Apple's $19bn tax bill; ATM theft malware; Twitter-controlled Android botnet

The European Commission has ordered Ireland to recover 13 billion euro (more than AU$19 billion) in unpaid tax — plus interest — from Apple.

Following an investigation that was launched in June 2014, the European Commission this week concluded that Ireland had granted undue tax benefits of up to 13 billion euro to Apple.

In a statement posted on the European Commission’s website, Commissioner Margrethe Vestager said: “The Commission’s investigation concluded that Ireland granted illegal tax benefits to Apple, which enabled it to pay substantially less tax than other businesses over many years. In fact, this selective treatment allowed Apple to pay an effective corporate tax rate of 1 per cent on its European profits in 2003 down to 0.005 per cent in 2014.”

The European Commission said in the statement that “Ireland must now recover the unpaid taxes in Ireland from Apple for the years 2003 to 2014 of up to €13 billion, plus interest.”

According to a Fairfax report, Ireland said it doesn’t want to take the money, because it’s worried that doing so would hurt long-term investment in the country.

Ireland’s finance minister reportedly said he intends to seek approval from his government to appeal the European Commission’s ruling.

In a message posted on Apple’s website, the company’s CEO, Tim Cook, said: “The [European Commission’s] opinion issued on August 30th alleges that Ireland gave Apple a special deal on our taxes. This claim has no basis in fact or in law. We never asked for, nor did we receive, any special deals. We now find ourselves in the unusual position of being ordered to retroactively pay additional taxes to a government that says we don’t owe them any more than we’ve already paid.

“Beyond the obvious targeting of Apple, the most profound and harmful effect of this ruling will be on investment and job creation in Europe. Using the Commission’s theory, every company in Ireland and across Europe is suddenly at risk of being subjected to taxes under laws that never existed.”

ATM malware

Cybersecurity vendor FireEye has detailed ATM malware that the company says may have been used in the theft of 12 million baht (approximately AU$461,000) from ATMs in Thailand.

“On Aug. 23, 2016, FireEye detected a potentially new ATM malware sample that used some interesting techniques not seen before. To add more fuel to an existing fire, the sample was uploaded to VirusTotal from an IP address in Thailand a couple of minutes before the Bangkok Post newspaper reported the theft of 12 million baht from ATMs at banks in Thailand,” Daniel Regalado wrote in a post on FireEye’s blog.

FireEye Labs has dubbed the ATM malware ‘RIPPER’.

In the post, Regalado details various characteristics of the RIPPER malware, and describes indicators that “strongly suggest” that RIPPER is the malware that was used to steal from the ATMs in Thailand.

“Through open sources, we’ve identified a family of malware that may have been used in recent ATM robberies and which bears some similarities to known families of malware. This malware family can be used to compromise multiple vendor platforms and leverages uncommon technology to access physical devices,” Regalado wrote.

Android botnet

Security vendor ESET has discovered what it says is the first Twitter-controlled Android botnet.

The vendor detailed the discovery in an entry on its welivesecurity blog.

According to the blog entry, the botnet makes use of Android malware called ‘Twitoor’, a backdoor that’s capable of downloading other malware onto an infected device.

Twitoor can’t be found on any official Android app store, the blog entry said.

“[I]t probably spreads by SMS or via malicious URLs. It impersonates a porn player app or MMS application but without having their functionality,” the blog entry said.

Twitoor hides its presence on the infected device and checks a defined Twitter account at regular intervals for commands. “Based on received commands, it can either download malicious apps or switch the C&C [command-and-control] Twitter account to another one,” the blog entry said.

Image courtesy European Union.