Breaking Badness Episode 9: Feeling Lucky88755

Feeling Lucky88755

Coming up this week on Breaking Badness. Today we discuss, How to Cut Out the Middleman, A Hardcore Apple Phishing Campaign: Roaming Mantis, and Time Well Serpent.

Here are a few highlights from each article we discussed:

How to Cut Out the Middleman
  • Guard Provider, an app that comes standard with 150 million Xiaomi devices, had multiple vulnerabilities that could allow attackers remote access to the devices.
  • Guard Provider was a Xiaomi-made security app that includes three different AV vendors (Avast, AVL, and Tenacent).
  • To do this, it uses several different SDK(software development kits) – which isn’t great because it becomes difficult to identify and patch vulnerabilities/bugs/issues.
  • AV signatures were being downloaded over an HTTP connection, which is vulnerable to MITM attacks if you were connected via public wifi (coffee shop, etc).
  • Due to gaps in communication between the multiple SDKs, the attacker could then inject any rogue code they choose such as password stealing, ransomware, tracking or any other kind of malware.
  • This vulnerability has been patched.
A Hardcore Apple Phishing Campaign: Roaming Mantis
  • Roaming Mantis has developed in additional ways to compromise iOS devices.
  • A new landing page prompts users for various permissions, then redirects them to a phishing site that collects information including DEVICE_PRODUCT, DEVICE_VERSION, UDID, ICCID, IMEI and MEID.
  • If you put your Apple ID credentials into the site, it then attempts to steal your 2FA code.
  • There are also new ways to infect Android devices with sagawa[.]apk Type A malware, which has previously been spread via SMS in Japan.
  • In the past they’ve also compromised routers to overwrite DNS settings.
  • In this new version, the actor has changed their decryption function slightly, likely to evade detection.
  • This compromise has been seen in Russia, Japan, India, Bangladesh, Kazakhstan, Azerbaijan, Iran and Vietnam.
Time Well Serpent
  • Checkpoint’s security research team was too busy researching security all day and so they hacked the April Fool’s google snake game, put an auto-play AI in it, and let it play for them.
  • They also changed the code so they couldn’t lose… hitting the wall didn’t kill their snake (essentially making it God Mode).
  • They also changed the number of people who spawned so they had the ability to get more points faster.
This Week’s Hoodie Scale

How to Cut Out the Middleman
: 3/10 Hoodies
[Emily]: 5.5/10 Hoodies

A Hardcore Apple Phishing Campaign: Roaming Mantis
 5/10 Hoodies
5/10 Hoodies

Time Well Serpent
 3/10 Hoodies
[Emily]: 5/10 Hoodies

That’s about all we have for this week, you can find us on Twitter @domaintools, all of the articles mentioned in our podcast will always be included in our blog. Catch us next Wednesday at 9 AM Pacific time when we publish our next podcast and blog.

*A special thanks to John Roderick for our incredible podcast music!