Slashdot Mirror
Massive Android Mobile Botnet Hijacking SMS Data
wiredmikey writes "A mobile botnet called MisoSMS is wreaking havoc on the Android platform, stealing personal SMS messages and exfiltrating them to attackers in China. Researchers at FireEye lifted the curtain off the threat on Monday, describing MisoSMS as 'one of the largest advanced mobile botnets to date' and warning that it is being used in more than 60 spyware campaigns. FireEye tracked the infections to Android devices in Korea and noted that the attackers are logging into command-and-controls in from Korea and mainland China, among other locations, to periodically read the stolen SMS messages. FireEye's research team discovered a total of 64 mobile botnet campaigns in the MisoSMS malware family and a command-and-control that comprises more than 450 unique malicious e-mail accounts."
Seriously, what is the "trickery" that gets one to download and install this "Google Vx" application, and how many Chinese people does it take to read our LOLs? Is someone out there texting their social security number or bank PIN?
Gently reply
...What could possibly go wrong?
For a split second I read it as "Massive Asteroid...", then I slowed down and was glad to find out it was nothing that really matters. Data plan: $1000/year. Handset upgrade: $100. The look on your face when somebody actually tries to send executable crap to your feature phone: priceless.
"The mobile malware masquerades as an Android settings app used for administrative tasks. When executed, it secretly steals the user’s personal SMS messages and emails them to a command-and-control (CnC) infrastructure hosted in China,” the researchers reported."
The problem is with dumb users out there who just do not read the type of permissions required by apps they download versus the functionalities that it is supposed to give, that also without reading reviews and comments about it, such problems are bound to happen.
C&C exists because of irresponsible users, unfortunately, however care one can take, if the user themselves don't give much a damned about what they are installing and not giving a "grace period" to notice what each new app is doing for a period of time, we will keep having such problems.
Besides, that playstore thing, can't it have a peer review weightage on apps which helps flagging such stuffs and could potentially help in informing any users of such potential issues (granted, once you've been breached, you can't trust anything on that device.) Oh well, security keeps being a problem, so many years after, the problem is with the people not the software! +selven
Instantly - the reason most pirated/cracked android apps exist, becomes clear.
People installing pirated apps don't realise most of the motivations for doing so - to 'bundle' spyware/keyloggers in with popular android apps that they don't pay for.
That, and other 'competing' android markets that don't check their apps (and outright 'pirate' android markets)
Couple of times found that it was
"accidentally" downloaded and was ready to install...
Heh you Android guys are funny. If that was an article about Microsoft Windows, you'd be all over the place spewing end of days stuff :))))))
An amazing leap there eh?
It also seems you're pretty far off the mark. As people read the articles, they discovered there's much about how the botnet works and not so much about how the infection gets in there except to say "the malware pretends to be something useful" or in other words, as a trojan horse.
And the short concensus of it is "if you're stupid enough to install these sketchy apps, you deserve what's coming to you." That said, the articles never exactly stated how wide spread this is. I suspect it's limited largely to China and Korea as I suspect those locations might, in some way, control what apps get loaded to their devices. In any case, I don't think it's global in any way.
And so far, all Android malware is acquired through stupid behavior which is not strongly blocked by Android though each user pretty much has to manually allow installing apps from locations other than Google.
What will it look like if I ever go into one of those mobile OSes from the security standpoint compared to less mobille OSes? I haven't touched mobile OSes even remotely yet. I understand the apps ecosystem might cause problems not directly linked to the OS but still, overall?
Everything I write is lies, read between the lines.
For all the exaggerated scary words used like "one of the largest", "more than 60 campaigns" etc, there was not a single solid data point about the actual devices infected. Not even a ball park number - like whether it is tens, thousands or millions of devices.
Makes me suspect the claims.
I'm much more funny, interesting and insightful than the moderators think
Seriously, what is the "trickery" that gets one to download and install this "Google Vx" application
Flashlight App.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I can't find any information about where this was downloaded from. It's not on the Play Store (or at least, not anymore), so where were people downloading it from?
Summation 2
Download your apps from a reputable store and exercise some common sense. I wouldn't be surprised if this infection was because idiots were downloading warez from some dubious app store.
The vendor has a moral responsibility to protect their customers from themselves. When was the last "Massive iOS Mobile Botnet Hijacking SMS Data" headline?
but not the daily spying on ALL devices by the NSA...
Quit getting hung up on android vs. apple vs. microsoft; and focus on the real issues affecting us all on a daily basis
Google, i dare you, i really dare you, make android by default, whitelist countries IP addresses.
So that I can choose, EU only, or Asia only, except china/korea. Or USA only ip addresses.
Yeah its drastic, but 99% of users wont access websites outside usa, or their home country or two.
But france is as bad, I know no one there or use their websites, so should block the whole country on my linux server...
Is there any easy to use firewall configs to block/allow by country?
Liberty freedom are no1, not dicks in suits.
> No kidding. I had to look through dozens of "flashlight" apps
> to find one that didn't want my calendar, SMS, internet access,
> and GPS.
F-Droid is your friend.
As always, FOSS means you don't have to put up with the bullshit.
F-Droid build all apps they ship from source, including some sort
of grep filter on permissions to catch (and then remove) any code
which is not in the user's best interest, or at minimum flag and
explain the issue in detail to let you decide for yourself.
Otherwise-good apps with flagrant ad-ware or cripple-ware in it
simply gets patched.
~.~
I'm a peripheral visionary.
> Is there any easy to use firewall configs to block/allow by country?
That very much depends on your definition of easy.
Netfilter is there. Some phones have iptables pre-installed, so on those phones you'd blacklist or whitelist list exactly the same as any other Linux distribution. That's easy for me, it would be hard for a lot of people.
Other phones don't have iptables installed so you'd need to copy the binary over to the phone.
At minimum, you'll need root access on the device.
The Android permission system blows goats. It's not just the "all or nothing" approach to app acceptance. It runs deeper. It's also the app store itself, where I can't restrict (or prioritize) search results based on permissions demanded.
Using aSpotCat, under android.permission-group.PERSONAL_INFO I've got AdService, Chrome, Firefox, Gmail, Google Play, Pebble, and RunKeeper. I've had to bail on the installation of close to fifty apps to keep this list this short.
Basically the Android security model deters me from actually installing software, to the point where I no longer regard it as a platform.
This xmas between an Android tablet and an eReader, I'm likely to get an eReader (Kobo here in Canada), which is not a platform either, and doesn't play one on TV.
I was reading reviews that commented that a Kobo Aura is about the price of a servicable, entry level tablet from Walmart. Several of the reviewers commented "you might as well get the full Android platform for the price". What platform? Android is mainly a platform for sharing far more about myself than I wish to divulge with strangers I don't even know. Whatever information is gleaned will never be under my control ever again: it will almost certainly be amalgamated from one low-life to another ad nausium.
I'd be quite happy if not a single vendor knew my location ever, who wasn't providing me with a map for my own purposes (such as RunKeeper). If they need to know, I'll tell them. Yet 90% of Android applications demand to hoover this up and the Google play store provides no mechanism to put these applications on a personal shit list, so that better-behaved applications float to the top of the candidate list.
Android: Death by a thousand peeping toms. Where's well-behaved Waldo? Crushed by the throng. Eventually Diogenes tires of visiting the Turkish baazar and begins to subsist on juniper berries.
Why go through all the trouble just to know my wife asked me to pick up milk?
If it ain't broke, don't fix it.
I understand what you're saying. However, compare this "ridiculously broad" system to almost anything else, such as your Windows desktop. On Windows, applications have 100% permissions to do whatever they want on your computer. The user is either admin or not admin, two choices only.
It seems to me Android's system is a giant leap forward, although it's imperfect. You have very fine grained control in Linux through SELinux. Some people might prefer that level of control, but that level of detailed control can also be unwield.
* I haven't used Windows 8. If Windows 8 finally has a security model even as powerful as "chmod g+r" from 1972 Unix please forgive my lack of knowledge about Microsoft's latest silliness.
Wait, this theft of personal SMS messages and exfiltrating them to attackers wasn't about the new Google Hangouts which sucks in your SMSes unless you expressedly tell it not to...? OK, I stand corrected.
I assume that's a strange way of spelling 'sending'
Big Android Mobile Botnet Hijack...
BAMBHi?
"MisoSMS is wreaking havoc on the Android platform"
This is BS, how does this malware get on to the device in the first place, does it require user action or can it install silently and root the device.
You can't download other app stores from Google Play because of the "non-compete" provision of the developer agreement. If you don't trust the F-Droid app, you can always download Eclipse and recompile it yourself. But a problem with F-Droid is an inherent limit in funding development of Free games. Even if a game's engine is free, it'll get blocked with "anti-features" if it recommends installing non-free mission packs.
Then the app developer can just hide the malicious functionality in a game. Users of free software repositories are already used to going to the non-free repositories for games for several reasons.
exfiltrate
verb
gerund or present participle: exfiltrating
1.
withdraw (troops or spies) surreptitiously, esp. from a dangerous position.
What?
What "reputable store" happens to be available to people who live in the People's Republic of China, which doesn't appear to have Google Play or Amazon?
Increasingly, major webmail and social networking providers have been using access to a particular mobile phone number's SMS inbox as a second factor in 2-factor authentication.
the attackers are logging into command-and-controls in from Korea and mainland China, among other locations, to periodically read the stolen SMS messages.
Rumor has it that they are paying James Earl Jones and Malcom McDowell to read those stolen SMS messages out loud.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
I have rooted my Nexus 7 and installed a ROM toolbox, ads blocker, iptables, plus more and block shady app requests. Or do I just have a false sense of being secure?
How come the NSA didn't save us from this one like they did the BIOS attack???
Android's being infested faster than Windows ever was in the same timeframe of existence.
There are far more established malicious software developers making money than when windows first launched so I would not be surprised if that is true. Regardless of how secure your OS is once it becomes the most common consumer platform then that is where the money is, it is a target, and someone will find a way to make that money even if it is playing on the inexperience and stupidity of the average user.
Up until this point the lamp has been the biggest area where linux is used and they are usually managed by more experienced {more experienced than a regular consumer} admins. I imagine that the quality of admin increases as the monetary reward for an exploited lamp increases making it more difficult to turn some easy bucks. Making it a not so promising target although it is not unheard of for an exploit to happen.
That's why I don't use android spy-phones. Why can't they make andriod as secure as linux?
A virus is simply a program that does what a normal program does. Anyone can write a program that screws up your personal information or sends your texts anywhere else. Hacking it in without intention user installation is a little different, but the payload is the same.
Most of Android's malware have been installed by the user, much like how most malware gets on desktop computers. Most of the malware reports from poorly managed app markets in China outside of Google's control.
You can't fix this even being in a walled garden -- how many applications have slipped through the reviewers. i.e. Secret tethering subsystem in a flashlight application: that's right, you can slip in a DHCP server, a DNS reflector into any application - stuff no normal application would ever need - and get it by the reviewers. The ONLY reason why it was kicked off the store was because it became popular and known to the world.
Can you imagine if this application sent SMSes somewhere instead of actually providing a missing function? Especially with the mindset that "omg, nothing bad can happen on a reviewed store" and only those reviewers can scan in bulk?
You're asking for trouble.
64 mobile botnet campaigns in the MisoSMS malware family and a command-and-control that comprises more than 450 unique malicious e-mail accounts
The entire 1st and 2nd grade classes from two schools in Beijing and Pyongyang..
Why not use app ops? remove all permissions you do not want an app to have. We should be telling apps what they are allowed to do not the other way around!
Given that the C&C logins are from both S. Korea and China we can presume that the logins are probably from compromised Windows boxes and thus the attacker could be anywhere. China has the largest pool of compromised PCs in the world. With the initial infections believed to be in S. Korea there's a fair chance that the botnet originates there only slightly less than that it originates in China.