Slashdot Mirror
Six Arrested Over Japanese Android Porn Virus
AZA43 writes "Tokyo police have arrested six men, including two IT executives and one former tech exec, in connection with an Android malware campaign that netted $265,000. The men created a piece of Android malware that they disguised as a video player and distributed through an adult website. The app stole personal information and attempted to extort money for data 'protection services.' The malware doesn't appear to be particularly sophisticated, but it convinced more than 200 horny Japanese dudes to shell out $1200 each. And the arrests are one of, if not the, first time a major police force brought down criminals who used Android malware to extort a significant chunk of cash."
convinced more than 200 horny Japanese dudes to shell out $1200 each
Either A) Japanese women don't look at porn, or B) They were smart enough not to shell out $1200
See!! Crime does pay. Oh wait.
Most likely there were warnigns about the type of data that the app would have accessed, but the users didn't pay attention and agreed blindly.
...it might as well be with porn!
Are we talking Android, the operating system, or android, the robot design concept? This is Japan we're talking about, so... you never know.
OK well beyond this specific thing, this whole idea of installing "custom" video players just for one specific video seems insane to me.
Like, we've had good and trustworthy video players for a really long time. Hell, mplayer runs damn near on every platform that exists. Then something comes along and says, "hey, to see this video you MUST install "MyCustomPlayerItWontJackYourSystemWeSwear!!.exe" ... and people do that shit? WTF?
Same for music. Why in the hell prompted the break from the former "standard, trustworthy players separated from the content they play", and towards, "using custom apps for every little thing?" You see it increasing now on tablets too.
It's crazy!
wow executives that can code!
There are lots of PC scam which does pretty much the same thing over the years in Japan - you click on the "free" porn links which asks for basic user registration for creating an account, and by the time you finished watching the porn the site scares you by displaying your IP address and a general location of your physical address deduced from the IP on a pop up and claims that by watching the porn videos on the site you own them X amount of yen which you must transfer into an account within a certain time frame or else they would send a bill to your house and/or workplace to claim the money you "own" them. Most non-tech people gets scared by the time they see the IP address and the physical address and many more are too afraid of the shame of being revealed to have watched porn and thus cough up the money.
No, Android was the subject of the porn. Those crazy Japs!
(sorry)
http://www.wired.com/gadgetlab/2012/04/attacks-mac-security-risks/
http://bits.blogs.nytimes.com/2012/04/23/a-new-variant-of-malware-targets-mac-users/
http://www.huffingtonpost.com/2012/04/24/mac-malware_n_1448561.html
http://www.macworld.com/article/1160085/apple_posts_mac_defender_fix.html
You don't even have to turn over a rock in the last six months to have heard about the 600k plus macs that are infected.
I first read the title as "Six Arrested Over Japanese Porn Android Virus" and thought their sexbots got hacked. Not as interesting now...
I wasn't aware that Macs were running iOS now.
Though I am no where near the best qualified here to answer you but will attempt to do so anyway. Any OS can get "malware", however a *nix OS at some point requires either active agreement by the computer's operator to be installed or active attack of an exploitable programming error and/or socially engineered user rights. Further in the title section it would appear to be a slashdot editorial error to call this a "virus" as that would imply a self-replicating nature for the "malware" not requiring human interaction. Neither the article or the synopsis calls it a virus.
Herpa derp. Reading is tough when you're filled with such rage!
When the alternative is a field of manure.
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
Seeing as the Japanese justice system has a 99.97% conviction rate they must have an airtight case against these guys.
I don't think there have been any large pieces of malware released for iOS, but they're possible. Charlie Miller had snuck an app into the app store that could have functioned as malware if here weren't just doing it as a proof of concept. Also, every time a new jailbreak is released for iOS, it could potentially be used for malware, especially some of the older jailbreaks that simply required loading a PDF or visiting a web page.
Apple's security model does help to prevent some cases where it's easier for Android to be targeted, but otherwise iOS could be infected. I'm sure we'll see one eventually. Whether it's someone slipping something by a reviewer or someone who develops a jailbreak deciding that they can get a lot of money selling it on the black market, it's bound to happen given the popularity of the platform and how much data is available on a person's mobile device these days.
What about Apple's iOS? Does it get malware? I don't recall reading reports about iOS viruses.
You have CPU in your user name and you don't know that a trojan is not a virus? Get everybody now using Windows to switch to Ubuntu and you'll see a lot of Ubuntu trojans, but still no Ubuntu viruses. I'm not sure even Windows even gets viruses any more; your OS has to be pretty dammned crappy for a virus to work.
You have to be tricked into installing a trojan. You don't have to be tricked to be infected with a virus.
Free Martian Whores!
Android gets malware. Android malware won't necessarily run on other Linux-based platforms.
It can, but if it does it'll be way more severe due to it being a remote exploit.
Linux will get malware when? Ha, we have had malware for years, haven't you ever heard of emacs? It is a nearly fullly functional trojan OS disguised as a shitty text editor. This is nothing new for us.
"I opened my eyes, and everything went dark again"
I do not disagree with the sentiment, but let's try to be clear here. Android is a very different OS from Fedora. "Linux" is just not a very descriptive name for an OS anymore.
Palm trees and 8
Get 'em labeled as robot sexual predators! Yeah. After all, they were arrested for spreading a robotic sexually transmitted disease, right?
Damn robot porn
>>>I'm not sure even Windows even gets viruses any more;
Sony CD rootkit?
Java viruses through the browser?
Oh and it's "trojan horse". You don't get infected by a Trojan (a citizen of the city of Troy), but get infected by a trojan horse. If you can be a nitpicky prick about my word "virus" than I can be nitpitcky too.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
Eternal September Slashdot edition. Pro top: trojans and viruses are two different things. Any operating system that allows the user control to install apps not in the curated market will be subject to trojans.
These people elected to install a program on their phone from a porn site without considering the security implications. This wasn't a virus breaking in through some security hole. This was a program that required the user to turn off a security setting on the phone and then install ignoring the security page (or they thought "sure it seems completely normal that some porn video player requires those security settings"). So the only blame here is the user doing something entirely stupid. iOS of course fixes this by assuming its users are stupid and locking them into only allowing apps from their market to be installed.
Correction. There are two ways to be infected by a trojan:
1. Buy condoms that aren't sealed (of the Trojan brand of course).
2. Buy a cheap hooker in Troy
Either one could work fine for you right?
Any OS can get "malware", however a *nix OS at some point requires either active agreement by the computer's operator to be installed or active attack of an exploitable programming error and/or socially engineered user rights.
That would be true with any modern OS (yes, even windows, unless you're running XP with admin rights)
In this case, it's an Android app, so when you install it, it tells you what it can access on your phone. Yet, users didn't cancel the installation, apparently.
I wish I could go back 30 years in time to tell people that "Six Arrested Over Japanese Android Porn Virus" is one of the news headlines of the future :)
Some of those lonely dudes thought they'd never have the opportunity for an STD. They were right, but didn't look out for the STCD.
There are enough horny Japanese who will pay $1200 for porn that the virus is unnecessary.
Have gnu, will travel.
>>>I'm not sure even Windows even gets viruses any more;
Sony CD rootkit?
Java viruses through the browser?
Both of which are how many years old? GP made the (silly*) assumption that Windows PCs do not get viruses anymore, and your choice of examples does more to prove them right than prove them wrong. For an obligatory car analogy:
GP: "Do cars even use leaded gasoline anymore?"
You: "Cars from the early 70's do."
Me: "Which has what to do with cars from, say, the last 5 years?"
If you can be a nitpicky prick about my word "virus" than I can be nitpitcky too.
Except that there was no nitpickery going on regarding the term "virus".
Seriously, do you have a mental disorder? It would really help our ability to have a civil discussion if we knew the reason for your non sequiturs.
*Stuxnet anyone?
Malware targetting idiots? Wish it was all like this.
Say what you will about the 'walled garden', but one hurdle for malware makers is Apple's requirment of their legally binding identity (a person or business with a true name, address, contact info) in order for Apple to do business with you. Most shady fuckers would rather stay anonymous.
Essentially all jailbreak techniques are application of malware principles (but for a good purpose from user's PoV). For example, some time ago your iphone could get rooted (and jailbroken) by visiting a certain webpage. This vulnerability has since been long fixed, but as long as there are ways to jailbreak, there are vectors for malware through same backdoors.
On one hand, since I have an Android phone I'm glad the perpetrators were caught, but on the other hand this almost seems like a victim-less crime. Or at least one with Darwinian fairness...
"No matter how cynical you get, it is impossible to keep up." -- Lily Tomlin
That's mostly true. There have been some image processing bugs which have allowed sites like jailbreakme.com to work, but most of the time jailbreaking is done by hijacking the DFU process and disabling the code signing requirement (or installing another trusted certificate). It really isn't feasible for malware to utilize this vector, unless the malware has infected the desktop OS first.
Is it malware if you can just uninstall it?
http://soylentnews.org/~tibman
Doesn't get viruses (auto-replicating malware), anyone can make a Trojan Horse for any system.
Hacking people is usually easier than hacking machines.
Looks like you pissed off the "vi" fanboys again. They can't take a joke, big shock. Well, I guess someone had to throw a hissyfit like usual...
Om, nomnomnom...
Like no one has ever used shell companies or shady lawyers to obfuscate ownership. It is a hurdle, albeit not a terribly high one.
Faster! Faster! Faster would be better!
Well, I'd like to see how you'd make a Trojan Horse for my old (non-programmable) pocket calculator. :-)
The Tao of math: The numbers you can count are not the real numbers.
Technically trojan horse not virus, but it's hard to review a program and it's purpose on a mobile device while doing other things (one handed web browsing...)
Website Just Down For Me? Find out
If this malware ran on Windows then the main article would keep referring to 'financial malware` or 'computer malware`, anything but use the M word :)
AccountKiller
I don't know what is more depressing. The fact that there are people out there that are stupid enough to fall for this or the fact that we have laws to protect such people from themselves.
I'd like to live in a country where law isn't there to prop up the painfully stupid. Are there any such nations?
Japanese porn?
It's probably worth $1200.
They probably could have made more than that selling their used panties. Admittedly it's kind of difficult to get used panties into an Android phone. Wait. I'm having an idea. Hmm. No. I don't think the world is quite ready for a "Smelliphone." You watch, now that I said that, Apple will drop one next year. That's why they make the big bucks.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Comment removed based on user account deletion
What seems stupid to you doesn't seem as stupid to other people, but the reverse is also true. Just wait till you get defrauded over a rental agreement and it won't seem like such a silly idea.
How do you kill that which has no life?
Does no-one use the proper terms anymore? malware - yes, Trojan - yes , Virus - No.
"Trojan" is short for "trojan horse" and hasn't used wooden horses for that trick since the ancient Greeks.
The Sony XCP rootkit was indeed a trojan, and wasn't a virus. You had to insert the music CD and run the programs. My daughter infected my computer with it, she wouldn't have run the program if she had the slightest inkling that a big, respected company like Sony would deliberately sabotage their paying customers' equipment.
The only real virus I ever got was way back in the early nineties when I took some work home on a floppy, the PC I was using had been infected by a co-worker with the boot sector virus Michelangelo.
Free Martian Whores!