620,000 Android Phones in China hit by Most Costly Malware in History

Flag of the People's Republic of China

China may be the source for a lot of international cyber attacks and malware, but they get hit by it too. 620,000 Android phones in China were infected with a nasty virus that takes over the phone, collects personal information from it and begins to send costly  text messages to benefit the malware maker.

Yesterday, security research company NQ Mobile created a press release about the discovery of the Android malware they dubbed “Bill Shocker”. Based on their findings they claim, “Bill Shocker is an SDK designed by malware developers that infects several of the most popular apps in China, including Tencent QQ Messenger and Sohu News.”

Bill Shocker then downloads itself in the background and takes over control of the phone, including dialing and texting features. And “Once the malware has turned the phone into a “zombie,” the infection uses the device to send text message to the profit of advertisers. In many cases, the threat will overrun the user’s bundling quota, which subjects the user to additional charges,” the report says.

The malware could affect phones outside China and has the potential to be the most costly malware in history, according to NQ.

So what can you do to keep your phone safe? NQ offers several tips to avoid infection including:

  • Only download apps from trusted sources
  • Never accept application requests from unknown sources
  • Closely monitor permissions requested by any application
  • And be alert for abnormal behavior from your smart device

NQ Mobile also offers a mobile device security solution that is already protects against threats like Bill Shocker.

With mobile malware becoming more prevalent, Bring Your Own Device (BYOD) is really starting to increase the attack surface of corporate networks. Companies really need to take a good look at their Mobile user security policy if they haven’t done so already.

US firm that creates High Tech Military & Power Grid Products sold to China

The US Federal Government has approved the sale of the A123 company. They are a business that creates high tech batteries and power solutions used by the military and in our power grid, kind of important…

But that is not the best part of the news, A123 it is being sold to a Chinese based company!

Military and Power Grid products…

Umm… Hello? Isn’t this a bad thing?

According to FoxNews, “Wanxiang America Corp. has gotten approval from a Treasury Department agency to take over “substantially all” of the non-government business assets of the lithium ion battery manufacturer.

Okay, they will be taking over all “Non-Government business assets”, so it may not be as bad as first thought.

But they will still have access to plans, blueprints and the underlying technology, even if they are not allowed to directly interface with the government systems. Anyways, isn’t everything is stored in electronic files now?

I have never trusted Chinese technology companies, or even the “Chinese” division of American companies. There just seems to be too much cloak and dagger type stuff that transpires.

For example, I know in the past of engineers of a hi-tech American company traveling to their Chinese division to do some work and training.  Oddly enough, when they returned home, their laptops were loaded with numerous Trojans and Backdoor programs.

When the engineers were asked what happened, they responded that the Chinese IT division needed their laptops to load software onto it so it could connect to their network. The only problem was that no new software or changes were needed as they were just logging into the same Domain.

Of course the technology that the American division of the plant worked on was not allowed in China. Odd to that only the Engineer’s computer systems “needed special software to hook up to the Chinese plant servers” and not the salesmen…

Maybe I am just too cautious, but sales of American hi-tech companies like this to China seem to be a huge mistake and a big security issue.

Anonymous embeds Asteroid Game in Government Sites, Threatens to release “Warheads”

In an odd turn of events over the last couple of days, looks like Anonymous hacked into the DOJ Sentencing Commission website and defaced it. Then later re-hacked it and embedded a game of Asteroids into the site (see above).

The Hacktivist group Anonymous claimed they attacked the DOJ site in response to the suicide of coder and activist Aaron Swartz. USSC.gov is down again now, but anonymous revealed via twitter that another government site (United States Probation Department for the Eastern District of Michigan) was also hacked and including the same game:

Anonymous Asteroids

(The Michigan website seemed to have removed the game at the time of this writing.)

According to reports, Anonymous also used the Sentencing Commission website to host a 1.3 GB file that Anonymous claimed was a “Warhead” file. An encrypted file with information that Anonymous threatened to release if their demands to the DOJ were not met.

It seems from some reports though that the file was a fake and contained an outdated list of names and addresses of people who were in the witness protection program.

It is pretty concerning that Anonymous is able to gain access to these high profile government sites. It was just announced that the military is planning to increase it cyber force by 5 fold, looks like the DHS may need to increase staffing to help secure government sites.

Backtrack to be Reborn as Kali Linux – The Best Pentest Distro Ever!

Very interesting news from the Backtrack development team. Backtrack is in the process of a major overhaul and will be reborn into a new distribution named Kali!

Apparently Backtrack was a pet project used by the developers, now that it is THE Pentesting Platform, they want to make it better than ever.

Which is great news for us!

From the Backtrack Linux Website:

“What’s happened in the past year? We have been quietly developing the necessary infrastructure and laying the foundation for our newest penetration testing distribution as well as building over 300 Debian compliant packages and swearing in 8 different languages.

These changes brought with them an incredible amount of work, research and learning but are also leading us down the path to creating the best, and most flexible, penetration testing distribution we have ever built, dubbed “Kali”.”

Can’t wait to check it out!