Print 25 comment(s) - last by YashBudini.. on Aug 11 at 10:53 PM

A new piece of Android malware is nothing to LOL about... it texts its way to some big profits, leaving you with the bill.  (Source: Impact Lab)
1. Write Android virus 2. Infect people ... 3. Profit?

Google is increasingly concerned about malware apps cropping up in its Android OS.  It recently executed remote kill of an app for the first time due to concerns that it was malware.  More recently at the Black Hat security conference, concerns were raised when it was shown that a series of wallpaper apps were sending users' SIM card number, subscriber identification, and voicemail passwords to a Chinese server.

Now Google has been hit with its first full-fledged trojan malware.  The trojan is known as SMS.AndroidOS.FakePlayer.a and disguises itself as a harmless media player application.  Users who install the 13 KB file, which comes with the default .APK extension their phone is essentially "infected".

The installed trojan app launches and begins sending SMS texts to premium numbers, slowly texting its way to profit -- and big bills for infected users.

The new malware is the first such trojan -- a program masquerading as a innocent program that bears malicious purposes -- to see mass distribution to Android phones.  There have been a handful of malware app written for Android since 2009 -- including some that could be classified as trojans.  However, many of these were written by security researchers, and none of them saw mass distribution.

Denis Maslennikov, Mobile Research Group Manager at Kaspersky Lab, "The IT market research and analysis organization IDC has noted that those selling devices running Android are experiencing the highest growth in sales among smartphone manufacturers. As a result, we can expect to see a corresponding rise in the amount of malware targeting that platform.  Kaspersky Lab is actively developing technologies and solutions to protect this operating system and plans to release Kaspersky Mobile Security for Android in early 2011."

Fortunately, unlike the more insidious handiwork of its PC brethren, the FakePlayer.a trojan is easily avoided if you just are careful not to authorize the installation of untrusted apps.  Further, even after the install is started, you have to grant the app access to phone features, which includes premium SMS texts.  The danger here is that many people just blindly click through these permissions dialogs, but if you exercise caution the threat can be averted here as well.

In related news, a Chinese advocacy group contacted us about the wallpaper app claiming that it was not malware as some felt the Black Hat researchers inferred.  They claim that this story was blown out of proportion due to nationalistic sentiments towards China.  They did not however, offer any explanation as to why the app was taking people's voice mail passwords.

Charles Liu, a Chinese-American Community Activist from Seattle, Wash. writes:

[N]ote your article is inaccurate, that the Android wallpaper app being malicious was mis-reporting by Venture Beat, which they have corrected.

Also the wallpaper app has been declare safe by Google and reinstated in Market.

The truth is no data were ever stolen; only phone info for personalization feature were collected with user approval.

This story was overblown from the getgo, predicated on some rather stereotype "China FUD". I mean are all servers in China inherently evil?

A quick glance at the VentureBeat piece does show that they have added a line that security researchers at Lookout haven't yet detected malicious behavior.  Yet the overall conclusions remain the same and it still makes the app sound suspicious -- particularly its ability to send your voicemail password to China -- which seemingly has nothing to do with its base functionality.  Google apparently agreed as it suspended multiple apps over the incident, though some indeed appear to be reapproved (though they may have been modified before the reapproval).

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By Tony Swash on 8/10/2010 10:07:30 PM , Rating: 2
if a 15 year old boy was able to sneak a tethering app on the app store I'm sure someone will be able to sneak a trojan onto the app store, it's only a matter of time.

Also don't get me started on Apple's security record on the iPhone. Apple till this day can't seem to figure out how to close the gaping hole that allows people to jailbreak their iPhone.

I prefer hypothetical trojans to real ones.

The Apple App store and Android App Market each have their own pros and cons but it is fairly obvious that a system that vets apps for malicious code before they are made publicly available is inherently more secure than one that does not.

Apple's bet was that the public, after a decade and half of endless scary malicious crap on the Windows platform, was ready for a curated system that offered palpably more security (not perfect security - just a lot more security).

The huge success of the Apple App store seems to indicate that Apple were correct to make that bet. Of course there will people who want a more open, but probably less secure, system. That's why having the iPhone and Android offerings in the market at the same time is good. Choice is good.

"This is from the It's a science website." -- Rush Limbaugh

Latest Headlines
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
The Samsung Galaxy S7
September 14, 2016, 6:00 AM
Apple Watch 2 – Coming September 7th
September 3, 2016, 6:30 AM
Apple says “See you on the 7th.”
September 1, 2016, 6:30 AM

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
Snapchat’s New Sunglasses are a Spectacle – No Pun Intended
September 24, 2016, 9:02 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki