News briefs: Android malware and massive retail breaches


» After news broke that Target was hit by a major breach, a number of other retailers began alerting customers about potential data compromises. In late January, upscale retailer Neiman Marcus revealed that malware on its payment systems may have compromised 1.1 million customer card accounts, and that around 2,400 payment cards had already been used fraudulently as a result of the incident. Just days after Neiman Marcus' announcement, Michaels Stores, an arts and crafts store chain, notified customers via a carefully worded letter that it “may have experienced a data security attack” on its systems, as well, impacting payment card data. Michaels CEO said that federal law enforcement were investigating the incident.

» Researchers discovered that more than a million Android mobile devices worldwide were infected with a hard-to-remove bootkit trojan, detected as Android.Oldboot.1.origin. As of January 24, the malware had infected around 350,000 devices, but that figure quickly tripled in a week's time. The bootkit malware is said to be insidious, because even if some parts of the malware are wiped from the device, a certain element will still remain in the system's memory and will reinstall every time the device is rebooted – creating a cycle of infection.

» Due to a theft of unencrypted laptops at Coca-Cola, around 74,000 current and former employees at the company may be at risk of identity theft. Sensitive information that was on the laptops included names and Social Security numbers of around 18,000 individuals, while an additional 56,000 people had personal information exposed in the incident. Other data, like addresses, financial compensation and ethnicity of victims, was also reported compromised. Coca-Cola learned on December 10 that personal data was stored on the laptops, which were eventually recovered. The company also revealed that the stolen laptops had not been encrypted, as they should have been in accordance with company policy.

» Analysts warned that ransomware, comparable to CryptoLocker, was in danger of hitting the black market soon. The malware, called Prison Locker and Power Locker on underground forums, is designed to lock users out of their computers until they pay a ransom. The malware's author advertised in December that Prison Locker would use a “practically unbreakable encryption” process to keep users' files hostage, which included BlowFish and RSA algorithms.

» An Indiana-based hotel management company, White Lodging Services, announced that it was investigating a suspected breach of its point-of-sale (POS) systems. As a result, White Lodging revealed that customer data could have been accessed. The POS compromise took place between March 20 and Dec. 16, 2013, and impacted people who visited Marriott, Holiday Inn, Sheraton, Westin, Renaissance and Radisson hotels in several states.

» Researchers have discovered a new Android malware family that disguises itself as a security app, and intercepts the incoming texts and calls of victims as part of a surveillance campaign. In late January, Hitesh Dharmdasani, a malware researcher at FireEye, revealed that six variants of the Android malware, dubbed “HeHe,” have been detected by the firm. It was believed that the free app most likely infected users via third-party app marketplaces or through SMS spam. HeHe malware also collected other phone data to send the information to an attacker-operated server. While all SMS messages were intercepted by attackers, victims' incoming calls were disconnected selectively by the malware, the firm noted.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.