Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec Identifies Android Trojans That Mutate With Every Download

Posted by samzenpus on from the learning-at-a-geometric-rate dept.

angry tapir writes "Symantec researchers have identified a new premium-rate SMS Android Trojan that modifies its code every time it gets downloaded in order to bypass antivirus detection. This technique is known as server-side polymorphism and has already existed in the world of desktop malware for many years, but mobile malware creators have only now begun to adopt it."

8 of 97 comments (clear)

  1. Avast runs fine thanks... by ewanm89 · · Score: 4, Funny

    I do not need Norton Mobile, Avast is cheaper and just as good, so Symantec, stop using your fear tactics for advertising.

    1. Re:Avast runs fine thanks... by L4t3r4lu5 · · Score: 4, Insightful

      And independent testing proves they're mostly pretty useless.

      As with all things, only install apps from trusted sources, don't click accept on every pop-up box, and check the permissions requested are consistent with the functionality of the app. The same as with any other application on any other OS.

      --
      Finally had enough. Come see us over at https://soylentnews.org/
  2. Turn it off! by ArcherB · · Score: 5, Informative

    I had my carrier, Sprint, turn "premium rate" text messaging off completely. My phone is clean, but I don't have to worry about it anyway.

    Also, it's worth noting that these guys don't need a virus to charge you for this stuff. About 2-3 times a year, I would get some charge on my bill from a joke line, horoscope line or whatever that I never signed up for through text messaging or any other way. The last time it happened, I explained to the customer service rep that I would never use this type of service and she suggested that I block it. I have not had another charge since.

    --
    There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
    1. Re:Turn it off! by Aladrin · · Score: 4, Interesting

      This is my only complaint about T-Mobile's customer service. The only way to block this is to pay $5/month and then micromanage your lines. -sigh-

      I had this problem with my father's line. He somehow got signed up for all kinds of garbage, and we didn't figure it out until later. (Really gotta watch that bill better.) They reversed a few months' charges, but they're only willing to go back so far. (I don't blame them, there.)

      But I did expect them to help me prevent the charges in the future, without me paying for the service.

      --
      "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
  3. notnews by Cyberax · · Score: 4, Informative

    So they've discovered polymorphic viruses? You know, like in good old days of DOS where viruses were real viruses and not simple worms.

    http://en.wikipedia.org/wiki/Polymorphic_code

    1. Re:notnews by gl4ss · · Score: 4, Interesting

      it's not as elegant as polymorphic on it's own virus. it's server side generated, the server adds some randomization to the code changes classnames, adds'/removes unneeded code and then builds a new package. meaning the signature changes. Now, it's perfectly possible to build a binary and a new package _on_ device too, it just doesn't seem that any malware does it, polymorphic on device _and_ spread through bluetooth would be newsworthy I'd think(it needs the victim to press yes about 3 times and to open the file though - and the user to keep bt on too.. as it happens, you can't on android keep just the handsfree parts of bluetooth on, if you got bt on then obex is on, but you'll still need to accept the incoming files as said).

      --
      world was created 5 seconds before this post as it is.
  4. Server-Side Grammar Polymorphism? by ScentCone · · Score: 4, Funny

    You get what you pay for so think about why your still getting those pop-up porn ad's.

    Never mind pop-ups. I want to know which virus it was that yanked out the comma from your first clause, changed "you're" to "your" and turned "ads" into "ad's." These make-me-type-like-a-12-year-old malware infestations have really taken over. Because there's certainly no other explanation.

    --
    Don't disappoint your bird dog. Go to the range.
  5. Why don't we address the source of the problem by Rix · · Score: 4, Insightful

    Has anyone, anywhere ever intentionally used a "premium" SMS service?

    Telecoms obviously need a regulatory smackdown requiring them not to act as payment processors.