ISC StormCast for Friday, March 24th 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 24 March 2017
⏱️ 7 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Friday, March 24th, 2017 edition of the Sansanet Storm Center's Stormcast. My name is Johannes |
| 0:08.1 | Ulrich, and if I'm recording from Jacksonville, Florida. Checkpoint security is writing about research |
| 0:15.1 | done by Tencent security about a new Chinese troche. Now, the Trojan itself isn't really all that new actually. |
| 0:24.1 | It's called the Swearing Trojan and it's pretty much a mobile banking malware. |
| 0:29.6 | So what it does is it tries to emulate a legitimate online banking application, but then it tricks |
| 0:37.3 | the user into entering credentials and |
| 0:39.9 | forwards them to the misgrants. Typically, users infect themselves with these Trojans when they |
| 0:47.7 | install software they think is benign and it includes these Trojans as an additional payload. |
| 0:55.0 | But Tencent now observed a somewhat novel way of spreading matter like this swearing trojan in China |
| 1:04.0 | and that's by using malicious base transceiver stations or BTSs. |
| 1:10.0 | Now they're also sometimes referred to as fake cell towers. |
| 1:14.6 | A lot of attention has been spent on these fake cell towers and it has become easier and cheaper |
| 1:21.6 | to deploy them but once a user connects to one of these fake towers, in this particular case they will send |
| 1:31.8 | an SMS to user claiming to come from China Telecom and asking them to install this Trojan. |
| 1:41.0 | Once installed the malware is behaving like any other malware. It's intercepting passwords. It's also trying to spread itself by sending messages to contacts stored on the phone. But it's certainly surprising that these fake BTSs can reach sufficient coverage to spread a trojan like this |
| 2:05.0 | to a level where it does get noticed. |
| 2:08.9 | As a user, there isn't really all that much you can do about avoiding to connect to one |
| 2:13.8 | of these fake base stations. |
| 2:16.5 | So best thing to do is just assume that the network you're connecting to is not trustworthy. |
| 2:23.0 | And that's probably a good idea and attitude whenever you connect to any kind of internet connection. |
| 2:29.6 | And well, if you just updated last pass and you've got another update notice, it wasn't fake. |
| 2:35.3 | There is yet another bug that Google's Serity initiative found in this popular password wallet. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.