RSA 2016 Researchers have shown off a new way to evade the security mechanisms in Android and iOS – by using social networks as command and control servers. The team, from Israeli security firm Skycure, said Google and Apple have made great strides in keeping malware out of their official software stores by scanning submitted code for malware and bad practices. Part of the scanning operation checks which backend systems the app contacts. Applications that reach out to suspicious servers are flagged up for further inspection – but contacting to Facebook looks legit. So the team created a Facebook profile and posted lines of malicious code. When the innocent-looking app logs onto the social network and downloads the payload, it can execute it on the device.
View full story
ORIGINAL SOURCE: The Register