Hello, welcome to the Wednesday, September 27th, 2017 edition of the Sands and its Storm Center's

Stormcast. My name is Johannes Ulrich, and the damn recording from Baltimore, Maryland.

Renato wrote up another interesting piece of banking matter that in addition to traditional bank accounts also goes for

cryptocurrencies account at blockchain.info and perfect money. Now overall it's sort

of traditional banking matter. It arrives as a PDF claiming to be an invoice and

then it does use that PDF in order to download the

actual malware. Now, what's happening here once installed a malware? It actually doesn't do

sort of the browser extension trick. Instead, what it's doing is it installs Fittler, which is

a well-known HDP proxy, installs Fittler, which is a well-known HDP proxy,

installs Fiddler's root certificate as part of the trusted system certificates.

So that way Fittler can play man in the middle, and this is used to then steal credentials.

I guess certificate pinning would be a good countermeasure here on the server side.

Another risk of this particular malware is that credentials are being infiltrated, unencrypted.

Now, you may say, hey, this makes it actually easier for data leakage protection devices

to detect this activity, But remember that this probably

targets mostly home users and the like that don't use devices like this. And IOactive looked at

mobile stock trading applications and found, well, no big surprise here that they're not really all

that secure, at least not as secure as they should be, and actually they're less secure than

mobile banking applications that IOactive reviewed a couple years ago.

Now, you may be able to argue with some of the findings.

For example, they do note that a few of the applications keep data like preferred stock

watch lists unencrypted on the phone itself.

...