Slashdot Mirror
Fake Antivirus Scams Spread To Android
SharkLaser writes "Fake antivirus scams have plagued Windows and Mac OS X during the last couple of years. Now it seems like such scams have spread to Android. Fake antivirus scams on Android work the same as they do on PC's — a user with an Android phone downloads an application or visits a website that says that the user's device is infected with malware. It will then show a fake scan of the system and return hard-coded 'positives' and gives the option the option to buy antivirus software that will 'remove' the malware on the affected system. Android, which is based on Linux, has been plagued with malware earlier too. According to McAfee, almost all new mobile malware now targets Android. Android app stores, including the official one from Google, has also been hosting hundreds of trojan applications that send premium rate SMSes on behalf of unsuspecting users."
I always believed that the day antivirus software becomes a universally accepted requirement the way it is on Windows is the day the platform has failed and missed the whole point of mobile operating systems. The point is to get away from the big mess of the desktop--the constant maintenance, driver updates, antivirus updates, defragmenters, and other utilities. Mobile operating systems are an opportunity to use a computer just to get things done, not to maintain the computer. That's what was so refreshing about the experience of the using the iPad and why it was such a surprise success to everyone including me.
One reason has earlier been: To preclude the need to keep up 2 SIMs & their associated mobile accounts (1 for phone, 1 for Android tablet)
Now, there's another reason for a WiFi-only Android tablet: To preclude the worry about malware spending user's money with SMS's, etc.
That's a Feature... not a malware-related "bug" :-)
...last couple of years.
Extortionware has been around for a decade, at least.
I hate a fucking walled garden as much as the next guy, but this type of shit is why users will stay with one. Not that a walled garden can't be hijacked, hacked, or otherwise messed with, but by and large it is a cleaner place to be. It is a win-win, both or users who can't, won't, or are too dumb to be bothered with learning a little software/hardware safety, and with corporations who thrive on control and stifling competition.
Silence is a state of mime.
The reason iOS devices don't need anti-malware solutions is because all of the programs that run on that platform are from a secure and curated Apple App Store. Google's "anybody can open an app store" policy means Google can't killbit programs it doesn't like, while Apple can killbit anything it wants even after the fact. Bait-and-switch programs only exist on platforms where there's no control in what can be published.
I am currently helping a family friend who's windows 7 laptop is loaded with cruft. He used my wifi a few months ago and I noticed it was exchanging UDP packets with various ADSL lines around the world. I advised him to reinstall it then but he pointed to all the shields on IE and insisted that they meant it was secure. So now his web browsers refuse to work at all. He doesn't have his installation disk here. It has to be sent from Malaysia. I hope his family are sending him the actual disk which came with the laptop and not one they got for ten RM in a market. In the mean time he is up and running with an ubuntu live CD.
The implication of this article is that the same mess is going to start happening with phones and tablets,
http://michaelsmith.id.au
I had hoped being owned by Intel would class up their act. Apparently not. Doubtless they sell a cure for this "threat".
Help stamp out iliturcy.
According to McAfee, Apple hasn't yet let us sell our "anti virus" app for iOS so we're saying you should buy the Android one.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Or is there any risk for the makers of that stuff?
No? Then even if you have "laws", they aren't worth the paper they are written on.
Then again, it's probably a good thing, with helping natural selection prevent the Idiocracy which humanity works so hard to become.
on essentially the same story will be...
Orwell: "In a Time of Universal Deceit, telling the Truth is a Revolutionary Act"
The weekly/monthly stories that try to implant into peoples minds.
Android = Linux = Malware
Users are stupid whatever OS/Hardware they use, they will click on shit like this just because it pops up and they've never bothered to educate themselves about what it really means.
"Number of new fake malware" is not that same as "number of malware infections". With the right tool you can generate an infinite number of malware variants. The statistic from McAfee includes every single individual file that contains some malware - this is like saying that, for an old school virus that infects .exe files on Windows, that every single infection counts as a different "unique malware instance". And if one of these is uploaded to an app store - even an app store that nobody uses, even for a "unique malware instance" that nobody ever installs - then it gets counted by McAfee. The equivalent in the iPhone world would be counting all malware in every random Cydia repository on the web. Obviously there is a big difference between a random repository on the web, and something being distributed by the official repository.
What would actually be useful is to know the number of malware instances that have made it on to app stores that people actually use (eg the official one), how many people installed them, and how long it was before the app was removed. But obviously this number would be much lower, and so generate far fewer page hits.
What's the difference between needing sudo and needing gksudo?
I browse the web a lot with it. But I feel eventually there will be buffer overflow, flash, various vector attacks, that will compromise my phone.
It seems Andriod's java api is very very limited to internals which is bad as you can't make a shield like you can in Windows. Anyone have a suggestion?
http://saveie6.com/
Nah, not really... but I couldn't think of a better title.
Put something nice in the hands of the ignorant, and they will muck them up. It's what they always do. What's more, you let the greedy carriers and manufacturers decide when and how you can get updates and fixes, you'll find they won't be coming to your rescue.
I hate to say it since I'm an Android user myself, but these things have the advantages of a PC in that you can get any software you want onto these things. But they have an incredible weakness in that users can't casually "reload" the machine to clean them up.
I think it's time Android makers came up with a way for users to wipe and reload their devices as an alternative to processor and battery sucking anti-malware. We know they won't though... that'd open the doors to an even more fiendish group of people -- the firmware hackers!! If they leave things unlocked too much, they will lose a few bucks from people removing the bloatware from their phones and enabling features the carriers were careful to disable.
Heck, I'm even getting ads that say I have twenty viruses while playing Angry Birds.
Pretty please? With the borg icon and all the rest.
Last link in the ./ post links to a post on the F-Secure corporate blog. In the 3rd screenshot F-Secure provides a code snippet from a fake "World of Goo" which supposedly will send premium SMS to a short code number. F-Secure claims this code will do this in 18 countries.
I beg to disagree. Although the code is certainly malicious it only affects you if you happen to use a SIM card from Azerbaijan (az). That's the first if() clause in the source. After entering the while() loop the method will return right away. Code below line #8 will never be reached.
t-lo
So, wait... If my "scam" website uses referrer headers to target iOS instead of Android browsers, then all of a sudden Android is the secure one right?
No, because even if you target iOS what will happen? Exactly nothing, because your virus-laden app is not in the app store.
Android has a lot more avenues of attack, including real applications - and many users who have purposefully allowed external downloads (even the Amazon market tells you to disable that block).
"There is more worth loving than we have strength to love." - Brian Jay Stanley
no app can send premium SMS without consent from the user. There is a big screen listing all the permissions the app wants to have, when you install an app. When your "virus scanner" sends a premium sms, it cannot be a big surprise, because it announced it while you installed it.
You know, we can make all computer systems secure by forcing people to only get software that has been screened by the government.
You mean like an App TSA?
Yeah THAT would sure be a great idea.
No, the reason why Apple's security works is not JUST the app screening. It's defense in depth - app screening, sandboxing (prevention of hidden SMS), disallowing externally loaded apps without jailbreaking.
Also the real reason the screening does anything at all is not because Apple is so great at screening for security issues (they are not nor can anyone be) but because you have to go through the process of making an identity Apple trusts enough to allow app submission with. That's way too much effort for way to little payout since Apple could and would quickly pull any app found to have a real virus of some kind, and again even if you can get a malicious app in the store what could it really do?
The Apple (and Microsoft BTW) model works best for end users really because users that do not know any better are protected, while technical users who can handle the responsibility or removing layers of security can jailbreak and side load any apps they like.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The implication of this article is that the same mess is going to start happening with phones and tablets,
No.
The implication is this IS happening on Android phones and tablets. not just any "phones and tablets". WP7 and IOS both have enough controls in place that average users will not be affected much at all by viruses, for all sorts of reasons.
Android has made it too easy for average non-technical users to download apps from anywhere, for those apps to fundamentally change the system in ways the user may not comprehend. And so they are suffering the fate of those who would bring the sins of the past forward into smaller devices.
Technical users or those with technical friends can still easily open up iOS and WP7 but at least it's a more conscious and directed choice.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
This is indeed a sign that Android has arrived. The malware authors are just going where the money is.
that'd open the doors to an even more fiendish group of people -- the firmware hackers!!
This is quite plausible. With my phone, the Epic 4G, a local root exploit was available for use for at least 6 months before they finally released the phone's Gingerbread update recently. While it was useful as a one-click-root solution, it could have also been useful as a tool for malware authors to embed their crap into the ROM.
Now, with the Gingerbread ROMS, new kernel exploits are already being discovered and put to use. I used one to root my wife's Epic 4G Touch, which was only released in November.
Undoubtedly the kernel exploit will linger for many, many months until Samsung releases a new ROM update.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
lucky for me three of my android devices use wifi and 3g indirectly, but it seems the premium sms trojans are wrappers for popular paid applications.
So by applying a bit of common sense they are easy to avoid. For example Angrybirds is made and sold by Rovio so anyone selling Angrybirds who isn't Rovio is almost certainly untrustworthy and probably a good reason to flag the seller to Google.
cut the rope is by ZeptoLab and not by Lagostrod or Miriada so it's obvious the later two stink.
you can never be 100% safe but how do you benefit from an antivirus which identifies malware which has already been identified and outlets neutered?
Blarney Quality Restaurant, Plants
You can have a "walled garden" for users (some Android companies have their Appstores), yet still allow people to leave on their own risk.
If anyone can step over it, it's not a wall.
You seem to imply that any Android app store is a walled garden. An App Store is not what makes a wall, the wall is not only what lets applications into a collection of apps but the reach they have beyond once they get in.
Curated collections alone are not enough, you need to also have many layers of system security to bring any kind of meaning to the "wall" of the garden.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Why would you want to avoid Android just because other Android users might make bad choices?
Awesome, I totally support people choosing a platform they are comfortable with managing security on.
Now you aren't recommending Android to non-technical people right? Because I think it's wrong to tell people that CANNOT handle securing of systems, that they should buy and Android phone which I know full well they cannot manage securing properly.
Just as I would not recommend Windows PC's to people back in the day, these days to recommend Android devices to non-technical people is irresponsible.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
And is quite effective.
---- Booth was a patriot ----
That's the first if() clause in the source. After entering the while() loop the method will return right away.
That looks more like some kind of bug in the decompiler. After all, they have SMS calls set up for other countries, why would the real call return?
I think the real code is something like the while loop with all of the country codes inside.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I don't understand why google can not check the apps before the go into the official store? Seems like they could check them, but not limit what goes in as long as it is not malicious.
It seems every week there is another "Oh Nos! Android is infested with malware!" article extolling the virtues of Apple and claiming all Android phones MUST install some A/V app or else your hair is going to fall out, your dog will get pregnant and your lawn will turn brown. Every one of these articles can be traced back to one of the major A/V vendors (who just happen to have a convenient Android A/V app for sale) or Apple. It is all FUD and BULLSH*T. Are there malware out there for Android? Yes. Is it widespread in the US? No. I've worked with Android phones for years, work with several administrators in corporate environments who service hundreds of Android phones, know dozens of friends with Android phones. I have NEVER encountered a single bit of malware. Not once. The few bits of malware that have gotten into the system in the US were quickly taken care of by Google. Tell me, have any of you EVER seen this "widespread malware" out in the field?
Get a real anti-virus app for Android like Lookout, and it won't ever happen to you.
Just because the U.S. is a republic does not mean it is not a democracy. Democracy/republic are not mutually exclusive.
free mcafee antivirus for your new tablet / phone when you buy from [major store here] ;-)
Wait, so are you saying that a Windows derivative is more secure then a Linux derivative?
No. The key is that WP7 is a green-field effort (or near to it). That's why it's actually pretty secure and well designed unlike so many other Microsoft products...
Linux is inherently pretty secure. The underlying system in Android is pretty secure, but then they built layers of services atop that that are too easily accessed by other applications (like SMS).
You can build an insecure system on top of anything... the most solid bedrock can be a fine pedestal for a house of cards.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I own an iPhone, used to own an iPod gen 4, own several generations of Apple machines (][e, Mac 512k, Powermac G3 (Smurf), Powermac G4 (Gigabit), iMac G5 (ALS),Along PCs, a C64 and MIGs.
I Hackintoshed snow kitty on my eeePC and never installed another OS on it, my main computer is running Leopard (4GB with SSD, XP is there just for old games). *never* used any kind of antimalware on either iOS, 9.x or OS X.
That's one of the many reasons my next computer will have a fruity logo on it.
Posting from an old crappy P.O.S. 2.8 P4 Dell with 4GB just because I was playing Unreal.
I've got better things to do tonight than die.
Are you gonna buy it for me, bitch?
With contract the iPhone costs no more than an Android phone.
How much is he going to spend on AntiVirus...
Apple Haters complaining about Apple prices are 20 2008.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Are you familiar with that expression?
You're an ignorant piece of garbage.
Even Microsoft realized that having a built in system to remove and detect malware was a good idea.
And Google could easily make an update that tells users when an app is trying to send a sms, and have a checkmark for allow/disallow/remember, and possiblity to revoke rights.
Problem solved.
My nephews phone has started spamming his contacts with advertising sms. Have no way of getting my hands on his phone to help him directly. He's only 9 y o so I hope he has the wits to help himself. I just hope I find that list with suspicious apps on the net somewhere soon.
It doesn't actually do anything that reading permissions when you install apps won't do better. Except drain your battery.
Lost me right there. McAfee blows huge chunks.
Even if so, the real problem is that Linux package managers require superuser privileges and cannot install a package to a user's home directory. Then CLI package managers wouldn't absolutely need sudo, nor would GUI package managers need gksudo.
Android Holes Allow Secret Installation of Apps:
(From November 2010)
http://mobile.slashdot.org/story/10/11/14/0115255/Android-Holes-Allow-Secret-Installation-of-Apps
---
PERTINENT QUOTE/EXCERPT:
"Security researchers have demonstrated two vulnerabilities that allow attackers to install apps on Android and its vendor-specific implementations without a user's permission."
---
"One word: permissions. When you install an app on Android, you will be prompted with the permissions the app is requesting, and asked if you want to install it. You, the user, have a very good breakdown of exactly what an app can do before it gets installed." - by shellbeach (610559) on Sunday January 01, @06:52PM (#38559416)
* Not always..., See above!
(I like your reg "lusername" - good flick it came from "Dark City"... "SHUT IT DOWN!!!", lol!)
APK
P.S.=> ANDROID's a "look @ the future" & in a way, the past too (how Windows was victimized/exploited/attacked due to popularity/most usage/most marketshare overall)...
This makes TOTAL SENSE too: Simply because malware makers today are after your money, personal information, & even privacy. They are like pickpockets & don't operate on "crowds of 1" - they go where the crowds are, especially non-geek user crowds!
(Which is WHY Linux itself never got attacked much - not much marketshare on the desktop where less technically saavy users are, & thus easier users to "sucker" too @ the same time (1.19%) that didn't justify malwares created for it, not enough "ROI" & since it was used MOSTLY on servers, the malware makers figured (at least early on, I have many server-level exploits on Linux catalogued here from last year alone, anyone wants proof of them, just ask)...
Nowadays though?
We finally have a LINUX VARIANT taking the 'bulk' of the usership possible out there from everyone, & what do we see? Linux being victimized, because ANDROID's a Linux variant (period) that uses a Linux core AND since it's the MOST USED mobile smartphone OS? It's "THE TARGET"... period!
... apk
That is, it has the same security design as iOS and WP7 out of the box.
And the plethora of Android viruses exist because of...
I'll tell you why:
1) Many "approved" android apps can and do modify the system more extensively, it's how a trojan app can send SMS without you knowing - impossible in iOS.
2) Although Android may come locked many trusted names (like Amazon) tell you to unlock it. Poof, there goes the thin veneer of security...
iOS does /not/ provide the user with this possibility - at all. It just happens that some hackers have found a way to violate the lock-down in some of the existing models
That's every model, for every OS version. Obviously it is possible. Although It is not promoted by Apple the created of Cydia has said repeated Apple could shut down jailbreaking if they really wanted to - obviously they do not want to, and in fact the guy who Apple hired to do iOS5 notifications came from the jailbreaking community! Apple treats the Jailbreaking world as a sort of advanced R&D.
is there a jailbreak for iPhone 4S
Yes there is. Google. Have you heard of it? You probably should have thought to use it before wandering so far out of the field of fact where you started.
Plus, it's dangerous, it will break your warranty, and you have to trust people
My, what bullshit fear mongering you have there Grandmother!
In reality many millions of people jailbreak phones regularly without issue (NO it does not void your warranty). The point is that the people who do so know what they are doing, and basic iPhone users are not then screwed the way basic Android users who never wanted this extra abilities, just a phone that was secure...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I think Android needs to provide users ways to fine tune the permissions of what an app can have access to. For example I can install a game and prevent it accessing to my contacts, location etc.. Or because I have limited mobile data allowance, I can disable mobile data for an app and force it to only work on WIFI. I have rooted my HTC Desire and installed LBE Privacy Guard. Works pretty well, don't notice much slow down. I'm no way associated with the app, just a happy user.
A trojan app can send SMSes only if you give it the permission to.
Yes, a permission that comes in s giant laundry-list of permissions that non-technical users have no capacity to understand what they are allowing.
It's not even like Android asks you for permission when it tries to send an SMS, it's a giant list on installation that gives no context to WHEN it's going to use the abilities you grant.
It doesn't even need to ask every time, like the annoying security pop-ups you mention. To ask simply once, the first time permission is needed, is enough to eliminate a whole class of trojans in applications that obviously should not be using SMS.
That is my whole gripe with Android really, while they COULD make the security system better they have not - and I think they have allowed it to be too open by default, so they cannot truly shut it down as much as it should be locked down for non-technical users due to backwards compatibility.
The information I have tells me it is not the case
What did I say about not using google?
Yes some of the paid apps actually work.
But Apple do shut down known jailbreaking methods at almost every OS update.
Some of the METHODS, yes, because they are generally security holes. But not the jailbroken systems.
And again, if Apple really wanted they could shut down tethered jailbreaking but they have left that alone for YEARS.
Have Apple changed their mind since they officially stated that jailbreak does void your warranty?
Between the act you can system restore and various warranty acts, it's irrelevant what apple says. What matters is what they do.
"There is more worth loving than we have strength to love." - Brian Jay Stanley