Trusted Design

Space Coast Credit Union SCCU Mobile for Android and iPhone fails to properly validate SSL certificates

概要

Overview Space Coast Credit Union SCCU Mobile for Android, version 2.1.0.1104 and earlier, and for iOS, version 2.2 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. Description CWE-295: Improper Certificate Validation - CVE-2017-3212 SCCU Mobile is a banking application. On both Android and iOS devices, the app fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Acer Portal app for Android does not properly validate SSL certificates (score: 0.65)
Android banking malware masquerades as Flash Player (score: 0.53)
Banking Trojan infected dozens of Android apps worldwide (score: 0.50)
Android banking trojan as Flash Player and bypasses 2FA (score: 0.50)
Android Trojan GM Bot is evolving and targeting more than 50 banks worldwide (score: 0.49)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 3.62

Matched TTPs:

T1114 - Email Collection

MITREへのリンク →

Silent Librarian

Score: 3.62

Matched TTPs:

T1114 - Email Collection

MITREへのリンク →

Magic Hound

Score: 7.24

Matched TTPs:

T1114 - Email Collection
T1036.010 - Masquerade Account Name

MITREへのリンク →

Scattered Spider

Score: 3.62

Matched TTPs:

T1114 - Email Collection

MITREへのリンク →

APT28

Score: 9.08

Matched TTPs:

T1557.004 - Evil Twin
T1498 - Network Denial of Service

MITREへのリンク →

APT29

Score: 11.74

Matched TTPs:

T1649 - Steal or Forge Authentication Certificates
T1090.004 - Domain Fronting
T1078.003 - Local Accounts

MITREへのリンク →

APT37

Score: 4.13

Matched TTPs:

T1036.001 - Invalid Code Signature

MITREへのリンク →

Windshift

Score: 4.13

Matched TTPs:

T1036.001 - Invalid Code Signature

MITREへのリンク →

OilRig

Score: 3.62

Matched TTPs:

T1555.004 - Windows Credential Manager

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1555.004 - Windows Credential Manager

MITREへのリンク →

Turla

Score: 8.88

Matched TTPs:

T1555.004 - Windows Credential Manager
T1124 - System Time Discovery
T1078.003 - Local Accounts

MITREへのリンク →

Wizard Spider

Score: 3.62

Matched TTPs:

T1555.004 - Windows Credential Manager

MITREへのリンク →

Storm-1811

Score: 3.62

Matched TTPs:

T1036.010 - Masquerade Account Name

MITREへのリンク →

Dragonfly

Score: 3.62

Matched TTPs:

T1036.010 - Masquerade Account Name

MITREへのリンク →

APT3

Score: 3.62

Matched TTPs:

T1036.010 - Masquerade Account Name

MITREへのリンク →

Contagious Interview

Score: 4.54

Matched TTPs:

T1547.013 - XDG Autostart Entries

MITREへのリンク →

FIN7

Score: 5.26

Matched TTPs:

T1124 - System Time Discovery
T1078.003 - Local Accounts

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT29

Score: 0.75

Matched TTPs:

T1649 - Steal or Forge Authentication Certificates
T1090.004 - Domain Fronting
T1078.003 - Local Accounts

MITREへのリンク →

APT28

Score: 0.59

Matched TTPs:

T1498 - Network Denial of Service
T1557.004 - Evil Twin

MITREへのリンク →

Turla

Score: 0.57

Matched TTPs:

T1555.004 - Windows Credential Manager
T1124 - System Time Discovery
T1078.003 - Local Accounts

MITREへのリンク →

Related CVEs

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る