Hello, welcome to the Wednesday, July 25th, 2018 edition of the Sanctal Storm Center's Stormcast. My name is Johannes Ulrich and I'm recording from Jacksonville, Florida.

We haven't really seen a lot of posts this year talking about malicious spam in part because it hasn't really been all that common as it used to,

but one Malware family that's still going strong is Emotet and Brad as a reminder has

a recent sample that he is discussing in his latest diary post. As usual, you get plenty of indicators of compromise,

as well as packet captures that of course you can use to train your own analysis skills. In this

particular case, the malicious document was a Word document, and yes, the user has to enable macros in order to be infected.

Now Emothead of course is just the spreader or drop or whatever you want to call essentially

a part that will then download additional malware. In Brad's case this was the good old Seuss Panda Banker matter.

Well, and today's your lucky day we have a second diary that's dealing with packet captures.

The second one is by Tom and he's talking about cell phone tracker software that is created by cell phone trackers.co.

Now, this is sort of software that you would install on a cell phone in order to spy on whoever

is using the particular cell phone.

The sad part here is not just how much spying you can do with the software, but also that

all the data is exfiltrated in the clear.

So no HDPS and it goes way beyond the standards of GPS tracking.

It does, for example, record phone calls and then exfiltrate the audio files again without

any encryption.

Now, I'm not sure why anybody really would have a legitimate reason to install tracking software

that's that invasive.

Usually you have things like, for example, family tracking or such that typically evolves

around GPS tracking and typically requires that the owner of the phone agrees to being tracked.

And CERTCC released a coordinated vulnerability announcement that does affect most common Bluetooth implementations.

...