Slashdot Mirror
New SMS Trojan Found In Android Markets
Trailrunner7 writes "The Android platform seems to have become the playground of choice for attackers and malware authors looking to make a quick buck. The latest example is a premium-rate SMS Trojan that not only automatically sends costly SMS messages, but also prevents users' carriers from notifying them of the new charges. The new piece of malware, which is known as HippoSMS, has been found in unofficial Android app markets in China. This is just the latest in a series of similar incidents in which attackers and scammers have inserted either outright malicious apps or seemingly benign apps containing malware into app markets. Most of the attacks have targeted Android users, and several times Google has had to remove malicious apps from the official Android market."
If you want the freedom to install whatever you want from wherever you want, you have to accept that some of those things may not be good for you or your devices. To me, it's worth the trade off.
In the end, the best protection will always be common sense. To those that do not feel they possess enough knowledge to make their own decisions in this regard, there is always Apple who will gladly make the decision for you. To each their own.
WHAT? You mean freedom also provides the opportunity to freely injure one's self?!?! You don't say!
Unofficial Markets. So in other words, Google has nothing to do with this. If you want security on Android, just stick to the standard market. Obviously Third party markets are bad news bears.
As someone who is about to get their first Android device, is there a good resource for practices for protecting it?
Reading the summary, it seems this is a 3rd party market that was infeted. Obviously the first thing is not to install everything you see, followed by don't use 3rd party markets. However there seem to be several 3rd party markets that do have worthwhile software. Is there a suggested list of marketplaces that are reliable?
There also appear to be several Android firewall apps. Is there a site where they are reviewed and compared?
"I use a Mac because I'm just better than you are."
So you can replace the default SMS application?
I can agree that appliances should be restricted in their functionality. My current phone doesn't have "apps", it just handles calls and SMS, and I like it that way.
My deliciously ironic gripe is that people complain no matter what they have. Apparently an app store policing submissions = evil gestapo, while an app store failing to police submissions well enough = why didn't you protect meeee *whine*
Meh. This isn't news. The app is available on some third party app markets (read: not google's market) which are used on the other side of the planet. There was a time when a malicious text message could damage or brick an iphone.
Not that malware hasn't slipped into the Google store before, but the summary seems to indicate that this particular malware is circulating in 3rd party app stores. Something I would wager 99% of users don't even know exist.
Check out my lame java blog at www.javachopshop.com
This a failure on the part of providers. I dont want a "notification" I dont want it at all. Part of signing up should be the ability to limit
#SMS/day
Block "premium" SMS messages with exception list.
Block calls to foreign countries with an exception list
Block toll (900) calls.
IOW give me back control on how and how much they can shaft me.
There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.