Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

do all android viruses/malware come from apps?


  • Please log in to reply
10 replies to this topic

#1 Doug02346

Doug02346

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 05 January 2013 - 02:44 PM

Hi all! Just the first of a thousand questions...what are the origins of mobile viruses and malware. I saw in another post in this forum that they all come from downloading apps. Is that true, or do they come from other places as well?


BTW, I read this really scary article from the Wall Street Journal last week about the proliferation of security threats for Androids in 2013.
http://online.wsj.com/article/SB10001424127887323277504578193833434470690.html?mod=dist_smartbrief

BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Members
  • 35,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:01:44 AM

Posted 05 January 2013 - 03:03 PM

No they don't always come from apps. Just like PC's unsafe downloads and unsafe browsing can get you infected as well with an Android device.

The scary numbers are there because of the growth of the platform. Scary shocking news sells plain and simple. Put it in the perspective of how many Android devices there are and it's not quite as shocking.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+


#3 leshibumity

leshibumity

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 16 January 2013 - 03:13 PM

I've owned Android phones for 3 years now and I never got a virus. I don't know, maybe it's all about how careful one is. If you mind your business and don't download shady apps (check user reviews first) and browse known safe sites, the probability of infection drops close to 0% (just like on your PC). I don't think there's any reason for panic...
But if you feel the need, you can always buy an antivirus solution. I've heard F-Secure is decent, but I don't use it because I'm low on RAM already :). At a quick search, I've found a list of other Android antiviruses.

#4 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,588 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:04:44 AM

Posted 16 January 2013 - 03:20 PM

But if you feel the need, you can always buy an antivirus solution.

No point paying when you can get excellent ones for free: Avast Mobile Security and Dr.Web Lite from google play store.

Edit: adding links. The first one has longer descriptions, others are reviews.
http://www.techsupportalert.com/content/best-free-antivirus-app-android.htm
http://lifehacker.com/5891576/the-best-and-worst-antivirus-apps-for-android
http://www.av-test.org/en/tests/mobile-devices/android/
http://www.pcsecuritylabs.net/

Edited by tos226, 16 January 2013 - 03:37 PM.


#5 leshibumity

leshibumity

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 16 January 2013 - 03:36 PM

Good point BleepIN--BleepOUT :) BTW, have you tried one of these (paid or free)? How much RAM do they "eat" up?

sorry, i meant tos226!

Edited by leshibumity, 16 January 2013 - 03:40 PM.


#6 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,588 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:04:44 AM

Posted 16 January 2013 - 03:48 PM

3-5 meg both, zero battery use most of the time. 1-2% battery use during a big scan.
Besides Dr.Web and Avast I only used Lookout which was also nice, but I prefer the first two.
I haven't used Avast's antitheft. Don't need it.
Contrary to Windows, it is possible to run both Dr.Web and Avast. Usually Avast will have a first shot at a downloaded file, Dr.Web follows. Both run inside Dalvik VM. Both do real time scanning besides just installations from the play store. Dr.Web catches AirPush and logs better. Avast, if you're rooted has an application firewall and tons of great displays in GUI. I can't recall what I didn't like about Lookout, but know few people who like it much.
Did you catch my edit above with links to some, not most recent, reviews?

Edited by tos226, 16 January 2013 - 03:50 PM.


#7 leshibumity

leshibumity

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 16 January 2013 - 03:54 PM

Yeah, I got the edit, thanks! I don't know, I'll probably install one for a quick test, but I always like to keep my phone light on RAM consumption :) If it's really 3-5 megs, than it's all good, that's not much at all...

#8 ksmeet

ksmeet

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 25 January 2013 - 08:52 AM

Good and very important questions Doug02346

Viruses/malware is very big issue

Thanks

#9 Zen Seeker

Zen Seeker

  • Members
  • 695 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:44 AM

Posted 25 January 2013 - 08:38 PM

Like most OSes they are only as safe as you treat them.

Android has had one or two bad apples that made it to the google market but then so did iphone/apple.

As an Android user I found I didn't like the way Google was sending home data from my phone 24/7, like iphones, so I removed everything Google and locked it down with some great security apps. I don't use the Google market any longer and still get all the same apps from either open source markets, XDA, or other places I trust. But I always scan for viruses, upload an app to Virus Total to scan, and open the package to see if it looks like it's okay.

Now that my logs don't show any unexpected network activity or strange connections I'm enjoying my phone and use it more like a pocket PC.

#10 James Litten

James Litten

    Ԁǝǝ˥q


  • BC Advisor
  • 1,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:04:44 AM

Posted 25 January 2013 - 09:55 PM

It seems to me that there are two main flavors of malware for Android and they both come from downloading apps that they are bundled into. They are removed by removing the app.

SMS hijackers that piggyback onto other applications or appear to be popular apps but usually give an error when you try to run it (though newer ones have been reported to kind of get around that). Then they secretly send SMS messages to services that you get billed for while hiding all of that activity from you. The malware owner gets a commission for the (fraudulent) transaction. There are a lot of different flavors of this but basically they are like the old PC malware that would have your modem silently dial paid services in the middle of the night like sex chat lines and again the owner of the malware gets a commission and the victim gets an extra charge on the phone bill.

Adware. Lots of companies are trying to make junk that behave like browser helper objects on PCs that push ads to you and get paid for ad impressions shown and clicks. These are also bundled with apps and keep getting more creative in trying to hide from you so you don't know which app you need to uninstall.

A lot of creative social engineering goes into trying to get users to allow the apps to have the permissions needed to perform this naughtiness. That means you don't have to be an idiot to be tricked into installing one of these.

These are obvious things that are quickly tracked down and fixed. You notice extra charges on your bill. You notice ads popping up. The services used for fraudulent charges stop paying commissions to the bad guys or are shut down by law enforcement/phone companies. Apps become available that quickly tell you where ads are coming from so you can remove the offending app.
The part that scares me is that I fear a more insidious storm brewing. Specifically, the creation of botnets using Android devices. They may be quite valuable on the black market. What for? I'm not really sure yet. DDOS? Spam? I can think of other even scarier purposes.

I'm sure we'll see things ramp up in 2013.
James

#11 Zen Seeker

Zen Seeker

  • Members
  • 695 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:44 AM

Posted 28 January 2013 - 10:30 AM

These are obvious things that are quickly tracked down and fixed. You notice extra charges on your bill. You notice ads popping up. The services used for fraudulent charges stop paying commissions to the bad guys or are shut down by law enforcement/phone companies. Apps become available that quickly tell you where ads are coming from so you can remove the offending app.
The part that scares me is that I fear a more insidious storm brewing. Specifically, the creation of botnets using Android devices. They may be quite valuable on the black market. What for? I'm not really sure yet. DDOS? Spam? I can think of other even scarier purposes.

I'm sure we'll see things ramp up in 2013.
James


The smart TV is a new worry as well. After scanning and checking out the new options sure they are cool but at what cost? The TV wants to phone home very often as well as at startup. My phone apps scanned the TV and found major holes in the security as well as outdated open-source apps in use. And when I block the WAN from the TV so only the LAN is open most of the features fail to work even though the WAN shouldn't be required.

To top it off I've already heard of a security hole a company found and did a video hack on for these smart TVs. Is collecting our data and personal info so important that risking law suites over poorly secured devices is now possible worth it? I see class actions with 100s of users going after manufacturers due to this type of issue. Like faulty parts causing issues on cars.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users