Slashdot Mirror

← Back to Stories (view on slashdot.org)

"Bill Shocker" Malware Controls 620,000 Android Phones In China

Posted by timothy on from the it's-ok-they're-calling-the-premier dept.

Orome1 writes "A new discovered malware is potentially one of the most costly viruses yet discovered. Uncovered by NQ Mobile, the 'Bill Shocker' (a.expense.Extension.a) virus has already impacted 620,000 users in China and poses a threat to unprotected Android devices worldwide. Bill Shocker downloads in the background, without arousing the mobile device owner's suspicion. The infection can then take remote control of the device, including the contact list, Internet connections and dialing and texting functions. Once the malware has turned the phone into a "zombie," the infection uses the device to send text message to the profit of advertisers. In many cases, the threat will overrun the user's bundling quota, which subjects the user to additional charges."

21 of 138 comments (clear)

  1. Nope by The+MAZZTer · · Score: 2

    There are phone numbers you can dial that result in an addition to your bill and money being paid to the guy you dialed... 1-900 numbers or whatever in the US.

    The idea of making malware to forcibly call these numbers to the profit of the number owner is not new.

    1. Re:Nope by poetmatt · · Score: 3, Insightful

      the also unsurprising factor is that this is happening in China, where the same responses for how to prevent this have been sent every week:

      download things from official trusted sources only.

    2. Re:Nope by milkmage · · Score: 2

      ...or google could just section off the store - devs can submit, or submit for review and approval. wild west over here.. anything goes. these have been reviewed. they're safe.

      i don't see a downside. the relative lack of app dollars going to google (vs. Apple) has to be at least partially because some people don't feel "safe"

      if you get too many warnings from this.. http://www.androidpolice.com/2012/10/11/apk-teardown-the-play-store-is-getting-a-built-in-malware-scanner-theres-more-wish-list-progress-and-more/ - some people will stop using the store. makes no sense.. scan apps on the way IN.. not on the way out.

      Installation has been blocked

      why would you ever show that to the user. reject the app until those messages aren't even triggered.

    3. Re:Nope by node+3 · · Score: 2

      No, your *theory* was that the OS can't be relied upon for security.

      Your words:

      Anytime you think of an operating system as your security, you have already lost the battle.

      The Android OS has a feature by which a user can completely bypass the most fundamental security involved.

      I never claimed that having that box checked would prevent ALL types of malware, but it certainly will prevent third party apps form being installed.

      No, you said the exact opposite, you said that an OS *can't* provide sufficient security. So, obviously your claim wasn't that there is no Android malware, quite the opposite!

      iOS *doesn't* have a malware problem, due to the security mechanisms of the OS being tied to a curated App Store. Based on your words, this cannot happen. Perhaps your wording was... loose?

      If we can agree that iOS has reliable security, while Android has only a very loose security, then there's nothing more for us to discuss, we are in agreement as far as the important bits go. But if you think an OS cannot provide security, then you'll have to explain how iOS isn't an example of this.

      And considering TFA states explicitly that this particular malware WAS installed using a third party app, you really have no argument.

      That would only be true if the malware in TFA was the only malware that existed for Android. Sadly, that is far from the truth.

    4. Re:Nope by Ol+Olsoc · · Score: 2

      If you don't know what you are doing, you have no business changing the security settings in the first place.

      But that doesn't stop them from doing it. And yes, it's their fault. That gets us nowhere.

      Putting dangerous things in the hands of people who don't know what to do with them is in itself dangerous.

      Car analogy time. A friend of mine one time bought a performance vehicle and he was a gearhead. So he wanted to tune it a bit. He put together a box with which he could alter the timing, the fuel injectors, the turbo boost, and other params from his console. Pretty awesome, but by 50K miles, the engine was toast.

      He knew what he was doing, and wasn't all that surprised, and was willing to put up with the downsides.

      But now should every person who buys one of these vehicles have access to say the turbo boost? If you don't know what you are doing, you are in the market for a new turbocharger at best, and as likely as not, a new engine. It won't take long either.

      And yes, it would be their fault. So there is a good reason that car manufacturers don't allow everyone unfettered access to the vehicle's computer system. People would destroy their vehicles, and decide to go with a different vehicle.

      So back to the phones. People are going to do what they are going to do, whether you or I think they are being stupid assholes or not. And the salesperson will probably even show them how to allow those third party software installations, I know one was squawking to me all about them while he was touting the superiority of the Android phones over that "Kiddie Sandbox" that the stupid iPhone users were stuck in. "You're not a stupid user are you, sir?" So not only are they ignorant of the possible issues, they might in some cases be encouraged by a salesperson who want's some of that higher commission they'll get from the Android device.

      But eventually, people are going to demand that their devices be a little safer. Once smartphone addiction wears off, and the Darwinistas who cannot put their phones down ever and walk into traffic, go away, it will be just like cars. People want something that will last, and will just work. They are idiots and make mistakes on tehir Android phones. They'll want a phone where they don't make those stupid mistakes.

      And I'm all for that. I can get as much hands-on computer goodness on any of my 5 other machines. I want my telephone to just work.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  2. All worried until... by Kagato · · Score: 5, Insightful

    Upon further reading the infection vector is infected pirated Android apps sold/distributed in black market Android marketplaces. Cry me a river folks.

    1. Re:All worried until... by tepples · · Score: 2

      So if someone lives in a country where most devices come without Google Play Store, a country where even the manufacturers and carriers preload "black market Android marketplaces", where should he get apps instead?

    2. Re:All worried until... by ZiakII · · Score: 2

      So if someone lives in a country where most devices come without Google Play Store, a country where even the manufacturers and carriers preload "black market Android marketplaces", where should he get apps instead?

      He should install the Google Play Store .apk?

  3. Not true by Joce640k · · Score: 5, Informative

    "Bill Shocker downloads in the background"

    Not really true. You have to install an infected app to get it started.

    --
    No sig today...
  4. Trojans? In my Chinese pirate app store? by 0xdeadbeef · · Score: 4, Funny

    It's more likely than you think!

    the infection uses the device to send text message to the profit of advertisers

    So it's just like this article, then?

  5. And the infection vector? by bickerdyke · · Score: 3, Insightful

    Let me guess... you have to manually install an apk from an untrusted source?

    --
    bickerdyke
    1. Re:And the infection vector? by h4rr4r · · Score: 2

      Yup.
      Could just as easily infect a jailbroken iPhone this way.

      This sort of infection vector is nothing to get excited about.

    2. Re:And the infection vector? by Savage-Rabbit · · Score: 2

      Yup.
      Could just as easily infect a jailbroken iPhone this way.

      This sort of infection vector is nothing to get excited about.

      Last time I looked (a few months ago) some 38% of Chinese iOS users had jailbroken their phones and the trend was declining. China must be a small market for Apple since globally, only 10% of iOS users had bothered to jailbreak.

      --
      Only to idiots, are orders laws.
      -- Henning von Tresckow
  6. Re:Follow the money by fermion · · Score: 2
    Back in the day of 900 number, it was clear that the phone companies were using them as a profit center. The average phone user did not want the feature, yet it was turned on by default. If you do not think about turning off the 900 number, and wait too long, the phone company can charge for the service.

    Of course the high profit venture has gone from 900 numbers to texting. The phone companies are once again in a position to help, but they won't.

    --
    "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
  7. As Much As I'd Like To Poke Fun At Android... by macs4all · · Score: 2

    I think there is a LARGE measure of culpability (yes, I know that's the CRIMINAL term) for this on the part of the "Money Launderers" (the Banks, Telcos, and Governments involved in the "chain of custody" of these funds). Once alerted to this, the Police/"Justice Departments", not to mention the Telcos and Banks, in the country(ies) where the money is "landing" should be seizing bank accounts, taking down internet access, and generally making life a living Hell for whoever is PULLING THE DEPOSITS.

    This CANNOT be legal under ANY Country's "fraud" laws. So why aren't these people being sued/prosecuted out of existence?

    Qui Bono ("Who Profits?"). If the Banks, Telcos, and to some extent (through "fees" and "taxes") the "host Country(ies)" would actually go on an MPAA-style Jihad with these TRUE Racketeers, instead of actually AIDING AND ABETTING this Criminal Enterprise, perhaps there wouldn't be so much of it, regardless of the fact that the Android "mindset" makes this kind of thing ALL too easy, and Google is totally incapable of stopping it (without resorting to the "Walled Garden" approach that a small minority of Android users (but a vocal subset of /.ers) seem to value so highly).

    Yes, I understand that "The price of "freedom" (in quotes) is vigilance"; but ya gotta admit, if the Governments and Police in the Country(ies) where this money was ENDING UP spent as much effort on this as they do "watching for terrists" or "stopping piracy", not many (true) Criminals would even ATTEMPT something like this.

    I mean, every single frickin' penny of this money can be tracked; so why is it SO hard to stop??? Something's fishy here.

  8. Not a virus; virus self-replicate by enriquevagu · · Score: 2

    This is NOT a virus; viruses infect a system, typically by modifying other existan executable files, and then self-replicate themselves. These are malware applications which have been installed by the users. In this case he notice, not covered in the summary, is that these applications are not designed to be malware, but rather they employ a free (as in gratis) SDK, which converts the phone in a zombie.

    However, note that simply removing the applications should remove the "infection". The Android security model does not allow an application to "infect" the OS, unless the user has rooted the phone and runs the application as root (in this case, it's your fault).

  9. Re:Happy to have a Windows Phone by LodCrappo · · Score: 3, Interesting

    "At times like these, I'm happy to have a Windows Phone."

    Ok... but what about all the rest of the time? I was given an HTC 8x at work and asked to research the platform.. trying to use it as a daily driver and its just so frustrating coming from Android. You never realize how important a thriving app ecosystem is until you try to live with WP. I can deal with the wonky notifications and the limited "live tiles" vs widgets.. I guess. But looking through the app store is just depressing.

    --
    -Lod
  10. Re:Android attacks are indicators by Runaway1956 · · Score: 2, Interesting

    Android is not a "Linux variant". Android uses a Linux kernel, but it's not a Linux distro. It most certainly is not an established, trusted distro, such as Debian, Suse, or Redhat.

    Various dope smoking fools, working for various companies have rolled their own flavors of Android, seldom consulting with real Linux enthusiasts. Each and every manufacturer rolls his own dope-soaked version of Android, then alters that dopey version to suit the whims of the telcos that are actually purchasing them.

    If Android is a Linux distro, then BlackXP, available via torrent, is a valid Windows release.

    (Note that I've actually used BlackXP inside of VM's - it's actually pretty solid, but it's damned sure not Microsoft!)

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  11. RICO prosecutions by swb · · Score: 2

    RICO prosecutions would help. It's what should have been done with Spam in the early days when it started to become profitable.

    Drag in the banks, the ISPs, and the other supposedly reputable service providers into the RICO prosecutions. Once a couple of well-known institutions get caught like this it would cut off the air supply of the illegal action and make it much, much more difficult.

    By not doing this, we only encourage our supposedly legitimate institution to keep providing services to people who actually committing crimes.

  12. Re:Android attacks are indicators by smash · · Score: 2

    I'd actually argue that Android has had more thought put into application security than the typical linux distro has.

    Especially after it's been fucked up by idiots doing this sort of thing

    --
    I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
  13. Re:Can someone explain how is it... by Rich0 · · Score: 2

    Easy - the history is implemented by the App, not the OS. If you ask the OS to send a message, it just sends it.

    That is why if you send a text from messaging App A you don't see it in the history of messaging App B.

    The real place to monitor history is at the provider level anyway - then it will cover history even across multiple phones, OS resets, etc.

    The bigger issue here is that mobile providers are allowed to sell you a service you don't want to buy. If I were grand dictator one of my first edicts would be that for ANY service the person buying the service could dictate the maximum amount they're wiling to pay per month (down to the lowest amount mentioned in any ad). The subscriber would then not be responsible for ANY charges in excess of this amount for any reason. The provider could of course refuse to deliver a service that cost more than their budget (cutting off calls when you're out of minutes, not delivering texts, blocking data, etc). However, if they provided the service they'd have to eat the cost if you told them you didn't want to spend that money. The result would be an end to $500 surprise bills - at most you could DOS yourself, and providers would really have no incentive to let you do that since it just lowers satisfaction and doesn't make them any more money.

    Oh, and any increase to the limits has to be by phone call or in writing to customer service. No API on the phone that just lets you up your limit/etc which is then subject to abuse.

    Phone companies are like the guys who run out and wash your windows while you're stuck in traffic and ask for money.