Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybercriminals Exploit Björk's Biophilia App To Compromise Androids

Posted by timothy on from the click-here-for-free-bjork dept.

An anonymous reader writes "The Russians who put out fake versions of Angry Bird Space and Instagram for Android last week have competition. Biophilia, a musical experiment by Bjork into the world of apps, has been ported to Android as a Trojan." Maybe not totally surprising; as the submitter reader continues, "last year at the launch of the app, Bjork was quoted in an interview inviting pirates/hackers to attempt to port her code over from iPhone to other platforms."

24 of 75 comments (clear)

  1. Be careful what you ask for by homey+of+my+owney · · Score: 4, Funny

    Sometimes you get it

  2. HOLY SHIT! by Moheeheeko · · Score: 2, Funny

    There are people who still like Bjork?

    1. Re:HOLY SHIT! by Desler · · Score: 4, Funny

      Isn't Bjork's music malware?

    2. Re:HOLY SHIT! by jdgeorge · · Score: 5, Insightful

      I'm not a huge Bjork fan, but I like her for being an innovative musician. She seems a little weird, but I she's never done anything that bothered me, so... why not?

      (Note: for the folks who disagree with her political views, I understand why they might not like her, but her politics don't really bother me.)

    3. Re:HOLY SHIT! by jsepeta · · Score: 3, Insightful

      Bjork is a beautiful ice faerie, and I would woo her away from her snowy fortress if only I had the opportunity. Check out Pagan Poetry. The Perfecto remix of this is pretty good too.
      http://www.youtube.com/watch?v=cbFSqOWSbNg

      --
      Remember kids, if you're not paying for the service, YOU ARE THE PRODUCT THAT IS BEING SOLD.
    4. Re:HOLY SHIT! by uberjack · · Score: 2

      I hear about her from the Swedish Chef all the time

    5. Re:HOLY SHIT! by 21mhz · · Score: 2

      Bjork's into politics?
      I just know her for the strange beautiful music. Can't share the snark of the GPP.

      --
      My exception safety is -fno-exceptions.
  3. all part of the art? by noh8rz3 · · Score: 4, Funny

    would anybody be surprised if this is all part of bjork's art? you know, how letting music into your life can have unintended powerful consequences. as a fan, i think this is right up her alley.

  4. This wasn't supposed to happen by stummies · · Score: 3, Funny

    This wasn't supposed to happen!

  5. Björk Björk Björk by Ranger · · Score: 5, Funny

    I think "You have been Björked" will now enter the Android lexicon.

    --
    "You'll get nothing, and you'll like it!"
  6. Lack of Business Opportunities in Russia? by dryriver · · Score: 4, Interesting

    I'm wondering why it is that the old "Soviet Bloc" countries produce so many hackers/scammers/malware authors? Couldn't these people use their - considerable - coding skills to do something constructive? Like starting a software or IT services company? Or making small casual games for various platforms that are out there? Is there a lack of opportunities in Russia & neighbouring countries? A lack of angel investors or venture capital that could pay for small startups? Or is it a cultural thing that Russian hackers tend to do pretty negative things - like hacking & stealing credit card info - ? If you have the technical skill to create trojans or malware, surely there are other _useful_ things you can build with those skills? Like creating a competitor to Adobe Photoshop, or a watertight security system for banking transactions. ------- I really want to know: What is so attractive about creating trojans, malware & phishing scams with your tech skills. Surely these people wouldn't want their own systems compromised by malicious software? So why do it to others?

    --
    Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
    1. Re:Lack of Business Opportunities in Russia? by b0bby · · Score: 2

      My (basically no-knowledge) take is that because the rule of law is weak, lots of enterprises are run by gangsters. They hire the hackers, who have few other legit options because the economy is stagnant (in part because the rule of law is weak).

    2. Re:Lack of Business Opportunities in Russia? by CRCulver · · Score: 4, Insightful

      I'm wondering why it is that the old "Soviet Bloc" countries produce so many hackers/scammers/malware authors?

      A culture that valued intellectual pursuits probably helped. That culture has largely dried up when it comes to other pursuits like chess or poetry, but being interested in computers doesn't result in the same categorization as a nerd as in some other countries.

      Couldn't these people use their - considerable - coding skills to do something constructive? Like starting a software or IT services company?

      There are in fact an enormous number of legitimate software businesses in Russia, which the Slashdot crowd seems largely unaware of. However, not everyone feels that they have the savvy of starting a formal business, which involves navigating bureaucracy and in some regions brings one up against bribe-expecting officials. Crime just seems easier to some set of people.

      Surely these people wouldn't want their own systems compromised by malicious software? So why do it to others?

      If the Golden Rule were really common sense, we wouldn't have to be reminded of it by every religious teacher or moral philosopher that has come along in history.

  7. Am I the only one... by jbernardo · · Score: 4, Insightful

    Am I the only one getting tired of this "android trojan/malware of the day" press releases by the anti-virus authors?

    Seems more and more like pure astro-turfing for their own products, trying to create a sense of insecurity in the users of the biggest mobile OS just so that they can sell their products.

    Most users won't be affected by this malware - the play store won't have it, and most of those that install apps from outside the store are techs who know what they are doing. The few affected will be the usual ones, those who think they can ignore the warning when they allow install from untrusted sources, and then ignore the permissions requested by the app. If you're dumb enough to do that, to install games from a suspicious site, that want to make calls and send SMS, then no anti-virus will save you. And it isn't the OS fault if you choose to ignore all safety precautions and disable all protections.

    1. Re:Am I the only one... by tlhIngan · · Score: 4, Interesting

      Most users won't be affected by this malware - the play store won't have it, and most of those that install apps from outside the store are techs who know what they are doing. The few affected will be the usual ones, those who think they can ignore the warning when they allow install from untrusted sources, and then ignore the permissions requested by the app. If you're dumb enough to do that, to install games from a suspicious site, that want to make calls and send SMS, then no anti-virus will save you. And it isn't the OS fault if you choose to ignore all safety precautions and disable all protections.

      The problem is, a lot of users don't have the play store. The best selling Android tablet certainly doesn't have it. And places like China have other stores set up becaues AOSP is huge (probably bigger than official Android). And since many devs do NOT sell anywhere but Play (SlideME, AppsLib, Amazon, etc have very few apps - no more than 10%), especially free apps, if you don't have it, you need to find the APK somewhere else.

      Why do you think people who buy Archose/Nook/Kindle Fire/other Android Tablet immediately go to xda-devs to see if there's a Market/Play hack for it? THOSE are the techies. Everyone else googles for the APK.

      Finally, well, apps can cost money on Play. There's a natural human tendency to not want to pay for stuff like software (especially in places like Asia), so if they can get a Angry Birds Space for free from some other site, they would. (If it wasn't lucrative, do you think malware devs would spend all that time and effort?).

      Apple is a different beast - since it's so hard to sideload apps (and you should see the howls of people complaining they can't load pirated apps on the new iPad). Probalby why people resort to phishing for iTunes credentials.

      So what you're advocating is... peace of mind/security through obscurity?

      No, it's a rethink of security from the ground up, except with a deep understanding of the audience. It's called Dancing Pigs and it explains why people constantly get malware on their PCs and why the Android security model, while great for techies, is positively lousy for general users.

      Think of it this way - user wants Angry Birds Space. I just checked (what I think was) the official app (free one - because who pays for apps?) - here are the permissions it wants

      - Modify/Delete USB storage contents
      - Read phone state and identity
      - Full internet access
      - Coarse (network-based) location
      - View Wi-Fi State, view network state.

      Well crap, I want to play a game of Angry Birds, and you want me to go through all that? (And you only see the first two anyhow, and the last is hidden behind a "More"). Ah, the download button is so big and right there, and I got it, screw what that intermediate screen said.

      After all, how many people really READ a EULA that's passed to them during an install? Heck, did anyone read the EULA for the Play store that pops up the first time you use it?

  8. Public perception? by T+Murphy · · Score: 2

    Bjork was quoted in an interview inviting pirates/hackers to attempt to port her code over from iPhone to other platforms

    So will people take this trojan as a reflection of the ethics of all pirates/hackers? Hopefully someone did come through with a legit port of the app.

    --
    My webcomic
  9. It could be worse... by justsomecomputerguy · · Score: 3, Funny

    She might also have been signed with SONY.

  10. This post and the article are just advertisements by Qwavel · · Score: 5, Insightful

    The link takes you to Symantec's website - you know, the company that wants to make everyone think they need to buy anti-virus for Android.

    Neither the blog post on Symantec's website, or the /. summary say whether the Trojan is in any Android app store, which is obviously the most important piece of information. After all, any duffus can sit at home and write (some forms) of Android malware and post it to their website.

    The fact that Symantec would post something like this on their website is not a surprise - it's their website they can post what they want. But the fact that it got posted on slashdot....

  11. Just STOP it by miltonw · · Score: 2

    Stop calling these people "cybercriminals"! Just don't. They are criminals, not androids, robots, AI entities or "cyber" anything.

    God, I so hate people labeling everything even remotely related to the Internet as "cyber-".

    It's, it's ... cyberstupid.

  12. Re:It worked! by krakelohm · · Score: 2

    This was the comeback, how did you enjoy it?

    --
    You are all a bunch of idots.
  13. Biophilia? by theIsovist · · Score: 2

    I can't be the only one who thought that "Biophilia" is something you get when you don't use a trojan...

  14. To extend the argument by alexander_686 · · Score: 3, Interesting

    It’s not that weak rule of law lowers the cost of crime, it also raises the cost of legitimate business.

    If you build a large permanent business powerful interest will try to expropriate your profits. Bureaucrats will demand bribes to do their job, Tax inspectors will find violations in the opaque tax code unless the right politicians are paid off, etc.

    Better to invest is something light and cheap. First, it’s harder to find. Second, when the "Rent Seekers" come they will only find a empty shell – and thus you can move on to the next operation.

  15. Re:Fill me in by Yvan256 · · Score: 4, Funny

    The correct spelling is "Björk" and you can only pronounce it correctly when you have hiccups.

  16. Re:Fill me in by tehcyder · · Score: 2

    Who the fuck is Bjork? This story assumes I know and care about stuff I don't.

    What the fuck is Google, and how can I possibly find out about stuff in approximately 5 seconds rather than whining about it on slashdot?

    --
    To have a right to do a thing is not at all the same as to be right in doing it