Android Botnet Infects 1 Million Plus Phones

← Back to Stories (view on slashdot.org)

Android Botnet Infects 1 Million Plus Phones

Posted by timothy on Friday January 18, 2013 @10:50PM from the click-here-to-download dept.

Trailrunner7 writes "Up to a million Android users in China could be part of a large mobile botnet, according to research unveiled by Kingsoft Security, a Hong Kong-based security company, this week. The botnet has spread across phones running the Android operating system via Android.Troj.mdk, a Trojan that researchers said exists in upwards of 7,000 applications available from non-Google app marketplaces, including the popular Temple Run and Fishing Joy games." Update: 01/19 12:54 GMT by S : Changed summary to reflect that these apps didn't come from Google Play.

57 of 92 comments (clear)

Min score:

Reason:

Sort:

Excellent fact-checking as usual by Macthorpe · 2013-01-18 22:54 · Score: 5, Informative

http://www.zdnet.com/new-android-malware-infects-100000-chinese-smartphones-7000000497/
Not in Google Play at all.

--
"It does not do to leave a live dragon out of your calculations, if you live near him." - Tolkien
1. Re:Excellent fact-checking as usual by sjwt · 2013-01-18 22:59 · Score: 3, Insightful
  
  And excellent wording for FUD... after all "up to 1 million aliens *could* be controlling the worlds governments"
  
  --
  You have 5 Moderator Points!
  Which Helpless Linux zealot/MS basher do you want to mod down today?
2. Re:Excellent fact-checking as usual by SternisheFan · 2013-01-18 23:00 · Score: 5, Insightful
  
  http://www.zdnet.com/new-android-malware-infects-100000-chinese-smartphones-7000000497/
  Not in Google Play at all.
  Thank you! These 7000 plus apps were 3rd party apps that were not downloaded from Google Play.
3. Re:Excellent fact-checking as usual by AmiMoJo · 2013-01-18 23:20 · Score: 4, Informative
  
  Since most people are too lazy to RTFA the malware infected apps are actually on China Mobile's own app store, not Google Play.
  It looks like another case of a company thinking "everyone has an app store, we should get one!" but not realizing there is a need to actively police it.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
4. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-18 23:26 · Score: 2, Informative
  
  Everybody knows Chinese people always download from Chinese pirate sites. You can get everything for free. Including infected.
5. Re:Excellent fact-checking as usual by Anne+Thwacks · 2013-01-18 23:59 · Score: 2
  
  Not if the Zombies have a say in it!
  
  --
  Sent from my ASR33 using ASCII
6. Re:Excellent fact-checking as usual by sjwt · 2013-01-19 00:06 · Score: 1
  
  Only if you fail to lead the plant army correctly!
  
  --
  You have 5 Moderator Points!
  Which Helpless Linux zealot/MS basher do you want to mod down today?
7. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 00:27 · Score: 5, Insightful
  
  Doesn't that imply that if Google-Play/Android was a walled garden like iPhone/iTunes this would not have happened?
  Um, no.
  Just because China Mobile's (cr)app store isn't doing its job doesn't mean Google should become as draconian as Apple in this regard. People have a choice, and if they are willing to download from a poorly regulated source, and are willing to endure infections just so they don't have to pay for their apps, that's their business. I certainly hope their data plans are unlimited.
8. Re:Excellent fact-checking as usual by mysidia · 2013-01-19 00:33 · Score: 1
  
  The virus/malware authors though, might not appreciate you pirating their software, and may sue as a result....
9. Re:Excellent fact-checking as usual by jareth-0205 · 2013-01-19 00:37 · Score: 4, Insightful
  
  You did not answer the question about walled gardens. In fact, you gave a hint that the absence of a walled garden *did* exacerbate the problem.
  Probably does. The price of freedom is that people are free to install malware.
10. Re:Excellent fact-checking as usual by koxkoxkox · 2013-01-19 01:02 · Score: 3, Informative
  
  Chinese users often have no choice, as Google Play is often not present in the phone. Manually installing it is quite complicated.
11. Re:Excellent fact-checking as usual by rjr162 · 2013-01-19 01:46 · Score: 1
  
  The original article they linked to iirc was some smaller website that did list Google play
12. Re:Excellent fact-checking as usual by arth1 · 2013-01-19 02:04 · Score: 3, Insightful
  
  Title: 1 Million+
  First line of summary: Up to a million
  Yes, standard /. fare lately. Not only is it meaningless (and thus not nerdy - the details are more important than the big picture to a nerd), but the editors contradict themselves and come across as both careless and ignorant.
13. Re:Excellent fact-checking as usual by Nerdfest · 2013-01-19 02:50 · Score: 5, Insightful
  
  The price of Apple's walled garden is that they get to define what is malware. (So far, things like apps to teach children how to program, games that are too 'political', porn, Android magazines, etc). I'll take my chances, thanks.
14. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 03:14 · Score: 1
  
  Probably does. The price of freedom is that people are free to install malware
  ... which is not what 99% of the population wants.
  This malware problem has caused a lot of the shift away from Wintel PCs, and there's no reason the same can't happen to Android.
15. Re:Excellent fact-checking as usual by Sigg3.net · 2013-01-19 03:20 · Score: 2
  
  Well, I for one, welcome our hypothetical overlords!
  
  --
  Defining Statistics and Social Research
16. Re:Excellent fact-checking as usual by BasilBrush · 2013-01-19 03:35 · Score: 1
  
  Damn it! iPhone is once again not affected. One of these days I'll get the chance to welcome the malware overlords!
17. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 03:36 · Score: 1
  
  Not in Google Play at all.
  Not this time.
  But there were cases of malware in the official Google store as well.
18. Re:Excellent fact-checking as usual by DerekLyons · 2013-01-19 03:54 · Score: 1
  
  It looks like another case of a company thinking "everyone has an app store, we should get one!" but not realizing there is a need to actively police it.
  Yet, in the past, Slashdot has held that's not a bug, but rather is a key *feature* of the Android ecosystem - the ability to leave the walled garden and wander in the wilds.
19. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 04:13 · Score: 1
  
  Don't forget, APL's already allowed actual malware onto their store with at least a few thousand installs, before Charlie Miller came out and announced to the world that his app was whitehat malware (but malware nonetheless).
  Makes you wonder how many applications are malware on the store when there's only "one pair of eyes" that can look at the apps easily. I mean, these apps could easily abuse the same jailbreak bug to install themselves...
20. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 04:16 · Score: 1
  
  And it still is?
  Consider there are plenty of application stores like GetJar, Amazon, MiCandy that have never suffered an infection because they're reputable...
  It's like you go to a drug dealer cartel and not expect them to have drugs or weapons. Some people can't be trusted to keep you safe.
21. Re:Excellent fact-checking as usual by SternisheFan · 2013-01-19 04:25 · Score: 4, Informative
  
  Damn it! iPhone is once again not affected. One of these days I'll get the chance to welcome the malware overlords!
  I wouldn't act so apple-ey smug, if I were you. Apple iPhones have infected apps out there in the wild also, same as Android. If you jailbreak your phone and download apps from outside the apple store, you too will be risking getting malware.
22. Re:Excellent fact-checking as usual by alostpacket · 2013-01-19 04:31 · Score: 2
  
  The actual original article (Xinhua via Google translate)
  http://translate.google.com/translate?hl=en&sl=zh-CN&tl=en&u=http%3A%2F%2Fnews.xinhuanet.com%2Ffortune%2F2013-01%2F11%2Fc_114339598.htm
  The "Security researchers": Jinshan networks / Kingsoft (DuBa)
  http://translate.google.com/translate?hl=en&sl=zh-CN&u=http://www.ijinshan.com/&prev=/search%3Fq%3DKingsoft%2B(DuBa)%26hl%3Den%26safe%3Doff%26client%3Dfirefox-a%26hs%3DtyH%26tbo%3Dd%26rls%3Dorg.mozilla:en-US:official%26channel%3Drcs&sa=X&ei=xMn6UMCuGtCM0QGMyIDIDg&ved=0CEAQ7gEwAQ
  
  --
  PocketPermissions Android Permission Guide
23. Re:Excellent fact-checking as usual by Lussarn · 2013-01-19 05:00 · Score: 1
  
  Or you could read the reviews in the play store before downloading. If the app is full of crap there are 500 persons telling you so. Not really hard...
24. Re:Excellent fact-checking as usual by screwdriver · 2013-01-19 05:49 · Score: 1
  
  I love it! I'm sure they made damn sure apps like orbot (tor) are not available, but they could care less if malware gets through.
25. Re:Excellent fact-checking as usual by tepples · 2013-01-19 06:02 · Score: 1
  
  Amazon's store works on many devices.
  In which countries? The last time I checked, paid apps on Amazon Appstore were available only to billing addresses in the United States of America.
26. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 06:21 · Score: 1
  
  [Citation Needed]
  Due to the destruction of the JB scene, no Apple device made since 2010 that runs iOS 6 can run apps outside the App Store. Maybe an iOS dev could have a beta app out that might do some damage, but people would be knowingly installing it.
  With over five years of not even a single malware issue in the wild, iOS has showed that it is the most secure OS in history.
27. Re:Excellent fact-checking as usual by Plumpaquatsch · 2013-01-19 06:46 · Score: 2
  
  http://www.zdnet.com/new-android-malware-infects-100000-chinese-smartphones-7000000497/
  Not in Google Play at all.
  Considering those are all Chines phones, that's not really surprising. Most "Android" phones sold in China don't have access to Google Play.
  Which is the real problem here: Google has walled them out of their garden and forces them to go to even unsafer places.
  
  --
  Of course news about a fake are Fake News.
28. Re:Excellent fact-checking as usual by ChatHuant · 2013-01-19 10:05 · Score: 1
  
  The price of freedom is that people are free to install malware.
  Which makes Windows the freest platform of all by far.
29. Re:Excellent fact-checking as usual by Clsid · 2013-01-19 11:47 · Score: 1
  
  Well, it's not like you have a choice. Google Play does not work in China, as well as usual stuff you would expect to work like Youtube, Facebook, Twitter, Google Drive and even Gmail. So you have alternative stores that provide apps, but you also have mobile antivirus software in China which is what most sensible people would use.
  Then again, with China Mobile alone we are talking about 670 million users compared to 100 million users that AT&T has. It is quite impressive that there aren't any more infections.
30. Re:Excellent fact-checking as usual by Clsid · 2013-01-19 11:51 · Score: 1
  
  In this case, either China Mobile provides the store or they include a third party since Google Play does not work in China. I would actually feel safer to use something from China Mobile given they are the largest carrier, but this incident proves that if you are in China, you are better off using a Windows Phone or an iPhone, even if they are outrageously expensive over there.
31. Re:Excellent fact-checking as usual by thegarbz · 2013-01-19 12:40 · Score: 1
  
  The only irony is that the readership of Slashdot is well in the affirmative for freedom of citizens, gun ownership, freedom from censorship and tyranny, yet some how manages to be split on the idea of having some corporate entity decide what can and can't do in the name of malware prevention.
32. Re:Excellent fact-checking as usual by S.O.B. · 2013-01-19 13:34 · Score: 1
  
  Various incarnations of MVS have been running since 1974. No viruses or malware reported. Five years barely even registers on that time scale.
  Real men run their operating systems on big iron.
  
  --
  Some of what I say is fact, some is conjecture, the rest I'm just blowing out my ass...you guess.
33. Re:Excellent fact-checking as usual by BasilBrush · 2013-01-19 15:13 · Score: 1
  
  Apple iPhones have infected apps out there in the wild also, same as Android.
  No, not the same. A drop of water, long since evaporated is not the same as a bucket of water.
  
  If you jailbreak your phone and download apps from outside the apple store, you too will be risking getting malware.
  In further news, condoms are useless if you cut the ends off them. Doh!
34. Re:Excellent fact-checking as usual by tlhIngan · 2013-01-21 04:08 · Score: 1
  
  The only irony is that the readership of Slashdot is well in the affirmative for freedom of citizens, gun ownership, freedom from censorship and tyranny, yet some how manages to be split on the idea of having some corporate entity decide what can and can't do in the name of malware prevention.
  I think it's due ot direct exposure. Most of those rights get abused by an irresponsible few (who often ruin it for the responsible many).
  Very few /.'ers have experienced the tragedy that strikes from say, irresponsible gun ownership (like loaded storing guns in an oven, or on the coffee table accessible to any kid walking by, nevermind mass shootings), or lived in countries where censorship and tyranny are common (because they won't be able to get /. typically), and such.
  However, most /. users HAVE experienced the direct effects of malware - spam, DDoS attacks, etc. And they know most users don't care about computers enough to maintain them or such. Being somewhat pragmatic people, learning all about the ins and outs of a computer is similar to learning the ins and outs of a car and eventually being able to be a shadetree mechanic (which we know isn't true of the vast majority of drivers). Also being pragmatic, said /. users don't really want to travel around to their family member's houses and fix their computers, either, so they wish to have a simple solution to save themselves and do everyone else a favor.
  Probably also due to the fact most /.'ers think everyone else is similar to them with similar goals - if you own a gun, you'd take care in storing it and ensuring you're trained and licensed and all that. Or that you'll watch what you say so that it's defensible (also why most have a disdain for those who publish their whole lives online and seeing it bite them in the ass because it gets used as evidence or reason to be denied employment).
  Basically the /. profile is that of a reasonably responsible person who has enough common sense to realize when things are dangerous (e.g., loaded guns in the house) and avoid them as much as possible.
Not from Google Play by Anonymous Coward · 2013-01-18 23:00 · Score: 3, Informative

Actual BBC story:"Trojan had been found in more than 7,000 apps downloaded from _non-Google-owned_ stores."
It's a bit weird that neither the submitter nor the threatpost author thought it strange that thousands of popular apps on Google Play would include a trojan that has been known about for over a year?
1. Re:Not from Google Play by Savage-Rabbit · 2013-01-19 00:35 · Score: 1, Insightful
  
  Actual BBC story:"Trojan had been found in more than 7,000 apps downloaded from _non-Google-owned_ stores."
  It's a bit weird that neither the submitter nor the threatpost author thought it strange that thousands of popular apps on Google Play would include a trojan that has been known about for over a year?
  It's a bit ironic that fAndroids, who have been criticising Apple's walled garden for years, are now criticising other Android users for making full and enthusiastic use of the freedom of the Android platform to download apps from anywhere they damn well please rather than only dealing exclusively with Google owned or Google sanctioned stores. Not to say that walled gardens are a good thing but this discussion is nevertheless quite amusing since it tacitly admits that walled gardens, for all their other faults, are an efficient way to filter out malware. As long as there are other ways to download Android apps than from a walled garden of Google owned or Google sanctioned third party stores things like this will continue to happen.
  
  --
  Only to idiots, are orders laws.
  -- Henning von Tresckow
2. Re:Not from Google Play by berashith · 2013-01-19 00:48 · Score: 4, Interesting
  
  This is a simple case of "just because you can, doesnt mean you should". I like the OPTION of loading apps from anywhere. I also pay attention to what gets installed and where. I turn off the alternate installation locations unless I am actively installing something. The people who want pay apps for free just pay a price that isnt money, and their stupidity should have no impact on my ability to be allowed to use my device as I want. No need to force your draconian bliss on the rest of the planet.
3. Re:Not from Google Play by Anonymous Coward · 2013-01-19 01:08 · Score: 1
  
  fAndroids...are now criticising other Android users for making full and enthusiastic use of the freedom of the Android platform to download apps from anywhere they damn well please
  I haven't seen anyone doing that.
  
  Not to say that walled gardens are a good thing but this discussion is nevertheless quite amusing since it tacitly admits that walled gardens, for all their other faults, are an efficient way to filter out malware.
  And a sledgehammer is also an amazingly efficient way of cracking a walnut. "All their other faults" is a nice way of glossing over glossing over the fact that the cons of a walled garden outweigh the pros.
4. Re:Not from Google Play by peragrin · 2013-01-19 01:53 · Score: 1
  
  As was shown in the 70's you never know that the source your using is actually trusted.
  Just because the source is good doesn't mean the compiler was.
  many an infected and ultimately untrustworthy app was been downloaded from google play. Google like apple though monitor them and updates get pushed through so widespread failures are rare.
  Draconian bliss can be used for good. The trick is balancing out the Draconian rules with fairness.
  
  --
  i thought once I was found, but it was only a dream.
5. Re:Not from Google Play by berashith · 2013-01-19 03:25 · Score: 1
  
  this is true, but there is a big difference in the monitored stores and the bootleg stores that people are getting infected in. The google owned store could have junk inserted from a bad compiler, where the chinese free stores have intentional malware inserted.
6. Re:Not from Google Play by Anonymous Coward · 2013-01-19 03:27 · Score: 2, Insightful
  
  Can I as the original commenter take part in this second-guessing of my implied message?
  I did not say "this only happened because the affected Android users did not limit themselves to the Google store" at all as you claim -- pretty bold of you to just say that when my message is clearly visible above... Also, nothing in my post was meant to "imply the criticism that if they had remained in the Google fold their phones would not have been affected" (in fact I don't even have a clear opinion on whether the open model or the Apple 'closed garden' model is better).
  My only criticism was aimed at the shoddy reporting: It included a pretty big factual mistake. Mistakes sometimes happen, but this one made the story so unbelievable that it's hard to understand how both the article author and the submitter failed to apply some common sense and re-check the source.
7. Re:Not from Google Play by alostpacket · 2013-01-19 04:11 · Score: 1
  
  There's a difference between curated and walled.
  
  --
  PocketPermissions Android Permission Guide
8. Re:Not from Google Play by Cinder6 · 2013-01-19 04:46 · Score: 1
  
  And a sledgehammer is also an amazingly efficient way of cracking a walnut. "All their other faults" is a nice way of glossing over glossing over the fact that the cons of a walled garden outweigh the pros.
  That's rather subjective, isn't it? I would imagine that Apple's "walled garden" approach works just fine for most of its users. You do see a lot of complaining, but keep in mind that people are more likely to go to a forum to complain than to say everything's great.
  For myself, as an iOS user, I have only been miffed with Apple's policies three times. The first was MyWi, but that is probably due more to the carrier; the second was Swype, but now that Siri's out I pretty much use voice dictation for my phone, and I can type surprisingly fast on my iPad; the third was when they wouldn't give Sparrow the push email privilege.
  I did jailbreak my phone at one point. There were some neat things in Cydia, but many of them were surprisingly expensive. I wound up reverting to standard iOS for a couple reasons, but one of them was that those same neato tools (I only installed two or three of them) absolutely killed my battery life.
  
  --
  If you can't convince them, convict them.
Computing Power by MassiveForces · 2013-01-18 23:03 · Score: 2

Imagine if botnets were put to benevolent uses, like distributed computing projects. Seriously forget credit card data - nobody has any money these days. Process some folding at home and collect some Nobels.
1. Re:Computing Power by Rockoon · 2013-01-18 23:59 · Score: 1
  
  ...the bot would at most be able to tap a percentile of the CPU's power.
  10 percent of a million CPU's is still equivalent to 100,000 CPU's.
  
  --
  "His name was James Damore."
2. Re:Computing Power by Anne+Thwacks · 2013-01-19 00:02 · Score: 2
  
  I thought for a minute you wrote forge Credit cards: The I remembered the Search for Expoitable Transaaction Information project. Yes, botnets really can work for the dark side!
  
  --
  Sent from my ASR33 using ASCII
3. Re:Computing Power by Anonymous Coward · 2013-01-19 00:37 · Score: 1
  
  Or generating massive rainbow tables...
4. Re:Computing Power by Plumpaquatsch · 2013-01-19 07:48 · Score: 1
  
  Imagine if botnets were put to benevolent uses, like distributed computing projects. Seriously forget credit card data - nobody has any money these days. Process some folding at home and collect some Nobels.
  Yeah, sure. Drain some million Chinese guys phone battery, so somebody else can get a Nobel Prize.
  
  --
  Of course news about a fake are Fake News.
A million bots! All on dialup! by Let's+All+Be+Chinese · 2013-01-18 23:10 · Score: 1

Alright, not exactly dialup. But close enough for making the comparison on slashdot.
Should be interesting, trying not to make too much of a mess to avoid running the bots out of traffic allowance and/or running up the punters' bills enough to notice something is amiss.
Is M-x tetris pirating? by tepples · 2013-01-19 01:23 · Score: 1

In your correlation between rates of "software pirating" and security, do you consider the development and dissemination of free software workalikes of proprietary video games to be "software pirating"? I can think of a few companies that do. Yes, things like M-x tetris in Emacs are a sort of edge case, but defining the edge of discussion helps participants find common ground from which to start.
Don't want to BOINC and call 911 on one device by tepples · 2013-01-19 01:36 · Score: 1

Imagine if botnets were put to benevolent uses, like distributed computing projects.
Distributed computing botnets would run up a CPU bill, causing the user to click "What has been using my battery?". That's why, for example, the Distributed.net client didn't get ported to PDAs and the like.
Re:Who did NOT see this coming? by ravenlord_hun · 2013-01-19 03:48 · Score: 1

Let me know when you get SMS forwarding or time based caller blacklisting working on that phone.
Re:NOT AN INFECTION by Gaygirlie · 2013-01-19 04:04 · Score: 1

It's NOT AN INFECTION when user willingly installs a malicious application and approves its permissions.
That's like saying that it's not an infection if you inject yourself with HIV because you knowingly do it -- obvious rubbish. OF COURSE it is an infection still. Especially when the malware - package is HIDDEN inside another one, so that when the user thinks he's installing one thing he's actually getting two things. You might have a point if the user knowingly installed a malware - package, but that's just not the case.

Learn the basics of compooters before you write something that stupid next time.
Indeed, mate, indeed.
Hong Kong-based security company? by dgharmon · 2013-01-19 08:43 · Score: 1

Microsoft VIA Member

"Kingsoft Internet Security 9 Plus is a complete package with Anti-Virus, Anti-Spyware, and Firewall applications, providing a complete solution to protect your computer system against the latest online threats. link

--
AccountKiller
1. Re:Hong Kong-based security company? by Clsid · 2013-01-19 11:58 · Score: 1
  
  If you think Kingsoft is a tool, think again. That company is owned by Lei Jun, which is like China's Steve Jobs. That guy is creating a complete hardware/software solution not unlike the iPhone, by heavily modifying Android. They are offering their new cell phones at a very competitive price in continental China and it's been selling like hot cakes.
  Here is a good article about the guy http://www.forbes.com/sites/simonmontlake/2012/07/18/xiaomis-lei-jun-chinas-answer-to-steve-jobs/
Apple Hater, behind the times as usual by SuperKendall · 2013-01-21 19:17 · Score: 1

So far, things like apps to teach children how to program, games that are too 'political', porn, Android magazines, etc
Perhaps the last two you might have something, but there is a slew of apps to help you actually program on the iPad/iPhone.
And of course you can always jailbreak. So on iOS, only the people who know what the risks are are exposed to them. That seems like a far more sensible layered security model than screwing over one million technologically inept people just because you are too lazy to jailbreak before accessing alternate app sources.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley