行业报告 | Android平台战场:2019年上半年安全事件总结分析

基于2019年上半年国内外各安全研究机构、安全厂商披露的Android平台相关威胁活动的公开资料,结合奇安信威胁情报中心红雨滴团队(RedDripTeam,@RedDrip7)的深入挖掘与跟踪,在本报告中总结一下国内外部分重大Android平台安全事件,使我们对Android平台的威胁图景有个初步的了解。

STOLEN PENCIL Campaign Targets Academia

ASERT has learned of an APT campaign, possibly originating from DPRK, we are calling STOLEN PENCIL that is targeting academic institutions since at least May 2018. The ultimate motivation behind the attacks is unclear, but the threat actors are adept at scavenging for credentials. Targets are sent spear phishing e-mails that lead them to a web site displaying a lure document and are immediately prompted to install a malicious Google Chrome extension. Once gaining a foothold, the threat actors use off-the-shelf tools to ensure persistence, including Remote Desktop Protocol (RDP) to maintain access.