Cyber security newsletter

COVID-19 Cyber Threats: C&C

The daily confirmed COVID-19 cases continue to increase, and unlike the epidemic, cyber security attacks are not a new thing. The frequency of cyber security incidents are now rapidly growing globally.

According to data compiled and analysed by Atlas VPN, cybercriminals tried to infiltrate corporate networks nearly a 100 million times in the month of April 2020.1

Hackers attacked businesses using malware over 57 million times, which is almost 58% of the total cyber attacks. Moreover, C&C (Command and Control) attacks were the second most common type used by hackers with over 27 million attacks in April, which amounts to over 27% of all attacks on enterprises.

C&C servers are used by hackers as a command centre to issue directives to computers or devices that’s been infected with rootkits  or ransomware.

ESET (Essential Security against Evolving Threats) researchers discovered an app called “Updates for Android” that reached over 50 000 installs from the Play Store, which contained malicious functionality.

The app is no longer available on the Play Store, but can still be found in unofficial app sources.

”Updates for Android” is an application that display daily news feeds, however, its main functionality is to receive commands from a predefined corresponding website that serves as the C&C server. The malware pings this server every 150 minutes and provides its device ID, a measure that allows for each device being controlled individually.

This corresponding website, i-updater.com, promotes itself as “daily news updates”. Even though the website acts as an C&C server, the website itself is not malicious and without a significant number of infected devices, the website is useless. 2

In this case, the app itself is not malicious either. It is capable of contacting a defined website and loading a script from it, which is a feature quite standard in many apps. It is the script that makes the app malicious. The app’s only malicious functionality relied on its ability to load JavaScript from an attacker-controlled server and execute it on the user device. This explains why the app made it onto the Play Store.

Cyber security lessons learned

With the ever-growing variability and sophistication of attacks, you can do the following in order to prevent the download of malicious apps:3

  • Avoid Third-Party App stores,
  • Verify the App Developer Name,
  • Read App Reviews,
  • Install antivirus on you device,
  • Keep your device updated.



Notes
Stefanko, L. (2020, May 11). Breaking news? App promises news feeds, brings DDoS attacks instead. https://www.itnewsafrica.com/2020/04/hackers-attacked-businesses-22-million-times-in-the-last-7-days-globally/

Monzon, Luis. (2020, April 21). Hackers Attacked Businesses 22 Million Times In The Last 7 Days Globally. https://www.welivesecurity.com/2020/05/11/breaking-news-app-promises-news-brings-ddos-attacks/

McLaughlin, M. (2019, November 13). Don't Download That App! How to Avoid Malware in Disguise. https://www.lifewire.com/dont-download-that-app-how-to-avoid-malware-in-disguise-4066115