Malware Current Affairs - 2020

What is StrandHogg that affects Android OS?

The Union Ministry of Home Affairs (MHA) has sent an alert to all States warning them about the vulnerability of Android operating system to a bug called ‘StrandHogg’, which allows real-time malware applications to pose as genuine applications and are able to access user data of all kind. The information was shared by Threat Analytical Unit, Indian Cyber Crime Coordination Centre (ICCCC) so as to take steps to create awareness among public on vulnerability of Android to ‘StrandHogg’.

About StrandHog

While all versions of Android (including Android 10) are vulnerable to this bug, but it may not be apparent to affected users that malware applications are already on board their device.

How does it affect? This malware can then potentially listen to users conversations, make calls, record conversations, access photo album, read or send messages, as well as get login credentials to various accounts. Such malware can also access private images, files, contact details, call logs, and location information.

Warning signs? Pop-up notifications in phone, asking for permission to send notifications, messages etc., are one of the main entry points for ‘StrandHogg’ to launch the attack. An app in which user is already logged in asking him/her to login again is another anomaly pointing to possibilities of a cyberattack. Once such requests are approved by users, the malware would instantly access mobile phone/ tablet for specific purposes. It can then activate microphone, allowing a hacker in a remote location to listen to live conversations and even camera could be switched on to capture visuals.

GravityRAT: Malware allegedly designed by Pakistani hackers became stronger

According to Maharashtra cybercrime department officials, GravityRAT, a malware allegedly designed by Pakistani hackers has recently been updated further and equipped with anti-malware evasion capabilities. GravityRAT was first detected by Indian Computer Emergency Response (CERT-In), on various computers in 2017.

RAT (Remote Access Trojan) is a program capable of being controlled remotely and thus difficult to trace.

GravityRAT

GravityRAT is designed to infliltrate computers and steal data of users, and relay stolen data to Command and Control centres in other countries. It infiltrates system in the form of innocuous looking email attachment, which can be in any format, including MS Word, MS Excel, MS Powerpoint, Adobe Acrobat or even audio and video files.

Unlike most malware, which are designed to inflict short term damage, GravityRat lies hidden in the system that it takes over and keeps penetrating deeper. Its latest update enables this malware to function as Advanced Persistent Threat (APT), which, once it infiltrates system, silently evolves and does long-term damage.

The updates also have made malware self-aware and evade several commonly used malware detection techniques. One such technique is ‘sandboxing’, to isolate malware from critical programs on infected devices and provide extra layer of security. GravityRAT now has the ability to mask its presence evade its detection before it can be sandboxed.

GravityRAT is able to work silently on the system it attacks as compared to other malware whose activity can be detected by noise it causes inside Central Processing Unit (CPU). It can also gauge temperature of CPU and ascertain if device is carrying out high intensity activity, like malware search, and act to evade detection

GravityRAT sends data to Command and Control servers based in several countries sent in encrypted format, making it difficult to detect exactly what is leaked.