Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybercriminals Exploit Björk's Biophilia App To Compromise Androids

Posted by timothy on from the click-here-for-free-bjork dept.

An anonymous reader writes "The Russians who put out fake versions of Angry Bird Space and Instagram for Android last week have competition. Biophilia, a musical experiment by Bjork into the world of apps, has been ported to Android as a Trojan." Maybe not totally surprising; as the submitter reader continues, "last year at the launch of the app, Bjork was quoted in an interview inviting pirates/hackers to attempt to port her code over from iPhone to other platforms."

3 of 75 comments (clear)

  1. Lack of Business Opportunities in Russia? by dryriver · · Score: 4, Interesting

    I'm wondering why it is that the old "Soviet Bloc" countries produce so many hackers/scammers/malware authors? Couldn't these people use their - considerable - coding skills to do something constructive? Like starting a software or IT services company? Or making small casual games for various platforms that are out there? Is there a lack of opportunities in Russia & neighbouring countries? A lack of angel investors or venture capital that could pay for small startups? Or is it a cultural thing that Russian hackers tend to do pretty negative things - like hacking & stealing credit card info - ? If you have the technical skill to create trojans or malware, surely there are other _useful_ things you can build with those skills? Like creating a competitor to Adobe Photoshop, or a watertight security system for banking transactions. ------- I really want to know: What is so attractive about creating trojans, malware & phishing scams with your tech skills. Surely these people wouldn't want their own systems compromised by malicious software? So why do it to others?

    --
    Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
  2. To extend the argument by alexander_686 · · Score: 3, Interesting

    It’s not that weak rule of law lowers the cost of crime, it also raises the cost of legitimate business.

    If you build a large permanent business powerful interest will try to expropriate your profits. Bureaucrats will demand bribes to do their job, Tax inspectors will find violations in the opaque tax code unless the right politicians are paid off, etc.

    Better to invest is something light and cheap. First, it’s harder to find. Second, when the "Rent Seekers" come they will only find a empty shell – and thus you can move on to the next operation.

  3. Re:Am I the only one... by tlhIngan · · Score: 4, Interesting

    Most users won't be affected by this malware - the play store won't have it, and most of those that install apps from outside the store are techs who know what they are doing. The few affected will be the usual ones, those who think they can ignore the warning when they allow install from untrusted sources, and then ignore the permissions requested by the app. If you're dumb enough to do that, to install games from a suspicious site, that want to make calls and send SMS, then no anti-virus will save you. And it isn't the OS fault if you choose to ignore all safety precautions and disable all protections.

    The problem is, a lot of users don't have the play store. The best selling Android tablet certainly doesn't have it. And places like China have other stores set up becaues AOSP is huge (probably bigger than official Android). And since many devs do NOT sell anywhere but Play (SlideME, AppsLib, Amazon, etc have very few apps - no more than 10%), especially free apps, if you don't have it, you need to find the APK somewhere else.

    Why do you think people who buy Archose/Nook/Kindle Fire/other Android Tablet immediately go to xda-devs to see if there's a Market/Play hack for it? THOSE are the techies. Everyone else googles for the APK.

    Finally, well, apps can cost money on Play. There's a natural human tendency to not want to pay for stuff like software (especially in places like Asia), so if they can get a Angry Birds Space for free from some other site, they would. (If it wasn't lucrative, do you think malware devs would spend all that time and effort?).

    Apple is a different beast - since it's so hard to sideload apps (and you should see the howls of people complaining they can't load pirated apps on the new iPad). Probalby why people resort to phishing for iTunes credentials.

    So what you're advocating is... peace of mind/security through obscurity?

    No, it's a rethink of security from the ground up, except with a deep understanding of the audience. It's called Dancing Pigs and it explains why people constantly get malware on their PCs and why the Android security model, while great for techies, is positively lousy for general users.

    Think of it this way - user wants Angry Birds Space. I just checked (what I think was) the official app (free one - because who pays for apps?) - here are the permissions it wants

    - Modify/Delete USB storage contents
    - Read phone state and identity
    - Full internet access
    - Coarse (network-based) location
    - View Wi-Fi State, view network state.

    Well crap, I want to play a game of Angry Birds, and you want me to go through all that? (And you only see the first two anyhow, and the last is hidden behind a "More"). Ah, the download button is so big and right there, and I got it, screw what that intermediate screen said.

    After all, how many people really READ a EULA that's passed to them during an install? Heck, did anyone read the EULA for the Play store that pops up the first time you use it?