A Week in the News: The First Android Encryptor

This week: the first ever Android encryptor malware, a serious Tweetdeck vulnerability arises and is fixed just as quickly, and much more.

It was a busy week with more details on the first ever Android encryptor ransomware, a serious but brief-lived vulnerability in TweetDeck, a look at Apple’s upcoming iOS 8, a Gmail flaw that may have revealed every user address, and more.

Android Encryptor

Last week, reports describing a piece of ransomware that actually encrypted the contents of Android devices began to emerge. This week, Kaspersky Lab expert, Roman Unuchek, described the mobile malware, which is called Pletor, as the first of its kind.

Pletor was first spotted around a month ago and has spread to 13 countries over that time period. It has infected more than 2,000 machines – primarily in Russia and the Ukraine – but also in other European and Asian countries. The peak of the infections came on May 22 when 500 new infections were reported. The Trojan is up for sale on the criminal underground with an impressive $5,000 price tag.

“If your smartphone has been infected with [Pletor], we recommend that you do not pay the criminals,” Unuchek said. “All the versions of the Trojans that we have seen contain a key that can be used to decrypt affected files.”

Pletor is infecting devices that visit fake pornographic websites. The Trojan masquerades as a media player required to view videos on those sites. It’s also spreading in games and other Android applications, as well as a Russian mobile phone forum.

“If your smartphone has been infected with [Pletor], we recommend that you do not pay the criminals,” Unuchek said. “All the versions of the Trojans that we have seen contain a key that can be used to decrypt affected files.”

TweetDeck Fiasco

We reported on a serious security vulnerability in TweetDeck yesterday. It could have allowed an attacker to take over a user’s account, post or delete tweets or deface the account. Twitter very quickly provided a patch for the problem, so users need not worry now, but it may be a good idea to go ahead and change your Twitter and TweetDeck passwords if you use the service. If you followed our advice yesterday and revoked access to the TweetDeck application, it’s probably safe to go back and grant the TweetDeck access to your Twitter account once again.

Interestingly, all the TweetDeck issues that occurred yesterday occurred because of an Austrian teen and aUnicode heart that shouldn’t have ever showed up on his Twitter feed. Read more at Threatpost.

MAC Address Randomization

Apple gave its fans a sneak-peak at the yet-to-be-released iOS 8 mobile operating system from its Worldwide Developers Conference. The release constitutes a fairly substantial rebuild of the iOS application development atmosphere, and you can read a thorough analysis of what we think here.

Perhaps the most significant change though, is Apple’s decision to randomize media access control addresses when connecting to wireless networks. MAC addresses are uniquely identifiable. Retailers and others have been known to track MAC addresses to learn more about the behaviors. In iOS 8, iDevices will generate random MAC addresses as they are scanned by wireless networks. The move will quietly make it impossible for retailers to track in-store customer movement and other behaviors.

Are You There, Feedly?

A distributed denial of service attack knocked the news aggregation service Feedly and the note-taking and archiving platform Evernote offline yesterday. Evernote pulled out of the DDoS attack pretty quickly and is available to its users at present. Unfortunately, as of Thursday afternoon, Feedly remains offline.

Feedly did reappear briefly Wednesday afternoon, but was knocked back offline by another wave of DDoS attacks shortly thereafter.

Stay on the Lookout for Spam

Google patched a pretty serious vulnerability in its service earlier this week, closing off a hole that could have exposed an unknown number of user Gmail accounts. Some reports have estimated the percentage of account addresses that could have been exposed as high as 100 percent. You can read up on the technical details of the attack on Threatpost. You should be particularly wary of spam in the coming days and weeks, because if anyone exploited this bug in the wild, they could have an absolute trove of Gmail addresses.

In Other News

The United States Industrial Control System Cyber Emergency Response Team – that is the division of the Department of Homeland Security tasked with providing information about industrial control system threats – issued an alert warning about easily hackable electronic road signs.

Mozilla Firefox and Microsoft issued updates that fixed a number of critical security vulnerabilities. So you should make sure you install those updates for your Firefox browser Windows machine as soon as possible.

In closing, Facebook announced today it will soon be rolling out a new feature to give users more control when it comes to the types of advertisements they see on the site.