Biz Builder Mike

You can't sail Today's boat on Yesterdays wind - Michael Noel

Threat Advisory: BlackRock Mobile Malware

by


Threat Advisory: BlackRock Mobile Malware

What is it?

BlackRock – an advanced Android malware derived from Xeres malware – evades detection and steals login credentials or credit card data from 337 different mobile banking, shopping, lifestyle, and video apps. BlackRock was disclosed in July 2020 by ThreatFabric. The Zimperium z9 engine had begun detecting early variants of BlackRock in the weeks prior to the full public disclosure with our patented on-device engine.

How it works

  1. Your mobile app user first installs a utility app containing connections to the BlackRock malware server. These apps are often handy currency conversion, stock information, or trading apps. (The BlackRock malware is not present on the device yet, to evade detection from Google Play.)
  2. Days later, the malicious utility app updates itself to deliver the BlackRock malware files to your user’s device.
  3. Once installed, the malware then launches and hides from the user so as not to cause concern.
  4. The malware then cleverly achieves device access to the user’s Accessibility Service by tricking your user into clicking on and agreeing to a fake Google update. This phony update allows the malware to gain more privileges on your user’s device.
  5. BlackRock then automatically grants itself additional permissions after receiving the requested Accessibility Service privilege and communicates with its command and control server.
  6. BlackRock then abuses the Accessibility Service (enabled by your user) to display a malicious overlay screen that exactly mimics your app’s login screen. Your users cannot detect this fake overlay screen on top of your app running in the foreground. Your user will unknowingly provide her banking login credentials or credit card information directly to the attackers. The malware also contains functions to capture incoming SMS messages to record second-factor authentication information.
  7. Captured credit card numbers and account credentials can be used for fraud payments, transfers, or sold on the Black Market.

Who is targeted?

BlackRock contains instructions to provide credit card overlays on 111 different apps. Half of the apps targeted (55) are Books and Reference apps, a third (33) are Communication apps, and the remainder constitutes Dating, Lifestyle, and Video player apps. Many of these apps are new targets since the coronavirus pandemic changed mobile usage and user habits. According to App Annie, the average weekly time spent in Android mobile apps increased by 25% during the first half of 2020 compared to 2019. A large portion of the increase constitutes dating and business video apps as users are limited to connecting online vs. in person.

BlackRock also contains code to phish credentials using display overlays from 198 different Finance apps. It targets eight (8) shopping apps and the remainder from Auto, Communication, and Entertainment categories (Full list linked below). The first half of 2020 saw mobile commerce eclipse that of 2019’s holiday shopping season. Again, this is caused by the coronavirus pandemic and why this malware is targeting these app categories.

How is it detected?

Zimperium maintains the market-leading machine-learning-based mobile malware detection solution. Our malware detection found BlackRock exhibited similar characteristics to known malware, and therefore, our detection engine classifies it as malware without signatures. Detecting malware behavior and not relying on signatures is particularly important since BlackRock forces users to different screens if a signature-based malware detection app is present on the same device.

How do app developers defend against it?

BlackRock is constructed to capture login credentials or credit card information from 337 targeted apps while attempting to evade detection. Zimperium’s zDefend mobile threat defense SDK detects BlackRock and other malware that abuse privileges to become persistent and phish your users.

Mobile app developers install zDefend into mobile apps to detect mobile malware, compromised devices, and network attacks threatening your mobile app users. zDefend provides mobile risk, threat, and attack data to your security and fraud teams. The information enables your teams to make informed decisions to limit fraud and protect your users and brand.

It is essential to defend against BlackRock and other malware variants to limit fraudulent transactions initiated from your customers’ accounts or having their data stolen. According to RSA’s Q1 2020 Fraud report, 72 percent of fraudulent transactions originate from mobile devices. Mobile devices are valuable targets since fraudulent transactions initiated from mobile devices are more than two times as costly at $767 per transaction vs. $364 for all others.

How do mobile endpoint managers defend against it?

BlackRock is designed to capture login credentials or credit card information from 337 targeted apps your employees may have on their mobile endpoints. If zIPS (or one of our partner’s mobile threat defense apps) is active on your employees’ devices, our core machine learning-based engine, z9, will detect BlackRock or other installed malware. When detected, your mobile security administrator will have the option to remediate the threat and create compliance policies to remediate future instances. It is essential to identify and remediate this threat to keep your employees safe and protect company assets. Further complications could arise if employees reuse credentials and passwords to login to company systems.

BlackRock mobile malware webinar

Join us on Wednesday, September 30th at 2pm Eastern when our research and security teams will explain the malware, how it works, who is targeted, and actions you can take to detect and remediate this and other advanced threats to your mobile apps.

Register to Attend

Install Zimperium to detect BlackRock and other mobile malware

Contact us for a custom mobile threat briefing or to arrange a proof of concept (POC). 

Sources: https://www.threatfabric.com/blogs/blackrock_the_trojan_that_wanted_to_get_them_all.html https://www.zdnet.com/article/new-blackrock-android-malware-can-steal-passwords-and-card-data-from-337-applications/ https://thehackernews.com/2020/07/android-password-hacker.html https://www.appannie.com/en/insights/market-data/coronavirus-impact-mobile-economy/

Previous Zimperium Mobile Security Blog Post Mobile Pen Testing’s Secret Weapon: Continuous & Automated Scanning

Threat Advisory: BlackRock Mobile Malware

Source

Remote Working Fintech Deel Is Launching Operations Across Europe, will Help with Compliance, Payroll, Taxes

by

Many individuals and businesses across the globe have been forced to make major lifestyle changes, including working from home, due to the contagious COVID-19 outbreak.

San Francisco-based Fintech firm Deel, which plans to improve the work from home process by offering an easy-to-use online platform, is launching its operations across Europe.

Deel’s platform allows employers to recruit and compensate remote workers in more than 100 different currencies from almost any location in the world.

The new remote working platform aims to remove the high legal fees and hours of due diligence that companies need to complete when recruiting skilled professionals from other jurisdictions. Deel claims that it has experienced a 200% growth in its customer base and also a 600% rise in its revenue since the pandemic and lockdowns began.

Deel is reportedly complying with local laws and guidelines. Its staff members are also able to navigate complex tax systems and handle various international payroll processes.

Dan Westgarth, COO at Deel and former GM at Revolut North America, stated:

“Raising money during COVID-19 pandemic was exciting. It was an uncertain time; uncertainty created an opportunity and Andreeseen Horowitz saw that huge opportunity and provided us with capital to accelerate the growth of our business.” 

The remote working Fintech solution provider claims WeTransfer, a file-sharing platform, as one of its clients.

Emma Korhonen, the human resources coordinator at WeTransfer, remarked:

“Due to temporary immigration service freezes in different countries we were looking for a solution to still hire strong talent from abroad. Most of them will move to the Netherlands as soon as this is safe and permitted, but in the meantime, Deel is supporting us with being compliant in whichever country we hire from.” 

Korhonen claims that without Deel’s services, the company would have to look into all the details or technicalities involved with adhering to relevant labor laws in each jurisdictions own its own. The firm would also have to figure out how to pay new workers who may be based in other countries, where requirements may be completely different. Korhonen noted that Deel keeps them “safe” during these unprecedented times and makes it easier to hire staff from other nations.

In May 2020, Deel secured $18 million through a Series A round for remote worker payroll services.

Omnipresent, a company offering assistance with payroll, compliance, and taxes to remote workers, recently secured $2 million in seed funding.

Source

Out-Maneuvering Odors: A Q&A with HercLéon’s Wen Muenyi

by

We recently caught up with Wenceslaus Muenyi, the brains behind HercLéon’s odor-resistant fabrics, in an in-depth Q&A.

It’s a fact of life: clothes smell bad if you don’t wash them frequently. But what if you could engineer odors out of the equation? Wenceslaus Muenyi, the brains behind HercLéon, has cracked the code on keeping clothes odor-resistant for months by getting to the source of the problem — the fabrics themselves.

We recently caught up with Wen to discuss his research into fabrics and his wash-free garments, as well as crowdfunding as a Black campaigner. Here’s what we found out.

What’s your origin story? How did it all begin? 

It all started right after I graduated college. My mom had cancer for 18 years and passed away right after I graduated, and my college girlfriend and I were going through a breakup. My life felt like it couldn’t get worse. I had a really hard time figuring out what to do next, so I decided to go to Iceland on a self-discovery trip in hopes of figuring out what was next. 

On that trip, I only brought a backpack with clothes for a few days. During the week I was there, I realized two things. One, Iceland is a beautiful place; and two, sadly that my clothing was getting smelly at very different rates. My first shirt got stinky in the first few hours of wearing it, and other ones were totally fine a few days later.

During my trip I kept thinking about what made them smell at different rates and how I could make traveling lighter and easier for others who prefer not to pay the luggage fees or love living the minimalist lifestyle. When I returned home, I started doing research and fell in love with materials. I think that they’re amazing. If you put effort into learning about the characteristics of each one, you can make some really cool stuff with them. 

I set out to make fabrics that wouldn’t smell bad after repeated uses. I started off with bedsheets, then I designed shirts, and now it’s underwear. That’s how I got to where I am now. 

What was your process of researching different materials?  

Well, thankfully we have the internet! Everything you want to know is available to you nowadays. I’ve spent a lot of time researching studies and papers and lab results. 

I’ve read a lot about the rates at which bacteria grow on different materials. Synthetic fibers are very interesting. Polyester, for example, is the worst of all — not only does it not absorb liquid, it also makes your sweat sit on top of the fiber, which allows bacteria on the fibers to grow fast. That’s why if you put on a polyester shirt at the gym, it stinks almost instantly. But if you were to wear one of our shirts, you could wear it to the gym for a month straight. As long as you air it out after, you should never have a problem.

Are all of your products made from the same material then? 

No, they’re totally dependent on the use. I would prefer to use strands of copper in all of my dress shirts, for example, like I do in my bedsheets and other clothing items, but that’s not always possible. People want dress shirts to be white, but copper can’t be white, it’s more of a reddish brown color, so I had to substitute it with silver fibers. Aside from color, you can apply the same principle to how the material feels. Dress shirts are expected to have a certain texture, and you can’t really make underwear feel like that; otherwise people would wonder why our underwear feels like a dress shirt! So yeah, the material I choose is very specific to the use case.

Copper and silver in underwear? Really?? 

Well, we use so many types of materials in our fabrics, everything from beachwood to copper to silver to spandex, for the stretchiness. The percentages will be different for each product, but those are the building blocks. 

Metals like copper and silver in our fabrics are sort of our trademark. Going back to the lab tests, bacteria hates growing on copper. So for our bedsheets, we got bamboo pulp, threw in some copper and mixed it together, then turned it to a strand and wove that into more traditional fabrics. 

In other instances you have to take the finished fiber and then you melt down copper or silver into a liquid then infuse them into the material. So there are many ways to get the same result. It just depends on how you want to do it and what item you’re creating.

HercLéon incorporates copper fibers into their Kribi underwear to fight odor-causing bacteria.

Why did you choose crowdfunding? 

I think it comes down to confidence. When I began HercLéon, I wasn’t confident enough that what I was making would be interesting or useful to anyone but me. Thankfully, crowdfunding helped me feel that my ideas were worth working on. Once my idea was validated, it helped me get the resources and the confidence I needed to get really creative. 

Of course, I could’ve asked my family for help, but like Biggie Smalls said, “Money and blood don’t mix.” So I didn’t want to go to my family and end up with some feud or something! After all, I’m the youngest sibling, and my family members are reluctant to believe in my ideas because I’m the baby.

Were there any surprises that you came across while crowdfunding? 

I learned not to overextend myself. For example, when it came to my bedsheets, I marketed the product to people in the USA, Canada, Mexico, the Caribbean and Australia and UK, which all have beds of the same shapes and sizes. So those sizes would work for all those countries. But then people in mainland Europe wanted to buy my bedsheets too. And I was like, yeah, I could do that. 

That was a bad idea. That was stupid. As it turns out, mainland Europe barely has a standard for bedsheets. So it essentially meant making small batch sized orders! I was really dumb for doing that. I shouldn’t have done that.

Did you have a lot of interactions with your backers? What were they like?

Overall, it’s been super. The words that come to mind are supportive and empowering. People are so nice and so patient. 

Of course some people are impatient. And that’s been challenging. But during another self-development trip, this time to Colombia, I learned that you have to respect yourself as much as possible. And so to me, I’m not willing to put up with disrespectful behavior for any reason, not in everyday life and not in business. So I think it’s been good that I have that mindset whenever someone is being really rude or disrespectful. I’m just like, dude, you don’t have to support this project and give them their money back as soon as possible. I don’t have time to create for people who aren’t willing to be patient to get the best quality product. 

Other than that, most people have been incredibly supportive and helpful. 

How has your experience as a Black man influenced how you’ve run your crowdfunding campaigns? 

No matter how much I tell myself it doesn’t matter, it absolutely does. For example, most crowdfunding campaigns feature their creators in the product video. “Hey, I’m so and so, and I created this product.” That kind of thing. And I don’t do that because I’m never sure whether a person will be turned off by who I am. 

I always have to wonder if potential backers will choose not to support my campaign because I’m Black. So I never show my face. That was especially true in the beginning, but I try not to get too down about it.

I find it kind of funny when I think about the people who may care about me being Black, who end up supporting my campaign without knowing that. It’s like, now you’re stuck with me! You funded my product, and you’re going to like it anyway, so what does it matter? And I don’t talk about my ethnicity or anything until the campaign is over, so if you leave, now you look bad! 

Frankly, some people might have some preconceived ideas of what it means to support a minority. I don’t know. So honestly I just don’t mention my ethnicity any way whatsoever. I’m worried that it might be a negative thing, but thankfully crowdfunding has helped me raise money for my business without race ever factoring into it. 

One last question. HercLéon is an interesting name. There’s got to be a story behind it, right?

It’s two things. First, I’m a huge fan of Greek mythology and Egyptian history, which have shaped the way I see the world. Second, I’m from Cameroon, which is a dual-language country (French and English). 

So “Herc” is short for Hercules, which represents strength, power, and perseverance. And “Léon” is French for “lion,” which represents confidence and fierceness at the same time. Hercules is from Greek mythology, and the lion is a prominent symbol from Egyptian culture. And because I’m from Cameroon, which is a French-language country, you get HercLéon. 

Basically, HercLeon is all about being strong, confident, and persistent, which is how I run my business, and how I approach the world.

To support the HercLeon, check out the Indiegogo InDemand page here.

Want to explore some other great crowdfunding campaigns? Check out some of our current favorites.

<!–

Comments are closed

–>

Source