Slashdot Mirror
Android Malware May Have Infected 5 Million Users
bonch writes "A massive Android malware campaign may be responsible for duping as many as 5 million users into downloading the Android.Counterclan infection from the Google Android Market. The trojan collects the user's personal information, modifies the home page, and displays unwanted advertisements. It is packaged in 13 different applications, some of which have been on the store for at least a month. Several of the malicious apps are still available on the Android Market as of 3 P.M. ET. Symantec has posted the full list of infected applications."
- Sent from my ruPhone.
n/t
bbbbbbbbbbbbbbbbut Linux is secure!
I've always thought it was odd that those games that literally copied Counter-Strike were allowed on the Google Market.
I know, you're about to say "copying gameplay, while unethical, is completely legal". Problem is, they didn't copy the gameplay - they're boring rail shooters. The copied stuff is the art - the textures, models, even some of the maps. And that's blatant copyright infringement. It's obvious even from the previews, if you've played the game enough. And since, at one point, people playing cs_italy were responsible for more bandwidth usage than actual people in Italy, I'm pretty sure I'm not the first to notice it.
I figured Valve, being pretty savvy about this sort of thing, figured that suing them would give them too much publicity - Streisand Effect and all that, not worth the huge amount of publicity that anything Valve does. Now, I'm thinking that iApps7 was just ignoring the cease-and-desists, because when you're already distributing malware and committing actual, commercial copyright theft, you're probably not too afraid of lawyers.
Although I seriously doubt Symantec's 5 million number is right, the fact that malware keep showing up on the market is disturbing. Actually, we're beyond disturbing, it's getting downright annoying. Google needs to do better than removing bad applications after the fact, and while this doesn't need to be a Jobsian walled garden, at a minimum Google needs to start reviewing all applications (and updates!) before posting them to make sure they're clean.
Phones are appliances, and trying to handle malware the same way we handle it on computers (which is to say, after the fact) is not going to work.
For years, the Windows platform was mocked relentlessly as a cesspool for malware. It's interesting to see what happens when there is a lack of quality control from the platform vendor, which turned Windows into a complete mess of contradictory interfaces (even within Microsoft's own software), convoluted configuration settings, and a third-party market devoted to cleaning up viruses and spyware. Android seriously risks going down that path, if it's not there already. There has to be more control on the part of Google.
Pushing back on that is a small contingent of techies who want to turn the smartphone into a PC. They like to cite the freedom to install anything they want, but the truth is that mainstream users wouldn't do so even if they knew how. Google needs to cater to the needs of the majority and not latch onto populist concepts sound good to tech crowds (e.g., "openness") but mean nothing to everyone else who just uses these things as tools rather than hobbies--especially when Google seems to have trouble following fundamental tenets of open source like source code access.
Those 37 million iPhone sales over December reversed the 2011 Android surge. The in-fighting among Android vendors risks more forks like Kindle Fire, customized interfaces, and abandoned phones that no longer receive updates mere months after their release. Google, turn the ship around before it's too late! The carriers won't help you.
"Sufferin' succotash."
From TFA:
'Symantec estimated the impact by combining the download totals -- which the Android Market shows as ranges -- of the 13 apps, arriving at a figure between 1 million on the low end and 5 million on the high. "Yes, this is the largest malware [outbreak] on the Android Market," said Haley.'
Even the most optimistic estimate is very bad.
"Sufferin' succotash."
Apart from being somewhat annoyed about the greater difficulty of managing my smartphone when compared to my Linux boxes, I've been having a hard time selecting apps for it.
Android market is not exactly friendly (is there a way to get larger fonts?) and I'd like to have a search by permissions. Recently, I wanted a mere notepad app -- no frills, no cloud, no nothing, just the note, but there's an "excellent" notepad app which requires you to join an online service. WTF!!!
After finding 2 suitable apps, I would still need a bigger keys soft keyboard... again looking at permissions to avoid leaking unnecessary things.
No wonder guys end up getting viruses... we need better ways to control our exposure. Then again Google's business depends on offering us what we want and thus they need to know that. But am I giving my data only to Google? I wonder where my accounts and their details end up going...
Have a read:
Here
Who cares anyway? At the end of the day, the billions Apple has in the bank will not help me pay my student and credit card debts. Neither will Android's success assist in making life easier for me.
In other words, at the end of the day, my life will not change one bit! These successes by Apple and Android companies only encourage me to save more of my dollars.
Planned obsolescence especially in the mobile gadget ecosystem only benefits huge multinational companies anyway.
everyone knows that you can't hack linux! linux is secure!
Apple sold 37 million iPhones last quarter passing up Samsung. But... Samsung (one of many Android smartphone makers) sold close to an estimated 36.5 million phones last quarter as well.
http://www.reuters.com/article/2012/01/27/us-samsung-idUSTRE80P1KY20120127
I like how you selectively pick "IOS" devices. You are moving the goal posts and interchanging IOS, iPhone, iPad, and "smartphones" selectively and non consistently to cherry pick specific statistics that conforms to your rant. Your claim of iPhones are selling more than Android "smartphones" is 100% FALSE. More Android Smartphones were sold all of last year and every quarter then iPhones. Android does not have any thing close to IOS sales in the tablet field. SO yes.. IOS devices outsell Android devices but that has no relevance to your rant of IOS smartphones compared to the Android smartphones.
foxconn factory workers very satisfied: 100%, with no dissent! amazing.
when interviewed, every last worker expressed their deepest appreciation for their bosses, and how much they love working together for harmonious success of the company, which they love and admire deeply.
Well, combine this with Googles recent news of privacy policy changes and Android's shine really is fading fast. I hate Apple, not for the products, I love Macs. It's the overused domination attitude I just can't deal with. So, that said, what's left? Win phone? Omg no. Maybe RIM and Nokia still have a niche after all... Just something to consider.
"Computers are a lot like Air Conditioners" "They both work great until you start opening Windows"
Samsung (one of many Android smartphone makers) sold close to an estimated 36.5 million phones last quarter as well.
Phones != Android
In other words, of 36.5 million phones does not mean those are all android phones let alone smart phones.
Normally I would just chalk this up to anti-Android FUD, but since it comes from Symantec--a trusted name in computer security--I have no reservations about the seriousness of the threat. Since I hate apple hipsters looks like it's back to WGA for me! Microsoft is going to bring back the Zune in phone form any day now... you'll see. Go ahead and laugh but in the end I'll be the one saying I told you so.
Read the article again
Samsung didn't give its own sales volume data, but research firm Strategy Analytics put sales at 36.5 million smartphones in October-December, with 3rd-ranked Nokia on 19.6 million. Smartphones account for around 40 percent of all Samsung's handset shipments.
Samsung sold 36.5 million SMARTPHONES and that was 40% of their total phone sales so their total phone sales were 91.25 million phones.
The amazing part is that iApps7 games are still on the market (as of this writing, 10PM PST).
It's obvious from the comments that they are total crap though. Anyone literate enough to read the comments wouldn't touch this stuff.
They have the account details for these, they should go prosecute them.
foxconn factory workers very satisfied: 100%, with no dissent! amazing.
Who makes your Android phone?
Some company that cares even LESS for their workers. At least Apple is trying to help and improve things, but China has a very servile culture embedded that has been pushed on them for many generations. They have a factory culture that has been as it is for a long time now and change is not instant.
So every dig you take at Apple and Foxconn labels you a dirty hypocrite if you use any electronics whatsoever, because even more people suffered for your device to be made...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Here's a 'jigsaw' of a half naked young woman, the picture only has 4 sections but I'll download it anyway, what could possibly go wrong?
What do you mean my phone is infected?
Despite being Linux-based, it is weak-minded. I sold my android device to some other poor, unsuspecting dupe. I got it, played with it for a little while, realized it was basically worthless, and sold it while it still had resale value. Because I bought it at Christmas time, with a steep discount, I actually turned a profit on the little piece of shit. Hahahahahah... sucker. Android has an app store with no vetting process, and that is the heart of the problem. I don't know that it's possible to make an OS where apps are so sandboxed that it doesn't matter WHAT they do. Perhaps if the OS itself had a master control panel at which you could, as the user, and without gaining root, change the permissions of every single program...
But they'll never do that. Linux (and all OS's based on it) suffer the same basic problems other OS's do anymore, because they've become OS designed to be able to run on general purpose machines. So now you've got security exploits, a pain-in-the-ass system (SELinux) that comes bundled that's more annoying than the security default set up that came with Windows Vista, a kludgey patchwork of libraries and it's just a total clusterfuck anymore.
What happened to the UNIX standard from the age of K&R, when each program did what it was designed to do, did it fast, did it well, did it quietly with a modest set of resource requirements, terminated and returned control to the OS?
Now there's almost no advantage to using Linux over Windows, and the disadvantage of it being a big pain in the ass, sometimes. There's a reason why so many Linux distros now are playing catch-up on a 2-3 year lag on features and interface usability with Microsoft and Apple. The reason is because the big boys cleaned up their act, and Linux is becoming increasingly fragmented. Android is useless, I have tried multiple different Linux distros, Windows from 3.1 to 7, and Commodore Basic (pseudo-OS), and MS DOS. I have even tried FreeBSD a few times.
Linux has gotten to be almost as easy to use as Windows, but the myth that you never have to reboot Linux has I think been debunked. Last time I tried Linux, (Mint 11, and Fedora 14, I think) Every time I fired up the computer, the automatic updater would start, and tell me there were dozens of packages that needed to be updated. Frequently this included critical subsystems, (like the kernel itself,) that ended up requiring a restart.
What happened to you Linux? Your ass used to be beautiful...
Anyway, this thread was about Android exploits. Yeah, MOD me down as a troll, I don't give a shit, because this is the TRUTH:
Android is crap. (IOS is also crap, for a completely different reason) but until someone comes up with something better, something that keeps programs in their own space so that they can't jack other files or the system, and that can do all the other things android and IOS phones can do, Android based equipment will continue to be useless. :)
It may have infected five million users!
Then again, it may have not.
"In other news, security research firm says they've found alarming evidence of their own relevance.
Details at 11"
That's 5:00 you non-binary-reading troglodytes. I suspect next I'll hear a story about how useful rats are at guarding cheese.
its pretty simple - Apple asked for it. no other company is stupid enough to pretend it is a revolution
HTC makes all of their premium Android phones in Taiwan. The workplace standards are of course much higher there compared to Mainland China. Samsung, on the other hand uses a number of factories, including ones in South Korea and China to make their flagship Galaxy SII phones.
:. Ultimate Control Dedicated/VM Servers
If you upload an app to the market place that needs access to the users bookmarks I think that a more in depth review process is in order.
At the very lest the user should be see an alert that says something like "This app seems to want a lot on your phone and hasn't been verified by Google...only use it if you really want to "....
So which company are all these AC's shilling for...
Because most of us REALLY don't give a shit which company is #1 or #2.
And still the bottom line is apple is some locked down, fucked up, half assed, lawsuit happy company who has not created anything original in 20 years.
All of you need to fuck off. Really.
It's a good thing they sell Norton Mobile Security to go with those estimates.
Assume the worst and it's 5 million. That's what, around 2% of Android devices? 5 Million is a lot but there are also 195 million devices that aren't running the malware.
Serious question: How much of this is hard spin from a security company that has much to gain from phone owners being scared?
'Symantec estimated the impact by combining the download totals -- which the Android Market shows as ranges -- of the 13 apps, arriving at a figure between 1 million on the low end and 5 million on the high.
Of course Symantec totally ignored that the download totals do not translate into the number of infected users. How many devices have multiple apps? That estimate could easily be 10x too high.
Did the author run scripts to pump up the numbers to gain visibility? Many app authors do this
And of course NONE of the anti-virus or malware scanners caught even One instance of this in the wild.
SYMANTIC advertising their own uselessness.
Sig Battery depleted. Reverting to safe mode.
I just checked my Galaxy Nexus. It says "Made in China", so I'm guessing it's probably a safe assumption it's made at Foxconn.
And while HTC's premium flagship phones are made in Taiwan, I'd guess most of the rest of them are made in Foxconn (for every flagship, there's probably dozens more of the lowend phones sold).
yeah I wish Google would speak to this.
It could be that NO ONE has downloaded these apps...
"Consider how lucky you are that life has been good to you so far. Alternatively, if life hasn't been good to you so far
In particular in Taoyuan. HTC makes their products in Taiwan, which is not a large surprise since they are also headquartered there.
So you compare two platforms against each other, and conclude therefore that the ass backwards worst feature of one of them is responsible for the overall satisfaction on that platform?
*slow clap*
The correct conclusion would be that Apple's satisfaction is high do to the crap free, consistent platform they have built around all their products.
But no it must be because of the walled garden app market, uh hum. The saddest thing here is your current moderation.
BTW: Symantec is just now disclosing that their servers were hacked in 2006 (as far as they know - maybe earlier). They don't know how long the hackers have PWNed their network, how much control they had, or for how long - but they're quite sure the hackers have stolen some of their source code. They recommend that you not use / disable / uninstall some (most) of their software. Most especially including PC Anywhere, since apparently it has a vulnerability or "back door" that allows the hackers to remotely administer your PC from Anywhere - and has for the last SIX YEARS.
I think I'm going to take Symantec's edicts with a grain of salt from now on, even if this is from a different group.
Help stamp out iliturcy.
Look at this list of infected apps.
iApps7 Inc Counter Elite Force Arcade & Action
iApps7 Inc Counter Strike Ground Force Arcade & Action
iApps7 Inc CounterStrike Hit Enemy Arcade & Action
iApps7 Inc Heart Live Wallpaper Entertainment
iApps7 Inc Hit Counter Terrorist Arcade & Action
iApps7 Inc Stripper Touch girl Entertainment
Ogre Games Balloon Game Sports Games
Ogre Games Deal & Be Millionaire Sports Games
Ogre Games Wild Man Arcade & Action
redmicapps Pretty women lingerie puzzle Photography
redmicapps Sexy Girls Photo Game Lifestyle
redmicapps Sexy Girls Puzzle Brain & Puzzle
redmicapps Sexy Women Puzzle Brain & Puzzle
These are all Facebook type games that idiots play.
Slashdot is intentionally not providing you full tech news coverage because it caters to a specific demographic of emotionally-invested users who are more likely to generate repeat page views.
Slashdot is a business whose sole income is advertising revenue. People visit because people visit. The Slashdot business model (Soulskill is an employee) is to promote controversy - The Rupert Murdock Model®. It ceased to be anything ./ related a long time ago.
All Advertisements on the internet or otherwise are "unwanted advertisements"
"What Are They Gonna Do When Were All Using Freenet"
Their low end needs to be divided by 13, as it is possible (though unlikely) that all users that have downloaded these apps have downloaded all 13. And then there are the users who wipe their phones (perhaps because they saw malware symptoms) and redownload. So probably the reality is anywhere between 50,000 and 5,000,000 infections.
I somehow can't imagine malware authors would sign their apps with a valid CA-issued certificate that would prove their identity in court.
If they wanted to promote controversy, they'd publish this drivel as is.
Because, really "Apple surpassed Android in marketshare" is "Research firm Kantar Worldpanel ComTech said Apple's share of the U.S. market doubled from a year ago to 44.9 percent in the October to December period, just beating Google's Android smartphones, which slipped to 44.8 percent from 50 percent.", "confirming earlier reports by both Nielsen" is "46.9% Android vs 44.5% Apple" and "and NPD [gigaom.com]" is "47% Android vs 43% Apple".
He doesn't even RTFA he links to, with 2 out of 3 "confirms" that are in fact "contradicts".
But Samsung counts their Bada phones as smartphones as well as their Android offerings...
... that Symantic says its a Risk Level is at 1: Very Low
That they believe number of "infections" is 1000+
And that to get rid of it all you have to do is UNINSTALL IT.
If you don't it may
Copy bookmarks on the device
Copy opt out details
Copy push notifications
Copy shortcuts
Identify the last executed command
Modify the browser's home page
Steal build information (for example: brand, device, manufacturer, model, OS, etc.)
And a variant might also transmit
Android ID
IMEI
IMSI
MAC address
SIM serial number
Eeek.
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
Seriously, this is an opportunity for a company to come up with a new market to compete against Google. Basically, set it up similar to Apples: submit the app, have it tested, etc. and charge a small amount of money. For me, I will stay with google. BUT, for my parents and in-laws, they would go with the secured market.
I prefer the "u" in honour as it seems to be missing these days.
The trade press is getting less and less neutral lately. That has to cost a lot of money.
Help stamp out iliturcy.
I think when they say downloads, they mean "purchases". If you download again on the same google account, I don't think that increments the counter.
wet water
And there's a (probably small) number of users like me, who will occasionally install something against my better judgement that I need for a one time use... and I neuter the permissions with things like DroidWall, LBE Privacy Guard, Permissions Denied, and others... and I think CM7 included its own permissions control.
Hell, even "normal" apps need some control. Many, many apps want access to your phone ID (IMEI, etc.). Block, block, block. That's a hardware ID unique to your handset. Only good reason to grab it is user tracking.
I vote based on politicians' actions, unless contrary to my preconceptions. Often wrong, never uncertain. #iamthe99%
and displays unwanted advertisements
Call me ignorant, but when are advertisements ever wanted
I understand that advertisements are a "necessary evil" in order to pay for development costs, etc, but I can't ever think of a situation when I've ever wanted to see advertising.
Apart from perhaps the Superbowl.
also should try to be less stupid and not give every little app all the rights they are demanding for no apparent reason at all.
They recommend that you not use / disable / uninstall some (most) of their software.
I think any IT professional worth their salt has been recommending removal of their software for years.
If I understand well, what you are saying that apps should be a highly regulated market. From TFA: " Although the infected apps request an uncommonly large number of privileges -- something that the user must approve -- Haley argued that few people bother reading them before giving their okay." If I am allergic to nuts, and I don't bother to read the big red label that some cookies contain nuts, if I get in a coma, hey, that's Nabisco's fault, not mine! They should KNOW I can be bothered to read some boring warnings. I want my cookies, and I want NOW!
Grey's Law: Any sufficiently advanced incompetence is indistinguishable from malice.
Details at 11"
That's 5:00 you non-binary-reading troglodytes. I suspect next I'll hear a story about how useful rats are at guarding cheese.
11 in Binary is 5?
Damn, I knew I was getting old, because it used to be only 3...
It's hard to take anything Symantec says seriously as regards security. They have every incentive to make things seem far worse than they really are. Does Symantec offer an antivirus for Android?
Don't kid yourself. HTC is the same as the rest. http://htcpedia.com/news/activists-demand-htc-relieve-overworked-employees.html
Good to see that MakeAFee and Scamantec are active again in sponsoring dumbware^Wmalware writers, in order to promote an AV business on mobile they are trying to ramp up since quite some time.
Slashdot also generates money through paid subscriptions.
blog
I've always thought that apt (apt-get, aptitude, Debian) has the right solution to this.
You get your software from a repository, and only software that is approved by the maintainers of the repository gets in.
Then, _you_ get to choose which repositories you trust.
That way, you don't have to judge the quality of all software yourself. You can leave that to the people who maintain the repositories. They will build up reputation over time, and you can go with the ones that have a good enough reputation by your standards.
A walled-garden app store like Apple's basically implements the first part of this. This is fine for a lot of people.
To also cater to those who want more freedom, without opening the flood gates, all you have to do is allow them to shop at other app stores, as well.
That's what I thought we had with android. There is the main android market, which I assumed had software that had been vetted in some way, and there are other markets, which could have lots of scary stuff. I do know from reading that the various malware scanners are almost worthless. So the iPhone model of the walled garden isn't used, and since virus scanners are useless, the PC model isn't used, what is an end user supposed to do?
So is there somewhere online that I can search to learn at least which apps are known malware?
-- QED
I answered. Don't get mad if your attempt at being smarmy backfired. Not everything is made in China.
Also there's the fact that Taiwan has a much higher standard of living and pays much greater wages.
A total non-issue ..
once you download an app from an unknown source, then it's game over !!!
And WinMo *is* a smartphone platform...
That being said, when you combine all of the offerings from all of the different manufacturers on all of the carriers around the world, I have a hard time believing that Apple managed to surpass all of the sales of Android with only 37 million sales.
Am I right? Yes Sir. Prepare for the onslaughts of naysayer spinmaster bullshit forthcoming from troll penguins who can't accept the truth that once a Linux of any kind gets used by masses, most especially those who are just "end user" types, it will be abused as much as Windows was for years. So much for the years of b.s. spread around that Linux = Secure, because it's not showing anyone that much on SmartPhones (PC's in & of themselves really).
It's hard to take anything Symantec says seriously as regards security. They have every incentive to make things seem far worse than they really are. Does Symantec offer an antivirus for Android?
Yes they have a number of products for Android, so yes they aren't exactly non-biased.
http://us.norton.com/mobile-security/
The one thing that sets the Linux ecosystem and the GPL apart from the proprietary world is that the source code can be read. Without this principal, anyone can force your device to do their will. That is why you can't trust forks of BSD licensed code. Microsoft thinks that they can solve this with signed code.
Even Android, with Linux at it's heart is vulnerable to attack by proprietary packages. The Debian and RPM packaging systems have the same issues. When are we going to accept that reading the source code is a fundamental freedom and that there is no such thing as "Trusted" computing?
Slashdot also generates money through paid subscriptions.
Oh right - how could I overlook that? It makes a huge difference.
Do they sell t-shirts too?
Nothing like getting malware and virus on your phone! free software 4 life, yo!
LOL, considering their first phone was made with materials environmentally unsound that have been eliminated in all major manufacturers at the time (BPA, if I recall correctly) for at least 5 years, I don't think big red gives a rats ass (until someone noticed and there was a media furor over it).
16 billion dollars in the piggy bank due to them charging a premium on old hardware and a bit being greedy siphoning 30% off of everything that passes through their devices (dual core 1GHz was so last year when they came out)... You're telling me they can't add a few more dollars to the wages of their workers? I have to call BS on "trying to improve things". Even if they gave an extra $1,000 to each and every worker in the plant ignoring who makes way, I don't think they'd even notice it missing. Quite literally, they could tell Foxconn to do things their way or it's the highway and you'd watch the magic happen. They won't, because that would cut into their insane margin.
Most other manufacturers don't have this halo effect on people like you, so they actually have to charge reasonably (the brand new 32GB quad core Asus Transformer prime is the same price as a dual core 16GB fruit stamped tablet). All other manufacturers are starting to get the message. Their margins aren't as great because they actually have to work for their share. They MUST rely on cheap labour to get their product out cheap.
Erm, Foxconn is not the only company in China.
Much like Asus, Samsung runs their own production complex in China.
And while HTC's premium flagship phones are made in Taiwan, I'd guess most of the rest of them are made in Foxconn
Bolded the key word. Once again, there's no evidence of this but nice try to spread FUD.
Calling someone a "hater" only means you can not rationally rebut their argument.
IIRC, all GSM Galaxy Nexuses are made in Korea in 2011.
:. Ultimate Control Dedicated/VM Servers
That seems to be an isolated incident of an engineer, not a factory worker, so no, it is not the same.
:. Ultimate Control Dedicated/VM Servers
That seems to be an isolated incident of an engineer, not a factory worker, so no, it is not the same.
What was it you didn't understand about "engineers and factory workers" in paragraphs 2 and 4.
And that was just a random pick of the many articles that Google returned.
If you think the working conditions are any better at HTC than Foxconn, you're deluding yourself.