Malware AbstractEMU

Geek Speak

Cyber criminals are becoming more and more crafty every day, with the most recent tactic being to infect mobile devices.  Although mobile malware is not currently as prevalent as malware attacks on traditional workstations the threat is growing.   Earlier this year researchers discovered a new malware campaign named AbstractEMU which was geared at targeting mobile users through app stores. 

This malware was developed to obtain permission to silently modify the device, collect data, without any user interactions.  We meet with Denis Wilson as he shares the growing threat to mobile devices and what you need to know.

Denis Wilson

 

Video Transcription

Harry Brelsford 

Hey nation nation back here with Dennis Wilson down in LA Dennis. He said the heat broke. It's getting more comfortable.

Denis Wilson 

Yeah, after three days of 90 Plus, we're ready for fall.

Harry Brelsford 

Yeah, yeah, absolutely. Well, Seattle's getting the monsoon rains have fallen droves. And here in Austin, Texas, it's pleasant, 84 Sunny, light breeze, I'll take it. Otherwise, how you doing?

Denis Wilson 

Not bad. Not bad at all.

Harry Brelsford 

Okay, cool. Hey, you're brought up an interesting topic, Android attacks go what's going on.

Denis Wilson 

And malware is growing rapidly and now focused on the new low hanging fruit, mobile devices. I read about a new one this week called abstract move, which sounds like like a toy. But it's just, it's a serious strain of real malware and infects Android devices. It it routes into the infected device, but it will allow the controller to take total control of the device, it will alter settings attempt to evade detection. I mean, it's it's real malware that gets onto these things. And, and they found that it was it was being distributed with a bundle of legitimate utility apps from Google Play Store. And Google got it off. But it was after several 1000 had already been downloaded. So And besides where who knows where they're going to be found next, you know, you bet that that threat group will be on lookout for new opportunities. But the my my thought was that the MSPs really need to take phone and tablet attacks seriously. To teach your clients what needs to be done to protect those devices. And the best way for protection or for you to communicate that protection is an issue is for you to take it seriously. So we need to get the MSPs to say, hey, it's not just a toy anymore. The threat of are the number of MSPs we're protecting against the threat is very, very small. And we need to get control of this and get ahead of the the issue before you and your clients are breached via mobile devices. Who would have thought?

Harry Brelsford 

Yeah, yeah, because you hear the stories about, you hear the stories about the MSPs as a breach channel, to the clients themselves, but you always kind of think more desktop laptop server, you know, infrastructure. But I agree with you on the phone. It's, it's the next great attack factor. And I was recently at the end is a great conference, I said it nation out in Orlando recently. And there were a couple of MSPs talking about how they were attacked, and ergo all their clients were attacked. Now, again, Dennis, this was more in the traditional infrastructure, but the motion still the same. And there were some hard lessons learned. Let me tell ya, you know, we're all brothers and this man

Denis Wilson 

was I just I heard it at the Ns itsp. We've got to figure out a better name for that. The National Society of priorities service providers. Very exciting. Yeah, I was just at the meeting this morning. And one of the things that Amy Boucek, who's the chairman of the board there said is that we need to understand that this the security issue is focused on us. And we're none of us are are able to fight it by themselves. I mean, it's it's, you know, we're getting hit by this. Yeah, we really got to pay attention.

Harry Brelsford 

Yeah, and I'm going to be coming out with in just a few weeks, sort of the fourth quarter analysts report with a look towards 2022. So I've made a note about the Android attacks. I thank you, I thank you for giving me a bullet point. And hang in there with that trade group. They're doing exciting things before we go, maybe give a give a shout out to them. What's what's their mission? How can you get involved with Karla name his new group?

Denis Wilson 

Well, the first thing you got to do is go go take a look at the website. And it's an S it SP as National Society of IT service providers and.org. And that that has all the latest greatest stuff. There. We just finished the first of what will be a quarterly meeting that was done on zoom with an excess of 60 people on the call. I think it's four or 500 they have been signed up and paid to become registered members. So we're rapidly moving along. We're feeling behind the gun, though, because it, you know, we've got to get this done before they get the legislation out. And we know legislation is on the way Louisiana has done but there's several other places that are that are that are going to get legislation out as well, very soon. And we've got to get this we've got to get a position where we can have our say a little bit of input before this gets out and gets written down for us.

Harry Brelsford 

Yeah, I agree. No, well, I applaud I taking time out of your busy day to participate in a new way in the community. So well, Dennis, probably the next time we talk to you, it's gonna be 2022 We're all gonna know how it all worked out in 2021.

Denis Wilson 

It'd be good. It'd be good to see you in person one of these days soon.

Harry Brelsford 

I agree. I agree. All right, my man. Take care. Okay, bye bye.

Denis Wilson

Bye.