backtop


Print 25 comment(s) - last by YashBudini.. on Aug 11 at 10:53 PM


A new piece of Android malware is nothing to LOL about... it texts its way to some big profits, leaving you with the bill.  (Source: Impact Lab)
1. Write Android virus 2. Infect people ... 3. Profit?

Google is increasingly concerned about malware apps cropping up in its Android OS.  It recently executed remote kill of an app for the first time due to concerns that it was malware.  More recently at the Black Hat security conference, concerns were raised when it was shown that a series of wallpaper apps were sending users' SIM card number, subscriber identification, and voicemail passwords to a Chinese server.

Now Google has been hit with its first full-fledged trojan malware.  The trojan is known as SMS.AndroidOS.FakePlayer.a and disguises itself as a harmless media player application.  Users who install the 13 KB file, which comes with the default .APK extension their phone is essentially "infected".

The installed trojan app launches and begins sending SMS texts to premium numbers, slowly texting its way to profit -- and big bills for infected users.

The new malware is the first such trojan -- a program masquerading as a innocent program that bears malicious purposes -- to see mass distribution to Android phones.  There have been a handful of malware app written for Android since 2009 -- including some that could be classified as trojans.  However, many of these were written by security researchers, and none of them saw mass distribution.

Denis Maslennikov, Mobile Research Group Manager at Kaspersky Lab, "The IT market research and analysis organization IDC has noted that those selling devices running Android are experiencing the highest growth in sales among smartphone manufacturers. As a result, we can expect to see a corresponding rise in the amount of malware targeting that platform.  Kaspersky Lab is actively developing technologies and solutions to protect this operating system and plans to release Kaspersky Mobile Security for Android in early 2011."

Fortunately, unlike the more insidious handiwork of its PC brethren, the FakePlayer.a trojan is easily avoided if you just are careful not to authorize the installation of untrusted apps.  Further, even after the install is started, you have to grant the app access to phone features, which includes premium SMS texts.  The danger here is that many people just blindly click through these permissions dialogs, but if you exercise caution the threat can be averted here as well.

In related news, a Chinese advocacy group contacted us about the wallpaper app claiming that it was not malware as some felt the Black Hat researchers inferred.  They claim that this story was blown out of proportion due to nationalistic sentiments towards China.  They did not however, offer any explanation as to why the app was taking people's voice mail passwords.

Charles Liu, a Chinese-American Community Activist from Seattle, Wash. writes:

[N]ote your article is inaccurate, that the Android wallpaper app being malicious was mis-reporting by Venture Beat, which they have corrected.

Also the wallpaper app has been declare safe by Google and reinstated in Market.

The truth is no data were ever stolen; only phone info for personalization feature were collected with user approval.

This story was overblown from the getgo, predicated on some rather stereotype "China FUD". I mean are all servers in China inherently evil?

A quick glance at the VentureBeat piece does show that they have added a line that security researchers at Lookout haven't yet detected malicious behavior.  Yet the overall conclusions remain the same and it still makes the app sound suspicious -- particularly its ability to send your voicemail password to China -- which seemingly has nothing to do with its base functionality.  Google apparently agreed as it suspended multiple apps over the incident, though some indeed appear to be reapproved (though they may have been modified before the reapproval).



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Let me ask...
By kontorotsui on 8/10/2010 3:50:34 PM , Rating: 3
Android OS gives to any installed application a direct access to calls and SMS subroutines?
Who's the idiot who wrote that?




RE: Let me ask...
By Chocobollz on 8/10/2010 4:23:02 PM , Rating: 2
Apparently an idiot who is smarter than you! :p


RE: Let me ask...
By Souka on 8/11/2010 2:35:09 AM , Rating: 2
But you have to allow 3rd party apps...

otherwise how can you install Mikandi?

(if you dont' know what Mikandi is, you're probably under 10yrs old and/or female)

**posted from my DroidX**


RE: Let me ask...
By tehbrosta on 8/10/2010 9:47:58 PM , Rating: 3
No idiot.

When you install an application a permissions page (list of modules that app has access too) prompts the user. You see exactly what the application has access too. If you don't like it, don't install it.


RE: Let me ask...
By Bioniccrackmonk on 8/11/2010 12:08:01 AM , Rating: 2
User idiot.


RE: Let me ask...
By kontorotsui on 8/11/2010 4:08:44 AM , Rating: 2
Then the user is an idiot.


iPhone
By damianrobertjones on 8/10/2010 11:54:45 AM , Rating: 3
Why oh why aren't there more Viri for the iPhone? It has a massive installed user base, with all manner of people from tech guys to plebs and yet, not a lot is going on?

Maybe Apple has sweat shops around the world, all coding viruses for MS platforms and now Android?




RE: iPhone
By tech4tac on 8/10/2010 12:43:19 PM , Rating: 4
Why oh why would you need a virus when you can remotely take complete control over someone's iPhone with the old SMS vulnerability or the new, still unpatched, PDF vulnerability in Safari for ALL iPhones.

In case you didn't know, all the vulnerability that have lead to jailbreaks are critical, show-stopping vulnerability that allow execution of arbitrary code (payload runs code to preform the jailbreak).


RE: iPhone
By EricMartello on 8/10/10, Rating: -1
RE: iPhone
By SSDMaster on 8/11/2010 12:56:45 PM , Rating: 2
I think you tried to defend the Android platform, even though he wasn't attacking it. And somehow you associated him with an iPhone user, when he was explaining how the iPhone platform is more vulnerable.


RE: iPhone
By xti on 8/11/2010 3:14:03 PM , Rating: 2
no reason that iPhone is even brought up into discussion here...but the internet geeks love to hate on trendy stuff.


RE: iPhone
By EricMartello on 8/11/2010 6:09:40 PM , Rating: 1
quote:
no reason that iPhone is even brought up into discussion here...but the internet geeks love to hate on trendy stuff.


Hmm...iphone is the next largest "mobile platform" next to android. It is a relevant comparison. Why WOULDN'T you compare the two? Personally I don't care much for either...I like my blackberry.


RE: iPhone
By EricMartello on 8/11/2010 6:07:47 PM , Rating: 1
With that level of assumption and general cluelessness you'd be an excellent "modern" scientist.


wallpaper
By DrApop on 8/10/2010 1:23:16 PM , Rating: 2
Why should a wallpaper app need to collect anything about anyone less send that information out to someone else?

Why should a media player need to collect any information from the users phone and send it out?

Why should any app anywhere need to collect anything about anyone other than what it needs to run?




RE: wallpaper
By wallijonn on 8/10/2010 2:44:26 PM , Rating: 2
quote:
Why should a media player need to collect any information from the users phone and send it out?
quote:


You're kidding, right?

Since it's a media player it first wants to know if all your files are legit. If not then the RIAA and DCMA are informed - which will cause the lawyers to forth at the mouth, the FBI SWAT team is put on standby, the helicopters start circling your house... If they are legit then the licenses must be backed up. Since it uses DRM it'll want to send back all your hardware versions and serial numbers, all your software license numbers, how many times you've downloaded, loaded into memory, played and uploaded every single song your listen to. Etc. Can't have you accessing those servers which carry "questionable" material, after all - all the cracker sites that have uploaded movies, etc.

quote:
Why should any app anywhere need to collect anything about anyone other than what it needs to run?


Gotta make sure you're not a terrorist?, not a drug smuggler?, not a drug dealer, not a coyote?, paying your child support?, not a wife abuser?, not a bank robber?, not doing insider trading?, not selling corporate secrets?, not cheating on the husband?, not a pedophile?, ...

To the right people, all information, all data is worth money. Otherwise, why have browsers with Super Cookies, with cookies that never expire, history, cache, temp files that aren't automatically deleted when the app closes? When you're on the Internet everyone wants to know where everyone is going and what they're doing. They call it "Marketing"... The crooks, on the other hand just want your money - any way they can get it. And if it means installing an app that says that you're infected with a virus and you must send $29.99 to some place on the other side of the planet, well...

Think about it - if your phone plan has unlimited time on it - wouldn't that information be worth a lot to crooks? If somehow they can get your SIM code, your password...


answer
By mcnabney on 8/10/2010 9:57:55 AM , Rating: 3
quote:
This story was overblown from the getgo, predicated on some rather stereotype "China FUD". I mean are all servers in China inherently evil?


Inherently evil, no. Inherently out of the reach of US Courts and Laws, yes.

Chinese servers fall into the same category as the fabled Nigerian Prince. Any information or money that is acquired through this methodology isn't ever going to be returned and will most likely be used for nefarious purposes.




RE: answer
By Chocobollz on 8/10/10, Rating: -1
Wallpaper App
By DiscipleOfKane on 8/10/2010 10:15:47 AM , Rating: 2
As far as the wallpaper app goes yes it was overblown probably anti china influenced hysteria.
It would be pretty suspicious if it send a voicemail password, so lucky the app doesn't do that.
The voicemail password was one of several things including text messages and browsing history that venture beat said the app sent which they got completely wrong.
Google agrees the app is harmless which is why they unsuspended it over a week ago as venturebeat also reported
http://mobile.venturebeat.com/2010/08/04/google-an...

Google android developers also did a blog post about how developers could create a more secure application by creating a unique id on the phone using the information gathered and then transmit the id instead of the raw data.




Almost forgot
By YashBudini on 8/11/10, Rating: 0
Ahhhh the beauty of your "Open" app store /sarcasm
By msheredy on 8/10/10, Rating: -1
By mlambert on 8/10/2010 11:34:35 AM , Rating: 2
quote:
the FakePlayer.a trojan is easily avoided if you just are careful not to authorize the installation of untrusted apps


Nice try nerd!


By phatboye on 8/10/2010 11:49:16 AM , Rating: 4
http://gizmodo.com/5592521/how-a-guy-tricked-apple...

if a 15 year old boy was able to sneak a tethering app on the app store I'm sure someone will be able to sneak a trojan onto the app store, it's only a matter of time.

Also don't get me started on Apple's security record on the iPhone. Apple till this day can't seem to figure out how to close the gaping hole that allows people to jailbreak their iPhone.


By phatboye on 8/10/2010 11:53:36 AM , Rating: 2
oops I didn't see that sarcasm tag. I feel dumb.


By Tony Swash on 8/10/2010 10:07:30 PM , Rating: 2
quote:
if a 15 year old boy was able to sneak a tethering app on the app store I'm sure someone will be able to sneak a trojan onto the app store, it's only a matter of time.

Also don't get me started on Apple's security record on the iPhone. Apple till this day can't seem to figure out how to close the gaping hole that allows people to jailbreak their iPhone.


I prefer hypothetical trojans to real ones.

The Apple App store and Android App Market each have their own pros and cons but it is fairly obvious that a system that vets apps for malicious code before they are made publicly available is inherently more secure than one that does not.

Apple's bet was that the public, after a decade and half of endless scary malicious crap on the Windows platform, was ready for a curated system that offered palpably more security (not perfect security - just a lot more security).

The huge success of the Apple App store seems to indicate that Apple were correct to make that bet. Of course there will people who want a more open, but probably less secure, system. That's why having the iPhone and Android offerings in the market at the same time is good. Choice is good.


Google lifted the suspension
By sciwizam on 8/10/10, Rating: -1
"Spreading the rumors, it's very easy because the people who write about Apple want that story, and you can claim its credible because you spoke to someone at Apple." -- Investment guru Jim Cramer














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki