Threat Database Malware SECUREUPDATE


By CagedTech in Malware

The SECUREUPDATE threat is a Trojan downloader, which is programmed to target Android devices. Malware researchers speculate that this threat may be a creation of the infamous Two-Tailed Scorpion hacking group. They are known to operate in the Middle East mainly and are likely to have ties to the terrorist group Hamas. Most of their targets are in Israel and Palestine. They have many hacking tools in their arsenal some of which may be the VAMP Android Trojan, the GnatSpy Android Trojan, the KASPERAGENT Trojan, and the MICROPSIA malware. More often than not, the campaigns of this APT (Advanced Persistent Threat) are motivated politically and aim to further the interests of Hamas in the area.

Propagation Method

The name of the SECUREUPDATE Trojan is derived from the propagation method employed in the spreading of this threat. The authors of the SECUREUPDATE Trojan have made it look like legitimate security update and have used various social engineering techniques to pressure the user into installing the bogus software update. There is some irony in ending up with malware on your system when you think you are installing security update. Once the SECUREUPDATE Trojan is installed on your Android device, it will request several permissions. This usually fails to raise enough red flags for many users as most applications ask for various permissions once they are installed.

Scheduled Attack and Collected Login Credentials

Unlike many Trojans, which will await a command from the attackers directly, the SECUREUPDATE Trojan will use Android's 'Calendar' to provide itself with sort of a 'reminder' to begin the download of the secondary payload. Many users do not change their username and passwords when registering for new services and websites because it is much easier to remember one username and one password. However, this puts them at great risk, and ill-minded actors like the creators of the SECUREUPDATE Trojan will attempt to exploit this. The SECUREUPDATE Trojan will try to trick the victim into registering for a bogus service, and if they fall for it, they will likely put in the same login credentials, which they use for other accounts, and the attackers will collect them.

Be very cautious of what applications you allow on your Android device. Also, you should look into installing a legitimate anti-virus application, which will keep your device safe from pests like the SECUREUPDATE Trojan.

Related Posts


Most Viewed