Hello, welcome to the Thursday, June 9th, 2016 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich.

I'm recording from Baltimore, Maryland.

Brad published a diary yesterday, updating us on what's happening with the Neutrino Exploid Kit and Crypt Triple X.

Crypt Triple X has become one of the predominant pieces of

ransomware that's going around these days. In the past, it usually used the Angler Exploid Kit

in order to install itself. But as Brad points out, we have seen this before that Malver switches exploit kits.

In this case, CryptTriplex switched to the neutrino exploit kit.

In my opinion, that's typically due to one exploit kit sort of running its course.

They're seeing diminishing returns from a particular exploit kit.

So they're switching exploit kits in order

to get users that are more susceptible to the other type of exploit kit.

A British security company Pentest Limited took a closer look at a popular Android keyboard,

the flash keyboard. Now what you found is that not only

does this particular application require excessive permissions, pretty much anything there is.

It does require access to the camera, to your GPS location, to SMS messages, and also it does ask for permission to, for example,

replace your screensaver and the like. It sort of asks for every permission there is.

Now, Android is quite proud of its fine-grained permission system, and it's certainly a good

thing to offer

it to users, but this particular application was downloaded millions of times and users apparently

don't really care about these excessive permissions. In addition, this particular application

also exfilterates quite a bit of data. It collects about the user to the producer of the application in China.

...