Coolpad is the sixth largest manufacturer of smartphones in the world, and the third largest in China. We recently discovered that the software installed on many of Coolpad’s high-end Android phones includes a backdoor which was installed and operated by Coolpad itself. Today we released a new report detailing the backdoor, which we’ve named “CoolReaper.”
After reviewing Coolpad complaints on message boards about suspicious activities on Coolpad devices, we downloaded multiple copies of the stock ROMs used by Coolpad phones sold in China. We found the majority of the ROMs contained the CoolReaper backdoor. …Continue reading
Today we released our first Threat Landscape Review, which takes a high-level view of how malware is delivered to networks across major industries around the world. The data used for this report was derived from Palo Alto Networks WildFire™, which automatically identifies threats from malware over a wide array of applications by executing them in a virtual environment, observing their behavior. This data was collected from live systems in networks belonging to 2,363 different companies operating in 82 different countries.
While there are currently over 4,000 organizations using WildFire to defend their networks the data for this report was specifically collected from organizations in 10 key verticals: …Continue reading
Today we published a new research paper on WireLurker, a family of malware targeting both Mac OS and iOS systems for the past six months. We believe that this malware family heralds a new era in malware attacking Apple’s desktop and mobile platforms based on the following characteristics:
- Of known malware families distributed through trojanized / repackaged OS X applications, it is the biggest in scale we have ever seen
- It is only the second known malware family that attacks iOS devices through OS X via USB
- It is the first malware to automate generation of malicious iOS applications, through binary file replacement
- It is the first known malware that can infect installed iOS applications similar to a traditional virus
- It is the first in-the-wild malware to install third-party applications on non-jailbroken iOS devices through enterprise provisioning
WireLurker was used to trojanize 467 OS X applications on the Maiyadi App Store, a third-party Mac application store in China. In the past six months, these 467 infected applications were downloaded over 356,104 times and may have impacted hundreds of thousands of users.