Madrid
Products and Services PRODUCTS & SERVICES

SophosLabs researchers speaking at Virus Bulletin conference

Talks will explore threats to the Windows and Android operating systems
Written by
September 29, 2017
Malware Products & Services Threat Research Android SophosLabs Virus Bulletin Webview Windows Intruder

Next week is the Virus Bulletin conference in Madrid, and two of our own will be giving talks.

Gabor “Szapi” Szappanos, a researcher in our Budapest lab, will present “When worlds collide – the story of Office exploit builders” Friday at 10 a.m. local time in the Green Room at Novotel Madrid Center hotel.

Szapi has focused a lot on the topic. Examples of his research include a paper on exploits targeting the CVE-2017-0199 vulnerability, the AKBuilder kit, and Operation Pony Express.

He describes his talk this way on the Virus Bulletin conference website:

The APT and cybercrime worlds traditionally use different tools and distribute different malware families. The information flow is usually strictly one directional: the cybercrime groups snatch ideas and exploits from the APT groups. But there have been a handful of cases when the direction was just the opposite, and the presentation will cover the more interesting ones.

Specifically, he’ll spend time talking about Microsoft Word Intruder, Ancalog and AKBuilder.

Rowland Yu, a researcher in our Sydney lab who specializes in analysis of Android malware, will present “Webview is far more than a ‘view‘”.  He describes his talk this way on the website:

Android’s Webview, as described by Google, is a view that enables Android apps to display web content. Today, it is far more than a just ‘view’: using a Webview allows developers to utilize advanced web technologies such as CSS, iframe and JavaScript to build apps. In this way, Webview not only changes the landscape of the web but also weakens the web’s security infrastructure.

By exploiting Webview with a dynamic URL, he says, malicious apps can bypass the Google Bouncer scanner as well as the AV detection. It also lets attackers load different pages without having to update the apps. Injected JavaScript code in a Webview allows malicious apps to steal sensitive and confidential information and control apps without users interaction.

He’ll give several examples of the problem, and ways we can better defend ourselves from the threat.

His talk will be in the Green Room Thursday, 9 a.m. local time.

About the Author

Read Similar Articles

Leave a Reply

Your email address will not be published. Required fields are marked *