Inquiring Minds: Exploratory road trips, malware, and cool tools and services
Bytecode - Covering the Android Vulnerabilities Master Key and Extra Field
This post will walk through our coverage for the Master Key and Extra Field vulnerabilities. Both vulnerabilities allow arbitrary files to be added to signed APKs without breaking the digital signature. ClamAV bytecode signatures allow for flexible coverage when a vulnerability o
Android Extra Field Vulnerability Spotted in the Wild
It has been 20 days since the Extra Field vulnerability (also known as Chinese Master Keys) was first reported (translated link) by the Android Security Squad. It has now been spotted in the wild. The linked sample (MD5: C9F4C62521C04B8ADD796A1D5CEE08B0), which will be referred t
Androrat - Android Remote Access Tool
Androrat Androrat is an appropriately named remote access tool (or RAT) for Android. In case you're unfamiliar, RATs provide backdoor functionality to an operator, giving access to your system and private data. Androrat recently fell into the spotlight thanks to this Webroot
Changing the IMEI, Provider, Model, and Phone Number in the Android emulator
Pincer I was having a look at the Pincer family of Android malware and came across some code designed to hinder analysis. From the decompilation of com/security/cert/a/a/c.class: String str1 = com.security.cert.b.b.b(paramContext); String str2 = com.security.cert.b.b.c(para
The Best Defense is a Good Defense
As things stand, Snort is at version 2.9.3.1 and is constantly being developed to integrate new and more powerful features and detection. The VRT fairly regularly receives inquiries from folks on how to get our current rule packages to seamlessly integrate with their existing ver
Gauss & FinFisher: The latest targeted malware everyone cares about.
This week has been a busy one for high-profile malware. A pair of new types of malware - Gauss and FinFisher - have people around the world worried, and media churning out concerned articles as fast as they can be written. Fortunately, the VRT has you covered, so you can spend th
Don't Panic
Probably the very last thing I think about when I settle down to a nice cup of tea and an electronic book is that my Kindle is being owned. Here I am, enjoying the satiric humor of Douglas Adams and suddenly it occurs to me, "I'm not sure I remember the ingredients for
Prototyping Mitigations with DBI Frameworks
A couple weeks ago I had the privilege of both attending my first Austin Hackers Association meeting and speaking at the first Infosec Southwest conference in Austin, Texas. I had been wanting to visit Austin for several years now and was excited to see the dynamics of the local