How can I protect myself?
\nDevice manufacturers and wireless service providers need to provide a security update that would fully protect your device from vulnerabilities like Certifi-gate. Until an update is received, Check Point recommends taking several steps to mitigate the risk:
What other solutions are available to help mitigate these risks?
\nAlso announced Thursday was Check Point Mobile Threat Prevention, an innovative mobile security solution enterprises can use to battle today’s mobile threat environment effectively, including new and previously unknown threats like Certifi-gate. The solution delivers a complete platform for stopping mobile threats on iOS and Android, and delivers real-time threat intelligence into an organization’s existing security and mobility infrastructures for even greater visibility.
Learn more about Mobile Threat Prevention at http://www.checkpoint.com/mobilesecurity.\n
How can I learn more about Certifi-gate?
\nThe Check Point mobile threat research team has compiled a report that includes a detailed analysis of Certifi-gate, how it works, and how you can protect your data. Click here to download the report.
Check Point Researchers have recently discovered a crypto-mining script running through Morfix, the popular Hebrew to English online dictionary, without its users’ knowledge or permission.\n
Check Point researchers notified Morfix, who immediately removed the third party code from their website.\n
With a global Alexa ranking of 17,852 and as high as 65 within Israel (as of Dec’ 17), Morfix is used heavily throughout Israel and worldwide. it can be confidently considered that the crypto-miner injected to Morfix’s website had reached tens, if not hundreds, of thousands of users.\n
As reported by Check Point Researchers earlier this year, online miners is a growing trend amongst websites. We now see a different example of this trend, as an ad network takes advantage of the publisher’s website, and its users.\n
How It Works\n
The carrier website initially runs a script that scouts out whether a user has an ad-blocker implemented. Upon finding such an ad-blocker a second script is run that covertly utlizes the user’s CPU power to mine the Monero crypto-currency in the background instead.\n
The script which checks for the presence of an ad-blocker\n
The hidden instance that redirects to the crypto-miner\n
Granted, the CPU usage level climbed to nearly 50% when browsing to Morfix by the time it mined Monero over our labs, compared to approximately 1.2% on other browser tabs.\n
A CPU usage of 50% may not sound too high, however, when used in combination with other heavy CPU instances (such as online gaming), this extensive oppression of the computational resources usually leads to a dismal user experience while browsing the Internet, and eventually may clog the CPU and crash the browser.\n
The CPU level rises to almost 50% in the tab running the crypto-miner\n
Alexa rank for ‘morfix\\.co\\.il’\n
Our research indicates that in this case, it is the Monero coin that is being mined by the script and that it has vast similarities with the original Cryptonight, the framework used to mine Monero crypto-coin.\n
Although it is not illegal to not inform of the mining, it would certainly be considered unethical to some users as usage of a crypto-miner can damage browser performance.\n
For more information and our full report into the bitcoins and cryptocurrencies, please download our guide “Cryptocurrencies: How Safe are They?”\n
Indicators of Compromise