This article originally appeared in Infosecurity Magazine on October 30, 2018.
A new technique to escape malware detection has been used in a malicious campaign targeting smartphones, according to The Media Trust.
In today’s blog post, Michael Bittner, digital security and operations manager at The Media Trust, revealed that the campaign involved third-party code that enabled smart malware delivery. The malware, dubbed JuiceChecker-3PC by The Media Trust’s digital security and operations (DSO) team, was able to bypass scanning using Base64 and has been seen in millions of page views over the last three weeks.
After bypassing the scanning, the malware checked to see whether the user agent was mobile specific, whether the battery level ranged between 20–76% and whether the referrer was specified. If these conditions were met, the malware triggered a redirect in which the ad viewer was delivered to a malicious site.
The targets included three global demand-side platform (DSP) providers, all of which traditionally see checks for similar conditions, with the exception of the battery-level range.
“In this incident, the malware was inserted into creative posing as a legitimate ad for one of the largest department store retailers in the US. The Media Trust digital security and operations (DSO) team was able to identify the malicious code and work with the DSPs to shut down the malware sources,” Bittner wrote.
“Given this malware’s level of encoding, most blockers and conventional scanning techniques continue to let the malware pass through and impact millions of site and mobile app users. Nipping the attacks in the bud is particularly important given the explosion of malicious ads in the digital ad supply chain and the millions of shoppers who use their devices to browse and make transactions online.”
Whether those attacks can be mitigated is questionable, though, according to a recent post on Cell Phone Security and Heads of State by Bruce Schneier. Using malware to attack the phone itself is one of two ways to eavesdrop, a technique that is favored by nation-state actors with less-sophisticated intelligence capabilities, Schneier explained.
“These attacks generally involve downloading malware onto a smartphone that then records calls, text messages, and other user activities, and forwards them to some central controller. Here, it matters which phone is being targeted,” Schneier wrote.
“Unfortunately, there’s not much you can do to improve the security of your cell phone. Unlike computer networks, for which you can buy antivirus software, network firewalls, and the like, your phone is largely controlled by others. You’re at the mercy of the company that makes your phone, the company that provides your cellular service, and the communications protocols developed when none of this was a problem. If one of those companies doesn’t want to bother with security, you’re vulnerable.
“This is why the current debate about phone privacy, with the FBI on one side wanting the ability to eavesdrop on communications and unlock devices, and users on the other side wanting secure devices, is so important.”