Posts Tagged Trojan

“Most Sophisticated” Android Trojan On The Loose

android trojan

According to Kaspersky, the “most sophisticated” trojan ever seen on smartphones is infecting Android phones now. The trojan known as Backdoor.AndroidOS.Obad.a reportedly gets into your phone and can spread malware through Bluetooth, perform remote commands through console, hits up premium-rate SMS numbers and puts even more malware on your phone.

While all this is happening, it is hidden by code obfuscation which is making it difficult for even Kaspersky’s  finest to find and beat it. This is all possible due to new vulnerabilities in Android, and allows the trojan to work in the background, giving itself Administrator rights and then disappearing.

Pretty scary stuff, but Kaspersky believes the situation isn’t too dire as the trojan made up only 0.15% of all infection installation attempts. Perhaps worryingly though, the trojan itself is akin more to Windows malware due to its complexity and exploitation of unpublished vulnerabilities. Hope this one gets solved before it gets any more widespread.

Are you scared by this Android trojan, or of malware in general? Let us know how you feel about it in the comments.

Source: Kaspersky via Phandroid

, ,

No Comments

A new trojan injects ads on Mac computers

Trojan ads on Apple's website

For Apple fans who are very obsessed with their Mac OS X and criticize the Windows operating system for not being too safe, you need to wake up and see the world around you. The number of malware attacks on Mac OS X machines are increasing on a daily basis. The world of hackers is not sitting quietly and targeting only the Windows machines. And in fact, there is a new Trojan discovered for the Mac OS X. And to be frank, this Trojan has migrated from the Windows operating system.

Russian antivirus firm, Doctor Web, has identified Trojan.Yontoo.1 to be affecting Mac OS X machines from the web browsers. The malware presents itself as a plug in for your browser. This plug in can present itself in any way it wants, including a media player, download accelerator, or “a video quality enhancement program.” In some cases, it has even presented itself as a plug in which gives access to movie trailers.

Once the user selects to install this plug in, the software asks if the user wants to download a free program called the Free Twit Tube. It doesn’t matter what you select, Yes, or No. As soon as the question is popped, the plug in downloads the Trojan from the internet for all the installed browsers on the Mac OS X machine. This includes Firefox, Chrome, and Safari.

After this, whenever you open a website which has some potential content for ads, the plug in will place an ad on that page, without the user suspecting anything. And the Trojan does not excuse Apple’s own website for this, as you can see from the image above. But apart from this, the Trojan is not yet found guilty of doing anything else. And the Trojan does not even use the many security holes present in Mac OS X to install itself. The Trojan has been designed only to make money by displaying ads.

Source: Arstechnica

, , ,

No Comments

Lookout IDs SpamSoldier SMS spammer botnet

Mobile security firm Lookout has posted a security alert on their blog regarding a new threat they have identified for mobile devices. Working with carriers, Lookout has identified SpamSoldier, which they describe as a spammer botnet agent that uses infected phones to send SMS spam messages. They do not indicate which platforms are subject to attack, although the original attack vector is via an SMS message and not through any apps downloaded via app stores.

Lookout indicates distribution is currently limited. The big threat for users is the potential to see charges for text messages and if the botnet grows, carrier networks could be slowed down due to the additional traffic.

According to Lookout, the trojan will first appear on a user’s device in the form of a text message with a link to download a free version of a popular app. Examples include:

  • “You’ve just won a $1000 Target gift card but only the 1st 1000 people that enter code 7777 at hxxp://holyoffers.com can claim it!”
  • “Download Grand Theft Auto 3 & Need for Speed Most Wanted for Android phones for free at hxxp://trendingoffers.com for next 24hrs only!”

If a user clicks on the link, they will be asked to download the “install” file. Once downloaded, if the user attempts to install the app, it will actually activate the infected file. After installing the payload, the trojan will remove its own icon. Lookout reports that in some cases it will also go ahead and install the app the user thought they were downloading in order to keep them unsuspecting.

Once loaded and concealed, the botnet will contact its command server to retrieve the text of an SMS message and a list of 100 U.S. phone numbers. The software then starts sending the message to those phone numbers and once complete, will retrieve a new list and start over until shutdown. SpamSoldier takes other steps to conceal itself like hiding outgoing messages and trying to intercept SMS replies.

Lookout recommends users only download and install apps from reputable sources and install a mobile security app like the one they produce, which they claim will protect users against SpamSoldier.

source: Lookout Blog

, , , , , , , , , , , , , ,

No Comments

Lookout IDs SpamSoldier SMS spammer botnet

Mobile security firm Lookout has posted a security alert on their blog regarding a new threat they have identified for mobile devices. Working with carriers, Lookout has identified SpamSoldier, which they describe as a spammer botnet agent that uses infected phones to send SMS spam messages. They do not indicate which platforms are subject to attack, although the original attack vector is via an SMS message and not through any apps downloaded via app stores.

Lookout indicates distribution is currently limited. The big threat for users is the potential to see charges for text messages and if the botnet grows, carrier networks could be slowed down due to the additional traffic.

According to Lookout, the trojan will first appear on a user’s device in the form of a text message with a link to download a free version of a popular app. Examples include:

  • “You’ve just won a $1000 Target gift card but only the 1st 1000 people that enter code 7777 at hxxp://holyoffers.com can claim it!”
  • “Download Grand Theft Auto 3 & Need for Speed Most Wanted for Android phones for free at hxxp://trendingoffers.com for next 24hrs only!”

If a user clicks on the link, they will be asked to download the “install” file. Once downloaded, if the user attempts to install the app, it will actually activate the infected file. After installing the payload, the trojan will remove its own icon. Lookout reports that in some cases it will also go ahead and install the app the user thought they were downloading in order to keep them unsuspecting.

Once loaded and concealed, the botnet will contact its command server to retrieve the text of an SMS message and a list of 100 U.S. phone numbers. The software then starts sending the message to those phone numbers and once complete, will retrieve a new list and start over until shutdown. SpamSoldier takes other steps to conceal itself like hiding outgoing messages and trying to intercept SMS replies.

Lookout recommends users only download and install apps from reputable sources and install a mobile security app like the one they produce, which they claim will protect users against SpamSoldier.

source: Lookout Blog

, , , , , , , , , , , , , ,

No Comments

New spam bot discovered on Android by Lookout, sending thousands of SMS without your Knowledge

Security AlertLooks like another wonderful and super talented person, or group of people, have yet again wasted their talents on infecting devices across the globe. We just received an alert that Lookout Mobile Security has located a spam bot and they are investigating it right now. The bot is called SpamSoldier and is out to piss off more than a few people this holiday season.

They say that SpamSoldier is primarily being spread by SMS and is landing on various people’s devices in typical fashion. They advertise for a free copy of a popular paid game, such as Need for Speed or Angry Birds Space. Once the users click on the link the device downloads a file, your installer opens and appears to let you install the game. Now you are pretty much hosed. After it installs itself, it gets to work sending out spam SMS. The trojan removes any icon of it being there from your device before you even knew it was installed. All the while, installing a free version of the game you thought you were getting.

Example messages -

  • “You’ve just won a $1000 Target gift card but only the 1st 1000 people who enter code 7777 at hxxp://holyoffers.com can claim it!”
  • “Download Grand Theft Auto 3 & Need for Speed Most Wanted for Android phones for free at hxxp://trendingoffers.com for next 24hrs only!”

I know it might be hard to not click on some amazing super offer that rolls through your device, but you should steer clear. I personally never open a text that doesn’t come from someone I know personally. Better to be safe than sorry.

To get a litter deeper on SpamSoldier, head over to Lookout Mobile’s blog. Be safe this holiday season and only get your apps directly from the Play Store or reputable locations.

Source: Lookout Mobile 

 

, , , , , , , , , , , , , , , ,

No Comments

Trojan!SMSZombie Attacks more than 500,000 Mobile Devices in China

China, known to be the home of smartphones, is now facing a dilemma caused by the malware that seeks to gain access to user’s SMS payment system.

More than half a million of smartphone users in China have been affected with a new virus that has a capability of making unauthorized payments through the Android app market. This is according to the evaluation from a security company.

The virus named ‘Trojan!SMSZombie’, was identified last August 8. The virus is rapidly growing in apps located in GFan which is known to be one of China’s brilliant app stores, and believed that more than 500,000 users are currently infected. TrustGo managed to contact Gfan, and surprisingly, the apps are still available and active for downloading.

Six weeks ago, TrustGo, an anti-virus specialist, managed to determine a highly developed malware that has a capability of making payments, gaining access to bank/card information as well as previous payment and bill history. TrustGo said that the virus is hiding in different wallpaper applications with intriguing pictures and teasing titles. Such application will then ask to install more files presumably associated with the said application, but the truth is it downloads and executes a payload known as the “Android System Service.” This step is hard to cancel. When the user clicks the “cancel” button, the page will just reload instead.

Knowing that majority in China make payments through SMS, it is anticipated that accessing the messages will enable the malware’s creator to obtain bank and card account information.

Users that have been infected by Trojan!SMSZombie virus were instructed by TrustGo to visit http://www.trustgo.com/en/smszombie-eliminate, where the information for removing the malware is provided.

There had been updates made by the company to its apps that handle the virus automatically. The added app is expected and set to be released before the month ends.

CEO of TrustGo Li said, “By waiting to deliver malicious code until after installation, this virus is difficult to detect. Sophisticated malware like this highlights the fact that the openness of the Android platform is a double-edged sword. Users are able to access an amazing breadth and variety of apps, but must take precautions to ensure the apps they want have not been compromised by hackers.”

The malware which infected more than 500,000 devices rapidly for just a month is truly threatening.  Added that the malware is difficult to recognize, one must be very careful in downloading applications on their cellphones.

, , , , , , , , , , , , , ,

No Comments

Chinese SMS payment app infects half million devices with malware

Android device sales continue to surge in China, with over 683 million subscribers. A large market like that attracts a lot of attention, some good and some bad. An example of bad attention came to light with the discovery of a new malware/virus infecting over 500,000 owners of Android devices. TrustGo, an anti-virus specialist company, identified the malware on July 25th and it has since been dubbed Trojan!SMSZombie.

According to TrustGo, the malware code is initially contained within apps for wallpaper. After being downloaded, the infected app will ask a user to download an additional file to complete installation. This additional file, called “Android System Service” is really the payload. The malware/virus then uses some trickery to force the user to grant it administrator privileges. Once those are granted, the application implements a variety of measures to prevent a user from uninstalling the application. Meanwhile, the malware accesses a phone’s SMS functions and can then intercept bank/card information and the user’s purchase/transaction history. In addition, the malware can start to make payments. Thus far, the payments have been small, frequently tied to online gaming platforms, in an effort to avoid attention.

According to sources, the infected wallpaper apps are distributed through China’s extensive network of independent app stores. These app stores exist due to Google’s limited presence in China and the need for sources for apps. It is believed the primary source for this infection was the GFan store, one of China’s more popular sites.

TrustGo indicates they have tools available for users to remove the malware/virus. Others should use this as a reminder to be careful with what you download and install to your Android powered device.

source: The Next Web


, , , , , , , , , , , , , ,

No Comments

Cross-platform Trojan found

It is a common belief that Macs are virus free and not affected by Virus at all, but it seems like all those myths have been proven wrong by a new variety of Trojan. Security scientists working at F-Secure have discovered a web exploit which apparently detects the operating system of the target computer and installs different Trojan specially tailored for that operating system.

Such a kind of attack was first seen on a Columbian transport website which was hacked. The malware is called as GetShell.A and works by asking the user to install a Java applet. Once the user authorizes the Java applet installation, Trojan downloader checks the user’s operating system so that it can pick the corresponding malware. The Java applet which you will be asked to download unsurprisingly won’t signed with a certificate.

F-Secure, which discovered the exploit first said that first, a Trojan-Downloader called Java/GetShell.A will be downloaded which runs a test to find out the particular operating system. The Trojan then proceeds to download the respective payloads for Windows, Mac or Linux. For Windows, the payload is Backdoor:W32/TES.A, for Mac it is Backdoor:OSX/TESrel.A, and for Linux it is found to be Backdoor:Linux/GetShell.A. The Trojan downloader has apparently been written using Social Engineer Toolkit (SET), an open-source and freely available Python tool that has been designed for penetration testing.

Talking of the nature of payloads, the Windows payload comes in the form of a shell code which then executes using shellcodeexec.binary, a SET module. For Mac, instead of connecting to a remote server in order to retrieve further shell code so that it opens up a reverse shell, the OS X binary file instantly opens up a reverse shell, and this is exploited by the attackers. For linux, the binaries remain same as OS X, however, it uses a different server to get the additional codes.

Karmina Aquino, a senior analyst with F-Secure said “All three files for the three different platforms behave the same way. They all connect to 186.87.69.249 to get additional code to execute. The ports are 8080, 8081, and 8082 for OSX, Linux and Windows, respectively.”

Though the script is built using Social Engineer Toolkit, its purpose doesn’t have anything to do with penetration testing remotely. All the three payloads serve the same purpose, connect to a Command and Control (C&C) server, which is localized at 186.87.69.249, and await further instructions. This process is typically found in situations where the hacker tries to download additional malware and execute it locally. According to F-Secure, which is monitoring the Comand and Control server, it hasn’t been serving any additional codes, however, the hacker can do that at any given time. It is amazing how the hackers have used Java, a platform which is known to have several loopholes, to create a cross platform bug.

On 29th July 2012, The Hackers Conference 2012 is going to take place where security Researchers namely Sina Hatef Matbue and Arash Shirkhorshidi are going to showcase a malware called “Graviton Malware” which they developed. They claim it to be a cross platform malware, similar to the one we are dealing with in this story. According to them, the purpose of Graviton is to become an artificial creature that can move between windows, mac and linux, while maintaining stealth all the time.

Graviton has been built using just C and assembly language. From Windows, it is able to transmit details like CPU details, Disk details, Memory usage, OS version, and user name back to the attacker. Also, it is able to download a file and execute, or open launch a shell to receive further commands in order to incur further damage. With these kinds of viruses being designed and spread, the fight against computer viruses seems to be only getting tougher every day.

, , , , , , , , , , , , , , ,

No Comments

Spam-happy iOS trojan slips into App Store, gets pulled in rapid fashion

Spamhappy iOS trojan slips into App Store, gets pulled in rapid fashion

You could call it technological baptism of sorts… just not the kind Apple would want. A Russian scam app known as Find and Call managed to hit the App Store and create havoc for those who dared a download, making it the first non-experimental malware to hit iOS without first needing a jailbreak. As Kaspersky found out, it wasn’t just scamware, but a trojan: the title would swipe the contacts after asking permission, send them to a remote server behind the scenes and text spam the daylights out of any phone number in that list. Thankfully, Apple has already yanked the app quickly and explained to The Loop that the app was pulled for violating App Store policies. We’d still like to know just why the app got there in the first place, but we’d also caution against delighting in any schadenfreude if you’re of the Android persuasion. The app snuck through to Google Play as well, and Kaspersky is keen to remind us that Android trojans are “nothing new;” the real solution to malware is to watch out for fishy-looking apps, no matter what platform you’re using.

Spam-happy iOS trojan slips into App Store, gets pulled in rapid fashion originally appeared on Engadget on Thu, 05 Jul 2012 17:29:00 EDT. Please see our terms for use of feeds.

Permalink MacRumors  |  sourceKaspersky, The Loop  | Email this | Comments

, , , , , , , , , , , , ,

No Comments

Android malware spreads through infected websites

It’s interesting to watch the security landscape unfold on a new platform like Android, in a macabre sort of way. On the one hand we have newfangled attacks that use relatively modern ways of stealing money or information, like phony text message trojans. On the other we’ve got old-school malware that spreads through modified versions of popular software. Now there’s a new trick up malicious programmers’ sleeves, though it’s only new to Android: spreading malware through infected websites.

Lookout Mobile has identified the “NotCompatible” trojan, which hides in the iFrame architecture of some websites and waits for an Android browser to visit the site. It then downloads an innocuous APK file and installs it. At this point the malware doesn’t seem to do anything - apparently whoever’s installing the malicious code is at the testing stage right now. The number of affected sites is small at the moment.

The problem with this particular approach is that it exploits a weakness in Android’s browser itself – no amount of vigilance or care will help if you can just stumble into the wrong website. And since the flaw is a part of Android, phones and tablets will need to be updated to patch the vulnerability. Issues like this illustrate the need for quick, regular update channels for all devices – and why advanced Android users are so frustrated that they often aren’t put in place.

[via SlashGear]


, , , , , , , , , , ,

No Comments

Fake Instagram sends texts to premium numbers and steals data

Heads up, hipsters: if you got Instagram anywhere but the Google Play Store, you might want to get rid of it right now. Reports of a malicious copy are coming out of Russia, stating that once users download and install the malicious app it starts sending texts to premium SMS numbers making these little Trojan making hackers plenty of cash – you’ve been warned.

Why users would opt to download Instagram from anywhere but the official market (Play Store) beats me, but people do. Once users install this malware infested copy-cat there’s no telling what all it will do. From sending out contacts, stealing personal data and more. According to Trend Micro this Insta-Trojan is pretty serious once installed.

Trend Micro claims this is a popular strategy and there are multiple similar malicious apps like Fruit Ninja, Angry Birds and many others. We still feel the same as usual here, don’t download weird apps, and only get them from trusted sources — like the Google Play Store. Don’t do anything unsafe and you’ll be just fine folks. Oh and don’t forget to check out our Five alternatives to Instagram.

[via LifeofAndroid]


, , , , , , , , , , , , , ,

No Comments

Fake Angry Birds Space app is a trojan in disguise

Angry Birds Space is a lot of fun. No, really, it justifies the hype – if you haven’t tried it yet, download the free game in the Google Play Store. But for Pete’s sake, make sure you’re using the Google Play Store: a fake app is unsurprisingly masquerading as the ultra-popular mobile game to add Android phones and tablets to its network of infected devices, remotely downloading more malicious apps and displaying ads. Security researchers at Sophos spotted the fake app in third-party app stores, but says that the official Rovio files are not affected.

Rovio mentioned the fakes on their own blog, along with the charming illustration above. Interestingly, the infected app actually contains the full version of the Angry Birds Space game. This bit of half-truth in advertising is likely to help get the fake app disseminated quickly. The extra code is hidden in a JPEG file, and can remotely download more apps and display its own ads across the phone. Due to the distributed nature of this latest infection, there’s no way to know how many phones and tablets are currently running the doppelganger app.

A more interesting question is why people are downloading the fake app in the first place. Angry Birds Space is free, after all, unless you go with the ad-free or tablet versions. And presumably legitimate copies are available from reliable third parties – heck, even the Nook Color and Nook Tablet have the game. There’s no reason that anyone, even those who can’t access the Google Play Store because of hardware or geographical location, should be bamboozled. Remember to stay vigilant, and that piracy is for suckers.

[via Mashable]


, , , , , , , , , , , , , , , ,

No Comments

Symantec: millions of Android devices infected from Market downloads

If you’re waiting for a wake-up call when it comes to Android malware, this might be it. Security software vendor Symantec has published a report claiming that anywhere from one to five million Android phones and tablets may be infected with the Android.Counterclank spyware. The infections spread from thirteen identified apps across three developers, some of which have already been removed from the Android Market, presumably by Google. Most were blatant copies of popular games or vaguely naughty apps.

The Android.Counterclank malware is technically a trojan: it can receive remote commands and send back personal information. It’s a serious risk for anyone who has it installed on their hardware. Exact download numbers aren’t known, but looking briefly at some of the estimated downloads in the web version of the Android Market, Symantec could very well be correct. This is the largest documented security breach for Android so far, and it doesn’t help that the apps are still available for download.

If you’ve downloaded any of the apps listed below, remove them immediately.You should also change any passwords you have stored on your Android device and check any vital accounts for illicit access.

  • Counter Elite Force
  • Counter Strike Ground Force
  • CounterStrike Hit Enemy
  • Heart Live Wallpaper
  • Hit Counter Terrorist
  • Stripper Touch girl
  • Balloon Game
  • Deal & Be Millionaire
  • Wild Man
  • Pretty women lingerie puzzle
  • Sexy Girls Photo Game
  • Sexy Girls Puzzle
  • Sexy Women Puzzle

Calling this a huge problem is putting things mildly. Some of these apps have been available for months. As great a tool as the relatively open Android Market is, the continual discovery of spyware and malware in widely available apps is a black eye on the Market and Android as a whole. We await Google’s reesponse to Symantec’s findings with interest.

[via AndroidGuys]


, , , , , , , , , , , , , ,

No Comments

Android.Arspam is the latest malware threat, says Symantec

There’s been a lot of news in the last few months about Trojans and other malware aimed at Android devices, and with millions of new phones and tablets being sold every week, that’s not likely to change any time soon. Security software vendor Symantec has identified the latest Trojan to gain a major foothold, called “Android.Arspam”. The Trojan imitates a legitimate app in the Android Market designed to aid Islamic prayers with a compass pointing towards Mecca, and has found its way onto an increasing number of Middle Eastern Android phones.

The app’s distribution method is particularly sinister: once installed, it sends out SMS links to every number in the user’s contact list, directing them to a forum. Surprisingly, it isn’t instructing users to download more copies of itself, instead displaying a tribute to Tunisian protest martyr Mohamed Bouazizi. That makes the Trojan app more like “hacktivism” than true malware, but it’s still performing actions on the user’s phone without his or her permission, and potentially racking up considerable texting charges.

The app must be downloaded from the Internet and installed via Android’s 3rd-party app function, like almost all Android malware to date. The original compass app, which can still be found in the Android Market, is unaffiliated and (as far as we know) safe. While more and more anti-virus and anti-malware products are being made available to Android users, the best way to protect yourself is still to use extreme caution when installing third-party applications. Copied or pirated apps have proven to be some of the most dangerous – don’t copy that floppy, kiddos.

[via ITP.net]

)


, , , , , , , , , , , , ,

No Comments

Security hole found in all GSM networks by hacker

During a hacking convention in Berlin conducted by Germany’s Security Research Labs, a hacker discovered a security hole within the GSM mobile network. In Mr. Karsten Nohl’s own words:


We can do it to hundreds of thousands of phones in a short timeframe. None of the networks protects users very well. Mobile network is by far the weakest part of the mobile ecosystem, even when compared to a lot attacked Android or iOS devices.

This is quite disappointing. Though many of us choose to have a tier of texting or data – nearly 100% of us have some sort of voice plan incorporated. In case you don’t know which carriers use GSM networking technology, they include AT&T, T-Mobile, the select states with Cellular One, and many others: Yes this means you guys on Big Red and The Now Network are in the clear!

To make matters worse, compromised phones would be completely under the hacker’s control. Text messages or phone calls can be carried out easily and at any time. And until GSM carriers patch the security vulnerability, subscribers are all at risk. Fortunately, it will only take some updating of outdated software. There is no timeframe advertised to the public, but I’m sure it will be first on their “To-Do” lists (if not done already). We should all thank Mr. Nohl and those at the conference for discovering this vulnerability and restoring security to the airwaves.

[via Phandroid]

)


, , , , , , , , , , , , , , , ,

No Comments

Fake Netflix app is an account-stealing Trojan

Unfortunately, Android users need to be increasingly vigilant when it comes to non-Market apps and hacks. Nowhere is this more true than unofficial versions of the Netflix app. Security firm Symantec has documented a fake version of the video streaming app that steals users’ log in data in a nasty Trojan exploit.

Netflix recently expanded its video streaming app to all Android devices from 2.2 Froyo and above. Unfortunately, that still leaves almost 15% of Android phones and tablets out of the loop, and various custom versions of the Netflix app have been circulating to try and circumvent the limitation. There’s also the apps for formerly unsupported devices that can be found on user forums all over the Internet. With all these app versions (not to mention unsatisfied Netflix customers) floating around,  it’s no surprise that an enterprising hacker has devised a new vector for password theft.

The app is a pretty good approximation of the Netflix log in screen – you can see the differences in Symantec’s illustration above. What’s even more dangerous is the fact that many people share log ins and  passwords across multiple sites, making this sort of scam a minefield for identity theft. (You don’t do that, right?) Remember: if your phone uses Android 2.2 or higher, there’s no reason NOT to download Netflix from the Android Market. And as always, never download and install an APK from a source that you don’t fully trust.

[via Cnet]

)


, , , , , , , , , , , , , , , , ,

No Comments

QR code infects Android phones with Trojan malware

The next time you see a QR code in a public place, you might want to think twice before opening up Google Goggles. According to researchers at Kaspersky, a new Trojan has been found that uses the popular barcodes to steal Android users’ hard-earned cash via a text message scam. The problem is not widespread at the moment, but the precedent highlights a disturbing trend of exploitation towards Android users.

It works like this: a hacker leaves unassuming QR codes in well-traveled areas, knowing that with the rapid expansion of Android’s market share, someone’s bound to scan it in. The code is a URL linking to a malicious website that exploits a weakness in the Android browser to install a piece of Trojan software. Once the software activates, the user’s phone sends text messages to a premium line, charging the user’s phone bill $6 each time.

One of the disadvantages of the open nature of Android is that it’s, well, open. The source code can be examined by criminals and exploited fairly easily, and when a security hole is found they take advantage of it. The best way to protect yourself from malware is to only install apps from sources you trust – it seems that this policy now extends to scanning QR codes as well. With more and more vulnerabilities being found in Android’s core software, it’s more important than ever that users stay diligent and that carriers update their phones.

[via ZDNet]

 

)


, , , , , , , , , , , , , , , , , , ,

No Comments

Android Malware Used to Target Dog Fighting Game Users

Two days ago we reported that a dog fighting game, which had previously been removed from the Android Market, has returned under the new name KG Dogfighting. The game was sure to bring controversy as players can put their raised dog in fights, give it adrenaline shots, and have shootouts with a fictional law agency called F.E.T.A. You can read what the developer had to say for themselves about their game here.

While PETA and other animal activists voiced their disgust directly to the developers and Google, someone unknown took a different route of attack.  This different approach attacks the users directly with a malware version of the game offered up for free outside of the Android Market. It was discovered by Symantec that the infected version of this game contained a trojan called “Dogbiet”, which can be identified by the games icon saying “PETA” instead of “BETA”.

Read More…

Android Malware Used to Target Dog Fighting Game Users


, , , , , , , , , , , , , , ,

No Comments

Dog Wars app hides a Trojan

The last time we talked about the Dog Wars app was back in April when Michael Vick spoke out against it after getting busted for running a dog fighting ring. That app is still around and now, there are reports that the app has been infected with a Trojan. The Trojan in this case is less “steal from you” and more “embarrass you.”

When you install the app it gathers up your contact list and sends each person on that list a text that reads, “I take pleasure in hurting small animals, just thought you should know that.” The Trojan also signs the user up for a text message alert service from PETA. There is apparently no indication that PETA has anything to do with this app.

Symantec discovered the Trojan and has dubbed it Android.dogowar. The Trojan was found in an older version of Dog Wars, Beta 0.981. This version isn’t on the Android Market and is only found on unofficial warez sites.

[via CNET]

)


, , , , , , , , , , , , , , , , ,

No Comments

Malware strain Nickispy.C is exploiting the rise of Google+

The newest strain of the Nickispy trojan virus (the first two variations we named Nickispy.A and Nickispy.B respectively) is taking advantage of the rise of Google+ to attack phones, Trend Micro discovered Friday.

While the three variants of Nickispy use many of the same services,  the new “C” version calls itself Google++ and uses the social network’s icon for virtually all of its services to take advantage of less experienced users.  Once it becomes active, it can scrape call logs, text messages, GPS positioning, and even record calls from the infected device and send it to a remote site.   Read More…

Malware strain Nickispy.C is exploiting the rise of Google+


, , , , , , , , , , , , , , , ,

No Comments

Looking back at a year of Android Malware

Wow, has it really been a year a year since we first witnessed the arrival of SMS.AndroidOS.FakePlayer.a? It seems like only yesterday when everyone was first scrambling to describe the text message manipulating bit of Android malware. We’ve come along way and seen plenty of malicious bits of software since August 2010. Remember the porn-bundled SMS.AndroidOS.FakePlayer.b trojan from October? Or how about the bible-packing Android.Smspacem? Relive all of the handset hijacking memories in the source link below.

Continue reading Looking back at a year of Android Malware

Looking back at a year of Android Malware originally appeared on Engadget on Fri, 12 Aug 2011 16:11:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

, , , , , , , , , , , , , , ,

No Comments

New Android trojan could potentially record your phone calls

A new Android trojan has surfaced that could record your telephone conversations. There has already been trojans that log the details of incoming/outgoing calls in a text file, but this is by far more advanced. It records the calls in “amr” format and saves it to the victim’s SD card.

Once installed, the infected application inserts a configuration file onto the device that specifies “remote server and parameters.” It’s automatically activated each time the vitcim makes an outgoing phone call.

The good news is that this can be avoided because you have to approve the installation of the app. You need to be looking for permissions like “record audio” and “intercept outgoing call” every time you install an app. We cannot take app permissions for granted.

I would say the majority of people are just saying yes to everything, but I want to remind our readers to read all permissions, and if something doesn’t jive, email the developer. If the developer can’t give you a decent explanation, then the app is not worthy. There are over 250,000 apps out there to choose from.

New Android trojan could potentially record your phone calls


, , , , , , , , , , , , , , , , , ,

No Comments

New Trojan Discovered, Phone Call Recording Included

The only downside to an Open Source platform are the people that take advantage of it to ruin lives. Trojans are one the most annoying and irritating things that plague not only open sourced software but all OS’s. The latest attack on Android devices also plays by a few new rules. This Trojan can record your phone calls, store the file to your SD card and the attacker can retrieve that call when ever they want.

You can generally keep yourself safe by checking what an application wants permissions to do. For instance if a game wants to record audio, intercept outgoing calls, read phone state and identity, then this game might not be as innocent as it looks. There are other solutions available to help further protect you valuable information. you can install a mobile app version of LookOut. This is a mobile security app that can help you stay clear of trouble. Alternatively, in CM7 build, you can actually deny applications from having certain access. Although that method may prevent the app from functioning, it would prevent you from any harm.

Personally, I have nothing to hide and they would soon get board listening to me talk to my wife and friends over mundane things. I just wish i knew when it was recording so I could give them something juicy to listen too.

Source: ZDNet

, , , , , , , , , , , , , , , , ,

No Comments

New Android trojan can record phone calls, expose your embarrassing fantasy baseball talk

Malware PermissionsMobile malware is nothing new, especially for Android users who have trained themselves to navigate the sometimes shady back alleys of the Market. The fine folks at CA Technologies came across an interesting new trojan though, that does something slightly more unnerving than max out your credit cards — it records your conversations. There’s no evidence that this has actually found its way into the wild yet, but it’s entirely possible that some nefarious developer could capture your calls and upload them to a remote server. Obviously, this wouldn’t hold much interest for your traditional cyber crook, but suspicious significant others and corporate spies could have a field day with such capabilities. All we can do is suggest you remain vigilant and maintain a healthy dose of paranoia about any apps on your phone.

New Android trojan can record phone calls, expose your embarrassing fantasy baseball talk originally appeared on Engadget on Tue, 02 Aug 2011 11:41:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

, , , , , , , , , , , , , , , , ,

No Comments

New Android Trojan Discovered to Record Phone Calls

This image has no alt text

We’ve seen quite a few Android trojans over the past few months that have done everything from mine your data to remotely accessing features of your handset, but the latest one to rear its ugly head has a new trick of its own. This one not only logs your call data, but it records entire conversations. The .AMR files are stored locally on your phones external storage, but a configuration file installed by the malware gives remote server access to the bad guys, allowing them to retrieve the recordings from your phone’s microSD card.

You will know the trojan by the excessive number of permissions it requests. If you find yourself installing an application that asks for permission to record calls you probably want to think twice before placing the potential malware on your handset.

[via ZDNet]


, , , , , , , , , , , , , , , , , ,

No Comments

New Android Trojan Can Record Calls, We Remind You Again to Avoid Shady 3rd Party Markets

CA Technologies discovered a new type of Android Trojan that drops a “config” file onto your device after being installed that can record phone conversations.  ”ZOMG! The world is coming to an end!”  Yeah, that was extreme sarcasm.  You see, with no major device releases expected this week, we’ve resorted to talking about stories like [...]

Click through to continue reading…


, , , , , , , , , , , ,

No Comments

New Type Of Android Trojan Charges For Premium SMS Services

GG Tracker is a new Trojan which has recently been discovered by the lovely people over at Lookout. If users are infected by the Trojan, they are directed to an imitation of the Android Market on their mobile, to download a free app. Once it is downloaded it unknowingly goes to work by signing you up [...]

Click through to continue reading…


, , , , , , , , , , ,

No Comments

Lookout: New Trojan Charges Premium Text Messages

Our friends at LookOut mobile security have tracked a new malicious Trojan that is targeting Android users. The Trojan called GGTracker sends unknowing Android users to a fake site that resembles the Android market site. From there users are prompted to download malicious apps that contain the GGTracker. That’s where it gets worse. Once installed [...]

, , , , , , , , , , , ,

No Comments

Lookout Security Reports New Trojan, GGTracker, Charges Premium SMS Rates

Our very good friends over at Lookout Security have announced the discovery of a new piece of malware that’s harassing some Android users. GGTracker seems to be sneaking itself into a few users’ ads, and disguises itself as an Android Market installation screen. While relatively low-risk, it does have the potential to rack up some “premium SMS” charges for infected users, potentially signing you for services that charge directly to your phone bill and usually require user interaction to sign up for. It’s been sighted masquerading as a battery optimizer packaged as ‘t4t.pwower.management,’ and in a porn app packaged as ‘com.space.sexypic’ – so if you see either of those, be wary. As always, the best protection is to download Lookout Mobile Security from our apps database or from the Android Market to make sure you’re completely protected, and the premium version will give you added “Safe Browsing” security that will check all browser links for security before directing you there. (If you don’t already have Lookout Premium, but sure and use our exclusive promo code to save yourself five bucks on the purchase.)

So be wary, practice safe browser practices, and make sure you have at the very least the free version of Lookout installed on your phone. They’ll watch out for you.

Lookout Security Reports New Trojan, GGTracker, Charges Premium SMS Rates


, , , , , , , , , , , , , , , , , , ,

No Comments

New GGTracker Trojan imitates Android Market to lure you in

GGTracker

Have a good, close look at the image above.  That’s how the latest piece of malware will be trying to trick you into installing it — by trying to get you to believe you’re at the Android Market.  The malware is called GGTracker, and it will try to sign you up for premium text messaging, leading to extra charges on your cell phone bill.

The people over at Lookout came across it, and wanted to be sure we all share the not-so-good news about how this one operates.  It happens when you click a malicious in-app advertisement — your browser opens to the URL in the image, looking just like the Market, in hopes that you’ll install the fake (in this case a Battery Saver app) application.  Also spotted was a version that claims to be an adult app (com.space.sexypic).  After you click to install it, you’re directed to install via the download notification.  For now, it doesn’t appear that this one is in the Android Market — which means it might stay around for a while.

There are three easy ways to prevent this:

  1. Disable sideloading completely (or use AT&T as your carrier — zing!)
  2. Use Lookout premium’s Safe Browsing feature
  3. Pay attention to what’s happening.  The Android Market will never open in your browser.  You’ll also never be prompted to manually download an app from the Android Market.

This may be a no-brainer to many of us, but be sure to make your not-so-Android-savvy friends and family know.  This comes with the territory folks.  Combine popularity with the ability to install any apps you like, and there’s bound to be an ^&$#*@! or two out there.  It’s no fun for anyone, but I’ll still take it over the alternative.

Source: Lookout blog


, , , , , , , , , , , , , , , , , ,

No Comments