Slashdot Mirror
Android Hackers Honing Skills In Russia
MikeatWired writes "The malware business growing around Google Android — now the leading smartphone operating system — is still in its infancy. Today, many of the apps built to steal money from Android users originate from Russia and China, so criminal gangs there have become cyber-trailblazers. Sophos and Symantec on Wednesday released their latest Android malware discoveries written in Russian. While the language narrows the number of potential victims, the social-engineering tactics used to get Android users to install the malware is universal. The gang tracked by Sophos is using fake antivirus scanners, while Symantec is tracking cybercriminals using mobile websites to offer bogus versions of popular games. Sophos says the criminals are like other entrepreneurs launching startups. They're starting in Russia, but have far greater ambitions. 'I don't think we can say that they're necessarily using it as a testing ground — think of it more as a local business that as it grows may gain multinational ambitions,' Graham Cluley, senior technology consultant at Sophos, said in an email interview on Wednesday. The cyber scam tracked by Sophos was reported this week by GFI Lab, which discovered links to the bogus antivirus software on Twitter. Sophos dug deeper and found that the .ru domains pointed to the same Internet protocol address hosted in Ukraine."
With android isn't it just easier to write a legitimate app and just rake in the cash? I don't see the reasoning behind going through all the extra effort, the money laundering, etc.
Help stamp out iliturcy.
With android isn't it just easier to write a legitimate app and just rake in the cash?
HA HA HA HO HE HA HA HA HA.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Your desktop likely has the same malware problems any android phone will have. Why? It's not a walled garden. Well, android is in a sense more of a walled garden than your desktop, however not nearly as much of one as iOS/WP. Android virus infections are the result of a pebkac, and nothing more. In other news, I was originally going to make a soviet Russia joke.
Feel free to mod me down, just know that unlike some Anonymous Cowards I'm not afraid to express my views as myself.
PEBKAC isn't really relevant in this context. In any case if you for whatever reason want your phone to be as open as your computer then you need to take those extra precautions of a non-locked down system, if you choose a walled-garden approach instead you don't have to concern yourself with such things nearly as much...but that's the great thing about the choice of mobile platforms in today's market.
I agree. Human behavior is a valid engineering problem, and reducing certain functionality to get around it for certain situations is a valid engineering tradeoff. A problem is a problem, keyboard and chair are irrelevant. Apple would rather deal with angry geeks who scream about freedom and openness and who like most geeks have no functional concept of engineering tradeoffs than have dimitri and olga kill somebody because they intentionally (or even worse, accidentally) disabled 911 access when they tried to pwn someone's Android device through the pirated copy of Hot Nude Bolshevik Solitaire the user downloaded from Leonid's Spice Dicey Back Alley Appstore.
Problem is, people want phones - something they can pick up and play with immediately. Not think about it nor have antivirus/antispyware software installed and running as well like their PCs.
Plus, with all the coolness surrounding apps, you have the Dancing Pigs problem - people just want to go to the app store or market, click download and get going on that cool app. It's why sites all have direct links to the stores, or QR codes to scan - to get that app in the user's hands ASAP. As a result, they're not going to look at stuff like permission lists and such because that's just getting in the way of running the app.
Hell, ICS made it even easier to install apps without seeing the permission list - tap install and it takes you to the permission screen, but the install button is near the top and the permissions at the bottom. Users are more likely to just tap "download" rather than pull their eyes down and over the permission list.
Of course, the other thing is, Android makes it easy to sideload apps, so people love searching Bittorrent for new apps...
Alright, but you see, you can turn that off on any system. See, people jailbreak their iPhones too. I have no experience with WP but there must be a way. My point is, the malware problem actually goes deeper than these shallow observations.
Companies, like Apple, Google, Microsoft have their spyware already in place, and most of the people don't bother at all. So what difference does it make, if you let other people spy on you?
It is about the mindset of the user. Walled garden is the worst solution to this problem because while you leaving behind the "wild-west" of untrusted sources of software, in practice you just give the control of your device over to an other profit-driven company.
Instead, we should "empower" the user with the knowledge and control over their devices and the rest is their making. If someone is stupid enough to download whatever application is offered, they will learn on the hard way.