This article is more than 1 year old

Android has its head in the sand with AbstractEmu malware rooting phones

Plus Microsoft funding community security to fill US skills gap

In Brief A new and dangerous form of malware for rooting Android phones has been spotted in 19 apps on Google's Play store, as well as in several in the Amazon Appstore, the Samsung Galaxy Store, and other third-party sites.

Dubbed AbstractEmu by bug-hunters at Lookout, who first spotted the code, the malware would give full access to all functions on an Android device and would be almost impossible to remove without doing a full system wipe. One of the infected apps, Lite Launcher, already had over 10,000 downloads before it was removed from the store.

"We think the actors are a well-resourced group with financial motivation," Lookout said. "Their code-base and evasion techniques – such as the use of burner emails, names, phone numbers and pseudonyms – are quite sophisticated. We also found parallels between the malware and banking trojans, such as the untargeted distribution of their apps and the permissions they seek."

The malware uses already-patched flaws in Android, so update the OS as soon as possible.

Hive ransomware targets Linux and FreeBSD

The criminals behind the Hive ransomware strain have apparently widened their ambitions and are now targeting open-source systems.

Security shop ESET reported that the ransomware is now available in Linux and FreeBSD flavours, which represents a widening of targets, as the gang previously just went for Windows operating systems. "Just like the Windows version, these variants are written in #Golang, but the strings, package names and function names have been obfuscated, likely with gobfuscate," it said.

Luckily the new variant appears to be in a development phase and isn't particularly well written, often failing to encrypt targeted systems. It supports only one command line parameter, compared to five for Windows systems, and requires full root access to work. Still, one to watch.

EU issued COVID passport to Adolf Hitler

The European Union has launched an investigation after someone generated EU Green Pass vaccine passports for Adolf Hitler and Mickey Mouse.

This week Italian news agency ANSA reported that there was a thriving black market in COVID passports using the official encryption system. Several people also spotted a vaccine QR code for Adolf Hitler and Mickey Mouse in circulation that appeared to be valid and the European Union has now confirmed something has gone rather seriously wrong with its system and shut down those two accounts.

"According to the information available, the cryptographic keys used to sign certificates have not been compromised," the European Commission told Threatpost. "This incident is caused by an illegal activity and not by a technical failure. Together with the Member States, we reaffirm our full trust in the EU Digital COVID Certificate system."

For security look, to the community

And finally, in some good news, Microsoft's president Brad Smith announced this week that the biz is going to make cybersecurity training free at all community colleges in the US and offer 10,000 scholarships to study for low-income students and veterans.

"For almost every two cybersecurity jobs in the United States today, a third job is sitting empty because of a shortage of skilled people," he said. "It's like going into baseball's World Series with only six players on the field when the other team has all nine."

Community colleges are being targeted because they are in every state, more affordable, and notably more diverse than bigger educational institutions. As a test Microsoft is also training up staff at 150 colleges to give them a head start and then plans to expand the scheme further. Support awards will be made to a total of 25,000 students.

Microsoft is now the most valuable company in the world by the way. Nice to see it's using all that for something useful. ®

More about


Send us news

Other stories you might like