A week in the news: The first Android encryptor

This week: the first ever Android encryptor malware, a serious Tweetdeck vulnerability arises and is fixed just as quickly, and much more.

It was a busy week last week, with more details on the first ever Android encryptor ransomware, a serious but brief-lived vulnerability in TweetDeck, a look at Apple’s upcoming iOS 8, a Gmail flaw that may have revealed every user address, and more.

Android Encryptor

Two weeks ago, reports describing a piece of ransomware that actually encrypted the contents of Android devices began to emerge. Last week, Kaspersky Lab expert, Roman Unuchek, described the mobile malware, which is called Pletor, as the first of its kind.

Pletor was first spotted around a month ago and has spread to 13 countries over that time period. It has infected more than 2,000 machines – primarily in Russia and the Ukraine – but also in other European and Asian countries. The peak of the infections came on 22 May when 500 new infections were reported. The Trojan is up for sale on the criminal underground with an impressive $5,000 price tag.

“If your smartphone has been infected with [Pletor], we recommend that you do not pay the criminals,” Unuchek said. “All the versions of the Trojans that we have seen contain a key that can be used to decrypt affected files.”

Pletor is infecting devices that visit fake pornographic websites. The Trojan masquerades as a media player required to view videos on those sites. It’s also spreading in games and other Android applications, as well as a Russian mobile phone forum.

“If your smartphone has been infected with [Pletor], we recommend that you do not pay the criminals,” Unuchek said. “All the versions of the Trojans that we have seen contain a key that can be used to decrypt affected files.”

TweetDeck Fiasco

We reported on a serious security vulnerability in TweetDeck last week. It could have allowed an attacker to take over a user’s account, post or delete tweets or deface the account. Twitter very quickly provided a patch for the problem, so users need not worry now, but it may be a good idea to go ahead and change your Twitter and TweetDeck passwords if you use the service. If you followed our advice and revoked access to the TweetDeck application, it’s probably safe to go back and grant the TweetDeck access to your Twitter account once again.

Interestingly, all the TweetDeck issues that occurred were down to an Austrian teen and a Unicode heart that should never have showed up on his Twitter feed. Read more at Threatpost.

MAC Address randomisation

Apple gave its fans a sneak-peak at the yet-to-be-released iOS 8 mobile operating system from its Worldwide Developers Conference last week. The release constitutes a fairly substantial rebuild of the iOS application development atmosphere, and you can read a thorough analysis of what we think here.

Perhaps the most significant change though, is Apple’s decision to randomise media access control addresses when connecting to wireless networks. MAC addresses are uniquely identifiable. Retailers and others have been known to track MAC addresses to learn more about the behaviours. In iOS 8, iDevices will generate random MAC addresses as they are scanned by wireless networks. The move will quietly make it impossible for retailers to track in-store customer movement and other behaviours.

Are you there, Feedly?

A distributed denial of service attack knocked the news aggregation service Feedly and the note-taking and archiving platform Evernote offline yesterday. Evernote pulled out of the DDoS attack pretty quickly and is available to its users at present. Unfortunately, as of Thursday afternoon, Feedly remains offline.

Feedly did reappear briefly last Wednesday, but was knocked back offline by another wave of DDoS attacks shortly thereafter.

Stay on the lookout for spam

Google patched a pretty serious vulnerability in its service at the beginning of last week, closing off a hole that could have exposed an unknown number of user Gmail accounts. Some reports have estimated the percentage of account addresses that could have been exposed as high as 100 percent. You can read up on the technical details of the attack on Threatpost. You should be particularly wary of spam in the coming days and weeks, because if anyone exploited this bug in the wild, they could have an absolute trove of Gmail addresses.

In other news

The United States Industrial Control System Cyber Emergency Response Team – that is the division of the Department of Homeland Security tasked with providing information about industrial control system threats – issued an alert warning about easily hackable electronic road signs.

Mozilla Firefox and Microsoft issued updates that fixed a number of critical security vulnerabilities. So you should make sure you install those updates for your Firefox browser Windows machine as soon as possible.

In closing, Facebook announced last Thursday it will soon be rolling out a new feature to give users more control when it comes to the types of advertisements they see on the site.