Fannie  Zemlak

Fannie Zemlak

1596009480

Going Down the Spyware Rabbit Hole with SilkBean Mobile Malware

In this in-depth Threatpost podcast Christoph Hebeisen, who leads the Security Intelligence Research Division at Lookout, shares a behind-the-scenes look at how his team discovered and tracked three never-before-seen surveillanceware tools, dubbed SilkBean, GoldenEagle and CarbonSteal.

Hebeisen walks listeners through what these new tools are and how they were used in a seven-year long surveillanceware campaign against the Uyghur ethnic minority group. Also discussed are the threat actor’s methods and procedures and why the mobile landscape is becoming a popular targets for advanced persistent threat actors.

Below find a lightly edited transcript of this podcast.

Lindsey O’Donnell-Welch: Hi all this is Lindsey O’Donnell-Welch with Threatpost and I’m here today talking with Christoph Hebeisen with Lookout about a new surveillance campaign that Lookout researchers recently uncovered earlier in July. So just for some background, Christoph leads the Security Intelligence Research Division at lookout. And in this role, he oversees the company’s suite of research activities like covering malware, device compromises, network threats, phishing and threat intelligence services. So, Christoph, thanks so much for joining us today. How are you doing?

Christoph Hebeisen: I’m doing fine. Thank you.

LO: Good. Well, we really appreciate you coming onto the show today and talking about this new surveillanceware campaign. So Lookout discovered it uses kind of a slew of Android surveillance software tools to spy on an ethnic minority group called the Uyghurs. And this campaign was only disclosed last week, but it goes all the way back to 2013. So tell us a little bit about the story behind the scenes here from the perspective of Lookout’s research team, what was kind of the process of uncovering this campaign and really getting into it and analyzing it. And you know, when did it really first appear on your radar?

**CH: **Yeah, this this is actually a very fascinating story, because we found various pieces of surveillanceware over time, but we didn’t initially realize that they were all connected, and were all coming from the same actor. We have certainly been tracking this since 2015. We have samples in our database that, as you said, go back to 2013 and actually all the way back to 2012. But we think that those are probably test samples. So we pegged the start of the actual campaign to 2013. There’s a little bit of fuzziness in that.

The campaign really started to take shape in our view of all of this in late 2019, when we were looking into the SilkBean family in particular, when we started looking deep into the infrastructure involved in SilkBean, we found many connections to the other malware families involved in this and this whole web of interconnections started to unravel. And that is when the campaign took shape for us. That said, the malware families individually we had known about for a long time, we hadn’t talked about them publicly, because it wasn’t such an interesting story while they were all standing in isolation.

**LO: **No, that’s really interesting too. And I know that there have been a couple of different spyware, Android tools that were wrapped up in this as well. So how did the campaign really evolve over time?

CH: So as I already mentioned, the earliest samples started showing up in 2012, and we believe that, that the production samples that were actually used in the campaign are from 2013. The same year in 2013, Citizen Lab actually reported on a single malware family sample being used against the Tibetan government in exile. And we later connected that sample to the DoubleAgent family, so we know there was activity there. At that time, we saw a great spike in activity actually in 2015, 2016, which kind of aligned with a new national security law that China issued at the time, and also what they called an anti-terrorism campaign that got started in 2014. So that’s an interesting correlation to see there.

#mobile security #newsmaker interviews #podcasts #android #c2 #carbonsteal #goldeneagle #silkbean #spyware #surveillanceware #uyghur

What is GEEK

Buddha Community

Going Down the Spyware Rabbit Hole with SilkBean Mobile Malware
Fannie  Zemlak

Fannie Zemlak

1596009480

Going Down the Spyware Rabbit Hole with SilkBean Mobile Malware

In this in-depth Threatpost podcast Christoph Hebeisen, who leads the Security Intelligence Research Division at Lookout, shares a behind-the-scenes look at how his team discovered and tracked three never-before-seen surveillanceware tools, dubbed SilkBean, GoldenEagle and CarbonSteal.

Hebeisen walks listeners through what these new tools are and how they were used in a seven-year long surveillanceware campaign against the Uyghur ethnic minority group. Also discussed are the threat actor’s methods and procedures and why the mobile landscape is becoming a popular targets for advanced persistent threat actors.

Below find a lightly edited transcript of this podcast.

Lindsey O’Donnell-Welch: Hi all this is Lindsey O’Donnell-Welch with Threatpost and I’m here today talking with Christoph Hebeisen with Lookout about a new surveillance campaign that Lookout researchers recently uncovered earlier in July. So just for some background, Christoph leads the Security Intelligence Research Division at lookout. And in this role, he oversees the company’s suite of research activities like covering malware, device compromises, network threats, phishing and threat intelligence services. So, Christoph, thanks so much for joining us today. How are you doing?

Christoph Hebeisen: I’m doing fine. Thank you.

LO: Good. Well, we really appreciate you coming onto the show today and talking about this new surveillanceware campaign. So Lookout discovered it uses kind of a slew of Android surveillance software tools to spy on an ethnic minority group called the Uyghurs. And this campaign was only disclosed last week, but it goes all the way back to 2013. So tell us a little bit about the story behind the scenes here from the perspective of Lookout’s research team, what was kind of the process of uncovering this campaign and really getting into it and analyzing it. And you know, when did it really first appear on your radar?

**CH: **Yeah, this this is actually a very fascinating story, because we found various pieces of surveillanceware over time, but we didn’t initially realize that they were all connected, and were all coming from the same actor. We have certainly been tracking this since 2015. We have samples in our database that, as you said, go back to 2013 and actually all the way back to 2012. But we think that those are probably test samples. So we pegged the start of the actual campaign to 2013. There’s a little bit of fuzziness in that.

The campaign really started to take shape in our view of all of this in late 2019, when we were looking into the SilkBean family in particular, when we started looking deep into the infrastructure involved in SilkBean, we found many connections to the other malware families involved in this and this whole web of interconnections started to unravel. And that is when the campaign took shape for us. That said, the malware families individually we had known about for a long time, we hadn’t talked about them publicly, because it wasn’t such an interesting story while they were all standing in isolation.

**LO: **No, that’s really interesting too. And I know that there have been a couple of different spyware, Android tools that were wrapped up in this as well. So how did the campaign really evolve over time?

CH: So as I already mentioned, the earliest samples started showing up in 2012, and we believe that, that the production samples that were actually used in the campaign are from 2013. The same year in 2013, Citizen Lab actually reported on a single malware family sample being used against the Tibetan government in exile. And we later connected that sample to the DoubleAgent family, so we know there was activity there. At that time, we saw a great spike in activity actually in 2015, 2016, which kind of aligned with a new national security law that China issued at the time, and also what they called an anti-terrorism campaign that got started in 2014. So that’s an interesting correlation to see there.

#mobile security #newsmaker interviews #podcasts #android #c2 #carbonsteal #goldeneagle #silkbean #spyware #surveillanceware #uyghur

Rahim Makhani

Rahim Makhani

1616669264

On-Demand Mobile App Development Services in USA

Mobile apps are developing day-by-day and the usage of mobile apps is also increasing. There are many mobile app development company that are providing services for on-demand mobile app development services.

One of the leading mobile app development company in the USA is Nevina Infotech. It is the best known for providing on-demand app development services till now.

Our On-Demand Mobile App Development Services:-

iPhone App Development
Android App Development
iPad App Development
Game App Development
ionic App Development
Wearable App Development
Flutter App Development

#mobile app development company #mobile app development services #mobile application development services #mobile application development company #mobile app development company usa

Fannie  Zemlak

Fannie Zemlak

1599854400

What's new in the go 1.15

Go announced Go 1.15 version on 11 Aug 2020. Highlighted updates and features include Substantial improvements to the Go linker, Improved allocation for small objects at high core counts, X.509 CommonName deprecation, GOPROXY supports skipping proxies that return errors, New embedded tzdata package, Several Core Library improvements and more.

As Go promise for maintaining backward compatibility. After upgrading to the latest Go 1.15 version, almost all existing Golang applications or programs continue to compile and run as older Golang version.

#go #golang #go 1.15 #go features #go improvement #go package #go new features

Android 'ActionSpy' Malware Targets Turkic Minority Group

Researchers have discovered a new Android spyware, dubbed ActionSpy, targeting victims across Tibet, Turkey and Taiwan. The spyware is distributed either via watering-hole websites or fake websites.

Researchers believe ActionSpy is being used in ongoing campaigns to target Uyghur victims. The Uyghurs, a Turkic minority ethnic group affiliated with Central and East Asia, have previously been targeted in spyware attacks. Though they first discovered the spyware in April 2020, researchers believe ActionSpy has existed for at least three years based on its certificate sign time.

“ActionSpy, which may have been around since 2017, is an Android spyware that allows the attacker to collect information from the compromised devices,” said researchers with Trend Micro in a Thursday analysis. “It also has a module designed for spying on instant messages… and collecting chat logs from four different instant messaging applications

#malware #mobile security #vulnerabilities #web security #andoird actionspy #android #code #earth empusa #email #mobile app #phishing attack #spyware #watering hole attack

Jones Brianna

Jones Brianna

1614154249

List Of The Top Pittsburgh Mobile App Development Companies

https://clutch.co/app-developers/pittsburgh
Let’s look at the list of top list of the top Pittsburgh mobile app development companies which are known for providing top-notch services globally. They are great developers who provide quality services for all your needs.

#mobile app developers #mobile app development services #mobile app development #mobile app developers #mobile apps #mobile app development solutions