Android Malware Intercepts Text Messages, Forwards To Criminals

An anonymous reader writes "A new piece of Android malware has been discovered that can intercept your incoming text messages and forward them on to criminals. Once installed, the trojan can be used to steal sensitive messages for blackmailing purposes or more directly, codes which are used to confirm online banking transactions. The malware in question, detected as "Android.Pincer.2.origin" by Russian security firm Doctor Web, is the second iteration of the Android.Pincer family according to the company. Both threats spread as security certificates, meaning they must be deliberately installed onto an Android device by a careless user."

Is this really news?

[Rick+Zeman]

This'd only be newsworthy if it's installed via Google Play or another mainstream source. Otherwise, it's just stupid people paying the price for their ignorance.

Re:Is this really news?

[peragrin]

Since the one of the main talking point about android is the ability to side install apps.

Of course how can you be sure any app you install is genuine? Unless you write, compile and install it yourself and even that isn't 100% trustworthy.

So define ignorance when the professional have a hard time and the average person isn't smart enough to know what compiling is let alone do it.

Let me PARSE that for you

[SuperKendall]

16.9 million results.

But what can any iPhone trojan actually do? It's limited to sending contacts (and that only IF the user allows it at the time it tries to access the contacts, not on install). It can send the users location IF the user agrees to have the location accessed, at the time the app tries to access location (not on install). It can send your photos to them IF the user agrees to allow access to get to the photos... you get the picture.

What CAN'T it do? It can't access or send SMS messages. It can't access or send email messages (at least not without the user hitting send on the email). It can't make a phone call without the user saying "why yes I would love to dial that number now which is clearly displayed to me in full".

The issue is that because Android makes you agree to what it can do up front, most non-technical users will simply agree to anything, and then the app can really DO anything it likes to the user. There are safegaurds technical users can install; but they are exactly the people who do not need protection or help!

Android is a platform built for the pleasure of the technical elite, with a promise to non-technical users of being their gateway into the new world of mobile computing. But that is a lie; it's simply a PC you can put in your pocket that brings along for the ride every ill ever conceived of on a PC and more besides.

Android could go a long way by simply grantng permissions for things at the time the app wants them as iOS does; but even then the fundamental problem is that there are so many permissions that extend so deep into the system that it allows apps to do things like intercept SMS. You can't take those away now without technical users crying foul, but the cost to non-technical users is monstrous.