Slashdot Mirror
New Android Malware Uses Google Play Icon To Trick Users
An anonymous reader writes "A new trojan for Android has been discovered that can help carry out Distributed Denial of Service (DDoS) attacks. The malware is also capable of receiving commands from criminals as well as sending text messages for spamming purposes. The threat, detected as "Android.DDoS.1.origin" by Russian security firm Doctor Web, likely spreads via social engineering tricks. The malware disguises itself as a legitimate app from Google, according to the firm."
Actually the android sandbox is quite sophisticated. Jellybean will randomize the location of an application's memory region in order to make buffer overflow attacks harder. Granular permissions allow a user to know exactly what an app wants to do before they even install it (it's written into the API that the app must ask for these permissions). Also Google does automated malware testing on their store in order to weed out undesirables. This thing is spread by installing an APK off of a warez site and ignoring all the scary warnings.
To offset political mods, replace Flamebait with Insightful.
Linux has EXCELLENT intrusion detection as long as you're running the SELinux tools. That thing is so paranoid out of the box that an application making a file in /tmp will throw a warning. You can set it up so that an application doing anything remotely suspicious is just killed immediately and a notification sent to the admin. If you don't trust SELinux there's more proprietary tools such as AppArmor that can do the same job and are a bit friendlier to configure.
To offset political mods, replace Flamebait with Insightful.
Not to mention that by default you aren't allowed to install an APK from a source besides the play store, you have to manually disable that restriction.
Because people will download and run apps from that store.
And there's little/no AV protection.
There is very little AV protection against users. They are the weakest link, but we can't have successful software companies without end users.
I know your trying to defend Apples "lets gouge our customers policy" by limiting customer choice (and competition) to Apple on its (not your) phone...but to do do so I think you need to understand that on Android you have to actually go into the settings and *enable* his voluntary, and have to agree to a warning screen...Apple users are do desperate to have this functionality they "Jailbreak" Apples phone, even though Apple have attacked their customers for doing so.
Users SPREAD the app. The app itself does not spread. It's an important distinction.
Yes but this uses an official ICON. Clearly no way to forge that. I've never seen anyone think to use logos or icons for nefarious purposes before. Luckily I am protected here on my Windows 7 machine. I clicked an ad using the Windows 2000 theme that alerted me to major potential threats in my "regisetery"... Had a similar experience on my Macbook Air. Thank goodness for the altruism of all those interwebs ads and sites.
In all seriousness though, this could be a problem for people who root/ROM and install their Google apps from sources other than Google. Granted, when you root/ROM you should be aware of the risks, but it still presents a small danger.
Many Google apps however request permissions that need the app be signed with the same key as the ROM and/or the system key.
See: http://developer.android.com/guide/topics/manifest/permission-element.html#plevel
"signature"
A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval.
"signatureOrSystem"
A permission that the system grants only to applications that are in the Android system image or that are signed with the same certificate as the application that declared the permission. Please avoid using this option, as the signature protection level should be sufficient for most needs and works regardless of exactly where applications are installed. The "signatureOrSystem" permission is used for certain special situations where multiple vendors have applications built into a system image and need to share specific features explicitly because they are being built together.
PocketPermissions Android Permission Guide
....
My Samsung galaxy s3 (gt-i9000) received the 4.1.1 update about 3 or so months ago (from samsung). My neighbors Motorola atrix 2 or whatever received the 4.1.2 update about 2 months or so ago (He has verizon). The Motorola xoom I got my grand father also has received 4.1.1 iirc when I set it up for him after I received it from eBay about 3 weeks ago
US smart phone market that is.
The iPhone is unsuccessful? Apple has 53.3% of the smartphone market:
LOL in the US...worldwide it had dropped from 23% to 14.9%. This is original report for your figures http://www.kantarworldpanel.com/global/News/Apple-achieves-its-highest-ever-Smartphone-share-in-US they are on in a pdf but include figures like in Brazil Apple dropping from 3.2% to 1.6% while Android moves from 28.9% to 60.7% of the market.
It does sound more like a proof of concept than an actual attack.
Indeed this is the most significant truth of it all.
In iOS land alone are users "not responsible for their actions." For people to go around installing malware on PCs is a known problem. Save MSIE vulnerabiilities enabling drive-by installations and program execution, people install malware on their own machines.
Now if this story was about a vulnerability in Android devices which permitted this type of system compromise, we might have a much more significant story. But what we have, instead, is reaffirmation that with Android, users have freedom to install the software of their choice just as they have with MacOSX and Microsoft Windows and other Linux distributions. We also have the recognition that users are not invulnerable to attack because they are using something other than MS Windows.
Is this a sign that Android has "matured"? No. iOS is pretty mature and does not exactly suffer from such attacks. (oh wait, yes it does!) It is a sign that bad-wetware has recognized that Android is popular enough and free enough to make its users a target. At the end of the day, of course, it is the users which are being targetted and their devices, software and data are the means and the objective of the attack.
This story is useful in that it is important that everyone be aware of the risks of running any software, but especially software from dubious sources. But let's hope the real message is not lost in the hype and flag waving.
Cricket.
I was investigating prepaid phone service options because I want to save money and prepaid service seems to be the way to do it. Once shop I visited was "Cricket." The first thing they asked was "what kind of phone do you have?" I said "unlocked GSM." They said, but we have to install our software on it... we have to flash your device before we can put it on our network. I was utterly shocked and then angered. I left before I said anything I might regret, but I will not be doing business with Cricket now or in the future. Bad enough the carriers I buy my phones from want to control my devices. Another carrier wants to modify my property so that I can be their customer.
No. And why would I object so much to that idea?
Because I don't know what they will be putting on my computer and nor will they tell me. And so for the same reason I would not do business with Cricket, I will not generally install software from unknown sources.
S2 here. It took them a year to deploy ICS after it came out. Seven months since Jelly Bean came out will actually be a huge improvement, even though it'll already be out-of-date.
While I still prefer Android over iOS, I've learned my costly lesson... don't even consider buying an Android device that isn't a Nexus.
Also, as someone that writes software for Android, I don't like having to target Gingerbread (circa 2010) or give up half the market. Google needs to do something about the savages leeching the platform just to pump out new devices and abandon them.
The main reason is probably to lock you into their store for ringtones and games. Their guise for it all would probably be so-called security. At least that's the impression I got while I was their customer.
Check this out, to actually DOWNLOAD apps from their store they made you pay some sort of extra charge. Paying them money for apps wasn't simple enough. I passed and got busy modifying the firmware in a hex editor.
If you visit a Cricket location you'll see mostly poor folks who can't pass a credit check, and Cricket milks them hard for basic features -- like caller ID. To make matters worse, their coverage rarely goes beyond the city; travel 25 miles out and bam -- no service, no roaming even. It's an all around bad deal. For me I wanted a no contract plan since I hoped to move overseas.
Trying to cancel my account was a pain. The customer service people on the phone kept offering me new deals of some sort -- totally ignoring that I've moved to an area without coverage, and I reiterated that fact repeatedly.