Read more of this story at Slashdot.
ADB.Miner and a continuing vulnerability
- Kevin Beaumont: Root Bridge — how thousands of internet connected Android devices now have no security, and are being exploited by criminals.
“Unfortunately, vendors have been shipping products with Android Debug Bridge enabled. It listens on port 5555, and enables anybody to connect over the internet to a device. It is also clear some people are insecurely rooting their devices, too.” He cites the following from Android’s developer portal:
“The adb command facilitates a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that you can use to run a variety of commands on a device.”
- Catalin Cimpanu for Bleeping Computer: Tens of Thousands of Android Devices Are Exposing Their Debug Port. Not a new issue, as Qihoo implicated it in the spread of the Monero miner ADB.miner.
“The ADB.Miner worm exploited the Android Debug Bridge (ADB) … used for troubleshooting faulty devices … some vendors have been shipping Android-based devices where the ADB over WiFi feature has been left enabled in the production version…”
- Commentary by Graham Cluley: Tens of thousands of Android devices are leaving their debug port exposed
“Initially, Restricted Mode required a passcode after one week. But Apple confirmed yesterday that a plugged-in iPhone will require a passcode every hour for the data transfers to continue. … Since cracking the six-digit passcode may take up to 22 hours (or longer for a passphrase), then brute-force methods used by the cracking tools are likely to cease to work.”
Josh Pitts, for Okta, goes into extensive detail about a “vulnerability [that] exists in the difference between how the Mach-O loader loads signed code vs how improperly used Code Signing APIs check signed code and is exploited via a malformed Universal/Fat Binary.” I can be Apple, and so can you – A Public Disclosure of Issues Around Third Party Code Signing Checks
For Bleeping Computer, Lawrence Abrams summarizes: Mac Security Tool Bugs Allow Malware to Appear as Apple Software.
John Leyden for The Register: Hello, ‘Apple’ here, and this dodgy third-party code is A-OK with us – “Subtle attack thwarts macOS code-signing process”
Lukas Stefanko for ESET: Android users: Beware these popularity-faking tricks on Google Play
– “Tricksters have been misleading users about the functionality of apps by displaying bogus download numbers … …since unknown developer names are no use for popularity-boosting purposes anyway, some app authors have been setting fictitious, high numbers of installs as their developer names, in an effort to look like established developers with vast userbases.”
Bloomberg: Apple Tries to Stop Developers From Sharing Data on Users’ Friends – “Apple Inc. changed its App Store rules last week to limit how developers use information about iPhone owners’ friends and other contacts, quietly closing a loophole that let app makers store and share data without many people’s consent.
According to new rules recently published by Apple, iOS app developers must refrain from creating a database of the information gleaned from users’ Contacts and to sell it on. Wealth of private information The information contained in Contacts can be substantial. Aside from the contact’s first and last name, phone numbers and email addresses, each entry can contain additional information such as date of birth, job details, company name, photo, social profiles, additional notes, and … More
The post Apple prohibits developers from using, selling users’ Contacts appeared first on Help Net Security.
iOS 12, the next release of Apple's iPhone operating system, may include features to prevent someone from unlocking your phone without your permission:
The feature essentially forces users to unlock the iPhone with the passcode when connecting it to a USB accessory everytime the phone has not been unlocked for one hour. That includes the iPhone unlocking devices that companies such as Cellebrite or GrayShift make, which police departments all over the world use to hack into seized iPhones.
"That pretty much kills [GrayShift's product] GrayKey and Cellebrite," Ryan Duff, a security researcher who has studied iPhone and is Director of Cyber Solutions at Point3 Security, told Motherboard in an online chat. "If it actually does what it says and doesn't let ANY type of data connection happen until it's unlocked, then yes. You can't exploit the device if you can't communicate with it."
This is part of a bunch of security enhancements in iOS 12:
Other enhancements include tools for generating strong passwords, storing them in the iCloud keychain, and automatically entering them into Safari and iOS apps across all of a user's devices. Previously, standalone apps such as 1Password have done much the same thing. Now, Apple is integrating the functions directly into macOS and iOS. Apple also debuted new programming interfaces that allow users to more easily access passwords stored in third-party password managers directly from the QuickType bar. The company also announced a new feature that will flag reused passwords, an interface that autofills one-time passwords provided by authentication apps, and a mechanism for sharing passwords among nearby iOS devices, Macs, and Apple TVs.
A separate privacy enhancement is designed to prevent websites from tracking people when using Safari. It's specifically designed to prevent share buttons and comment code on webpages from tracking people's movements across the Web without permission or from collecting a device's unique settings such as fonts, in an attempt to fingerprint the device.
The last additions of note are new permission dialogues macOS Mojave will display before allowing apps to access a user's camera or microphone. The permissions are designed to thwart malicious software that surreptitiously turns on these devices in an attempt to spy on users. The new protections will largely mimic those previously available only through standalone apps such as one called Oversight, developed by security researcher Patrick Wardle. Apple said similar dialog permissions will protect the file system, mail database, message history, and backups.
Naked Security - Sophos
Apple has announced a slew of new features for iOS 12 and macOS Mojave (10.14), but also some security and privacy improvements that should make privacy-minded users very happy. The improvements are mainly tied to Safari, which is the default browser offered by the company’s mobile and desktop operating systems. “In Safari, enhanced Intelligent Tracking Prevention helps block social media ‘Like’ or ‘Share’ buttons and comment widgets from tracking users without permission. Safari now also … More
The post New security, privacy features in iOS 12 and macOS Mojave appeared first on Help Net Security.
Read more of this story at Slashdot.
It’s time to update your Apple devices and software again: the company has pushed out security updates for macOS, iOS, watchOS, tvOS, Safari, and iCloud and iTunes for Windows. The iCloud and iTunes updates include an almost identical list of plugged flaws: a bucketful of vulnerabilities in the WebKit browser engine, the majority of which can lead to arbitrary code execution, and three authorization issues discovered by software developer and researcher Abraham Masri, which could … More
The post Apple security updates, iOS and macOS now support Messages in iCloud appeared first on Help Net Security.
Read more of this story at Slashdot.
by Tony Yang, Adam Huang, and Louis Tsai
We have noted time and again how compromising networks and connected devices is rooted in finding weak points in the system. Often, these are in the form of vulnerabilities. Worse, vulnerabilities that aren’t even new. In the context of the internet of things (IoT) and noteworthy security incidents related to it, these vulnerabilities have afforded attackers means to use unsecure devices to facilitate malicious activities such as distributed denial-of-service (DDoS) attacks.
Using our IoT Smart Checker, a tool that scans networks for potential security risks, we looked into home and other small network environments and the vulnerabilities that connected devices usually encounter. Our findings homed in on known vulnerabilities, IoT botnets with top vulnerability detections, and devices that are affected.
From April 1 to May 15, we observed that 30 percent of home networks had at least one vulnerability detection. A detection would mean that we found at least one connected device being accessed through a vulnerability in the network. Our scanning covered different operating systems (OSs), including Linux, Mac, Windows, Android, iOS, and other software development kit (SDK) platforms.
Known vulnerabilities affecting IoT and other connected devices
What’s particularly interesting in our findings is that the top detections were not the usually expected weaknesses in the home network. While we still saw a number of default password logins attributed to default credentials like those used with the Mirai and Brickerbot malware, the recent top detected vulnerabilities (as seen in Figure 1) were actually those that had been known over the past few years.
Figure 1. Top 10 vulnerabilities in connected devices
Being the gateways to internet-connected devices in networks, routers were unsurprisingly the devices on which most of the vulnerabilities were found. The highly publicized Poodle vulnerability in Secure Sockets Layer (SSL) and early Transport Layer Security (TLS), for example, was found to mostly affect routers as well as printers; attackers who successfully exploit the vulnerability can decrypt any encrypted traffic that they are able to capture. Drown, another well-known vulnerability, was also found to primarily affect routers; it affects Hypertext Transfer Protocol Secure (HTTPS) and any server or client that allows SSLv2 and TLS connections.
The vulnerability exploited by the WannaCry ransomware remains pervasive, as it also makes an appearance in our top detections. Other noteworthy vulnerabilities in our top detections include the SambaCry Linux vulnerability, the OpenSSL Heartbleed bug, the remote code execution CVE-2014-9583 router vulnerability, and the remote code execution CVE-2017-6361 Network Attached Storage (NAS) vulnerability.
Figure 2. Top affected ports
Unless network administrators disable unnecessary ports or at least identify which ports are open to manage security better, open ports on devices can very well result in networks’ running the risk of being attacked. When we looked at the affected ports in our scanning, we found that port 443 significantly eclipsed the other top ports on the list. Port 443 is the standard Transmission Control Protocol (TCP) port used for HTTPS websites using SSL. This checks out as the Poodle and Drown vulnerabilities both involve weaknesses in SSL or its successor, TLS. Another top affected port is Server Message Block (SMB) port 445, which is used by the EternalBlue exploit that gave way to the infamous WannaCry outbreak in 2017.
Vulnerabilities taken advantage of by IoT botnets
Vulnerabilities related to IoT botnets also emerged among our top detections. Two vulnerabilities in our top 10 detections, for example, are ones that are taken advantage of by the Reaper botnet. Reaper uses a combination of nine attacks that target known IoT vulnerabilities. Routers, Internet Protocol (IP) surveillance cameras, and NAS devices were found to be particularly susceptible to Reaper.
Satori, considered to be the successor of the Mirai botnet, is also represented at the top of our vulnerability detections with remote code execution CVE-2014-8361. As with Mirai, Satori’s source code was released publicly and can be used by any attacker, which could explain its appearance on the list. Satori propagates itself by scanning vulnerable devices and then compromising them.
Android and iOS mobile devices vulnerable to BlueBorne and KRACK
“Airborne” threats like BlueBorne and KRACK are capable of compromising devices over the air, provided that attackers are within range. BlueBorne, for example, enables an attacker to sniff, intercept, or redirect traffic between Bluetooth-enabled devices to gain access to data. The KRACK (Key Reinstallation AttaCK) exploit, on the other hand, takes advantage of several security flaws in the Wi-Fi Protected Access 2 (WPA2) protocol, making it possible for attackers to eavesdrop on users’ data.
Figure 3. 58 percent of Android devices found to be vulnerable to BlueBorne and KRACK
In this case, Android and iOS devices having Bluetooth and Wi-Fi capabilities were found at risk of these two threats. Seemingly living up to its reputation of being less secure than iOS, Android was found to have 58 percent of its devices vulnerable to BlueBorne and KRACK. The iOS platform isn’t exempt, though, with 12 percent of Apple smartphones found to be vulnerable. Patches had already been issued to users of iOS, which could account for the platform’s relatively low numbers.
Figure 4. 12 percent of iOS devices found to be vulnerable to BlueBorne and KRACK
Securing connected devices against vulnerabilities and exploits
Attacks exploiting the aforementioned vulnerabilities can easily be avoided by applying patches made available by device manufacturers. However, not all manufacturers provide fixes for the vulnerabilities, and not all users are in the habit of patching routers, not to mention the devices connected to them.
Users should secure the way they set up their networks. Enabling password protection on routers and connected devices and replacing factory default passwords with strong, hard-to-guess ones is a step in the right direction. For ensured protection, the Trend Micro Home Network Security solution can check internet traffic between the router and all connected devices. Our IoT Smart Checker tool has been integrated into the Home Network Security solution and HouseCall for Home Networks scanner. Enterprises can also monitor all ports and network protocols for advanced threats and be protected from targeted attacks with the Trend Micro Deep Discovery Inspector network appliance.
Users of the Trend Micro Home Network Security solution are protected from particular vulnerabilities via these rules:
- 1058981 WEB Directory Traversal -21
- 1059406 SSL OpenSSL TLS DTLS Heartbeat Information Disclosure -1 (CVE-2014-0160, Heartbleed)
- 1059407 SSL OpenSSL TLS DTLS Heartbeat Information Disclosure -2 (CVE-2014-0160, Heartbleed)
- 1130118 SSL OpenSSL SSLv3 POODLE Padding Brute Force (CVE-2014-3566)
- 1130327 EXPLOIT ASUSWRT 22.214.171.124.376_1071 LAN Backdoor Command Execution (CVE-2014-9583)
- 1133637 SMB Microsoft MS17-010 SMB Remote Code Execution -3
- 1133638 SMB Microsoft MS17-010 SMB Remote Code Execution -4
- 1134286 WEB Realtek SDK Miniigd UPnP SOAP Command Execution (CVE-2014-8361)
The post Identifying Top Vulnerabilities in Networks: Old Vulnerabilities, IoT Botnets, Wireless Connection Exploits appeared first on .
TrendLabs Security Intelligence Blog
A website which demands money if you want your mugshot removed, could “sharenting” lead to a rise in fraud and identity theft, and how could the FBI have overcounted encrypted phones so badly?
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Maria Varmazis.
ZipperDown, is a recently discovered vulnerability that could affect thousands of iOS apps and maybe also Android users.
The ZipperDown flaw was first reported by experts from Chinese jailbreakers Pangu Lab, that described it as described as a programming error.
The experts estimate 15,978 out of 168,951 iOS apps are affected, roughly 10% of the total. The list of affected apps includes popular applications such as Weibo, MOMO, NetEase Music, QQ Music and Kwai.
“While auditing iOS Apps from various customers, Pangu Lab noticed a common programming error, which leads to severe consequences such as data overwritten and even code execution in the context of affected Apps.” states the report published by the Pangu Lab.
“We created a signature for the issue and performed a large-scale search on our App analysis platform Janus. Surprisingly, we found that round 10% iOS Apps might be affected by the same or similar issues.”
Pangu Lab has not publicly released details of the flaw and are reporting the problem to the app publishers.
The hackers published a video PoC of the attack that shows a user downloading and using Weibo apps in an unsafe Wi-Fi environment. In this scenario, the attackers gain code execution in the context of user’s Weibo app by exploiting the ZipperDown vulnerability.
According to the experts, an attacker can trigger the ZipperDown flaw if at least two unusual conditions are met. The first condition sees the attacker controls the WiFi network to which the device is connected, the second condition is that the app must be running outside the iOS “sandbox.”
An attacker could exploit the flaw to run illicit applications on the affected device, but Pangu Lab added that the sandbox on both iOS and Android can effectively limit ZipperDown’s consequence.
(Security Affairs – ZipperDown, hacking)
The post The ZipperDown Vulnerability could affect roughly 10% of iOS Apps appeared first on Security Affairs.
Roaming Mantis malware also targets iOS devices for phishing attacks.
This is a post from HackRead.com Read the original post: Multilingual malware hits Android devices for phishing & cryptomining
Chinese iOS jailbreakers called the Pangu Team have found a vulnerability that affects almost 10% of iOS apps in the
iPhones have a reputation for being notoriously secure. After all, they caused quite the kerfuffle between Apple and the FBI because they are, from the FBI’s point of view, too secure! However, don’t let that lull you into a false sense of security. Using an iPhone is not an automatic guarantee of invulnerability.
The good news is that there are easy things to do to avoid causing problems for yourself. The following seven tips will help you to make sure your iPhone is the digital fortress that it was meant to be.
1. Use a long passphrase
Most people set a four-digit PIN code, or perhaps the slightly more secure six-digit PIN, to secure their phones. And sure, this seems like perfectly acceptable protection, given that the phone will lock itself down for increasing amounts of time if a thief tries to unlock it with the wrong code too many times. Depending on your settings, it may erase itself after 10 incorrect tries.
What can possibly go wrong? Out of a possible 10,000 combinations, the attacker has to guess correctly in the first 10 attempts. The chances of doing that are quite low—one in 1,000, to be precise. Using six digits increases your odds further.
However, not all attacks involve poking numbers into the screen repeatedly. There have been many devices over the years capable of retrying PIN numbers endlessly, with no penalties, by taking advantage of vulnerabilities in the hardware or software of the iPhone. The latest of these, the GrayKey device, can crack a four-digit PIN in an hour or two, and a six-digit PIN in three days or less.
If there’s one universal truth about these passcodes, it’s that longer is better. The best thing you can do is start using a longer alphanumeric password instead of a PIN code. Each additional character of length increases the time needed exponentially, and that time gets even longer when adding letters and symbols to the mix.
To change to a longer password, open the Settings app, then tap Touch ID & Passcode. Enter your current PIN, then tap Change Passcode on the next screen. Enter your passcode again, but then instead of entering a new passcode, tap Passcode Options. This will give you the option to choose, among other things, a custom alphanumeric code.
I know what you’re thinking. Who wants to enter a lengthy password every time they unlock their phone? Fortunately, modern iPhones have convenient biometric options for accessing the device without entering the password every time. Either Touch ID or Face ID gets you into your phone fast, without needing to enter the password.
Of course, Touch ID and Face ID are convenience features, not security features. There are valid concerns about the safety of using a biometric pattern that cannot be changed as a replacement for a password. Still, if they allow you to use a longer password conveniently, that’s worth way more than avoiding them but using a short PIN code. You can always temporarily lock the device so that Touch ID and Face ID won’t work. For more information, see Apple’s information on the security of Touch ID and Face ID.
2. Lock down your Apple ID with 2FA
With what, now? That funny abbreviation (2FA) stands for two-factor authentication, a means of authentication that requires not just something you know, like a password, but also something you have, like a temporary, one-time-only code. Without both, an attacker cannot access your account.
Your Apple ID provides the keys to the kingdom. It’s tied to every device you own. It probably has a credit card associated with it. Your Apple ID is also your iCloud account, and as such it may hold all manner of tempting goodies, including passwords.
Fortunately, Apple offers 2FA on your Apple ID, and it’s strongly recommended that you take advantage of this. Doing so means that you will always have to enter both your password and a six-digit code sent to a trusted device before logging on to your account from a new machine. This makes it very difficult for a hacker to access your Apple ID and the trove of data it can give access to.
3. Keep your iPhone up-to-date
Keeping your system and all your apps up-to-date is an important part of staying secure. iOS (the system that runs on iPhones) updates frequently to fix vulnerabilities that could be used in various scenarios to attack your device. Some of these are minor, others are major issues.
As an example, consider the GrayKey device discussed above. The method it uses to break into iPhones is still unknown, but one thing is for sure: It relies on one or more unknown security vulnerabilities in iOS. At some point, Apple will find and fix those vulnerabilities, making you safe from GrayKey or any other groups or individuals who may have discovered the vulnerabilities. If you don’t install iOS updates promptly when they are available, though, you remain vulnerable.
Worse, once a vulnerability is patched and Apple publishes their release notes, that gives hackers a little extra information that may help them find the vulnerability, meaning older systems are potentially in greater danger after that point.
4. Use a VPN on free Wi-Fi
Public Wi-Fi can be extremely hazardous. Anyone else on the same network can see any unencrypted network transmissions you make, and an untrustworthy network can actually perform all manner of man-in-the-middle attacks for phishing or other malicious purposes. For example, if you try to log onto your bank site on public Wi-Fi, you might not actually be logging onto your bank site. It could be a malicious look-alike site that bad actors within the Wi-Fi network are sending you to instead.
You could always use cellular data when in public, turning off Wi-Fi in settings, but that’s not always practical, especially with the data caps on most cell data plans. Fortunately, there’s a good solution: a VPN, or virtual private network. Using a good VPN means that all your network traffic is tunneled through an encrypted connection to a server located somewhere else.
Unfortunately, there are a lot of insecure or untrustworthy VPNs out there. It doesn’t help your security much if the VPN is careless with your data, or is otherwise not acting in your best interests. There are many free VPNs out there, but remember the first rule of free services on the Internet: If you’re not paying for it, you’re the product.
Finding a trustworthy, secure VPN can take a little work. Fortunately, an excellent article by Brian Krebs provides details about VPNs and how to select a good one. Make sure that the VPN you choose has good support for iOS; anything that requires you to download an app, but doesn’t offer an iOS app, is off the table from the start.
5. Use additional encryption
The encryption on the iPhone is one of its finest features, but it’s not perfect. As long as there’s any chance of cracking your iPhone’s passcode, or gaining access to unencrypted backups, your data isn’t safe. For your particularly sensitive data, such as passwords, social security numbers, credit card numbers and the like, you need additional encryption.
Using a password manager with its own strong encryption, and a strong password different from any other password you use, can be extremely helpful. A utility like 1Password can store a vault in iCloud that is encrypted independently, meaning an attacker looking for your passwords would need to first crack your phone or iCloud account to access the vault, then crack the vault itself.
Similarly, Apple’s own Notes app now allows creation of encrypted notes, which can be secured with a password of your choice. Use of a strong, unique password means that the data such a note contains is also quite secure.
When it comes to your iPhone backups, consider backing up to your computer using iTunes, and set iTunes to encrypt those backups. Such encryption will use a separate password that you set, so be sure to use a strong, unique password for that.
6. Audit privacy settings periodically
There are many permissions that can be granted to apps, such as access to the camera, the microphone, your contacts, and your location. It’s a good idea to keep track of which permissions you’ve given to which apps, and to revoke any permissions that are not strictly needed. For example, if you posted a photo to Twitter once, but you aren’t likely to do it again, it would be a good idea to remove the right to look at your photos from the Twitter app.
In Settings, tap on Privacy. Here resides the master list of all permissions and which apps you’ve granted them to. Go through all of them periodically, and revoke any permissions that you don’t think a particular app needs.
7. Beware of scams
Use of an iPhone doesn’t do a thing to protect you against scam phone calls or scam text messages. Always be wary of calls or messages from unknown senders. Treat any links received in text messages with extreme suspicion, even if it’s from someone you know, since the sender could be spoofed or their phone could have been stolen.
If you tap a link in a message and the site wants you to log in or provide other personal information, verify with the sender that it’s legitimate. If it appears to be a site you’re familiar with, consider visiting the site via a bookmark instead of the link.
You can also consider using security software that can screen and block scam calls and texts, such as Malwarebytes for iOS (coming soon).
The most secure phone
It’s okay to feel safe as an iPhone owner. Currently, iPhones are the safest smartphones on the planet. However, as demonstrated here, there are still plenty of ways that you can become a victim. So don’t just assume you’re safe automatically by virtue of owning an iPhone.
Doing the right things to keep yourself safe can often be more important than having the most secure phone.
No, you are almost certainly wrong if you tried to guess. A recent study shows that products from Apple actually are at the top when counting vulnerabilities, and that means at the bottom security-wise. Just counting vulnerabilities is not a very scientific way to measure security, and there is a debate over how to interpret the figures. But this is anyway a welcome eye-opener that helps kill old myths.
Apple did for a long time stubbornly deny security problems and their marketing succeeded in building an image of security. Meanwhile Windows was the biggest and most malware-targeted system. Microsoft rolled up the sleeves and fought at the frontline against viruses and vulnerabilities. Their reputation suffered but Microsoft gradually improved in security and built an efficient process for patching security holes. Microsoft had what is most important in security, the right attitude. Apple didn’t and the recent vulnerability study shows the result.
Here’s four points for people who want to select a secure operating system.
- Forget reputation when thinking security. Windows used to be bad and nobody really cared to attack Apple’s computers before they became popular. The old belief that Windows is unsafe and Apple is safe is just a myth nowadays.
- There is malware on almost all commonly used platforms. Windows Phone is the only exception with practically zero risk. Windows and Android are the most common systems and malware authors are targeting them most. So the need for an anti-malware product is naturally bigger on these systems. But the so called antivirus products of today are actually broad security suites. They protect against spam and harmful web sites too, just to mention some examples. So changes are that you want a security product anyway even if your system isn’t one of the main malware targets.
- So which system is most secure? It’s the one that is patched regularly. All the major systems, Windows, OS X and Linux have sufficient security for a normal private user. But they will also all become unsafe if the security updates are neglected. So security is not really a selection criteria for ordinary people.
- Mobile devices, phones and tablets, generally have a more modern systems architecture and a safer software distribution process. Do you have to use a desktop or laptop, or can you switch to a tablet? Dumping the big old-school devices is a way to improve security. Could it work for you?
So all this really boils down to the fact that you can select any operating system you like and still be reasonable safe. There are some differences though, but it is more about old-school versus new-school devices. Not about Apple versus Microsoft versus Linux. Also remember that your own behavior affects security more than your choice of device, and that you never are 100% safe no matter what you do.
Added February 27th. Yes, this controversy study has indeed stirred a heated debate, which isn’t surprising at all. Here’s an article defending Apple. It has flaws and represent a very limited view on security, but one of its important points still stands. If someone still thinks Apple is immortal and invincible, it’s time to wake up. And naturally that this whole debate is totally meaningless for ordinary users. Just keep patching what you have and you will be fine. Thanks to Jussi (and others) for feedback.
Wirelurker for Windows (WinLurker)
Research: Palo Alto Claud Xiao: Wirelurker for Windows
Sample credit: Claud Xiao
Research: Palo Alto Claud Xiao WIRELURKER: A New Era in iOS and OS X Malware
Palo Alto |Claud Xiao - blog post Wirelurker
Wirelurker Detector https://github.com/PaloAltoNetworks-BD/WireLurkerDetector
Sample credit: Claud Xiao
Download Part I
Download Part II
Email me if you need the password
s+«sìÜ 3.4.1.dmg 925cc497f207ec4dbcf8198a1b785dbd
WhatsAppMessenger 2.11.7.exe eca91fa7e7350a4d2880d341866adf35
│ σ╛«σìÜ 3.4.1.dmg