Android Malware Intercepts Text Messages, Forwards To Criminals

← Back to Stories (view on slashdot.org)

Android Malware Intercepts Text Messages, Forwards To Criminals

Posted by samzenpus on Thursday May 23, 2013 @12:38PM from the stealing-the-grocery-list dept.

An anonymous reader writes "A new piece of Android malware has been discovered that can intercept your incoming text messages and forward them on to criminals. Once installed, the trojan can be used to steal sensitive messages for blackmailing purposes or more directly, codes which are used to confirm online banking transactions. The malware in question, detected as "Android.Pincer.2.origin" by Russian security firm Doctor Web, is the second iteration of the Android.Pincer family according to the company. Both threats spread as security certificates, meaning they must be deliberately installed onto an Android device by a careless user."

21 of 137 comments (clear)

Min score:

Reason:

Sort:

Is this really news? by Rick+Zeman · 2013-05-23 12:46 · Score: 5, Interesting

This'd only be newsworthy if it's installed via Google Play or another mainstream source. Otherwise, it's just stupid people paying the price for their ignorance.
1. Re:Is this really news? by peragrin · 2013-05-23 12:54 · Score: 5, Insightful
  
  Since the one of the main talking point about android is the ability to side install apps.
  Of course how can you be sure any app you install is genuine? Unless you write, compile and install it yourself and even that isn't 100% trustworthy.
  So define ignorance when the professional have a hard time and the average person isn't smart enough to know what compiling is let alone do it.
  
  --
  i thought once I was found, but it was only a dream.
2. Re:Is this really news? by ozmanjusri · 2013-05-23 12:54 · Score: 3, Informative
  
  Yep, it's another AV vendor beat-up.
  "The Australian Communications and Media Authority has published detailed statistics of malware infections identified by their online security team (AISI). The team scans and identifies and compromised computers on Australian IP addresses and reports daily to around 130 participating ISPs.
  Their breakdown shows about infected 16,500 devices are online at any one time. The malware type for all infections is available on the site."
  http://www.acma.gov.au/WEB/STANDARD..PC/pc=PC_600121
  If you look at the breakdown of malware infected IPs, there are around 16,500 active infections at any one time. Around 20 Windows viruses make up more than 99% of all infections. In the "Other" section, there are around 100 active IPs with rarer Windows viruses, and Mac, iOS, Linux and Android infections.
  In other words, the total of all Android malware is competing with space in the fraction of 1% of malware instances that aren't on Windows.
  
  --
  "I've got more toys than Teruhisa Kitahara."
3. Re:Is this really news? by clonehappy · 2013-05-23 13:39 · Score: 3, Insightful
  
  Well it's not difficult to type "make" as a normal user then test and when fully satisfied that the application works properly type "make install" as the system admin. But this means using the "command line" or a developer GUI which basically allows the developer to develop and maintain the application. However the average person does not know what the "command line" or even what a development GUI is or if they do think their brains will explode if they attempt it :)
  I don't know why people seem to think typing "make" and/or "make install" somehow protects them from malware. Unless you've examined the code, line by line, and actually have the skills to understand it, you're just as vulnerable as someone running a random binary on a Windows machine.
4. Re:Is this really news? by Anonymous Coward · 2013-05-23 14:56 · Score: 2
  
  There's always a tradeoff with the usefulness of smartphones.
  When you select one, you get to choose between having a really useful phone which allows you (the owner) to do what you want with it, or stopping you doing what you want and also stopping you doing something risky.
  You've just chosen to go a long way towards the useless end of the scale.
5. Re:Is this really news? by chromas · 2013-05-23 15:55 · Score: 2
  
  AV on a phone does sound stupid, but a smart phone isn't really a phone—it's a pocket computer with a modem in it.
6. Re:Is this really news? by chromas · 2013-05-23 16:09 · Score: 4, Funny
  
  I audit my hardware from the theoretical quantum strings up, plus the source of entire operating system and compiler toolchain, every time there's an update, which I compile myself. I don't use make.
7. Re:Is this really news? by tlhIngan · 2013-05-23 17:20 · Score: 2
  
  This'd only be newsworthy if it's installed via Google Play or another mainstream source. Otherwise, it's just stupid people paying the price for their ignorance.
  Unlike iOS, Android is sold in far more countries than the store supports (Apple obviously only sells iOS devices in places where they have an iTunes store - which is why some countries only have the App Store and no music, movies nor books).
  One of these countries is... China. Which is a huge population and stuff is shared rather promiscuously, plus the official Chinese app stores are full of infected apps.
  In addition, many of these places also sell Android devices with no Google stuff, so the only way to get apps are unofficial app stores. And unfortunately, everyone calls AOSP devices "Android".
8. Re:Is this really news? by Bert64 · 2013-05-23 18:25 · Score: 2
  
  You don't need AV. If you're not sufficiently clued up then you shouldn't enable settings intended for developers, in its default setting android won't let you download and execute arbitrary apps from random websites.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
9. Re:Is this really news? by Bert64 · 2013-05-23 18:29 · Score: 4, Informative
  
  I have moved apps to external sd cards, my devices don't boot loop...
  The problem with android (and this problem occurs on windows as well to a lesser extent) is all the oems/carriers that think they know best and put out heavily kludged versions, introducing all manner of bugs and breaking standard functionality.
  As for background apps, android *allows* background apps because such a feature is useful for users... You just have to choose background apps which are well written. Don't blame the os for shoddy applications.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
FUD. Must be a slow news day by thammoud · 2013-05-23 12:58 · Score: 2, Interesting

From TFA,

Although Doctor Web doesnâ(TM)t say so, the good news here is that Pincer2 is not likely to be very prevalent. It has not been found on Google Play, where most Android users should be getting their apps, and appears to be meant for precise attacks, as opposed to being aimed at as many users as possible.
In short, this malware threat isnâ(TM)t one that you will likely be hit with, but it is an interesting example of how Android malware is evolving.
1. Re:FUD. Must be a slow news day by girlintraining · 2013-05-23 13:32 · Score: 3, Insightful
  
  In short, this malware threat isnÃ(TM)t one that you will likely be hit with, but it is an interesting example of how Android malware is evolving.
  For suitably uninteresting values of 'you', perhaps. But standing at a bus stop and spotting someone sharply-dressed, I could ask to use their phone to make a quick call for [insert excuse here], and in a few seconds, install similar malware.
  A few weeks later, all your bank accounts zero. Do you remember me?
  
  --
  #fuckbeta #iamslashdot #dicemustdie
careless user by EmperorOfCanada · 2013-05-23 13:00 · Score: 3, Insightful

I thought the word careless was assumed to proceed user. I think that basically every slashdotter has been called to help some "careless" user who has 3 toolbars, 2 AV bloatwares, and countless other bits of crap that came along with all their downloads. Yet they will swear on a stack of bibles that "they never installed nothin' "

So any malware that depends on users being careless will be a huge success. The other key will be ease of use.

That being said, I generally stick with my brother's rule: "I wouldn't transmit it electronically if I wouldn't want it on the front page of a national newspaper." My niece texted me her password the other day; I pointed out the error of her ways.

I did just come up with an app for Google glasses. You send someone encrypted messages that are displayed on their screen as a QR code. Their glasses decrypt it temporarily while it is in view. The phone can't decrypt, the glasses don't store. Glasses can still get hacked though but at least you do not have a plaintext message store.
Re:This is why I hate Android by Anonymous Coward · 2013-05-23 13:30 · Score: 4, Insightful

Kind of funny, isn't it...
Windows malware? Blame Microsoft.
Android malware? Blame the user.
Then I guess I don't care by Nethemas+the+Great · 2013-05-23 13:45 · Score: 3, Insightful

A stupid user is a stupid user. Everyone is so quick to rush to the soapbox and preach how wonderful their platform of choice is and how awful the others are. I say rush to the box and preach how stupid people are. I say rush to the box and demand that basic computing security be taught to everyone just as proper hygiene and safe sex are. We do not need big brothers, we don't need walled gardens, we need people to know what the hell it is that they're doing with their electronics. Teach people to wash their damn hands, avoid disenfranchised Nigerians, stop opening random email attachments, and stop bloody installing apps that require access to your sensitive data.

--
Two of my imaginary friends reproduced once ... with negative results.
1. Re:Then I guess I don't care by Anonymous Coward · 2013-05-23 14:13 · Score: 2, Interesting
  
  The install-type permissions model for Android has some serious flaws and even though I don't like Apple's strict requirements for getting into the app store, I think the iOS security sandbox is much better.
  For example, I occasionally use Skype on my iPhone for video calls with my folks, but I don't want Skype(MS) to have access to all of my contacts either. On Android, I have no choice but to hand it over because the app requested access to my contacts in its permissions list. On the iPhone, the only way an app can get to my contacts is through an API at runtime, where I can just say "no" once and go on using the application. Same goes for location data, SMS, pictures, music, calendar, etc. I actually have finer grained control of my private data on the iPhone than on Android.
Re:This is why I hate Android by ducomputergeek · 2013-05-23 14:06 · Score: 3, Insightful

The Apple App Store is not immune to malware, but does offer some level of protection and once a threat is spotted in the wild corrective action can be taken by the platform. I know a lot of people who went to droid and bragged about how "open" the platform was and not limited to any one store and that it was 1985 with Windows vs Mac again only this time with Android playing the Windows role. And I agreed with them. Android will become the windows of mobile devices. Complete with the viruses and malware windows users have come to know and love.

--
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
Let me PARSE that for you by SuperKendall · 2013-05-23 14:44 · Score: 5, Interesting

16.9 million results.
But what can any iPhone trojan actually do? It's limited to sending contacts (and that only IF the user allows it at the time it tries to access the contacts, not on install). It can send the users location IF the user agrees to have the location accessed, at the time the app tries to access location (not on install). It can send your photos to them IF the user agrees to allow access to get to the photos... you get the picture.
What CAN'T it do? It can't access or send SMS messages. It can't access or send email messages (at least not without the user hitting send on the email). It can't make a phone call without the user saying "why yes I would love to dial that number now which is clearly displayed to me in full".
The issue is that because Android makes you agree to what it can do up front, most non-technical users will simply agree to anything, and then the app can really DO anything it likes to the user. There are safegaurds technical users can install; but they are exactly the people who do not need protection or help!
Android is a platform built for the pleasure of the technical elite, with a promise to non-technical users of being their gateway into the new world of mobile computing. But that is a lie; it's simply a PC you can put in your pocket that brings along for the ride every ill ever conceived of on a PC and more besides.
Android could go a long way by simply grantng permissions for things at the time the app wants them as iOS does; but even then the fundamental problem is that there are so many permissions that extend so deep into the system that it allows apps to do things like intercept SMS. You can't take those away now without technical users crying foul, but the cost to non-technical users is monstrous.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Re:This is why I hate Android by SuperKendall · 2013-05-23 14:46 · Score: 2

If the platform is so safe, why does Apple have to review and sign every app before it's allowed to run?
Because trojans can use legal API's to do work, and defense in depth means that there is actually depth to your defense.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Exactly! by SuperKendall · 2013-05-23 14:51 · Score: 2, Interesting

What people miss is that iOS is MORE customizable for users by default in the ways that matter most. As you say, Skype having my contact list? Hell no!
Or Google Maps app having my location or contacts or anything whatsoever? Don't think so! All I have to do is say no, but I'm still using the app.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Re:Why did you even ask? by SuperKendall · 2013-05-23 17:35 · Score: 2

Lots of people leave Bluetooth enabled because they use it pretty often - car audio, headsets /speakerphones.
NFC I would think you'd leave enabled if you really used it for payments, otherwise it would be almost as slow as a normal credit card.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley