Stealth Mango Proves Malware Success Doesnt Require Advanced Tech

  /     /     /  
Publicated : 23/11/2024   Category : security


Stealth Mango Proves Malware Success Doesnt Require Advanced Tech


At Black Hat USA, a pair of researchers will show how unsophisticated software can still be part of a successful surveillance campaign.



Reports on new strains of malware and dissection of its operation are common at security conferences. Less common: Full end-to-end reports of the malware, the infrastructure underneath it, and the organization behind it. But on Aug. 9, thats what Lookouts Andrew Blaich and Michael Flossman will present at Black Hat USA.
Our presentation is covering a targeted surveillance campaign where we identified an Android tool called Stealth Mango being deployed in targeted attacks, as well as a related iOS tool that was identified as being created by the same developers, says Flossman, head of Lookouts threat intelligence services. While we do focus primarily on the Android tool and the information that the actors behind that tool were able to steal, we also dive into the background information around the group that was responsible for its development and creation.
Stealth Mango and the related iOS software, Tangelo, are surveillanceware that is based on technology developers use for their more common offerings in spouseware. The capabilities are really similar between [Stealth Mango and], for example, a spouseware tool — an application that is something that you would deploy on your significant others phone or desktop to keep tabs on them, Flossman says. Basically what weve found in a lot of our investigations is that the kind of people that would deploy spouseware are interested in the same kinds of information that a nation-state would be interested in.
(See Blaich and Flossmans Black Hat USA talk on August 9,
Stealth Mango and the Prevalence of Mobile Surveillanceware
)
The two researchers werent necessarily looking for Stealth Mango when it showed up in the research. We were just looking for interesting cases of surveillanceware, and as we were working in-depth and started to examine the malware and look at more about the servers it was talking to, we really discovered what we had on our hands there, says Blaich, security researcher and head of device intelligence at Lookout.
And what they had was a campaign that was successful despite its lack of cutting-edge technology or technique.
Were quite certain that it was created specifically for this customer, Flossman says. So in that regard, its like a bespoke solution — though one built almost entirely from off-the-rack parts.
Its quite standard, and nothing really stands out, Flossman says. What I would say is interesting is the overall context around its use: the actors deploying it, but also just how much success theyve had with this tool despite what might be taken as a lack of sophistication.
That success offers an economics lesson to other threat actors. It really shows that sometimes you dont need a very complex or expensive solution to achieve your goals, Blaich says.
A good way of thinking about this is that if you purchased
Pegasus
and it came with a bunch of zero-day exploits, youd be quite cautious in how you deploy them. Youd make sure that they never would fall into the hands of researchers because basically, if that happened, youd be burning a zero-day investment which these days is well over $100,000, Flossman says. Comparatively, an attack like [Stealth Mango] is something that would cost several thousand dollars, max.
Those several thousands dollars in this case would be spent with a group that Blaich and Flossman say has been behind earlier attacks against the Indian military, including
Operation C Major
and
Operation Transparent Tribe
. In the current Stealth Mango campaign, theyre covering their bases by using both their surveillanceware and commodity Trojans like
Crimson RAT
.
Flossman says that the groups Trojan use isnt new, but, like the surveillanceware, it is evolving. If we look at the mobile malware they used in [C Major and Transparent Tribe], it was even less sophisticated than what we saw now, so theyve evolved that tool and have worked on building it out, he says. And we can see theyre getting a fair bit of value from the mobile side of things now.
[As a whole], this ties back into providing really good insight into exactly what adversaries in the mobile space need to do in order to be effective, Flossman adds. Its a lot lower than what we often expect.
Related Content:
New Android Smartphones in Developing Markets Sold With Pre-installed Malware
10 Tips for More Secure Mobile Devices
Modern Cybersecurity Demands a Different Corporate Mindset
APT Attacks on Mobile Rapidly Emerging
 
 
 
Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the
conference
 and
to register.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Stealth Mango Proves Malware Success Doesnt Require Advanced Tech