Posts Tagged Trojan
According to Kaspersky, the “most sophisticated” trojan ever seen on smartphones is infecting Android phones now. The trojan known as Backdoor.AndroidOS.Obad.a reportedly gets into your phone and can spread malware through Bluetooth, perform remote commands through console, hits up premium-rate SMS numbers and puts even more malware on your phone.
While all this is happening, it is hidden by code obfuscation which is making it difficult for even Kaspersky’s finest to find and beat it. This is all possible due to new vulnerabilities in Android, and allows the trojan to work in the background, giving itself Administrator rights and then disappearing.
Pretty scary stuff, but Kaspersky believes the situation isn’t too dire as the trojan made up only 0.15% of all infection installation attempts. Perhaps worryingly though, the trojan itself is akin more to Windows malware due to its complexity and exploitation of unpublished vulnerabilities. Hope this one gets solved before it gets any more widespread.
Are you scared by this Android trojan, or of malware in general? Let us know how you feel about it in the comments.
China, known to be the home of smartphones, is now facing a dilemma caused by the malware that seeks to gain access to user’s SMS payment system.
More than half a million of smartphone users in China have been affected with a new virus that has a capability of making unauthorized payments through the Android app market. This is according to the evaluation from a security company.
The virus named ‘Trojan!SMSZombie’, was identified last August 8. The virus is rapidly growing in apps located in GFan which is known to be one of China’s brilliant app stores, and believed that more than 500,000 users are currently infected. TrustGo managed to contact Gfan, and surprisingly, the apps are still available and active for downloading.
Six weeks ago, TrustGo, an anti-virus specialist, managed to determine a highly developed malware that has a capability of making payments, gaining access to bank/card information as well as previous payment and bill history. TrustGo said that the virus is hiding in different wallpaper applications with intriguing pictures and teasing titles. Such application will then ask to install more files presumably associated with the said application, but the truth is it downloads and executes a payload known as the “Android System Service.” This step is hard to cancel. When the user clicks the “cancel” button, the page will just reload instead.
Knowing that majority in China make payments through SMS, it is anticipated that accessing the messages will enable the malware’s creator to obtain bank and card account information.
Users that have been infected by Trojan!SMSZombie virus were instructed by TrustGo to visit http://www.trustgo.com/en/smszombie-eliminate, where the information for removing the malware is provided.
There had been updates made by the company to its apps that handle the virus automatically. The added app is expected and set to be released before the month ends.
CEO of TrustGo Li said, “By waiting to deliver malicious code until after installation, this virus is difficult to detect. Sophisticated malware like this highlights the fact that the openness of the Android platform is a double-edged sword. Users are able to access an amazing breadth and variety of apps, but must take precautions to ensure the apps they want have not been compromised by hackers.”
The malware which infected more than 500,000 devices rapidly for just a month is truly threatening. Added that the malware is difficult to recognize, one must be very careful in downloading applications on their cellphones.
Android device sales continue to surge in China, with over 683 million subscribers. A large market like that attracts a lot of attention, some good and some bad. An example of bad attention came to light with the discovery of a new malware/virus infecting over 500,000 owners of Android devices. TrustGo, an anti-virus specialist company, identified the malware on July 25th and it has since been dubbed Trojan!SMSZombie.
According to TrustGo, the malware code is initially contained within apps for wallpaper. After being downloaded, the infected app will ask a user to download an additional file to complete installation. This additional file, called “Android System Service” is really the payload. The malware/virus then uses some trickery to force the user to grant it administrator privileges. Once those are granted, the application implements a variety of measures to prevent a user from uninstalling the application. Meanwhile, the malware accesses a phone’s SMS functions and can then intercept bank/card information and the user’s purchase/transaction history. In addition, the malware can start to make payments. Thus far, the payments have been small, frequently tied to online gaming platforms, in an effort to avoid attention.
According to sources, the infected wallpaper apps are distributed through China’s extensive network of independent app stores. These app stores exist due to Google’s limited presence in China and the need for sources for apps. It is believed the primary source for this infection was the GFan store, one of China’s more popular sites.
TrustGo indicates they have tools available for users to remove the malware/virus. Others should use this as a reminder to be careful with what you download and install to your Android powered device.
source: The Next Web
You could call it technological baptism of sorts… just not the kind Apple would want. A Russian scam app known as Find and Call managed to hit the App Store and create havoc for those who dared a download, making it the first non-experimental malware to hit iOS without first needing a jailbreak. As Kaspersky found out, it wasn’t just scamware, but a trojan: the title would swipe the contacts after asking permission, send them to a remote server behind the scenes and text spam the daylights out of any phone number in that list. Thankfully, Apple has already yanked the app quickly and explained to The Loop that the app was pulled for violating App Store policies. We’d still like to know just why the app got there in the first place, but we’d also caution against delighting in any schadenfreude if you’re of the Android persuasion. The app snuck through to Google Play as well, and Kaspersky is keen to remind us that Android trojans are “nothing new;” the real solution to malware is to watch out for fishy-looking apps, no matter what platform you’re using.
Spam-happy iOS trojan slips into App Store, gets pulled in rapid fashion originally appeared on Engadget on Thu, 05 Jul 2012 17:29:00 EDT. Please see our terms for use of feeds.
It’s interesting to watch the security landscape unfold on a new platform like Android, in a macabre sort of way. On the one hand we have newfangled attacks that use relatively modern ways of stealing money or information, like phony text message trojans. On the other we’ve got old-school malware that spreads through modified versions of popular software. Now there’s a new trick up malicious programmers’ sleeves, though it’s only new to Android: spreading malware through infected websites.
Lookout Mobile has identified the “NotCompatible” trojan, which hides in the iFrame architecture of some websites and waits for an Android browser to visit the site. It then downloads an innocuous APK file and installs it. At this point the malware doesn’t seem to do anything - apparently whoever’s installing the malicious code is at the testing stage right now. The number of affected sites is small at the moment.
The problem with this particular approach is that it exploits a weakness in Android’s browser itself – no amount of vigilance or care will help if you can just stumble into the wrong website. And since the flaw is a part of Android, phones and tablets will need to be updated to patch the vulnerability. Issues like this illustrate the need for quick, regular update channels for all devices – and why advanced Android users are so frustrated that they often aren’t put in place.
Heads up, hipsters: if you got Instagram anywhere but the Google Play Store, you might want to get rid of it right now. Reports of a malicious copy are coming out of Russia, stating that once users download and install the malicious app it starts sending texts to premium SMS numbers making these little Trojan making hackers plenty of cash – you’ve been warned.
Why users would opt to download Instagram from anywhere but the official market (Play Store) beats me, but people do. Once users install this malware infested copy-cat there’s no telling what all it will do. From sending out contacts, stealing personal data and more. According to Trend Micro this Insta-Trojan is pretty serious once installed.
Trend Micro claims this is a popular strategy and there are multiple similar malicious apps like Fruit Ninja, Angry Birds and many others. We still feel the same as usual here, don’t download weird apps, and only get them from trusted sources — like the Google Play Store. Don’t do anything unsafe and you’ll be just fine folks. Oh and don’t forget to check out our Five alternatives to Instagram.
- Instagram for Android finally lands in the Google Play Store
- Instagram for Android Review
- Some iPhone owners aren’t happy about Instagram for Android
- Instagram for Android racks up millions of downloads overnight
- Facebook buys Instagram for a cool billion, service to remain intact
- Instagram for Android gets 5 million downloads in one week
- Five alternatives to Instagram on Android
Angry Birds Space is a lot of fun. No, really, it justifies the hype – if you haven’t tried it yet, download the free game in the Google Play Store. But for Pete’s sake, make sure you’re using the Google Play Store: a fake app is unsurprisingly masquerading as the ultra-popular mobile game to add Android phones and tablets to its network of infected devices, remotely downloading more malicious apps and displaying ads. Security researchers at Sophos spotted the fake app in third-party app stores, but says that the official Rovio files are not affected.
Rovio mentioned the fakes on their own blog, along with the charming illustration above. Interestingly, the infected app actually contains the full version of the Angry Birds Space game. This bit of half-truth in advertising is likely to help get the fake app disseminated quickly. The extra code is hidden in a JPEG file, and can remotely download more apps and display its own ads across the phone. Due to the distributed nature of this latest infection, there’s no way to know how many phones and tablets are currently running the doppelganger app.
A more interesting question is why people are downloading the fake app in the first place. Angry Birds Space is free, after all, unless you go with the ad-free or tablet versions. And presumably legitimate copies are available from reliable third parties – heck, even the Nook Color and Nook Tablet have the game. There’s no reason that anyone, even those who can’t access the Google Play Store because of hardware or geographical location, should be bamboozled. Remember to stay vigilant, and that piracy is for suckers.
- Angry Birds Space official announcement coming March 8 on Mar 5th 2012
- Angry Birds hang with NASA astronaut for a Space physics lesson on Mar 8th 2012
- Samsung’s Galaxy Note gets 30 free Angry Birds Space levels on Mar 9th 2012
- Angry Birds Space hits Play Market on Mar 22nd 2012
- Angry Birds Space review on Mar 22nd 2012
- Angry Birds Space downloaded 10 million times in just three days on Mar 26th 2012
If you’re waiting for a wake-up call when it comes to Android malware, this might be it. Security software vendor Symantec has published a report claiming that anywhere from one to five million Android phones and tablets may be infected with the Android.Counterclank spyware. The infections spread from thirteen identified apps across three developers, some of which have already been removed from the Android Market, presumably by Google. Most were blatant copies of popular games or vaguely naughty apps.
The Android.Counterclank malware is technically a trojan: it can receive remote commands and send back personal information. It’s a serious risk for anyone who has it installed on their hardware. Exact download numbers aren’t known, but looking briefly at some of the estimated downloads in the web version of the Android Market, Symantec could very well be correct. This is the largest documented security breach for Android so far, and it doesn’t help that the apps are still available for download.
If you’ve downloaded any of the apps listed below, remove them immediately.You should also change any passwords you have stored on your Android device and check any vital accounts for illicit access.
- Counter Elite Force
- Counter Strike Ground Force
- CounterStrike Hit Enemy
- Heart Live Wallpaper
- Hit Counter Terrorist
- Stripper Touch girl
- Balloon Game
- Deal & Be Millionaire
- Wild Man
- Pretty women lingerie puzzle
- Sexy Girls Photo Game
- Sexy Girls Puzzle
- Sexy Women Puzzle
Calling this a huge problem is putting things mildly. Some of these apps have been available for months. As great a tool as the relatively open Android Market is, the continual discovery of spyware and malware in widely available apps is a black eye on the Market and Android as a whole. We await Google’s reesponse to Symantec’s findings with interest.
- Premium phone number scams and malware on the rise, says Symantec on Oct 11th 2011
- ‘Battery Upgrade’ malware shows users how to make their phone vulnerable on Oct 17th 2011
- Report: most free anti-malware apps are almost useless on Nov 11th 2011
- Google engineer and security vendors spar over Android malware threat on Nov 21st 2011
- Android.Arspam is the latest malware threat, says Symantec on Dec 30th 2011
There’s been a lot of news in the last few months about Trojans and other malware aimed at Android devices, and with millions of new phones and tablets being sold every week, that’s not likely to change any time soon. Security software vendor Symantec has identified the latest Trojan to gain a major foothold, called “Android.Arspam”. The Trojan imitates a legitimate app in the Android Market designed to aid Islamic prayers with a compass pointing towards Mecca, and has found its way onto an increasing number of Middle Eastern Android phones.
The app’s distribution method is particularly sinister: once installed, it sends out SMS links to every number in the user’s contact list, directing them to a forum. Surprisingly, it isn’t instructing users to download more copies of itself, instead displaying a tribute to Tunisian protest martyr Mohamed Bouazizi. That makes the Trojan app more like “hacktivism” than true malware, but it’s still performing actions on the user’s phone without his or her permission, and potentially racking up considerable texting charges.
The app must be downloaded from the Internet and installed via Android’s 3rd-party app function, like almost all Android malware to date. The original compass app, which can still be found in the Android Market, is unaffiliated and (as far as we know) safe. While more and more anti-virus and anti-malware products are being made available to Android users, the best way to protect yourself is still to use extreme caution when installing third-party applications. Copied or pirated apps have proven to be some of the most dangerous – don’t copy that floppy, kiddos.
During a hacking convention in Berlin conducted by Germany’s Security Research Labs, a hacker discovered a security hole within the GSM mobile network. In Mr. Karsten Nohl’s own words:
We can do it to hundreds of thousands of phones in a short timeframe. None of the networks protects users very well. Mobile network is by far the weakest part of the mobile ecosystem, even when compared to a lot attacked Android or iOS devices.
This is quite disappointing. Though many of us choose to have a tier of texting or data – nearly 100% of us have some sort of voice plan incorporated. In case you don’t know which carriers use GSM networking technology, they include AT&T, T-Mobile, the select states with Cellular One, and many others: Yes this means you guys on Big Red and The Now Network are in the clear!
To make matters worse, compromised phones would be completely under the hacker’s control. Text messages or phone calls can be carried out easily and at any time. And until GSM carriers patch the security vulnerability, subscribers are all at risk. Fortunately, it will only take some updating of outdated software. There is no timeframe advertised to the public, but I’m sure it will be first on their “To-Do” lists (if not done already). We should all thank Mr. Nohl and those at the conference for discovering this vulnerability and restoring security to the airwaves.
- QR code infects Android phones with Trojan malware on Sep 30th 2011
- Premium phone number scams and malware on the rise, says Symantec on Oct 11th 2011
- Fake Netflix app is an account-stealing Trojan on Oct 12th 2011
- ‘Battery Upgrade’ malware shows users how to make their phone vulnerable on Oct 17th 2011
- Researcher demonstrates an app taking over Android with zero permissions on Dec 20th 2011
Unfortunately, Android users need to be increasingly vigilant when it comes to non-Market apps and hacks. Nowhere is this more true than unofficial versions of the Netflix app. Security firm Symantec has documented a fake version of the video streaming app that steals users’ log in data in a nasty Trojan exploit.
Netflix recently expanded its video streaming app to all Android devices from 2.2 Froyo and above. Unfortunately, that still leaves almost 15% of Android phones and tablets out of the loop, and various custom versions of the Netflix app have been circulating to try and circumvent the limitation. There’s also the apps for formerly unsupported devices that can be found on user forums all over the Internet. With all these app versions (not to mention unsatisfied Netflix customers) floating around, it’s no surprise that an enterprising hacker has devised a new vector for password theft.
The app is a pretty good approximation of the Netflix log in screen – you can see the differences in Symantec’s illustration above. What’s even more dangerous is the fact that many people share log ins and passwords across multiple sites, making this sort of scam a minefield for identity theft. (You don’t do that, right?) Remember: if your phone uses Android 2.2 or higher, there’s no reason NOT to download Netflix from the Android Market. And as always, never download and install an APK from a source that you don’t fully trust.
The next time you see a QR code in a public place, you might want to think twice before opening up Google Goggles. According to researchers at Kaspersky, a new Trojan has been found that uses the popular barcodes to steal Android users’ hard-earned cash via a text message scam. The problem is not widespread at the moment, but the precedent highlights a disturbing trend of exploitation towards Android users.
It works like this: a hacker leaves unassuming QR codes in well-traveled areas, knowing that with the rapid expansion of Android’s market share, someone’s bound to scan it in. The code is a URL linking to a malicious website that exploits a weakness in the Android browser to install a piece of Trojan software. Once the software activates, the user’s phone sends text messages to a premium line, charging the user’s phone bill $6 each time.
One of the disadvantages of the open nature of Android is that it’s, well, open. The source code can be examined by criminals and exploited fairly easily, and when a security hole is found they take advantage of it. The best way to protect yourself from malware is to only install apps from sources you trust – it seems that this policy now extends to scanning QR codes as well. With more and more vulnerabilities being found in Android’s core software, it’s more important than ever that users stay diligent and that carriers update their phones.
A new Android trojan has surfaced that could record your telephone conversations. There has already been trojans that log the details of incoming/outgoing calls in a text file, but this is by far more advanced. It records the calls in “amr” format and saves it to the victim’s SD card.
Once installed, the infected application inserts a configuration file onto the device that specifies “remote server and parameters.” It’s automatically activated each time the vitcim makes an outgoing phone call.
The good news is that this can be avoided because you have to approve the installation of the app. You need to be looking for permissions like “record audio” and “intercept outgoing call” every time you install an app. We cannot take app permissions for granted.
I would say the majority of people are just saying yes to everything, but I want to remind our readers to read all permissions, and if something doesn’t jive, email the developer. If the developer can’t give you a decent explanation, then the app is not worthy. There are over 250,000 apps out there to choose from.
The only downside to an Open Source platform are the people that take advantage of it to ruin lives. Trojans are one the most annoying and irritating things that plague not only open sourced software but all OS’s. The latest attack on Android devices also plays by a few new rules. This Trojan can record your phone calls, store the file to your SD card and the attacker can retrieve that call when ever they want.
You can generally keep yourself safe by checking what an application wants permissions to do. For instance if a game wants to record audio, intercept outgoing calls, read phone state and identity, then this game might not be as innocent as it looks. There are other solutions available to help further protect you valuable information. you can install a mobile app version of LookOut. This is a mobile security app that can help you stay clear of trouble. Alternatively, in CM7 build, you can actually deny applications from having certain access. Although that method may prevent the app from functioning, it would prevent you from any harm.
Personally, I have nothing to hide and they would soon get board listening to me talk to my wife and friends over mundane things. I just wish i knew when it was recording so I could give them something juicy to listen too.
Mobile malware is nothing new, especially for Android users who have trained themselves to navigate the sometimes shady back alleys of the Market. The fine folks at CA Technologies came across an interesting new trojan though, that does something slightly more unnerving than max out your credit cards — it records your conversations. There’s no evidence that this has actually found its way into the wild yet, but it’s entirely possible that some nefarious developer could capture your calls and upload them to a remote server. Obviously, this wouldn’t hold much interest for your traditional cyber crook, but suspicious significant others and corporate spies could have a field day with such capabilities. All we can do is suggest you remain vigilant and maintain a healthy dose of paranoia about any apps on your phone.
New Android trojan can record phone calls, expose your embarrassing fantasy baseball talk originally appeared on Engadget on Tue, 02 Aug 2011 11:41:00 EST. Please see our terms for use of feeds.
We’ve seen quite a few Android trojans over the past few months that have done everything from mine your data to remotely accessing features of your handset, but the latest one to rear its ugly head has a new trick of its own. This one not only logs your call data, but it records entire conversations. The .AMR files are stored locally on your phones external storage, but a configuration file installed by the malware gives remote server access to the bad guys, allowing them to retrieve the recordings from your phone’s microSD card.
You will know the trojan by the excessive number of permissions it requests. If you find yourself installing an application that asks for permission to record calls you probably want to think twice before placing the potential malware on your handset.
CA Technologies discovered a new type of Android Trojan that drops a “config” file onto your device after being installed that can record phone conversations. ”ZOMG! The world is coming to an end!” Yeah, that was extreme sarcasm. You see, with no major device releases expected this week, we’ve resorted to talking about stories like [...]
Click through to continue reading…
GG Tracker is a new Trojan which has recently been discovered by the lovely people over at Lookout. If users are infected by the Trojan, they are directed to an imitation of the Android Market on their mobile, to download a free app. Once it is downloaded it unknowingly goes to work by signing you up [...]
Click through to continue reading…
Our very good friends over at Lookout Security have announced the discovery of a new piece of malware that’s harassing some Android users. GGTracker seems to be sneaking itself into a few users’ ads, and disguises itself as an Android Market installation screen. While relatively low-risk, it does have the potential to rack up some “premium SMS” charges for infected users, potentially signing you for services that charge directly to your phone bill and usually require user interaction to sign up for. It’s been sighted masquerading as a battery optimizer packaged as ‘t4t.pwower.management,’ and in a porn app packaged as ‘com.space.sexypic’ – so if you see either of those, be wary. As always, the best protection is to download Lookout Mobile Security from our apps database or from the Android Market to make sure you’re completely protected, and the premium version will give you added “Safe Browsing” security that will check all browser links for security before directing you there. (If you don’t already have Lookout Premium, but sure and use our exclusive promo code to save yourself five bucks on the purchase.)
So be wary, practice safe browser practices, and make sure you have at the very least the free version of Lookout installed on your phone. They’ll watch out for you.
Have a good, close look at the image above. That’s how the latest piece of malware will be trying to trick you into installing it — by trying to get you to believe you’re at the Android Market. The malware is called GGTracker, and it will try to sign you up for premium text messaging, leading to extra charges on your cell phone bill.
The people over at Lookout came across it, and wanted to be sure we all share the not-so-good news about how this one operates. It happens when you click a malicious in-app advertisement — your browser opens to the URL in the image, looking just like the Market, in hopes that you’ll install the fake (in this case a Battery Saver app) application. Also spotted was a version that claims to be an adult app (com.space.sexypic). After you click to install it, you’re directed to install via the download notification. For now, it doesn’t appear that this one is in the Android Market — which means it might stay around for a while.
There are three easy ways to prevent this:
- Disable sideloading completely (or use AT&T as your carrier — zing!)
- Use Lookout premium’s Safe Browsing feature
- Pay attention to what’s happening. The Android Market will never open in your browser. You’ll also never be prompted to manually download an app from the Android Market.
This may be a no-brainer to many of us, but be sure to make your not-so-Android-savvy friends and family know. This comes with the territory folks. Combine popularity with the ability to install any apps you like, and there’s bound to be an ^&$#*@! or two out there. It’s no fun for anyone, but I’ll still take it over the alternative.
Source: Lookout blog