Slashdot Mirror
New Android Malware Robs Bandwidth For Fake Searches
adeelarshad82 writes "We've been hearing about various Android malware spreading through the Chinese markets. Well, here's another one to look out for: meet ADRD (aka Trojan:Android/Adrd.A) which is expert in sucking your bandwidth. The malware downloads a list of search URLs and then performs those searches at random in the background, which as the screen shots [in the linked article] show leads to excessive data charges. Similar to other Android malware this too is distributed through wallpapers which are infected repackaged versions of legit wallpapers."
Adds reader Trailrunner7: "Lookout, a mobile security vendor, said it has identified 14 instances of the malware repackaging itself in various wallpaper apps and specifically in the popular game RoboDefense, made available in alternative application markets. The trojan works by duping an infected app into sending encrypted data containing the device’s IMEI and IMSI to a remote host. HongTouTou then receives a set of search engine target URIs and search keywords to send as queries. It then uses these keywords to emulate search processes, creating searches in the search engine yielding the top results for those keywords and clicking on specific results. To the search engine, the searches appear to be coming from a mobile user using a mobile web browser with User-Agent corresponding to the UCWeb browser."
...why Apple's "Walled Garden" for the iPhone is such a bad thing?
Because you can't choose not to use it.
The non-story here is that people carelessly installing bad software from ALTERNATIVE android marketplaces got malware.
Newsflash, if you want assurances of software without malware, don't shop at the internet equivalent of the chinatown night markets.
If you want to be as safe as apple's walled garden, stay within the official marketplaces and you get that.
Thanks for asking this. I was left scratching my head after reading the blurb, too. Other than simple malicious behavior like draining batteries and running up account charges, is there some deeper purpose to this piece of crap?
The fact that Android's highly permissive APIs enable developers to create background services that run indefinitely and without any obvious signs to end users might have something to do with it too...
Then what's the difference between Apple's app store and the Official Market Place? If I have one official app store to choose from and hundreds of malware infected stores...how is that a choice?
Sorry about the mess.
If it's doing searches in bulk like that, it's a search spam program. It's exploiting a vulnerability in Google.
Google Trends lists "hot searches", what's being searched for in Google in recent hours. Google Trends drives Google Suggest, the hinting system for Google. That in turn drives Google Instant. Which, in turn, aims users at the target sites. Which are probably full of ads. Profit!
Spamming of Google Trends has been around for a while. It used to be easier, and you'd see things like the name of some mattress discounter at the top of Google Trends for 15 minutes or so. (I ran a program to follow the trends in Google Trends for a while. It was amusing.) Google seems to now be averaging over more hours, so the spammers have to up their game and use a distributed attack to push their keywords up.
This is the trouble with "crowdsourcing" recommendations. It's too easy to fake a crowd. Yelp, CitySearch, Google Places - they're all choked with recommendation spam. Anonymous recommendations are junk information. And no, requiring a Facebook account won't help. There's an app for that.
Google is now trying a "mark as spam" button in Chrome to identify "content farms". If that starts mattering, it will be spammed. The same applies to Blekko's "slashtags".
If you stick to the market for android you would not get these trojans either. The fact that you are not forced too is a good thing.
So how do I do that without paying Mr. Jobs for the privilege of using something I already bought?
If you want to be as safe as apple's walled garden, stay within the official marketplaces and you get that.
The other alternative would be if the OS asked for user permission before an application could access the internet (just one time, not every time). This is what my old Nokia (running Symbian) used to do. It works the same way as how the iPhone prompts to allow programs to use location services.
I am more worried that a program leaks data or uses all my download quota much more than whether it knows where I am.
If you're a registered iOS dev you have a CC on file with Apple.
And surely the large, well-financed criminal organizations behind most modern malware could never possibly obtain a credit card number that's not their own.
And yet, despite having vastly more apps than Android, it doesn't.
You just don't like it because you can't actually refute it. The track records speaks for itself compared to Android.
What? Yes you can. Don't buy an iPhone.
OK done. Now how do I make an iPhone app and distribute it to all the iPhone users who want it if Apple doesn't like my app?
So how is restricting yourself to an official marketplace different from having one iOS store? You're arguing in favor of a walled garden!
I love how Slashdot bashed Windows for over a decade about its malware, but when malware happens to a Linux-based OS, it's deemed a "non-story."
One of the big reasons "real" Linux doesn't get malware is that it uses a package manager for most software installation. If you download some random binary from the internet, it doesn't have the execute bit set by default so you double click on it and it doesn't run. But if you know what you're doing you can flip the bit and run it, without breaking any laws or anything. It's like having the garden without the walls.
Now Apple comes in with this "walled garden" approach and I feel like you're conflating the two. Gardens are good. Walls are bad.