Slashdot Mirror
Android Malware May Have Infected 5 Million Users
bonch writes "A massive Android malware campaign may be responsible for duping as many as 5 million users into downloading the Android.Counterclan infection from the Google Android Market. The trojan collects the user's personal information, modifies the home page, and displays unwanted advertisements. It is packaged in 13 different applications, some of which have been on the store for at least a month. Several of the malicious apps are still available on the Android Market as of 3 P.M. ET. Symantec has posted the full list of infected applications."
GreatBunzinni has been posting anonymous accusations listing a whole bunch of Slashdot accounts as being part of a marketing campaign for Microsoft, without any evidence.
GreatBunzinni has accidentally outed himself as this anonymous poster. Here, he writes the same post almost verbatim, first using his logged-in account and then in an anonymous post submitted days later. Note the use of the exact same terminology and phrasing in both posts.
Half the accounts he attacks don't even post pro-Microsoft rhetoric. The one thing they appear to have in common is that they have been critical of Google in the past. GreatBunzinni has been using multiple accounts to post these "shill" accusations, such as Galestar, NicknameOne, and flurp.
That's not the problem. The problem is that moderators gave him +5 Informative and are now modding down the accused, even for legitimate posts. Metamoderation is supposed to address this by filtering out the bad moderators, but clearly it's not working.
This "shill" crap that has been flying around lately has to stop. It's restricting a variety of viewpoints from participating on the site and creating an echo chamber.
According to Reuters, Apple surpassed Android in marketshare by the end of 2011, confirming earlier reports by both Nielsen and NPD. 150 Android smartphones couldn't beat the iPhone 4S. With 15 million iPads sold last quarter, the tablet market is now larger than the entire desktop PC market. Apple’s profits ($13 billion) exceeded Google’s entire revenue ($10.6 billion).
Who cares? Well, in January 2011, Slashdot triumphantly reported that Android surpassed iOS in marketshare. All year, Android fans cited Android's marketshare as proof that it was taking over the smartphone industry, that the lack of centralized control was superior to the "walled garden", and that Android was "winning".
So what happened when the opposite occurred and Apple reversed Android's marketshare lead by the end of the year? Despite multiple submissions from several users, and news coverage ranging from Arstechnica to CNN, Slashdot refused to publish the story. All the sudden, it wasn't considered newsworthy despite the publication of the other story a year earlier.
This is a Linux advocacy site whose initial userbase was driven by hatred of Windows marketshare. Marketshare is still highly fetishized around here. Anything negative about the marketshare of Linux, or platforms based on Linux, gets killed. Slashdot is intentionally not providing you full tech news coverage because it caters to a specific demographic of emotionally-invested users who are more likely to generate repeat page views.
- Sent from my ruPhone.
And this planet MIGHT be home to 400 trillion invisible monkeys.
This just sounds like the typical FUD from Apple/Microsoft.
Please provide proof.
n/t
bbbbbbbbbbbbbbbbut Linux is secure!
I've always thought it was odd that those games that literally copied Counter-Strike were allowed on the Google Market.
I know, you're about to say "copying gameplay, while unethical, is completely legal". Problem is, they didn't copy the gameplay - they're boring rail shooters. The copied stuff is the art - the textures, models, even some of the maps. And that's blatant copyright infringement. It's obvious even from the previews, if you've played the game enough. And since, at one point, people playing cs_italy were responsible for more bandwidth usage than actual people in Italy, I'm pretty sure I'm not the first to notice it.
I figured Valve, being pretty savvy about this sort of thing, figured that suing them would give them too much publicity - Streisand Effect and all that, not worth the huge amount of publicity that anything Valve does. Now, I'm thinking that iApps7 was just ignoring the cease-and-desists, because when you're already distributing malware and committing actual, commercial copyright theft, you're probably not too afraid of lawyers.
Although I seriously doubt Symantec's 5 million number is right, the fact that malware keep showing up on the market is disturbing. Actually, we're beyond disturbing, it's getting downright annoying. Google needs to do better than removing bad applications after the fact, and while this doesn't need to be a Jobsian walled garden, at a minimum Google needs to start reviewing all applications (and updates!) before posting them to make sure they're clean.
Phones are appliances, and trying to handle malware the same way we handle it on computers (which is to say, after the fact) is not going to work.
For years, the Windows platform was mocked relentlessly as a cesspool for malware. It's interesting to see what happens when there is a lack of quality control from the platform vendor, which turned Windows into a complete mess of contradictory interfaces (even within Microsoft's own software), convoluted configuration settings, and a third-party market devoted to cleaning up viruses and spyware. Android seriously risks going down that path, if it's not there already. There has to be more control on the part of Google.
Pushing back on that is a small contingent of techies who want to turn the smartphone into a PC. They like to cite the freedom to install anything they want, but the truth is that mainstream users wouldn't do so even if they knew how. Google needs to cater to the needs of the majority and not latch onto populist concepts sound good to tech crowds (e.g., "openness") but mean nothing to everyone else who just uses these things as tools rather than hobbies--especially when Google seems to have trouble following fundamental tenets of open source like source code access.
Those 37 million iPhone sales over December reversed the 2011 Android surge. The in-fighting among Android vendors risks more forks like Kindle Fire, customized interfaces, and abandoned phones that no longer receive updates mere months after their release. Google, turn the ship around before it's too late! The carriers won't help you.
"Sufferin' succotash."
Apart from being somewhat annoyed about the greater difficulty of managing my smartphone when compared to my Linux boxes, I've been having a hard time selecting apps for it.
Android market is not exactly friendly (is there a way to get larger fonts?) and I'd like to have a search by permissions. Recently, I wanted a mere notepad app -- no frills, no cloud, no nothing, just the note, but there's an "excellent" notepad app which requires you to join an online service. WTF!!!
After finding 2 suitable apps, I would still need a bigger keys soft keyboard... again looking at permissions to avoid leaking unnecessary things.
No wonder guys end up getting viruses... we need better ways to control our exposure. Then again Google's business depends on offering us what we want and thus they need to know that. But am I giving my data only to Google? I wonder where my accounts and their details end up going...
There are a lot of angry Linux users pissed off at Gnome 3 and Unity so they are writting viruses in retaliation. I can confirm that there are viruses for Linux out there, Slashdot won't believe me, but it's happening.
Have a read:
Here
Who cares anyway? At the end of the day, the billions Apple has in the bank will not help me pay my student and credit card debts. Neither will Android's success assist in making life easier for me.
In other words, at the end of the day, my life will not change one bit! These successes by Apple and Android companies only encourage me to save more of my dollars.
Planned obsolescence especially in the mobile gadget ecosystem only benefits huge multinational companies anyway.
everyone knows that you can't hack linux! linux is secure!
foxconn factory workers very satisfied: 100%, with no dissent! amazing.
when interviewed, every last worker expressed their deepest appreciation for their bosses, and how much they love working together for harmonious success of the company, which they love and admire deeply.
Well, combine this with Googles recent news of privacy policy changes and Android's shine really is fading fast. I hate Apple, not for the products, I love Macs. It's the overused domination attitude I just can't deal with. So, that said, what's left? Win phone? Omg no. Maybe RIM and Nokia still have a niche after all... Just something to consider.
"Computers are a lot like Air Conditioners" "They both work great until you start opening Windows"
Normally I would just chalk this up to anti-Android FUD, but since it comes from Symantec--a trusted name in computer security--I have no reservations about the seriousness of the threat. Since I hate apple hipsters looks like it's back to WGA for me! Microsoft is going to bring back the Zune in phone form any day now... you'll see. Go ahead and laugh but in the end I'll be the one saying I told you so.
Ya know it's an anti-Google story when bonch the astroturfing douche bag cub reporter is on the story.
The amazing part is that iApps7 games are still on the market (as of this writing, 10PM PST).
It's obvious from the comments that they are total crap though. Anyone literate enough to read the comments wouldn't touch this stuff.
They have the account details for these, they should go prosecute them.
foxconn factory workers very satisfied: 100%, with no dissent! amazing.
Who makes your Android phone?
Some company that cares even LESS for their workers. At least Apple is trying to help and improve things, but China has a very servile culture embedded that has been pushed on them for many generations. They have a factory culture that has been as it is for a long time now and change is not instant.
So every dig you take at Apple and Foxconn labels you a dirty hypocrite if you use any electronics whatsoever, because even more people suffered for your device to be made...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Here's a 'jigsaw' of a half naked young woman, the picture only has 4 sections but I'll download it anyway, what could possibly go wrong?
What do you mean my phone is infected?
Despite being Linux-based, it is weak-minded. I sold my android device to some other poor, unsuspecting dupe. I got it, played with it for a little while, realized it was basically worthless, and sold it while it still had resale value. Because I bought it at Christmas time, with a steep discount, I actually turned a profit on the little piece of shit. Hahahahahah... sucker. Android has an app store with no vetting process, and that is the heart of the problem. I don't know that it's possible to make an OS where apps are so sandboxed that it doesn't matter WHAT they do. Perhaps if the OS itself had a master control panel at which you could, as the user, and without gaining root, change the permissions of every single program...
But they'll never do that. Linux (and all OS's based on it) suffer the same basic problems other OS's do anymore, because they've become OS designed to be able to run on general purpose machines. So now you've got security exploits, a pain-in-the-ass system (SELinux) that comes bundled that's more annoying than the security default set up that came with Windows Vista, a kludgey patchwork of libraries and it's just a total clusterfuck anymore.
What happened to the UNIX standard from the age of K&R, when each program did what it was designed to do, did it fast, did it well, did it quietly with a modest set of resource requirements, terminated and returned control to the OS?
Now there's almost no advantage to using Linux over Windows, and the disadvantage of it being a big pain in the ass, sometimes. There's a reason why so many Linux distros now are playing catch-up on a 2-3 year lag on features and interface usability with Microsoft and Apple. The reason is because the big boys cleaned up their act, and Linux is becoming increasingly fragmented. Android is useless, I have tried multiple different Linux distros, Windows from 3.1 to 7, and Commodore Basic (pseudo-OS), and MS DOS. I have even tried FreeBSD a few times.
Linux has gotten to be almost as easy to use as Windows, but the myth that you never have to reboot Linux has I think been debunked. Last time I tried Linux, (Mint 11, and Fedora 14, I think) Every time I fired up the computer, the automatic updater would start, and tell me there were dozens of packages that needed to be updated. Frequently this included critical subsystems, (like the kernel itself,) that ended up requiring a restart.
What happened to you Linux? Your ass used to be beautiful...
Anyway, this thread was about Android exploits. Yeah, MOD me down as a troll, I don't give a shit, because this is the TRUTH:
Android is crap. (IOS is also crap, for a completely different reason) but until someone comes up with something better, something that keeps programs in their own space so that they can't jack other files or the system, and that can do all the other things android and IOS phones can do, Android based equipment will continue to be useless. :)
It may have infected five million users!
Then again, it may have not.
its pretty simple - Apple asked for it. no other company is stupid enough to pretend it is a revolution
However I don't impaiired its Tangle of fatal
HTC makes all of their premium Android phones in Taiwan. The workplace standards are of course much higher there compared to Mainland China. Samsung, on the other hand uses a number of factories, including ones in South Korea and China to make their flagship Galaxy SII phones.
:. Ultimate Control Dedicated/VM Servers
If you upload an app to the market place that needs access to the users bookmarks I think that a more in depth review process is in order.
At the very lest the user should be see an alert that says something like "This app seems to want a lot on your phone and hasn't been verified by Google...only use it if you really want to "....
I just checked my Galaxy Nexus. It says "Made in China", so I'm guessing it's probably a safe assumption it's made at Foxconn.
And while HTC's premium flagship phones are made in Taiwan, I'd guess most of the rest of them are made in Foxconn (for every flagship, there's probably dozens more of the lowend phones sold).
In particular in Taoyuan. HTC makes their products in Taiwan, which is not a large surprise since they are also headquartered there.
So you compare two platforms against each other, and conclude therefore that the ass backwards worst feature of one of them is responsible for the overall satisfaction on that platform?
*slow clap*
The correct conclusion would be that Apple's satisfaction is high do to the crap free, consistent platform they have built around all their products.
But no it must be because of the walled garden app market, uh hum. The saddest thing here is your current moderation.
Look at this list of infected apps.
iApps7 Inc Counter Elite Force Arcade & Action
iApps7 Inc Counter Strike Ground Force Arcade & Action
iApps7 Inc CounterStrike Hit Enemy Arcade & Action
iApps7 Inc Heart Live Wallpaper Entertainment
iApps7 Inc Hit Counter Terrorist Arcade & Action
iApps7 Inc Stripper Touch girl Entertainment
Ogre Games Balloon Game Sports Games
Ogre Games Deal & Be Millionaire Sports Games
Ogre Games Wild Man Arcade & Action
redmicapps Pretty women lingerie puzzle Photography
redmicapps Sexy Girls Photo Game Lifestyle
redmicapps Sexy Girls Puzzle Brain & Puzzle
redmicapps Sexy Women Puzzle Brain & Puzzle
These are all Facebook type games that idiots play.
All Advertisements on the internet or otherwise are "unwanted advertisements"
"What Are They Gonna Do When Were All Using Freenet"
I somehow can't imagine malware authors would sign their apps with a valid CA-issued certificate that would prove their identity in court.
... that Symantic says its a Risk Level is at 1: Very Low
That they believe number of "infections" is 1000+
And that to get rid of it all you have to do is UNINSTALL IT.
If you don't it may
Copy bookmarks on the device
Copy opt out details
Copy push notifications
Copy shortcuts
Identify the last executed command
Modify the browser's home page
Steal build information (for example: brand, device, manufacturer, model, OS, etc.)
And a variant might also transmit
Android ID
IMEI
IMSI
MAC address
SIM serial number
Eeek.
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
Seriously, this is an opportunity for a company to come up with a new market to compete against Google. Basically, set it up similar to Apples: submit the app, have it tested, etc. and charge a small amount of money. For me, I will stay with google. BUT, for my parents and in-laws, they would go with the secured market.
I prefer the "u" in honour as it seems to be missing these days.
wet water
and displays unwanted advertisements
Call me ignorant, but when are advertisements ever wanted
I understand that advertisements are a "necessary evil" in order to pay for development costs, etc, but I can't ever think of a situation when I've ever wanted to see advertising.
Apart from perhaps the Superbowl.
also should try to be less stupid and not give every little app all the rights they are demanding for no apparent reason at all.
If I understand well, what you are saying that apps should be a highly regulated market. From TFA: " Although the infected apps request an uncommonly large number of privileges -- something that the user must approve -- Haley argued that few people bother reading them before giving their okay." If I am allergic to nuts, and I don't bother to read the big red label that some cookies contain nuts, if I get in a coma, hey, that's Nabisco's fault, not mine! They should KNOW I can be bothered to read some boring warnings. I want my cookies, and I want NOW!
Grey's Law: Any sufficiently advanced incompetence is indistinguishable from malice.
Don't kid yourself. HTC is the same as the rest. http://htcpedia.com/news/activists-demand-htc-relieve-overworked-employees.html
Good to see that MakeAFee and Scamantec are active again in sponsoring dumbware^Wmalware writers, in order to promote an AV business on mobile they are trying to ramp up since quite some time.
I've always thought that apt (apt-get, aptitude, Debian) has the right solution to this.
You get your software from a repository, and only software that is approved by the maintainers of the repository gets in.
Then, _you_ get to choose which repositories you trust.
That way, you don't have to judge the quality of all software yourself. You can leave that to the people who maintain the repositories. They will build up reputation over time, and you can go with the ones that have a good enough reputation by your standards.
A walled-garden app store like Apple's basically implements the first part of this. This is fine for a lot of people.
To also cater to those who want more freedom, without opening the flood gates, all you have to do is allow them to shop at other app stores, as well.
That's what I thought we had with android. There is the main android market, which I assumed had software that had been vetted in some way, and there are other markets, which could have lots of scary stuff. I do know from reading that the various malware scanners are almost worthless. So the iPhone model of the walled garden isn't used, and since virus scanners are useless, the PC model isn't used, what is an end user supposed to do?
So is there somewhere online that I can search to learn at least which apps are known malware?
-- QED
I answered. Don't get mad if your attempt at being smarmy backfired. Not everything is made in China.
Also there's the fact that Taiwan has a much higher standard of living and pays much greater wages.
A total non-issue ..
once you download an app from an unknown source, then it's game over !!!
Am I right? Yes Sir. Prepare for the onslaughts of naysayer spinmaster bullshit forthcoming from troll penguins who can't accept the truth that once a Linux of any kind gets used by masses, most especially those who are just "end user" types, it will be abused as much as Windows was for years. So much for the years of b.s. spread around that Linux = Secure, because it's not showing anyone that much on SmartPhones (PC's in & of themselves really).
The one thing that sets the Linux ecosystem and the GPL apart from the proprietary world is that the source code can be read. Without this principal, anyone can force your device to do their will. That is why you can't trust forks of BSD licensed code. Microsoft thinks that they can solve this with signed code.
Even Android, with Linux at it's heart is vulnerable to attack by proprietary packages. The Debian and RPM packaging systems have the same issues. When are we going to accept that reading the source code is a fundamental freedom and that there is no such thing as "Trusted" computing?
Nothing like getting malware and virus on your phone! free software 4 life, yo!
LOL, considering their first phone was made with materials environmentally unsound that have been eliminated in all major manufacturers at the time (BPA, if I recall correctly) for at least 5 years, I don't think big red gives a rats ass (until someone noticed and there was a media furor over it).
16 billion dollars in the piggy bank due to them charging a premium on old hardware and a bit being greedy siphoning 30% off of everything that passes through their devices (dual core 1GHz was so last year when they came out)... You're telling me they can't add a few more dollars to the wages of their workers? I have to call BS on "trying to improve things". Even if they gave an extra $1,000 to each and every worker in the plant ignoring who makes way, I don't think they'd even notice it missing. Quite literally, they could tell Foxconn to do things their way or it's the highway and you'd watch the magic happen. They won't, because that would cut into their insane margin.
Most other manufacturers don't have this halo effect on people like you, so they actually have to charge reasonably (the brand new 32GB quad core Asus Transformer prime is the same price as a dual core 16GB fruit stamped tablet). All other manufacturers are starting to get the message. Their margins aren't as great because they actually have to work for their share. They MUST rely on cheap labour to get their product out cheap.
Erm, Foxconn is not the only company in China.
Much like Asus, Samsung runs their own production complex in China.
And while HTC's premium flagship phones are made in Taiwan, I'd guess most of the rest of them are made in Foxconn
Bolded the key word. Once again, there's no evidence of this but nice try to spread FUD.
Calling someone a "hater" only means you can not rationally rebut their argument.
IIRC, all GSM Galaxy Nexuses are made in Korea in 2011.
:. Ultimate Control Dedicated/VM Servers
That seems to be an isolated incident of an engineer, not a factory worker, so no, it is not the same.
:. Ultimate Control Dedicated/VM Servers
That seems to be an isolated incident of an engineer, not a factory worker, so no, it is not the same.
What was it you didn't understand about "engineers and factory workers" in paragraphs 2 and 4.
And that was just a random pick of the many articles that Google returned.
If you think the working conditions are any better at HTC than Foxconn, you're deluding yourself.