Hello, welcome to the Thursday, June 6, 2019 edition of the Sansanet Storm Centers, Stormcast.

My name is Johannes Ulrich.

And I'm recording from Jacksonville, Florida.

Google came out with its monthly update for Android.

We got a total of 22 vulnerabilities being fixed here, eight of which are critical.

Now out of these eight critical vulnerabilities, three are again in the media framework.

What's sort of interesting about these three vulnerabilities, that two of them only exist

in Android 9, while the third one only exists in older versions of Android.

Now, the fourth vulnerability in the framework, which is only rated as high, it's a per-age

elevation vulnerability. This one goes all the way back to Android 7 and also appears

to affect the newer versions.

Chrome also received an update with a number of security fixes, nothing really too spectacular

here and Chrome should update itself anyway.

But we also got some little bit new and different Mac malware to talk about.

This particular sample was dissected by Arrow Security.

Now the initial install vector is the old and tried fake Flash player install.

Have seen this for years now with Macs and must be probably

the number one way how Malva ends up on the Mac. Now, once it runs, it actually runs a little

bash script that will install an HTTP and HTTP proxy on the system. It will add a trusted certificate authority to the system to properly

provide signed certificates. And then the end goal and moneymaker appears to be the injection

of ads into the browser sessions. Interestingly, they're actually using Bing ads here, which is a little bit ironic all over

here for Mac malware, but I guess that's where they're actually able to make a little bit

...