Slashdot Mirror

← Back to Stories (view on slashdot.org)

SMS-Controlled Malware Hijacking Android Phones

Posted by samzenpus on from the Taking-over dept.

wiredmikey writes "Security researchers have discovered new Android malware controlled via SMS that can do a number of things on the compromised device including recording calls and surrounding noise. Called TigerBot, the recently discovered malware was found circulating in the wild via non-official Android channels. Based on the code examination, the researchers from NQ Mobile, alongside researchers at North Carolina State University said that TigerBot can record sounds in the immediate area of the device, as well as calls themselves. It also has the ability to alter network settings, report its current GPS coordinates, capture and upload images, kill other processes, and reboot the phone. TigerBot will hide itself on a compromised device by forgoing an icon on the home screen, and by masking itself with a legit application name such as Flash or System. Once installed and active, it will register a receiver with a high priority to listen to the intent with action 'android.provider.Telephony.SMS_RECEIVED.'"

27 of 94 comments (clear)

  1. NQ Mobile link by OzPeter · · Score: 2

    Security Alert: New Android Malware — TigerBot — Identified in Alternative Markets
     
    And frist?

    --
    I am Slashdot. Are you Slashdot as well?
    1. Re:NQ Mobile link by tripleevenfall · · Score: 2

      I'm having a hard time understanding why anyone would install the typical greyware apps from a random source outside of the android market... seems pretty risky.

    2. Re:NQ Mobile link by Anonymous Coward · · Score: 3, Insightful

      That's not the WHY though.

      They WHY is because people with the 'click' mentality, that is stronger on a mobile, have less fear of adding a possibly infected program. I just don't think the regular Joes of the world have as much awareness of possible malware laden software when it comes to their phone.

    3. Re:NQ Mobile link by tlhIngan · · Score: 4, Informative

      I'm having a hard time understanding why anyone would install the typical greyware apps from a random source outside of the android market... seems pretty risky.

      Easy - piracy. It's the same reason people will happily torrent new release games and applications and run them on their PCs, or download Windows 7 to install on a brand new PC. Hell, malware infested versions of OS X and Photoshop abounded a couple of years ago (they installed a botnet client during the install).

      And face it - a large number of places do not support Google Wallet/Checkout/whatever, especially in places like China. They might now, but once a habit is ingrained, it tends to stay such.

      These sites popped up because of that (you couldn't get the app otherwise) and the end result is they florished and people pretty much got used to the idea of "apps are free" - why pay $2 at Play when your favorite app site has it for free within hours? And if you didn't know of any, your friends who told you what phone to get will steer you in the right direction.

      Even Google's DRM thing isn't that effective - I have seen many DRM-cracker apps available on the torrents that remove it from an APK file.

      And let's not even begin to talk about AOSP-based phones which have to be rooted/hacked to run Play - it's often easier to just download the damn app for free than hack in Play or hope that whatever market came with the device (if any) will carry it.

      For those, perhaps many of these stores have their own market apps and they get preloaded, so users don't know any better. Especially if normal developers also use those stores

      Heck, you should see the iOS piracy sites sometimes - they get overrun with people who buy the latest Apple iDevice and plead "HOW DO I INSTALL?!?!? I NEED IT NOW!!!" long before jailbreaks are released (you have to jailbreak to install the modified installer binary to allow unsigned stuff to run). Of course, without that 15-minute Google refund thing, new apps actually have to be bought and paid for, so app selection is far more limited.

      That, and Apple tends to ensure everywhere they can officially buy devices to access the App Store, Apple is right there willing to sell. (The biggest news is that Apple finally allowed Chinese customers pay in Yuan instead of US dollars).

    4. Re:NQ Mobile link by chrb · · Score: 2

      both can access others by jailbreaking (sic)

      Most Android phones will, without rooting, happily allow you to load an .apk archive from the web, or over USB (with debugging enabled in settings), or to add a new app store (enable "unknown sources" in settings). The only carrier I heard of that blocked third party app stores was AT&T, and they caved when their customers started demanding access to the Amazon Appstore. There are millions of people using the Amazon Appstore, and the vast majority have not jailbroken their phones. Even the Amazon specific Kindle Fire allows adding alternative app stores.

    5. Re:NQ Mobile link by Rasperin · · Score: 2

      How about for apps like the Amazon app store (where you get the free app of the day) and the Hulu app (which is a free app, but isn't on the market for my Samsung Galaxy S II) I had to download a hacked version of it to run it on my phone.

      --
      WTF Slashdot, why do I have to login 50 times to post?
    6. Re:NQ Mobile link by Hentes · · Score: 2

      From the articles it seems that the malware can't circumvent the permission system. If you give unlimited permissions to untrusted apps you have only yourself to blame, but otherwise you don't have to worry about where your apps came from.

    7. Re:NQ Mobile link by SQLGuru · · Score: 2

      Apparently you didn't read about Path. In this instance, iOS was very open in terms of what an application could access without asking the user (contacts). Any app could do the same as well. No jailbreak needed.

      Not saying that other mobile operating systems are better.....just countering your sensitive info leak point.

      http://articles.latimes.com/2012/feb/08/business/la-fi-tn-path-ceo-dave-morin-we-are-sorry-20120208

    8. Re:NQ Mobile link by mean+pun · · Score: 4, Informative

      I've used both platforms, and both seem to have an 'approved' appstore and both can access others by jailbreaking (sic). Even the android phones I used were locked down by the carrier to only use the 'real' appstore. I don't see what the substantive difference is in those kinds of cases.

      Apart from what others have posted: the apps in the Google App store are hardly vetted: any developer can post whatever s/he likes, and it is immediately available in the store. Google may remove the app later on if it breaks some of the rules, and I don't think that happens very often. In contrast, Apple checks every version of every app, and only when it is approved it is published.

    9. Re:NQ Mobile link by thegarbz · · Score: 2

      I don't understand why anyone would install any non-Microsoft software on a windows computer. It seems pretty risky. I mean there's all sorts of things programs are known for including leaking your information onto the internet, phoning home to the vendor, serving up unwanted ads, and all of that just in legitimate non-malware apps.

      It's even worse on windows machines because when I install an application I don't get given a list of specific permissions it has, such as access to my harddisk, internet, webcam, email client, etc. I literally have no idea what will happen when I click on that .exe file.

      Computers are too risky to use, as are smartphones. We need to go back to telegraph towers, it's the only way to be safe.

  2. masking itself with a legit application name... by Neil_Brown · · Score: 2, Funny

    ... such as Flash...

    I'm sure there's a joke in here somewhere, but I can't find it...

  3. And NC SU link by OzPeter · · Score: 2

    Dr. Xuxian Jiang has been busy identifying all sorts of Android malware.

    --
    I am Slashdot. Are you Slashdot as well?
  4. Not News by girlintraining · · Score: 5, Insightful

    Downloading things from backwater websites has a higher risk of malware being present than downloading from reputable sources. ...That's some fine detective work there, Lou.

    More seriously; It shouldn't come as any surprise that given how valuable your location data and personal information is, and how much of that is stored on a cell phone, and how most companies have declared themselves to have absolute rights to it (go ahead, try and stop us! *evil overlord laugh*), it shouldn't be surprising that other people (legitimately or otherwise) are hopping on the "All Your Privacy Are Belong To Us" gravy train.

    So people will be all like "Oh noes! Someone wrote an evil bot!" ... Of course, they'll forget that the malware that the telecos have loaded on your phone makes that look positively amateur.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Not News by OzPeter · · Score: 3, Interesting

      Downloading from reputable sources

      I'm genuinely curious .. how does the Android marketplace (and I mean this generally) define and validate a "reputable source'?

      --
      I am Slashdot. Are you Slashdot as well?
    2. Re:Not News by Anonymous Coward · · Score: 2, Insightful

      It's about options.

      Android phones come pre-configured to block third-party downloads and they restrict you to the Play Store. Nearly every single one of these reports of Android malware are through other sources, so devices are protected.

      Unlike Apple, though, Android phones give you the CHOICE of whether or not you want to remain under that protection. As simply as checking a box, you can be free to download and run any application you want.

      So Android gives you the best of both worlds, while Apple is simply about controlling everything you do.

    3. Re:Not News by chrb · · Score: 2

      If you want to crow about your openness, you can't downplay the existence and risk of malware like this.

      That's like saying that if people have the freedom to choose their own sexual partners, then you can't downplay the existence and risk of sexually transmitted infections. It is a true statement, but the probability of contracting an STI is much higher if you have lots of sex with random strangers that you meet over the internet, than if you have sex with a single known long term partner. And, for many people, the freedom of being able to choose a sexual partner is more important than being protected from the risk of choosing the wrong partner.

  5. In Other News by Bigby · · Score: 4, Funny

    If you root your phone, your phone could be rooted!

  6. I can't record on my Android phone but... by acidradio · · Score: 3, Funny

    I can't record my own audio on my Android phone but a malware app can? So let me get this straight - to get what I believe should be a regular functionality I have to have someone install a malware app? Ridiculous. This is almost like giving someone syphillis to cure them of AIDS!

    1. Re:I can't record on my Android phone but... by jeffmeden · · Score: 2

      I can't record my own audio on my Android phone but a malware app can? So let me get this straight - to get what I believe should be a regular functionality I have to have someone install a malware app? Ridiculous. This is almost like giving someone syphillis to cure them of AIDS!

      FUD much? Like there aren't a dozen call recording apps in the (legit version of the) app market, that keep you miles away from any malware like this article mentions?

  7. Re:Was anyone else failing reading by oodaloop · · Score: 4, Funny

    I thought it said "SOS-Comptroller Malawi Carjacking Androgenous Phonemes". I'm glad I'm not the only one who can't read, and others are willing to share their reading comprehension problems for everyone to enjoy as well.

    --
    Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
  8. Missing key information by Scutter · · Score: 5, Insightful

    This is not the first Android malware reported, and the story is always missing three key pieces of information:

    1) What applications (or sites) were hosting the malware so that we can check to see if we have those apps.

    2) How to tell if you are infected (and saying "it will register a receiver with a high priority to listen to the intent with action 'android.provider.Telephony.SMS_RECEIVED" doesn't really explain anything, especially to the layperson).

    3) What to do about it if you are infected.

    This story is no different

    --

    "Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
    1. Re:Missing key information by Critical+Facilities · · Score: 3, Informative

      2) How to tell if you are infected

      3) What to do about it if you are infected

      This would probably be a good place to start.

  9. Re:So.. How Does it Record Calls? by robmv · · Score: 3, Informative

    ohh please stop trolling and use the Market/Play search box

  10. Re:So.. How Does it Record Calls? by geminidomino · · Score: 4, Insightful

    Was going to mod you down, but I'll post instead. Did you even LOOK at the results page you linked to? There are a handful of call recording apps (which don't seem to work on most phones. I've tried all of the ones on page 1 on both my Moment and my Evo 4G), and nine hundred and something apps with the word "call" or "record" somewhere in there.

    You'd think that an app store run by google would have smarter search capabilities...

  11. Everyone should be like AC. by Picass0 · · Score: 4, Interesting

    I guess nobody ever roots their iPhones to install homebrew software. All of those rooting videos on youtube must be my imagination.

    @AC - Just because YOU don't have a need or desire to install software from alternative sources doesn't mean nobody else should. That's not even a platform specific desire. Apple or Android - if you own a smartphone you have a portable computer in your pocket. There will always be people who want to tinker and think outside the box and push the limits of what they can do WITH A DEVICE THEY OWN. They shouldn't have to play by Apple's rules, Google's rules, or yours. It doesn't make them 'fandroids', it makes them curious.

  12. Re:So.. How Does it Record Calls? by CanHasDIY · · Score: 2

    ohh please stop trolling and use the Market/Play search box

    At last check (which, granted, was several months ago) all "call recording" apps for the DX do not record the call stream, but rather use the speaker to record calls through the mic.

    But by all means, continue with your childish assumptions. After all, what fun would the internet be if everyone actually owned a clue?

    --
    An enigma, wrapped in a riddle, shrouded in bacon and cheese
  13. Re:So.. How Does it Record Calls? by GIL_Dude · · Score: 2

    One solution would be to use Google Voice and allow the call to be recorded on Google's system. Then you can access the recording from your phone, your computer, etc. I got my GV number well before you could "port" a number to GV, so I got a new number. I know that is a deal breaker for some folks so look into porting your existing number to GV. It definitely lets you record calls with no problem at all.

    I guess I should point out that the service is still mostly USA only.