BLOG

 

Coordinated Disclosure of Vulnerabilities in McAfee Security Android 4.8.0.370

Researchers of MRG Effitas have tested McAfee’s popular Android AV application and found issues, which might undermine the verndor’s effort to improve the security posture of the user’s device. Details can be found in the following document. https://www.mrg-effitas.com/wp-content/uploads/2017/08/McAfee_v102.pdf

read more
 

Coordinated Disclosure of Vulnerabilities in AVG Antivirus Free Android AV

Researchers of MRG Effitas performed a security assessment on the AVG Antivirus Free Android AV software. We found issues, which might affect the overall security posture of the AV software and the device itself. Details can be found in our report. https://www.mrg-effitas.com/wp-content/uploads/2017/08/AVG_v103.pdf

read more
 

Coordinated Disclosure of Vulnerabilities in KASPERSKY INTERNET SECURITY Android Antivirus

Researchers of MRG Effitas performed an assessment of security posture within Kaspersky Internet Security Android antivirus software. We found implementation details, which might undermine the Vendor’s efforts to improve the overall security level of an Android device. Details can be found in the following document.  https://www.mrg-effitas.com/wp-content/uploads/2017/08/Kaspersky_v102.pdf

read more
 

Current state of malicious Powershell script blocking

tldr; The current state of malicious Powershell script blocking is bad, very bad. There is room for improvement … Only two products (among the tested ones) can protect against an obfuscated malicious Powershell stealing the passwords and hashes from memory: AVG/Avast Antivirus and Hitmanpro.Alert Beta/Sophos Intercept X. Update 2017-08-10: Latest KIS2017 blocks the attacks as well. Introduction When I watched this great presentation from Will Schroeder (@harmj0y) it made me thinking. How about doing a quick and dirty Powershell test. For this exercise, I choose Invoke-Mimikatz. Mimikatz (Benjamin Delpy – @gentilkiwi) is the gold standard when it comes to lateral …

read more
 

Webroot SecureAnywhere Android AV coordinated disclosure

Researchers of MRG Effitas tested the Webroot SecureAnywhere Android application. During use, we came across implementation details, which might undermine the Vendor’s efforts to provide a comprehensive mobile security solution with the potential to aid users in case of encounters with malware.   Testing covered the following application version. Application name       Webroot SecureAnywhere Store URL                    https://play.google.com/store/apps/details?id=com.webroot.security Version                        4.1.0.8032   We considered the situation and opted for a coordinated disclosure approach to aid the Vendor in their efforts. In accordance with industry standards, we disclose the issues based on Google’s 90-day policy. As a result, after a 90-day plus a …

read more
 

Limitations of Android AntiVirus Scanners

Recently, MRG Effitas have been involved in a test of Android based AV products. Having completed the test process, we realised that the general approach of malware on Windows cannot be applied to mobile based samples, as the general considerations fundamentally differ. Furthermore, most Android based AV vendors started their work offering desktop AV solutions to customers, and many times the same approach is applied on both fields – which, we’ll see, often leads to controversial consequences. AV is “just another app” Most of the issues we found fundamentally originate from the fact that the AV is usually just another …

read more
 

EternalRomance vs Internet Security Suites and nextgen protections

This blog post is an auxiliary post to our Eternalblue test. If you have not read that, please read it, and go back when it is done. So here we are again, with #NotPetya. According to Microsoft, #NotPetya spreads via 4 ways. MeDoc auto update (initial infection) EternalBlue exploit EternalRomance exploit Credential stealing (multiple methods) This post will only focus on EternalRomance. To refer to the EternalBlue infection vector, check our previous post. To protect against credential stealing, you should either use latest Windows where lsass runs as a protected process. Or use different local admin passwords on different machines. …

read more
 

ETERNALBLUE vs Internet Security Suites and nextgen protections

Due to the recent #wannacry ransomware events, we initiated a quick test in our lab. Most vendors claim to protect against the WannaDecrypt ransomware, and some even claims they protect against ETERNALBLUE exploit (MS17-010). Unfortunately, our tests shows otherwise. Warning: We only tested the exploit and the backdoor, but not the payload (Wannacry)! We don’t want to disclose our test results until a fair amount of time is given to vendors to patch their product, but meanwhile we feel that we have to inform the public about the risks. The following 3 5 6 products protected the system against the ETERNALBLUE …

read more
 

MRG Effitas Comparative assessment of Data protection/backup products

This report provides an independent comparative assessment of a group of data protection (a.k.a backup) products: Focus on ransomware protection – 10 ransomware family tested Performance tests Usability test 8 data protection product tested Download report

read more
 

Our partners