Slashdot Mirror
"Bill Shocker" Malware Controls 620,000 Android Phones In China
Orome1 writes "A new discovered malware is potentially one of the most costly viruses yet discovered. Uncovered by NQ Mobile, the 'Bill Shocker' (a.expense.Extension.a) virus has already impacted 620,000 users in China and poses a threat to unprotected Android devices worldwide. Bill Shocker downloads in the background, without arousing the mobile device owner's suspicion. The infection can then take remote control of the device, including the contact list, Internet connections and dialing and texting functions. Once the malware has turned the phone into a "zombie," the infection uses the device to send text message to the profit of advertisers. In many cases, the threat will overrun the user's bundling quota, which subjects the user to additional charges."
It overruns the text bundle and causes extra charges... Sounds like an enterprising feature for a phone company to deploy.
I'll stick with my dumbphone
There are phone numbers you can dial that result in an addition to your bill and money being paid to the guy you dialed... 1-900 numbers or whatever in the US.
The idea of making malware to forcibly call these numbers to the profit of the number owner is not new.
It says there's malware and you should only download apps from trusted source, then promptly offers an app to download to fix it!
Ha ha,
China forked Android and stuck their own Baidu and apps on it, and their own store. They've made minimal attempt to catch hackers, they reap what they sow.
Upon further reading the infection vector is infected pirated Android apps sold/distributed in black market Android marketplaces. Cry me a river folks.
"Bill Shocker downloads in the background"
Not really true. You have to install an infected app to get it started.
No sig today...
Uncovered by NQ Mobile, the 'Bill Shocker' (a.expense.Extension.a) virus ...
Let's call the next one Bill O'Reilly...
since the PHONE COMPANY gets a cut then the PHONE COMPANY should be on the hook for the profits.
it should be LAW that you must get Positive Confirmation for any charges either above 3(money units) or that are multiple charge type things.
Any person using FTFY or editing my postings agrees to a US$50.00 charge
A "Researcher" wrote this code and when the cell maker didn't fix their phones, he released it in the interest of complete disclosure and information transparency.
We are all better off now...especially if you are in China and have one of these infected phones.
Newer Android releases include app scanners and do not allow (by default) app installation from unauthorized sources.
It's more likely than you think!
So it's just like this article, then?
Let me guess... you have to manually install an apk from an untrusted source?
bickerdyke
I think of them more as Modems that happen to have computing and voice messaging capability...
http://www.aaronrogier.net
Amazon Appstore for Android debuted in the United States, and a United States address was required to buy apps. It added five countries in Europe at the end of August of last year, and Japan appears to have since been added to the list of supported countries. When will China be added?
Of what'd happen to Linux if a "Linux's year of the desktop" occurred's all since Android is a Linux variant.
I think there is a LARGE measure of culpability (yes, I know that's the CRIMINAL term) for this on the part of the "Money Launderers" (the Banks, Telcos, and Governments involved in the "chain of custody" of these funds). Once alerted to this, the Police/"Justice Departments", not to mention the Telcos and Banks, in the country(ies) where the money is "landing" should be seizing bank accounts, taking down internet access, and generally making life a living Hell for whoever is PULLING THE DEPOSITS.
/.ers) seem to value so highly).
This CANNOT be legal under ANY Country's "fraud" laws. So why aren't these people being sued/prosecuted out of existence?
Qui Bono ("Who Profits?"). If the Banks, Telcos, and to some extent (through "fees" and "taxes") the "host Country(ies)" would actually go on an MPAA-style Jihad with these TRUE Racketeers, instead of actually AIDING AND ABETTING this Criminal Enterprise, perhaps there wouldn't be so much of it, regardless of the fact that the Android "mindset" makes this kind of thing ALL too easy, and Google is totally incapable of stopping it (without resorting to the "Walled Garden" approach that a small minority of Android users (but a vocal subset of
Yes, I understand that "The price of "freedom" (in quotes) is vigilance"; but ya gotta admit, if the Governments and Police in the Country(ies) where this money was ENDING UP spent as much effort on this as they do "watching for terrists" or "stopping piracy", not many (true) Criminals would even ATTEMPT something like this.
I mean, every single frickin' penny of this money can be tracked; so why is it SO hard to stop??? Something's fishy here.
This is NOT a virus; viruses infect a system, typically by modifying other existan executable files, and then self-replicate themselves. These are malware applications which have been installed by the users. In this case he notice, not covered in the summary, is that these applications are not designed to be malware, but rather they employ a free (as in gratis) SDK, which converts the phone in a zombie.
However, note that simply removing the applications should remove the "infection". The Android security model does not allow an application to "infect" the OS, unless the user has rooted the phone and runs the application as root (in this case, it's your fault).
"At times like these, I'm happy to have a Windows Phone."
Ok... but what about all the rest of the time? I was given an HTC 8x at work and asked to research the platform.. trying to use it as a daily driver and its just so frustrating coming from Android. You never realize how important a thriving app ecosystem is until you try to live with WP. I can deal with the wonky notifications and the limited "live tiles" vs widgets.. I guess. But looking through the app store is just depressing.
-Lod
... that a program can evidently send a text message to someone else without that text showing up in the message history?
File under 'M' for 'Manic ranting'
He shouldn't. If the device is not supported in his country, it wouldn't make sense to buy it. Or things like this occur.
RICO prosecutions would help. It's what should have been done with Spam in the early days when it started to become profitable.
Drag in the banks, the ISPs, and the other supposedly reputable service providers into the RICO prosecutions. Once a couple of well-known institutions get caught like this it would cut off the air supply of the illegal action and make it much, much more difficult.
By not doing this, we only encourage our supposedly legitimate institution to keep providing services to people who actually committing crimes.
http://i.stack.imgur.com/yuJnum.jpg
This is stock Android (I'm sure there's a chinese version of this, though nobody's taken a screenshot of it)
Just to balance out convenience with functionality, it doesn't notify on every message.
I don't know what idiot would want to constantly click on "ok, send" for EVERY automated message - legit or no. I suppose they might own another platform that like YES/NO authorization popups interrupting their experience (for new wifi networks found, for adding FB integration from the Settings on pad, etc.).
I guess it's too hard to read plain language...
This is once again proof that an OS is only as good as it's implementation, configuration and install software.
Running unsigned code from anywhere is awesome!
30+ years of this shit on desktop computers, and so it repeats on mobile.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
devices and go with iOS devices instead.
Wvery new malware that is released for Fuckle Assdroid just proves that Fuckle is the new M$ and Fuckle Assdroid is the Windoze of the mobile world. Apple iOS is far more secure than Windoze phone and Fuckle Assdroid could ever be. Don't think it can't happen in the US? Think again. With this the data usage will be causing users to be throttled due to hitting their data caps. Naturally this will get modded down because Slashdot is filled with Fuckle Assdroid Fanbois that love to get fucked in the ass, hence the term Fuckle Assdroid. So go ahead, flame on you Fuckle Assdroid loving, fudgepacking, twinkie sucking fucktarded shills of Fuckle.
Yeah that's a fair assessment, and why i have avoided android this far and stuck with the "walled garden" of iOS.
It is an appliance, like a toaster or a fridge. We've gone through decades of malware on PCs, and it doesn't need to be that way.
I'll gladly trade the ability to pay a nominal development kit fee for a security cert and tools in order to have a more secure locked down device. Whether that means iOS, Windows Mobile, or whatever new platform provides a nice slick UI, good performance and an decent application library.
In practice, open vs closed is not that relevant to my interests.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Noooo, having the option of flipping the switch that says "WARNING: You're making me insecure" right there and then allows owner to do whatever he wants - even if it's not good for him - is extremely baaaaaaad thing.
Don't forget that Larry, Sergei and Eric stand behind your shoulder and basically push you to do it, because otherwise your Android device is useless, useless, I say.
We don't need choice, it's bad for security and requires us to - what gall! - to think and be responsible for our actions. Also, microwaves should only allow verified things to get cooked and cars should only drive no faster than 5 mph.
What "apps" do you need that you can't get through Windows? I haven't run into anything that I needed that I couldn't get. I grabbed MS's PDF reader, Facebook, Spotify, Netflix, and Twitter. The phone does everything else out of the box (also HTC 8X).
I don't respond to AC's.
The hacking, the spying, the amoral corporations/pseudo-governments, the omnipresent smog. China is looking more and more like neo-Shanghai.
William Gibson was right!
Considering that the apps involved aren't in the Android Market you get the same benefit from just buying from the Android Market - it is just a lot less walled. Having the freedom to install anything you want doesn't mean that you should just run any exe file Aunt Tilly sends you.
Let me start by fully admitting I am new to the device and may just not be finding things that do exist.
Things I used to do daily on my Android phone and haven't found an app for:
SSH client that works on WP8
RDP client that works on WP8
Google Talk client that actually works (found gchat but it disconnects a lot and never manages to bring in chat history so you just lose whatever messages happened while its d/c)
IRC client that stays connected while using other apps.. It seems they *all* lose connection the minute you switch away.
WiFi analyzer/basic networking troubleshooting tools
Google Voice client, or any reasonable alternative client+service
Audio book player (not just a music player, but a player that is designed for audiobooks.. Bookmarking, intelligent back/forward controls, speed adjustment etc)
Several amateur radio related apps, psk31 rtty sstv websdr etc.. These are sort of a niche I guess but Android has lots of great tools for hams.
Games in the style of kairosoft.. Building/strategy type. Basically haven't found a good time waster.
Maybe I am just looking in the wrong places.. Maybe these things will come. There are many things I do like about wp8 so I hope so.
-Lod
"Bill Shocker" Malware Controls 620,000 Android Phones In China
And if you didn't want malware, you'd have bought an iPhone rather than an Android.
I thought the iPhone wasn't officially out in China yet. That won't happen until later this year.
Oh wow. You DO use your phone like a small computer. I run a medium sized business with mine, but I have a large collection of both desktops and laptops always near me, so I use those for everything else. I use almost all of the built-in features in the phone, and that really covers my needs (added the free MS PDF reader and a flashlight, and that's all I need).
In your particular case, I think that those apps will be coming soon for the Windows Phone. MS just cut off the Windows Phone 7 platform just recently (6 months ago), so lots of app developers obviously didn't bother doing anything else for it for a while. I think that now it's pretty obvious that MS is committed to Windows Phone 8, and maintaining compatibility from here on out for at least a good bit, so I think the app developers will continue to jump on board onto Windows Phone 8 in the near future. While I don't have the need for technical apps that you do on my phone, personally, I'm pretty confident that a similarly robust "app" environment for Windows Phone 8 is probably right around the corner, since MS has invested so much money into the new Windows Phones, and because quite honestly, I'm seeing people start to get really interested in the Windows Phone. Every time I pull mine out, I get lots of "ooohs" and "aaahs" from people who've seen the marketing, but have never seen one in action. They're pretty slick.
I don't respond to AC's.
So if I am only installing from a market, what's the advantage again? Other than me fact that the android market has had a heap more malware found on it?
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
So if I am only installing from a market, what's the advantage again?
The advantage of what? Buying a phone that is easier to use, more useful, less expensive, better designed, and more attractive? Or the advantage of being able to run whatever you want on it? Or were you just referring to the advantage of owning the phone that you paid for?