Researchers detail how a Android APK obfuscation service automates detection evasion for highly malicious apps.
A new obfuscation-as-a-service platform detailed by researchers today during the Botconf 2020 virtual conference offers yet another proof point of how robust the cybercriminal economy is at filling market needs for black hats. In this case, enterprising hackers developed a fully automated service platform for protecting mobile malware Android Packet Kits (APKs) from antivirus detection. Offered on a one-off basis or for a recurring monthly subscription, the service was available to mobile malware authors both in English and Russian for at least six months of 2020, potentially longer.
The service was found and examined by a collaborative team from three organizations: Masarah Paquet-Clouston from GoSecure, Vit Sembera from Trend Micro, and Maria Jose Erquiaga and Sebastian Garcia from the Stratosphere Laboratory. They initially got wind of the service — which they’ve chosen not to name to avoid tipping off the service operators — when they were analyzing activity surrounding the spread of the Geost Android banking Trojan botnet. They uncovered leaked chat logs between Geost botnet operators referring to an obfuscation service and started poking around to discover what was being discussed.
Montreal-based GoSecure, which has developed a cybersecurity managed detection and response (MDR) software platform, has raised an additional $14 million USD for its Series E round, bringing the total round to $35 million USD.
The funding was led by W Investments Group, based in Montreal. John Randall, senior vice president of product management at GoSecure, told BetaKit there were other participants but did not disclose their names. Randall said the capital will be put towards sales, marketing and engineering.
GoSecure closed initial funding for its Series E investment in June. Though originally reported as $20 million USD, Randall told BetaKit GoSecure closed $21 million at that time. That investment was led by Yaletown Ventures. Other participants included Bank of Montreal and existing investors SAP/NS2 and Razor’s Edge.
Before you head off for the weekend, you have patched your Pulse Secure VPNs, right? Wouldn’t want you to be pwned via a phishing link
Stop us if you’ve heard this one before: a remote-code execution vulnerability needs patching in Pulse Secure VPNs.
Professional code-probers at GoSecure uncovered a host of security flaws, including CVE-2020-8218, which it publicly disclosed this week after a patch was issued. The other holes are yet to be addressed, and so details on those remain under wraps for now.
If you haven’t updated Pulse Secure VPN, now would be an excellent time to do so.
Organizations that have yet to install the latest version of the Pulse Secure VPN have a good reason to stop dithering—a code-execution vulnerability that allows attackers to take control of networks that use the product.
Tracked as CVE-2020-8218, the vulnerability requires an attacker to have administrative rights on the machine running the VPN. Researchers from GoSecure, the firm that discovered the flaw, found an easy way to clear that hurdle: trick an administrator into clicking on a malicious link embedded in an email or other type of message.
A new report highlights the disconnect between security professionals’ perception of their organization’s security maturity and the effectiveness of the policies they actually implement. Researchers from threat detection firm GoSecure developed a survey in collaboration with Serene-Risc, a knowledge mobilization network for the cybersecurity industry.
View Article Here