Over the last month, many smartphone users in Taiwan received an SMS message concerning personal privacy. The message entitled "You were shot by paparazzi!" and contains a URL, such as hxxp://199.101.117.21/index.php, to download a malicious APK. AegisLab has analyzed the characteristic of the APK and released the malware signature to our customer at the first time. The […]

Follow

AegisLab discovers that many forged Facebook's notices, essentially phishing mails, have been spread. The adversary employed the trick of the social engineering to perform this kind of attacks. It is difficult to distinguish whether the notices are true or not since the contents and the format of the notices are similar to the official ones. […]

Follow

Recently, Bluebox Security announced there is a vulnerability in Android that allows a crack to modify APK code and bypass the APK certificate mechanism. The vulnerability is named Master Keys Vulnerability and will be released by Bluebox Security at Black Hat USA 2013. (http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/) After AegisLab analysis, some of Sony and Samsung using Android 4.2 […]

Follow

AegisLab found a malicious URL：hxxp://update-critical.com，it would detect your browser and redirect you to the fake browser updating website respectively! We discovered there are three types of these fake browser updating websites! AegisLab also found the similar case before：『 安全通報2013-01-03: SEO汙染,瀏覽器更新請注意!! 』，it's not a new trick! Moreover，hackers add instructions and following steps in these fake browser updating websites! IE：hxxp://update-critical.com → hxxp://update-critical.com/ie/ie.html → hxxp://update-critical.com/ie/IEUpdate.exe   […]

Follow