- Log In
Hackathons are in Lookout’s blood.
We first started holding Hackathons when we were a third of our size, aspiring to get the creative juice flowing across teams. Today, the Hackathon spans two-days in which employees leave the comfort of their teams and enter collaborations with new coworkers, serving in new roles. An engineer may become a product manager; a designer may use their skills in web development, all building awesome projects that oftentimes really do end up in Lookout’s products.
It’s one of our favorite times of year and this year, we wanted to highlight our Hackathon leaders: Namhee Koo, our current Hackathon coordinator, and David Richardson, the guy who started it all 4 years ago.
Hear from them why the hackathon is so key to Lookout’s culture, where it’s headed, and all the goofy stuff in between:
The World Economic Forum is calling for immediate attention to mobile cyberattack in its ‘Global Risks Report’ for 2016 — a recommendation that echoes the rapid adoption of new technologies in business and government agencies and the great need for equal interest in the associated risks and protections.
Emerging technologies are not often adopted by the channel, but Lookout’s enterprise mobility solutions have made the cut. Today, Lookout is excited to announce a strategic alliance with channel-heavyweight Ingram Micro, opening the door that connects our products to the customers who need them most even wider.
Many businesses today begin securing their data with a checkbox.
That is, a chief security or information officer is told, “We need to secure X,” thus the goal becomes, “Find a solution to tick the ‘X’ security checkbox.” This is how we measure the security of our information today, by itemizing the technologies we’ve deployed across an organization. Unfortunately, this kind of mentality gets in the way of rational thinking about how to solve real security problems enterprises are facing today. The security industry and its customers alike must move away from a checkbox mentality toward considering true risk reduction: how does this technology measure its success?
The malware family Brain Test, unfortunately, has made a comeback. Some variants attempt to gain root privilege, and persist factory resets and other efforts to remove it, especially on rooted devices.
Lookout consumer and enterprise users are protected.
In October 2015, we discovered several applications live in the Google Play Store that looked suspiciously like they were written by the developers behind the Brain Test malware family. Curiously, these apps had hundreds of thousands of downloads and at least a four star average review score — indicating a satisfying app experience, not obtrusive adware. Not long before, in September, Google had removed two Brain Test samples after a report by Check Point.
It took more research, aided by the Lookout Security Cloud, to connect the dots, but on December 29 we confirmed our suspicions that additional apps containing Brain Test malware were in Google Play. We found 13 Brain Test samples in total, written by the same developers. We contacted Google, who promptly removed these 13 apps from the Google Play Store.
How did these apps appear in the Play Store? It seems likely that over 2-3 months, the malware authors used different names, games, and techniques to see what apps they could publish in Play while flying under the radar. Then, just before Christmas, a game called Cake Tower received an update. The update turned on functionality similar to the initial versions of Brain Test and included a new command and control (C2) server, which was the smoking gun we needed to tie together the apps.
The explanation for the apps’ high ratings and hundreds-of-thousands of downloads is the malware itself. First off, some of the apps are fully-functioning games. Some are highly rated because they are fun to play. Mischievously, though, the apps are capable of using compromised devices to download and positively review other malicious apps in the Play store by the same authors. This helps increase the download figures in the Play Store. Specifically, it attempts to detect if a device is rooted, and if so, copies several files to the /system partition in an effort to ensure persistence, even after a complete factory reset. This behavior is very similar to several other malware families we’ve seen recently, specifically Shedun, ShiftyBug, and Shuanet.
Unfortunately, Brain Test is back, but Google worked quickly to remove the malicious apps we discovered, and we are continuing to monitor for new variants.
So, you got a new, shiny, exciting phone or tablet this holiday season.
By now you’re probably rummaging through app stores looking for fun new apps to use, and old favorites like your banks, health apps, and social networks. Maybe you’re porting over all your old photos, music, and contacts. You’re likely setting up your personal and work emails so you can get connected right away.
Within an hour of opening up your brand new device, it likely holds and accesses a wealth of information about you in order to serve your needs as best it can.
That’s great, but you need to make sure you’re protecting all of that data right out of the gate! Here are a few tips on how:
Lookout discovered a solitaire app in Google Play’s gaming category that is actually a version of the malware family FruitSMS, which conducts premium SMS fraud and charges people for typically free services.
We alerted Google to the malicious app and Google promptly removed it from the app store. All Lookout users and customers are protected from this malware.
Official app stores generally do a good job of protecting their customers from malicious apps, but their vetting processes are not perfect. The app is another example that app stores are a viable distribution method for criminals looking to deliver their malicious apps.
What is it?
FruitSMS is a simple piece of malware that Lookout has been following for over two years. It trojanizes legitimate applications, but then charges people for otherwise free services via premium SMS. Premium SMS fraud involves tricking a person into texting a premium-rate number. The victim’s carrier then bills them for texting the number, which is then paid out to the criminal.
For those interested, the SHA-1 for the app is c5ac832a03fdec4fcda9b5137a46b1
How many people are affected?
Thankfully, for this particular app, not many. The app is a Russian-language game and only had around 50-100 downloads by the time we alerted Google.
What should I do?
It’s no longer uncommon to do your shopping on your mobile device. Ever sat on the couch watching Netflix and browsing your favorite retailer on your tablet?
Many of us have been there. Indeed, 52 percent of millennials make purchases on their mobile devices at least a few times a month, according to research from Invoca. While this is no longer a foreign concept, arguably, many of us haven’t considered how to shop on mobile safely. That’s why we pulled together some last minute safe mobile shopping tips for your last-minute present buying-spree.
In this series we’re highlighting some of our awesome employees and the work they do. In their own words, you’ll hear about our employees biggest wins, favorite moments, and reasons for doing what they do. Interested in starting a career at Lookout? Check out our open jobs.
Tis the season to think about security.
During the holidays, millions of people will open boxes and bags of smartphones and tablets. They jump into their new devices, filling out contact information, downloading apps, configuring settings, making their device their own. You know how important it is to keep all that data you use on your gadgets safe, so why not give the gift of Lookout for free?
This holiday season, you can give three of your loved ones three complimentary months of Lookout Premium. That means access to Theft Alerts, the ability to lock and wipe your device remotely, photos and contacts backup, and of course security against mobile malware.
Best part? As a thank you, we’ll give you three months of Premium for free as well!
We want to make sure you, your friends, and your family all get the mobile protection they need. Here’s to peace of mind this holiday season!