Author: Carlos Castillo

Carlos Castillo Carlos Castillo is a mobile malware researcher at McAfee, where he specializes in the analysis of mobile threats and Android malware. Castillo performs static and dynamic analysis of suspicious applications to support McAfee’s Mobile Security for Android product. He is the author of the McAfee-published white paper, "Android Malware Past, Present, and Future,” and wrote the “Hacking Android" section of the book, "Hacking Exposed 7: Network Security Secrets & Solutions.” As a recognized mobile malware researcher, Castillo has presented at several security industry events, including 8.8 Computer Security Conference and Segurinfo, a leading information security conference in South America. Prior to his position at McAfee, Castillo performed security compliance audits for the Superintendencia Financiera of Colombia, and worked at security startup Easy Solutions Inc., where he conducted penetration tests on web applications, helped shut down phishing and malicious websites, supported security and network appliances, performed functional software testing, and assisted in research and development related to anti-electronic fraud. Castillo joined the world of malware research when he won ESET Latin America’s Best Antivirus Research contest with a paper titled, “Sexy View: The Beginning of Mobile Botnets.” Castillo holds a degree in systems engineering from the Universidad Javeriana in Bogotá, Colombia.

In the first half of 2016 we noticed that Android banking Trojans had started to improve their phishing overlays on legitimate financial apps to ask for more information. Victims were requested to provide “Mother’s Maiden Name,” “Father’s Middle Name,” “Maternal Grandmothers Name,” or a “Memorable Word.” Attackers used that data to respond to security questions and obtain […]

Intel Security Mobile Research recently found an active phishing campaign targeting iOS users via SMS messages. The message tells users that their Apple accounts have been temporarily locked to trick them into accessing a phishing site and steal the real Apple credentials. Here is an example of an SMS message from this campaign: The message pretends to be […]

Pokémon GO is a new mobile game that allows fans to “catch” Pokemons in the real world using augmented reality and their smartphones capabilities such as location technology and built-in cameras. The game was released on July 6 on both the Apple App Store and Google Play but only in Australia, New Zealand, and one day […]

Since the discovery of the Android banking Trojan SpyLocker, Intel Security has closely monitored this threat. SpyLocker first appeared disguised as Adobe Flash Player and targeted customers of banks in Australia, New Zealand, and Turkey. Recently we have found that the distribution method for this malware has changed. In addition to employing malicious websites that […]

Advertising is one of the primary methods to generate money from mobile devices. Ads can be displayed in the browser when you visit a specific website or can appear in free apps. In the case of mobile apps, the developer must select a theme that attracts many users to increase revenues. There is probably no […]