backtop


Print 25 comment(s) - last by YashBudini.. on Aug 11 at 10:53 PM


A new piece of Android malware is nothing to LOL about... it texts its way to some big profits, leaving you with the bill.  (Source: Impact Lab)
1. Write Android virus 2. Infect people ... 3. Profit?

Google is increasingly concerned about malware apps cropping up in its Android OS.  It recently executed remote kill of an app for the first time due to concerns that it was malware.  More recently at the Black Hat security conference, concerns were raised when it was shown that a series of wallpaper apps were sending users' SIM card number, subscriber identification, and voicemail passwords to a Chinese server.

Now Google has been hit with its first full-fledged trojan malware.  The trojan is known as SMS.AndroidOS.FakePlayer.a and disguises itself as a harmless media player application.  Users who install the 13 KB file, which comes with the default .APK extension their phone is essentially "infected".

The installed trojan app launches and begins sending SMS texts to premium numbers, slowly texting its way to profit -- and big bills for infected users.

The new malware is the first such trojan -- a program masquerading as a innocent program that bears malicious purposes -- to see mass distribution to Android phones.  There have been a handful of malware app written for Android since 2009 -- including some that could be classified as trojans.  However, many of these were written by security researchers, and none of them saw mass distribution.

Denis Maslennikov, Mobile Research Group Manager at Kaspersky Lab, "The IT market research and analysis organization IDC has noted that those selling devices running Android are experiencing the highest growth in sales among smartphone manufacturers. As a result, we can expect to see a corresponding rise in the amount of malware targeting that platform.  Kaspersky Lab is actively developing technologies and solutions to protect this operating system and plans to release Kaspersky Mobile Security for Android in early 2011."

Fortunately, unlike the more insidious handiwork of its PC brethren, the FakePlayer.a trojan is easily avoided if you just are careful not to authorize the installation of untrusted apps.  Further, even after the install is started, you have to grant the app access to phone features, which includes premium SMS texts.  The danger here is that many people just blindly click through these permissions dialogs, but if you exercise caution the threat can be averted here as well.

In related news, a Chinese advocacy group contacted us about the wallpaper app claiming that it was not malware as some felt the Black Hat researchers inferred.  They claim that this story was blown out of proportion due to nationalistic sentiments towards China.  They did not however, offer any explanation as to why the app was taking people's voice mail passwords.

Charles Liu, a Chinese-American Community Activist from Seattle, Wash. writes:

[N]ote your article is inaccurate, that the Android wallpaper app being malicious was mis-reporting by Venture Beat, which they have corrected.

Also the wallpaper app has been declare safe by Google and reinstated in Market.

The truth is no data were ever stolen; only phone info for personalization feature were collected with user approval.

This story was overblown from the getgo, predicated on some rather stereotype "China FUD". I mean are all servers in China inherently evil?

A quick glance at the VentureBeat piece does show that they have added a line that security researchers at Lookout haven't yet detected malicious behavior.  Yet the overall conclusions remain the same and it still makes the app sound suspicious -- particularly its ability to send your voicemail password to China -- which seemingly has nothing to do with its base functionality.  Google apparently agreed as it suspended multiple apps over the incident, though some indeed appear to be reapproved (though they may have been modified before the reapproval).



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: wallpaper
By wallijonn on 8/10/2010 2:44:26 PM , Rating: 2
quote:
Why should a media player need to collect any information from the users phone and send it out?
quote:


You're kidding, right?

Since it's a media player it first wants to know if all your files are legit. If not then the RIAA and DCMA are informed - which will cause the lawyers to forth at the mouth, the FBI SWAT team is put on standby, the helicopters start circling your house... If they are legit then the licenses must be backed up. Since it uses DRM it'll want to send back all your hardware versions and serial numbers, all your software license numbers, how many times you've downloaded, loaded into memory, played and uploaded every single song your listen to. Etc. Can't have you accessing those servers which carry "questionable" material, after all - all the cracker sites that have uploaded movies, etc.

quote:
Why should any app anywhere need to collect anything about anyone other than what it needs to run?


Gotta make sure you're not a terrorist?, not a drug smuggler?, not a drug dealer, not a coyote?, paying your child support?, not a wife abuser?, not a bank robber?, not doing insider trading?, not selling corporate secrets?, not cheating on the husband?, not a pedophile?, ...

To the right people, all information, all data is worth money. Otherwise, why have browsers with Super Cookies, with cookies that never expire, history, cache, temp files that aren't automatically deleted when the app closes? When you're on the Internet everyone wants to know where everyone is going and what they're doing. They call it "Marketing"... The crooks, on the other hand just want your money - any way they can get it. And if it means installing an app that says that you're infected with a virus and you must send $29.99 to some place on the other side of the planet, well...

Think about it - if your phone plan has unlimited time on it - wouldn't that information be worth a lot to crooks? If somehow they can get your SIM code, your password...


"If you look at the last five years, if you look at what major innovations have occurred in computing technology, every single one of them came from AMD. Not a single innovation came from Intel." -- AMD CEO Hector Ruiz in 2007














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki