Hello, welcome to the Friday, March 3, 2017 edition of the Sansanet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Robb today has a diary with a sample for a business email compromise, well, at least an attempt of one.

Not a very good one.

The email, in my opinion, is pretty easy to spot as a fake just based on the text of the email.

However, as Raw points out, this email should never have made it into the inbox just because SPF, if properly implemented,

would have dropped this email.

And Palo Alto did a pretty nice job running down the background behind some recent Android Malware.

Now, when I first saw the the headline I didn't really pay much

attention because Android malware after all is somewhat common. Now this particular

matter was actually found in the Google Play Store but what was kind of odd was not

just that the 132 infected applications were only developed by seven different developers,

which appear to be related to each other, but also that the malware was really ineffective.

It tried to download a Windows executable to the Android phone. Also, the main names used had

been sing-hold for a while now. What Palo Alto actually was able to deduct was that these

seven developers apparently are using a development environment that is it itself infected.

So any application being created with this development environment will include the malware

and as a result will then bundle it up and will be published like this to the Google Play Store.

So very similar to what we have seen with Xcode Ghost a little bit more than a year ago.

In the Xcode Ghost case, it was an OS10 development tool that was infected and then included

itself or included malicious code in compiled binaries.

Something similar may have happened here.

...