Software

Wake up! You’ve been p0wned

Today I came across a popular app that is usually paid but just for today it was absolutely free for iOS users. It is a kind of “smart alarm clock” app which basically monitors your sleeping and wakes you up exclusively during your light sleeping cycle. Wow!

How does it do it? Well, the app enables your embedded mic and uses it during the night to monitor your sleeping cycles. In other words, it records your environment while you’re sleeping. When I read about it I just could not believe it. And that’s because of the variety of potential scenarios a threat actor could exploit with people who use similar apps.

Imagine if the company behind the app gets hacked and the app then transmits data, it will provide access to the private offline life of the people using the app. Or how about another scenario where no data is transmitted – what if the company gets hacked and the attackers edit the original code and then push a new version that does actually transmit recordings to a remote server?

In reality there are several scenarios an attacker could use. Worst of all, since this is a legit app available on AppStore, the attackers don’t even have to invest in expensive exploits for this OS.

Be careful when selecting apps and do not be too trusting when it comes to your much-loved devices. It’s hard to believe that something you trust with your personal life – your digital friend – can become your digital frenemy. But it does happen – and more often than you might think.

Wake up! You’ve been p0wned

Your email address will not be published. Required fields are marked *

 

  1. MOHAMED KUDSI

    THANK YOU

Reports

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox