WilcomputeIT Security Blog

Banking Malware

October 18, 2020

Malware in android mobile devices have erupted within the last five years. Banking Trojans such as "Cerberus" and its offspring "Alien",

Cerberus

September 27, 2020

Mobile devices correlate with communication as breathing does to a living mechanism. In today's business, mobile devices have become a norm to conduct business. Rather employees are using their own personal laptops at home or business tablets in the office, mobile devices are constantly being utilized to conduct daily business tasks such as sales personnel traveling to remote locations to meet with clients, or a Senior executive using their mobile phone replying to emails before a conference meeting. More businesses are requiring access to employees beyond the office environment.

Trustjacking

January 12, 2019

Trustjacking was developed to disrupt one's "Trust" and create a vulnerability in mobile devices. Crippling devices and leaving them in an exploitable state. Mobile devices have become a sacred object in today's age. Our phones hold important contacts, dates, personal/business notes, email accounts, social media, bank accounts, you name it. So, when plugging in your mobile device into an outlet to charge or sync your settings for playback on an external device is today's norm. Many of us have chosen to "trust" external charging objects to charge or interact with our mobile device. Which leads to why we must be more careful with what and where we "trust" to charge or sync our devices.Trustjacking has wrecked our ability to freely charge and sync devices to public USB stations. Apple users iTunes are at risk each time we "trust" an unknown USB source. Immediately after accepting the popup message, "Do you trust this device...", devices are capable of being compromised.

Majority of individuals select the option to "Trust" the associated device to USB station. Once access is granted malware downloads to your device. After download is completed and malware become active the attacker patiently wait for iTunes to sync with phone and intercept login credentials. Gaining your

login credentials to iTunes, grant admin rights to your device and allow the attacker to monitor your device activty.

Trustjacking differentiate itself from other known "jacking" malware, by its ability to remain associated with your device, even after you unplug. Once an attacker establishes access, they are able to maneuver in iTunes and install programs at will. Access to information include backups, pictures, iMessages, App data, etc., which contain our personal and sacred information. This malware is powerful enough to replace apps with modified versions feeding your interactions back to the attacker. Access to backups allow the attacker to maneuver into the database of an iOS device and have direct control of the device.

Trustjacking is serious and easy to fall victim too. If there's any consolation two things must occur before Trustjacking is able to infect your iOS. First, WIFI must be enabled and two, the user must select to "Trust" the USB source. Best defense is to refrain from using public charging stations. Be sure your personal computer is not infected with malware which can transfer to your mobile iPhone if connect via USB. Always remember my quote, "What's free may just not cost you right now."

Loapi Malware Deforms Android Device

January 18,2018

What happens when your phone works overtime and suddenly become deformed? That's exactly what may happen when "Loapi Malware" attacks your Android mobile device. This strand of malware can be found in the latest mobile malware disguising itself in the form of reocurring advertisements. Loapi Malware is designed to constantly change its strategy and techniques to attack various devices. Loapi may appear in various ways including but not limited to:

GhostCtrl

July 22,2017

Well I guess it true! Your conversation on the phone is not always private. Android has been exposed to one of the most unpleasant virus spying tools on the market. Its name says all! GhostCtrl has been achilles heel to one of the most effective means of communication. It has the ability to record audio (using built-in microphone) and video (using the camera) then transmit information to hackers has made a world of trouble for mobile users. If thats not enough, how about its ability to lock your mobile device by resetting the PIN code and displaying a ransom note. I guess paying for long distance phone calls is not obsolete yet. This is just a chisel off the iceberg to the trouble it can cause.

GhostCtrl was discovered by Trend Micro, while being used as an attack against Israeli healthcare organization. Once again the primary target seemed to be Windows computer with RETADUP, a combination of a worm, infostealer, and backdoor trojan. Its primary attack is against healthcare organizations.

So far the best fight against GhostCtrl is to keep your mobile devices up to date, and never download an app untrusted.

GOOGLE SEARCH DOES WHAT!!

July 22,2017

Have you ever wondered how or why google can find so much information on your personal life? Have you ever wished you can have it removed? Good NEWS, now you CAN!!! Google will honor your request to have personal medical records, social security/national identification numbers, bank account or credit card numbers, images of signatures, and nude or sexually explicit images removed from google search. Read more to find out how!
GOOGLE SEARCH

Cyber Interview featuring Rogdric Singelton

WilcomputeIT and Mr. Rogdric S.