Windseeker – A Malicious App

A malicious app dubbed Windseeker has been detected by security experts at Lacoon Mobile Security that utilizes a rare injection in hooking techniques to spy on the users. It is one of those dangerous Android apps which have drawn the attention of experts at the Lacoon Mobile security and the main features of the app are its injection and techniques to spy on mobile users. The techniques are very rare in mobile ecosystem wherein Windseeker operated on rooted Android devices enables attackers to probe on popular instant messaging apps in China, WeChat and QQ.

Lacoon noticed Windseeker in third party app marketplace though an attacker would need physical access to the device to get installed and to register the app. In a recent interview with SC Magazine, Avi Bashan, CISO at Lacoon Mobile Security states that the app’s injection and hooking techniques are a focal point of the threat wherein the techniques has two sections.

The first being the injection that occur on the native file which uses ptrace procedure and is also used to inject a second file to target instant messaging app while in the second section, the injected native file loads a java file which enables to monitor the activity of the messaging app through the API hooking.

Threat – Cause for Worry

This discovery is a cause for worry and Bashan explains that these types of treat could be utilized in spying data of any kind of application. In his blog he has also mentioned about the threat that it was `important to understand that this type of threat could be implemented anywhere’. Bashan further states that `hooking over an API code would mean that each time the app calls to the API, instead of going directly to the system, the data is intercepted by the attacker and when it is on the device, it is called “hooking” and when it is over the network it is known as a man-in-the-middle attack which PC malware has been doing it for years. Bashan has also highlighted in his blog post that the hooking techniques does not seem to be a common attack method in the mobile field.

How Does the Windseeker Functions

Initially the Windseeker checks if the device is rooted since it is essential for the app to run and if rooted, it performs the following process:

• Creates a process monitoring thread which is used to identify if IM apps such as WeChat or QQ are active. 
• Request the user to register with its management server through SMS 
• It injects a malicious code which in fact is the hooking process that enables the Windseeker to spy on WeChat and QQ 
• It directs the monitored data back to the threat actor’s controlled server where the details from the IM chat could be viewed conveniently from a web interface.

The target gets the opportunity of viewing the Windseeker app that is installed but will be unaware of its capabilities of monitoring their instant messaging chats. According to Bashan, till now commercial mobile surveillance apps sought an app’s data through a file system or a memory dump and the hooking techniques indicates a new step in the evolution of threat in mobile resembling the way PC based malware evolved all through the years.

Steps to be taken for Protection - 

• Avoid rooting the device since it exposes the device to these kinds of threats. 
• Avoid installing application from unreliable application marketplaces or unknown sources. 
• Ensure to review your list of installed applications frequently to see if there is anything that is unfamiliar.

Computer virus can be spread in the air to hack any computer!

Computer development is progressing at breakneck speed. Scientists have developed a prototype virus capable of transmitting data without requiring a network connection! This virus can in fact move in the air using inaudible sound frequencies. It is explained in detail.

As incredible as it may seem, scientists have invented a new concept of computer virus: A virus capable of traveling through the air. This invention is a team of German researchers based at the Institute for Communication work, information processing and Fraunhofer. The prototype requires only a microphone and integrated speakers to work.

Thus, they were able to travel information such as passwords or small amounts of data over distances of about 20 meters. Scientists explain in their paper and they described how the concept of air holes can be considered obsolete now that laptops quite common can communicate with each other through their speakers and internal microphone and can even form a kind of network noise ‘secret’. Hidden on this network, information can travel through multiple hops infected nodes, which means that they are interconnected so completely isolated networks and systems.

 " The sound frequency of which is very close to high frequencies and that of ultrasound is used borrowed from research to transmit data. all acoustic underwater! This allowed his team to transmit data between two laptops Lenovo T400 type simply using their integrated (micro and speakers) sound equipment. The data were thus transmitted at 20 bits per second, which is a fairly high speed to recover passwords, they explain.


“This small bandwidth may actually enable the transfer of critical information.” So far, the transmission of data from one computer to another required the presence of a network. Now, viruses and hackers can use this technique to transmit information while going completely unnoticed! It makes us shudder to realize that ... Would you ever imagine that could spread through the air and infect your computer virus?