BRATISLAVA – ESET, a global leader in cybersecurity, has launched version 6.0 of ESET Mobile Security (EMS), an award-winning solution that provides protection against a multitude of Android mobile security threats such as malware and phishing, and now has the added feature of Payment Protection for financial transactions.

ESET Mobile Security protects users’ data against loss, leakage and misuse through strong malware protection, as well as providing a safe browsing environment with its anti-phishing feature. EMS also protects users from physical loss and theft, connecting to my.eset.com to provide as much real-time information as possible about the status and whereabouts of the device.

Version 6.0 of the premium Mobile Security solution introduces a new layer of security for EMS users. The Payment Protection feature safeguards users from applications that utilize sensitive financial information such as banking transactions and online shopping. This feature automatically categorizes all installed applications from the Google Play Store that fall into the Finance category and scans them for potential threats. The user is also able to add other installed apps to the list that may fall outside of the Finance category.

A “safe launcher” icon is added to the user’s list of applications, and from there, apps pertaining to sensitive financial data can be launched and will be protected from malware or fake apps that may be attempting to steal credentials by replicating login screens. If an app is not launched from the safe launcher module, Mobile Security will continue to run a basic scan for unresolved antivirus issues, open network usage and the root state of the device.

To further cement ESET’s commitment to cutting-edge Android mobile protection, the company has been awarded the MRG Effitas Certificate in the Android 360° Assessment Programme Q1 2020 by MRG Effitas, a world leader in independent IT security efficacy testing, research and expertise. As the report highlights, Android devices are used by approximately 2.3 billion people around the globe, and with Android-based malware on a constant rise, it is vital that antivirus solutions protect against 100% of threats.

Version 6.0 has also undergone design changes to improve intuitiveness and ease-of-use features, such as the Call Filter feature that allows users to protect against unwanted incoming calls and a redesign of the Anti-Theft feature to allow for simpler onboarding and the resetting of passwords.

Branislav Orlík, product manager at ESET, states: “Mobile devices are a central part of our everyday lives and go far beyond just the need to call or message our friends and family. Our mobile devices are now a direct pathway to our wallets, our memories and our jobs, and it is vital that personal data is safely secured, especially sensitive financial data. With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts. At ESET, we are dedicated to the safety of technology users across the globe and are proud to be recognized for our innovative and reliable security solutions.”

For further information on ESET Mobile Security, click here.

BRATISLAVA – ESET researchers have discovered and analyzed malware that targets Voice over IP (VoIP) softswitches. This new malware, named CDRThief by ESET, is designed to target a very specific VoIP platform used by two China-made softswitches (software switches): Linknat VOS2009 and VOS3000. A softswitch is a core element of a VoIP network that provides call control, billing, and management. These softswitches are software-based solutions that run on standard Linux servers. Entirely new Linux malware is rarely seen, thus making CDRThief worthy of interest. The primary goal of the malware is to exfiltrate various private data, including call detail records (CDR), from a compromised softswitch.

“It’s hard to know the ultimate goal of attackers who use this malware. However, since it exfiltrates sensitive information, including call metadata, it seems reasonable to assume that the malware is used for cyberespionage. Another possible goal for attackers using this malware is VoIP fraud. Since the attackers obtain information about the activity of VoIP softswitches and their gateways, this information could be used to perform International Revenue Share Fraud,” says ESET researcher Anton Cherepanov, who discovered CDRThief. “CDRs contain metadata about VoIP calls such as caller and IP addresses of call recipients, starting time of the call, call duration, call fees, and other information,” he adds.

To steal this metadata, the malware queries internal MySQL databases used by the softswitch. Thus, attackers demonstrate a solid understanding of the internal architecture of the targeted platform.

“We noticed this malware in one of our sample sharing feeds, and as an entirely new Linux malware, it’s a rarity and caught our attention. What was even more interesting was that it quickly became apparent that this malware targeted a specific Linux VoIP platform,” explains Cherepanov.

To hide malicious functionality from basic static analysis, the authors encrypted any suspicious-looking strings. Interestingly, the password from the configuration file is stored encrypted. Despite this, Linux/CDRThief malware is still able to read and decrypt it. Thus, the attackers demonstrate deep knowledge of the targeted platform, since the algorithm and encryption keys used are not documented. Furthermore, only the malware authors or operators can decrypt any exfiltrated data.

“The malware can be deployed to any location on the disk under any file name. It’s unknown what type of persistence is used for starting the malware. However, it should be noted that once the malware is started, it attempts to launch a legitimate file present on the Linknat platform. This suggests that the malicious binary might somehow be inserted into a regular boot chain of the platform in order to achieve persistence and possibly masquerade as a component of the Linknat softswitch software,” concludes Cherepanov.

For more technical details about CDRThief, read the blog post “Who is calling? CDRThief targets Linux VoIP softswitches” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.