The IT Nerd

Check Point Research released findings on 2113 mobile apps which exposed user data via cloud misconfigurations. Check Point Research has warned that bad practices in cloud-based applications could lead to serious security breaches, exposing chat messages, personal information, token IDs, data from crypto exchanges and more.

Saumitra Das, CTO and Co-Founder, Blue Hexagon had this to say:

 “Many mobile applications are built by small teams and startups that almost universally use public cloud-based backend for speed of development and deployment. The lack of security teams and the complexity of cloud deployments can further exacerbate the chance of a data breach due to cloud misconfigurations. Dealing with cloud misconfigurations is challenging even for large mature security organizations so it is even more likely to affect the smaller teams that are typically involved with mobile app development.”

Chris Olson, CEO, The Media Trust added:

“Mobile app breaches caused by back-end misconfigurations have become an all-too-common occurrence. It’s not the only part of the development process that can cause security issues either: app developers regularly use unsafe third-party code that may collect and share user data in unsafe ways that are susceptible to attack.”

“These facts are particularly concerning, given that today’s cyber actors are increasingly targeting organizations and their employees through digital surfaces like websites and mobile apps. Both have often been overlooked as a source of cybersecurity risk – but that is an oversight with dangerous ramifications.”

Finally, Aimei Wei, CTO and Founder, Stellar Cyber had this to say:

“It is crucial that security consideration be taken as an integral part of almost every software application development. Cyber security issue may not only lead to business impact or financial impact, it could also lead to physical security risks. As shown in this research paper, mobile applications can leak critical user data via cloud misconfiguration. If user’s location coordinates data are leaked, that can be used to track people and put them at risk in a physical world. It is imperative that application providers implement security practices and leverage security solutions to ensure the user data is secure.”

The days of Facebook like app development, meaning get it done fast and get it out the door are over. Anyone who makes an app needs to make sure that they get the security right. And what would really help that if there was legislation that was in place that punished those who didn’t get it right. Because consumers deserve better.

A new malware has recently been detected by the security firm Check Point. This malware is called Fireball and has infected over 250 million computers worldwide.

The malware, called Fireball, acts as a browser-hijacker but and can be turned into a full-functioning malware downloader. Fireball is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware. this malware has two main powers. It can run any malicious code on the victim’s computer. It can also hijack and manipulate infected users’ traffic to generate fraudulent ad revenue.

This operation is run by Rafotech, a large digital marketing agency based in Beijing. Rafotech uses Fireball to manipulate the victims’ browsers and turn their default search engines and home-pages into fake search engines. This redirects the queries to either yahoo.com or Google.com. The fake search engines include tracking pixels used to collect the users’ private information. Fireball has the ability to  spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines, this creates a massive security flaw in targeted machines and networks

How Do You Protect Yourself? 

Fireball is spread mostly via bundling i.e. installed on victim machines alongside a wanted program, often without the user’s consent. In that context, it is important to make sure to only install software from a legitimate and trusted source. It is also important to only run legal software and not install any pirated software.

How to know if you’re infected by Fireball?

To check if you’re infected by the Fireball malware, Check Point has laid out some simple points. If the answers to the questions asked below are no, you might be infected with adware.

You simply need to open your web browser. Take a look at the home page and default search engine–was it set by you? Can you make changes to them? Do you recognize the extension installed in your web browser?

To remove most of the adware, you simply need to remove the application from your computer. On Windows, you can do from Programs and Features list in the Windows Control Panel. On Mac, locate the Applications in Finder and drag anything that you think is suspicious to the trash.

You are also advised to scan and clean your computer using a good anti-virus app and adware cleaner software. You can also look for Extensions/Add-ons list in your web browser and delete anything that you think is suspicious.