1

I am looking to find a report that lists malware campaigns launched against Open Source Software (OSS) and/or Android OS. Ideally, this report would have been published in 2014.

I am trying to understand what threat actors and exploiting what vulnerabilities in OSS and Android OS.

user3373370
  • 11
  • 1
  • 1
    I'd recommend looking for CVEs relating to Android, then searching for malware associated with those CVEs http://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/Google-Android.html – thexacre Jun 22 '15 at 00:09
  • Agree with thexacre: get all CVE's from 2014. But what do you mean by "malware campaign"? – schroeder Jun 22 '15 at 06:28
  • When vulnerabilities are identified, on occasion, threat actors operationalize them and attack a great number of target machines in the style of a campaign. Some examples are: Dyre Wolf, Turla, and others. On occasion, security research studies will put out threat intelligence reporting that lists the name of the malware campaign, the CVE associated with their campaign, the method of exploitation, and other factors. While I have seen this for Linux equipment, Windows machines, and other systems - I have yet to find it for Android. – user3373370 Jun 22 '15 at 14:34
  • I read through the "off topic" section in the help center and am not understanding how this is off topic as it specifically addresses the "risk management" category. Is all threat intelligence information sharing out of scope? Guidance would be appreciated as I would like to become a more regular contributor to this exchange. – user3373370 Jun 22 '15 at 23:08

0 Answers0