Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Android OS APPs Spread Malware


  • Please log in to reply
10 replies to this topic

#1 buddy215

buddy215

  • BC Advisor
  • 12,885 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:59 AM

Posted 26 February 2011 - 09:06 AM

Android Spyware Distributed By Third Party Online Marketplaces::Brought to you by TechWeb

.......The latest malware reflects the growing number of Trojans, spyware, and other malicious applications targeting smartphones running Google's Android operating system. SW.SecurePhone is primarily distributed in the U.S. through third-party online marketplaces. Once installed, the app runs in the background, monitoring phone activity and saving collected data on the SD card. Captured data includes messages, call log, location of the phone, recorded sounds around the phone, and pictures,........

.............Android apps are more vulnerable to malware implants because Google allows the apps to be offered by third-party app stores, which may not monitor submissions closely. By comparison, Apple takes a walled garden approach by vetting all apps before publishing them on its App Store...................

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


BC AdBot (Login to Remove)

 


#2 Baltboy

Baltboy

    Bleepin' Flame Head


  • BC Advisor
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:02:59 AM

Posted 26 February 2011 - 09:39 AM

That is why the first app I downloaded was AVG for Android. No mobile platform is safe without some form of Antivirus to scan incoming apps, messages, ect. Any company/person that thinks they are is in for a seriously abrupt awakening.
Get your facts first, then you can distort them as you please.
Mark Twain

#3 doctorwho737

doctorwho737

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 01 March 2011 - 12:33 AM

I have an Android phone right now and was wondering what a good AV app is?

I have Lookout installed currently.

#4 buddy215

buddy215
  • Topic Starter

  • BC Advisor
  • 12,885 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:59 AM

Posted 01 March 2011 - 08:17 AM

Good question. Since the user would need to actually install the malware infected APP, the best way to avoid
the malware is to not willy nilly choose an APP to install from the web.
Don't unlock the system. Read what changes the APP will make and how it will interact with other APPs.
Scan the APP before installing. That isn't a 100% guarantee either as newer malware may not be detected.

Good discussion in the link below from less than a year ago. Be sure to read the comments there as well.
Should You Be Worried about Malware on Your Android Phone? - Tested
Here is one comment from codemunki: "Android also supports native C/C++ code via the Java Native Interface (JNI). That code is not sandboxed. It is only limited in access to what a normal (non-root) user can do, which is a lot. If you unlock your Android phone, it can do even more under certain circumstances.

I highly recommend that you DO NOT unlock your Android phone. I've spent the last 6-8 months doing security-focused graduate research projects on the Android platform. When unlocked, and Android phone is essentially a rooted Linux box. It is very dangerous.

IMO, the best way to do AV on the Android platform is to have it built into the OS by either Google or, as a value-added service, by HTC and other manufacturers. Or they could contract with an AV vendor to build into the platform. AV apps running inside of the Dalvik VM cannot be effective. It has to be running either as a daemon or in the kernel to be even remotely worthwhile.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 buddy215

buddy215
  • Topic Starter

  • BC Advisor
  • 12,885 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:59 AM

Posted 01 March 2011 - 08:26 AM

EDIT: There is this, too. Android Market's Web Store: Convenient, With a Risk of Malware - PCWorld .....So if someone gains access to a user's Google account, the user might not notice when that person installs a bunch of software that can, say, send and receive text messages or transmit contact lists.

To be clear, malware purveyors are powerless without the Google account name and password associated with a phone. And if you're using other Google services like Docs or Gmail, you may have bigger problems if someone steals your login information. (All the more reason to pick a good password and protect it well.).......


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#6 doctorwho737

doctorwho737

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 01 March 2011 - 09:01 PM

Great info, thanks a lot. :)

#7 buddy215

buddy215
  • Topic Starter

  • BC Advisor
  • 12,885 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:59 AM

Posted 02 March 2011 - 06:29 PM

Google Removes Malicious Android Apps -- InformationWeek

More than 50 apps in the Android Market have been identified as malicious, prompting Google to take steps to remove them.

By Thomas Claburn , InformationWeek
March 2, 2011 02:29 PM Google on Wednesday confirmed that it has removed a number of Android apps from its Android Market for policy violations but declined to say how many apps it had removed.

The Android Market Developer Program Policies forbid the distribution of malicious software. Nonetheless, mobile security firm Lookout has identified over 50 apps in the Android Market infected with malware.......



.......This latest outbreak has affected the official Google Android Market. Symantec estimates that the infected apps have been downloaded between 50,000 and 200,000 times........

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:03:59 AM

Posted 03 March 2011 - 09:05 AM

Symantec estimates that the infected apps have been downloaded between 50,000 and 200,000 times.....

Posted Image

All the more reason to pick a good password and protect it well


:thumbup2:

Thanks for posting this!

#9 cybermonkey

cybermonkey

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 04 March 2011 - 01:27 AM

great stuff. More information and this really is scary as its like Windows nightmares from the past. This attack is immune of course on Gingerbread (2.3 and up) of which only 1% of the android population is running, im on froyo personally. I bought this phone less than 4 months ago (droid 2) and its obsolete? Why because you have all these vendors (motorola, htc) modifying the OS along with providers, (T, verizon) taking forever to implement them. So even if Google patches this (in this case) it will take months/years/eons to get it deployed assuming you dont get a new phone after your 2 year contract. This has to be centralized asap. Fine i understand u want to push your new phones, your new os, latest and greatest but if you're a security risk especially at the kernel level, forget about it people will walk. Who do you complain to here?
Also remember that unlike the draconian rules of the iphone market, it only costs 25 bucks to register as a developer, a small price to pay for a malware developer!
The other thing that really ticks me off about this whole thing, is I use chrome at home, and the bloody thing is constantly setting off firewall alerts and warnings since it has to be updated every hour on the hour, but heaven forbid they update the crappy little browser on my droid. Even in the market chrome isnt available. Why is this relevant, well there's a story on the android police blog that there are websites that can essentially pull off a driveby download and screw the phone from the website. I mean what is it going to come to running a no script enabled firefox on android? I can only imagine the fun of that. I think the google guys are way smart but sometimes I dont think engineers get real peoples problems.
Heads up to the person about the email policy, they have rolled out 2 factor authentication that wasnt that hard to set up. Basically u can link the phone to your email, and each time you log on to a new computer its works almost like a vpn token. (something you know *your password, something you have (registration code). sorry for the tirade.

#10 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:03:59 AM

Posted 06 March 2011 - 03:30 PM

Update on Android Market Security http://googlemobile.blogspot.com/2011/03/update-on-android-market-security.html

On Tuesday evening, the Android team was made aware of a number of malicious applications published to Android Market. Within minutes of becoming aware, we identified and removed the malicious applications. The applications took advantage of known vulnerabilities which don't affect Android versions 2.2.2 or higher. For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device). But given the nature of the exploits, the attacker(s) could access other data, which is why we've taken a number of steps to protect those who downloaded a malicious application:

  • We removed the malicious applications from Android Market, suspended the associated developer accounts, and contacted law enforcement about the attack.
  • We are remotely removing the malicious applications from affected devices. This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications.
  • We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices. If your device has been affected, you will receive an email from android-market-support@google.com over the next 72 hours. You will also receive a notification on your device that "Android Market Security Tool March 2011" has been installed. You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.
  • We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.
For more details, please visit the Android Market Help Center. We always encourage you to check the list of permissions when installing an application from Android Market. Security is a priority for the Android team, and we're committed to building new safeguards to help prevent these kinds of attacks from happening in the future.


Edited by Union_Thug, 06 March 2011 - 03:32 PM.


#11 buddy215

buddy215
  • Topic Starter

  • BC Advisor
  • 12,885 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:59 AM

Posted 10 March 2011 - 06:23 PM

Symantec Finds Fake Google Security Tool::Brought to you by TechWeb
By Antone Gonsalves
Read the Original Article at InformationWeek

........Security company Symantec discovered Wednesday the imitation of the malware-removal tool called Android Market Security Tool, which Google released last week. Symantec found the repackaged version on China-based, third-party markets that are not sanctioned by Google. "What we're seeing is fairly clever malware writers riding the wake of the wave of the publicity from the malware removal tool," Joe Chen, director of engineering of Symantec's Security Response unit, said in an interview Thursday.

The application appeared to be able to send text messages from the phone..........

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users