threat actors to increase application installations and ratings to fool advertisers with false metrics. The trojan is a malicious app that is likely distributed through third-party app stores and is disguised as a legitimate system application for obfuscation. A malicious actor can disable the Google Play Protect service once the device is infected, and abuses the Accessibility Service, a known Android malware tactic, to conduct activities without needing user interaction. The actor can steal information from the device, such as email addresses, International Mobile Equipment Identity (IMEI), International Mobile Subscriber Identity (IMSI), network type, and smartphone model, for exfiltration back to the actors’ servers. A series of commands is sent to infected devices with the intent to generate fake reviews, install apps onto the device, and register social media accounts to apps. According to Kaspersky Lab researcher Igor Golovin, the trojan is most widespread in Russia, Brazil, and India, accounting for over 61% of infected users.Click here for Anomali recommendationMITRE ATT&CK: [MITRE MOBILE- ..