Take a look at the new video on Trustlook’s SECUREai security engine. The video gives a clear and concise overview of the power of artificial intelligence in cybersecurity. It’s time to join the AI revolution.
Everyone here at Trustlook is thrilled to welcome Fangyu Ding to the team. Fangyu brings a lot of security experience to our company. Below is the official press release that went out today.
Trustlook, the company that offers SECUREai, a suite of embeddable security engines that identify advanced malware using proprietary AI technology, today announced that Fangyu Ding has joined the company as Senior Vice President of Global Sales and Business Development, reporting to Allan Zhang, Co-Founder and CEO of Trustlook. Ding brings extensive management experience and a global perspective to Trustlook’s executive team during a period of rapid growth and expansion. His responsibilities include global sales and oversight of Trustlook’s business development operations.
“Fangyu is a proven leader and industry veteran who will help us scale, and play a key role in executing on our growth strategy as we continue our evolution to a multi-product cybersecurity solution,” said Allan Zhang, Co-Founder and CEO of Trustlook. “His wealth of experience with global executives and security teams has given him a clear understanding of precisely what our marketplace needs and how best to deliver it. I’m delighted to be working with him as Trustlook enters its next stage of expansion.”
Ding brings to Trustlook 20 years of leadership experience in the security sector, including mobile devices, network appliances, and the Internet of Things. He was most recently Vice President of Business Development for AVG, the multi-billion-dollar cybersecurity company that was acquired by Avast in 2016. Ding has long been a proponent of dynamic behavioral detection technology in the cybersecurity industry in his work with Sana Security, an early pioneer of AI for PC malware, which was later acquired by AVG. He has a proven ability to drive organizations through various stages of development to become truly global companies.
“With its revolutionary SECUREai security engine, Trustlook has a significant opportunity to help organizations across the world access the latest advancements in cybersecurity,” said Fangyu Ding, Senior Vice President of Global Sales and Business Development at Trustlook. “Trustlook has industry-leading technology and strong partnerships with worldwide tech leaders such as Huawei, Qualcomm, and Tecno. This puts us in a strong position in the $200 billion cybersecurity market. I look forward to capitalizing fully on this opportunity.”
Ding has an MBA from the Haas School of Business at the University of California, Berkeley. His role will be based out of the company’s headquarters in San Jose, California, but he will also spend significant time supporting Trustlook’s China office, as the company continues to solidify its position as the market leader in China.
Trustlook is demonstrating the integration of Trustlook’s SECUREai engine with the Qualcomm HavenTM Security Platform on the Qualcomm® Snapdragon™ 835 mobile platform during Mobile World Congress 2017. Using power-efficient machine learning-based behavioral analysis, the solution is designed to support enhanced device security through real-time detection and classification of zero-day malware and privacy violations.
The Qualcomm Haven Security Platform, announced at CES 2017, supports advanced hardware-based security features such as fingerprint and iris authentication, device attestation, and real-time device behavior monitoring. Trustlook’s SECUREai is a suite of embeddable security engines that identify advanced malware, detect device behavior anomalies, and classify threats using proprietary AI technology. SECUREai supports multiple platforms including Android, security gateways, IoT devices, and currently powers products of leading mobile device makers such as Huawei and Tecno Mobile, and numerous Android security apps.
“Artificial intelligence is a game changer for mobile security,” said Allan Zhang, CEO and co-founder of Trustlook. “It is nearly impossible for human researchers today to keep up with the rapid changing threat landscape. Machine learning is the great equalizer to help the good guys stay ahead and take control. We are very excited to work with Qualcomm Technologies on this effort.”
“Working together, Trustlook and Qualcomm Technologies are demonstrating how a leading anti-virus engine can combine with platform-level machine learning,” said Sy Choudhury, senior director of product management, Qualcomm Technologies, Inc. “By utilizing the behavioral capabilities of the Qualcomm Haven Security Platform, Trustlook’s SECUREai engine delivers real-time and offline detection of zero-day threats. These can be reported back to home base, and be used to protect millions of other devices which are possibly under threat.”
The Trustlook solution on Qualcomm Haven Security Platform is available to handset OEMs on the Snapdragon 835 mobile platform, and is expected to be supported by additional Snapdragon SoCs later this year.
Banks in South Korea recently started to offer customers a text messaging option to access accounts and authenticate transactions. It was reported that a major South Korea bank, KEB Hana Bank, was the first to launch the text banking service in the country on Nov 21, 2016. Unfortunately, cyber thieves have picked up on this, and are trying to get their hands on these text messages.
Trustlook labs discovered a new banking Trojan that targets these banks in South Korea that offer the text messaging service. The Trojan disguises itself as a Google Play app and the user is requested to grant device administrator rights for it. This prevents the malware for being removed.
The app starts as a background service and is invisible to the user. The package can be identified as having the following characteristics:
- MD5: b4d419cd7dc4f7bd233fa87f89f73f22
- SHA256: 1fa03f9fa2c6744b672433c06a1a3142997ba4f261b68eddbc03545caff06a82
- Size: 100289 bytes
- App name: Google_Play
- Package name: com.android.systemsetting
The package icon is:
Upon execution, the app persuades the user to grant device administrator access in order to maintain its presence on the system:
The app disguises itself as “AhnLab V3 Mobile PLUS” which is a popular mobile security app in South Korea.
In the meantime, it attempts to remove the legitimate AhnLab security apps:
The malware attempts to collects the user’s device information and send it to the server:
The following code snippets are used to retrieve information on any installed banking apps:
The malware then sends out the captured information:
The malware intercepts all the SMS messages between the device and the banks and sends it to the attacker:
The app is capable of updating itself:
For anyone using the text banking service that is being offered by some Korean banks, we suggest you install the Trustlook Mobile Security app to detect and block this attack, as well as to prevent further malicious activities.
Over the past couple of months, Trustlook Mobile Security has published a lot of research (here and here) about ADUPS spyware. It is no surprise we have received many inquiries about the latest ADUPS security vulnerability involving the Barnes & Noble Nook 7. You may or may not know that the $50 Barnes & Noble device was shipping with Adups backdoor-planting firmware preinstalled.
We are happy to announce that Barnes and Noble has got a fix. The company has also issued the following statement regarding the issue.
“NOOK Tablet 7” went on sale on November 26. By that time, the device automatically updated to a newer version of ADUPS (5.5), which has been certified as complying with Google’s security requirements, when first connected to Wi-Fi. ADUPS has confirmed to Barnes & Noble that it never collected any personally identifiable information or location data from NOOK Tablet 7” devices, nor will it do so in the future.
Finally, we are working on a software update to remove ADUPS completely from the NOOK Tablet 7”. That update will be made available to download within the next few weeks, but in the meantime customers can rest assured that the device is safe to use.”
Whew! To think that you could have been sending your most private information to servers in China while you were reading your favorite novel was quite concerning.
People like to think their brand new phone is clean and free of malware, but that is not always the case. Some smartphone manufacturers choose to use a third party FOTA (Firmware Over-The-Air) service instead of Google’s, which can pose serious security risks. This is what happened in the case of Shanghai based ADUPS Technology Co.
ADUPS provides FOTA update services for mobile devices. Trustlook Labs researched multiple mobile devices and discovered several apps produced by ADUPS have serious security flaws. We researched a sample with package name “com.adups.fota”, app name “无线升级”, version 22.214.171.124.1.
The app comes preinstalled on the device. It collects many types of user information. In addition to specifications such as IMEI, IMSI, MAC address, version number, and operator, this app attempts to collect user’s SMS text messages and call logs. More troubling is that all of these procedures are done without user’s consent and are processed in the background.
Diving into the code…
The following code snippets show the app start to collect call logs and SMS messages:
The getTellMessageData() method shown below calls the above methods.
The collectDcData() method shown below calls getTellMessageData() and some other methods to collect other information and insert the data into an SQL database.
The data are then written to JSON format and zipped:
The 7 JSON files contain various user information:
The collected call logs and SMS messages are stored in “DcTellMessage.json” file. All data is then encrypted by using DES and sent out:
The DES.encryptDES() method that is used in the above code is shown below:
The DES encryption key is “NotCrack” and the IV is 12345678.
The data is sent to the following domain “https://bigdata.adups.com/”
The data is uploaded every 72 hours:
The Trustlook Mobile Security app detects this app as “Android.Trojan.Adups”. Trustlook’s anti-threat platform can effectively alert and remove the threat. Download the Trustlook app for free from the Google Play store.
Shopping on a mobile device is expected to be stronger than ever during the 2016 Holiday Season. Smartphone proliferation, faster network speeds, and slick shopping apps have combined to provide a far better experience for mobile shoppers. But as the spending is soaring, so too are the mobile security risks.
Trustlook, a next-generation mobile security company, has shared findings from a recent survey of Android users. The goal of the survey was to dig deeper into the expected mobile shopping behaviors for the 2016 Holiday season. Some key findings include:
1. 43% of users surveyed will spend more than $250 on purchases made through a mobile device
2. 40% of mobile shoppers prefer shopping on their mobile devices, versus 18% who prefer shopping in a store
3. Even though 70.35% of users surveyed plan on making a purchase on a mobile device, 64% have not installed a mobile security app
4. Amazon, eBay, and Walmart are the most popular mobile shopping apps
For an infographic on Trustlook’s survey findings, please go here.