Malware Pilfers Mobile Data Backups

Thursday, December 10, 2015 @ 05:12 PM gHale

There is malware out there that steals local mobile data backups and uploads them to a server under the attacker’s control, researchers said.

This data does not end up taken from mobile devices, but from computers where users create backups for their phones, or where software solutions create automatic backups of their phones whenever they connect it to their computer, said researchers at Palo Alto Networks.

Breaches, Botnets Bring Hike in Cybercrime
Automating Cyber Attacks
Endpoint Security Remains a Concern
Connected ‘Things’ Continues to Grow

Because most mobile backup tools don’t employ encryption, this data can end up broken into to allow attackers access to sensitive information within minutes.

The technique does not require the malware to have higher-level privileges or root access to the device or the infected computer.

Palo Alto Networks said six Trojan families use this technique, the company previously detected 704 samples where the technique, called BackStab, came into play.

BackStab is not a newly discovered technique, Palo Alto Networks reported ion five-year-old samples that have been found in computers spread across 30 countries.

The Trojans that use BackStab can steal backup data from Mac and Windows infected computers, and can only discover and exfiltrate iOS and BlackBerry backup files, Palo Alto researchers said. Apparently, there’s no support for Android backups.

As a result, researchers suggest users should use a backup solution that supports encryption, always update to the latest version of their mobile OS, use an antivirus product, and do not click “Trust” on the popup that appears every time they connect their phone to a new computer.

Palo Alto Networks wrote a white paper offering more details on BackStab.