Slashdot Mirror

← Back to Stories (view on slashdot.org)

Android Botnet Evolves, Could Pose Threat To Corporate Networks

Posted by samzenpus on from the protect-ya-neck dept.

angry tapir writes An Android Trojan program that's behind one of the longest running multipurpose mobile botnets has been updated to become stealthier and more resilient. The botnet is mainly used for instant message spam and rogue ticket purchases, but it could be used to launch targeted attacks against corporate networks because the malware allows attackers to use the infected devices as proxies, according to security researchers.

54 comments

  1. Root Your Device? by theshowmecanuck · · Score: 2

    Is this a good reason to root your device so you can put a decent firewall on it? At the least block its communication if it installs itself. Or is it known to change firewall settings too?

    --
    -- I ignore anonymous replies to my comments and postings.
    1. Re:Root Your Device? by Anonymous Coward · · Score: 0

      I guess someone would have to tell us how to detect it, or something else equally helpful to actually PREVENT this threat. Warnings are pointless without a plan.

    2. Re:Root Your Device? by Lussarn · · Score: 4, Informative

      Don't install random crap from the internet. If you use play store the chance is virtually nil to be infected with malware. You also have to make the active choice to even be able to install these trojans by ticking "non trusted sources" down in preferences.

      It isn't exactly hard to keep an Android device malware free. Same as any other operating system with a good selection of programs in the default repos and stores, like Debian, Ubuntu, or OS X. Even if those operating systems don't mandate one supplier of programs only.

      If this sounds to hard, just use iPhones and Playstations which are unable to install random crap no matter how much you need it, but at least you're safe.

    3. Re:Root Your Device? by Chrisq · · Score: 1

      Is this a good reason to root your device so you can put a decent firewall on it?

      Seems like a good reason to not own an Android device.

      Perhaps you shouldn't own a car because it could easily be stolen if you walk off with the keys in the ignition.

    4. Re:Root Your Device? by DrXym · · Score: 3, Funny

      I guess someone would have to tell us how to detect it, or something else equally helpful to actually PREVENT this threat. Warnings are pointless without a plan.

      Just google for "free antivirus and sexy girl screensaver APK". Lots of Chinese warez sites have it. The app asks for a lot of permissions but only to see if there are viruses hiding in your text messages or contacts.

    5. Re:Root Your Device? by Anonymous Coward · · Score: 0

      Yes; if only Apple made absolutely everything.

    6. Re:Root Your Device? by Wootery · · Score: 1

      Agreed. You should only ever buy perfectly idiot-proof products.

      I, however, will not.

    7. Re:Root Your Device? by Anonymous Coward · · Score: 0

      Except all of their devices have viruses too, if the user is also an idiot and installs everything they're told to do.

    8. Re:Root Your Device? by mlts · · Score: 2

      It depends on how savvy the person is. If one has basic UNIX abilities, then yes. Set a firewall, set it to not allow anything out unless it is explicitly granted by you.

      Even better, using Xposed's XPrivacy is also a major security boost. If some flashlight app is demanding root, trying to get to contacts, trying to get to sites offshore, it will be obvious to the user and thus stopped.

      Of course, if the user isn't UNIX savvy, they may end up blocking some outgoing task that needs to phone home and then get mad why their phone isn't working.

      As for the malware, if it is an app, the worst it can do is try to install itself as a device administrator (which will require a prompt from the user) which gives it the ability to lock and erase the device at will, as well as the ability to hide itself. Of course, if the user has a rooted device and allows the app access via su, the game is over. However, newer su versions will disallow apps from even prompting for su access unless they declare a permission for it (ACCESS_SUPERUSER) which will be obvious when downlaoded or installed.

    9. Re:Root Your Device? by Anonymous Coward · · Score: 0

      Not completely true, Google removed about 20% of apps about a year ago because they were malware infected. Who knows what is infected today! Anything Google related and negative is hush, hush!

    10. Re:Root Your Device? by Anonymous Coward · · Score: 0

      No, they didn't

  2. Dumb to get smartphone by Anonymous Coward · · Score: 0

    Just think of all those millions of wireless computers, authenticating onto wifi networks inside corporate and personal firewalls the world over.

    Smartphones: we only asked whether we could, we never stopped to ask whether we should.

  3. Android and Linux! Bestest friends! by Anonymous Coward · · Score: 0

    Is this where we boast how much Android rocks because it is Linux based? Linux botnets are the best!

    1. Re:Android and Linux! Bestest friends! by Anonymous Coward · · Score: 0

      Android is Linux minus the L, the i, the n, the u and most of the x. Basically they broke the model, violated the inherent security for the sake of the mobile experience, and there you have it: Android. Does exactly what its programming tells it to do.

    2. Re:Android and Linux! Bestest friends! by Anonymous Coward · · Score: 0

      Is this where we boast how much Android rocks because it is Linux based?

      No, apparently it's where you troll with a strawman, because- while fanboyism for Android itself exists on Slashdot (as it does for iOS devices)- it's surprisingly rare that Android's Linux kernel is ever given as a reason for a particular commenter's Android fandom.

      Possibly because what most people think of as "Linux" is more than just the kernel, and- that aside- Android is quite different from most "normal" Linux distributions.

    3. Re:Android and Linux! Bestest friends! by matbury · · Score: 1

      Yay! The botnet of things! :)

  4. Use Meetspace as a firewall by Anonymous Coward · · Score: 3, Insightful

    Is this a good reason to root your device so you can put a decent firewall on it? At the least block its communication if it installs itself. Or is it known to change firewall settings too?

    FTA.

    Users would then see notifications about the finished downloads and would click on them, prompting the malicious application to install if their devices had the "unknown sources" setting enabled

    ie: Stupid is as stupid does...
    That's like lusers complaining about malware installed on the Windo$e PC being they turned off UAC.

  5. Re:Root Your Device? Hey, it's OPEN by BoRegardless · · Score: 1

    What more could you want than open windows and doors to your vault of info.

  6. Does Lookout use lazy analysts? by xxxJonBoyxxx · · Score: 1

    >> "encrypts its communications with the C&C servers, making the traffic indistinguishable from legitimate SSL, SSH or VPN traffic"

    Um...if you think simple transport encryption stops a determined analyst (who can hone in on source/destination IPs, initial traffic patterns, traffic volume, local signals or can use an attack proxy for some MITM action)...think again.

  7. Oh, for a successor to Open Moko by Ungrounded+Lightning · · Score: 3, Interesting

    I'm still waiting for a truly open-source, unlocked, user-controllable phone. Like a successor to Open Moko. (Building a closed platform on a base of open software doesn't cut it.)

    Is anything out there or in the works?

    (It's particularly acute for me just now: My decade-old feature phone started to flake out last week.)

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
    1. Re:Oh, for a successor to Open Moko by stoborrobots · · Score: 3, Informative

      OnePlus One? http://oneplus.net/

      --
      "Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
    2. Re:Oh, for a successor to Open Moko by Anonymous Coward · · Score: 2, Insightful

      I have an OPO and I wouldn't recommend it to anyone.
      The Synaptics touch driver still doesn't work.
      The call volume is broken from launch.
      Can't even name one good thing about it. Pure lemon.
      It's almost worse than early HTC phones that didn't even have drivers.

    3. Re:Oh, for a successor to Open Moko by ggendel · · Score: 1

      LuneOS. It could use a few more developers to bring it out of alpha state

      http://www.xda-developers.com/...

    4. Re:Oh, for a successor to Open Moko by GNious · · Score: 1

      While not 100% Open, give Jolla a look

      Disclaimer: I own a Jolla phone.

    5. Re:Oh, for a successor to Open Moko by Anonymous Coward · · Score: 0

      A friend of mine bought one and keeps on raving about how it's such a good deal and this and that.... I took one look at the OPO subreddit and was like "Eff this"

    6. Re:Oh, for a successor to Open Moko by tkotz · · Score: 1

      Depending on how you feel about drivers that load firmware.
      This is very open source:
      http://www.replicant.us/

      You can also just not install many of the firmwares if you don't want the feature.

  8. Why does anyone 'buy' this free stuff? by Anonymous Coward · · Score: 0

    Anyone?

    1. Re:Why does anyone 'buy' this free stuff? by T.E.D. · · Score: 1

      Beats me. I get my free stuff for free.

  9. Smart to get dumbphone by Anonymous Coward · · Score: 0

    You read that right

  10. key words by Neil+Boekend · · Score: 4, Insightful

    if their devices had the "unknown sources" setting enabled.

    That is an advanced user setting. It should not be changed unless the user is certain. It even triggers a warning if you change it.
    Only change that if you are certain you can use the device safely without it.
    If you can't, then leave it in it's factory setting.

    Stupid is as stupid does.

    --
    Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
    1. Re:key words by Anonymous Coward · · Score: 1

      It's an advanced setting with warnings that any user will be delivered to and encouraged to change if they wish to use a third party app store such as Amazon or Humble's, the fact that it's necessary to generally enable installation of software from unknown sources, rather than being able to grant a single app permission is a frustrating situation, as it leaves a phone more open than it needs to be, of course if apps in the store were able to request such permissions then they may as well not exist in the first place, and any app that's known to be popular and have such permission is obviously going to be a new route for attacks. Android's relatively open nature is, as is so often the case, both a blessing and a curse, but I am left wondering if maybe they could have done a better job with the third party sources side of things.

    2. Re:key words by ChunderDownunder · · Score: 1

      Yeah there's no UI to configure "known sources".

      It'd be nice to trust a certain repository only. For example, I replaced the old 2.3.x stock rom with CM11. Google Play is too heavy for the device but f-droid runs fine. But you need to check the unknown sources option.

      (Google have no interest in encouraging users to go outside the play store, naturally. The checkbox is mainly there so developers can load an apk via adb over USB)

    3. Re:key words by Anonymous Coward · · Score: 0

      Many people think only rotten, dirty pirates set that unknown sources flag. But of course anyone wanting to use the Amazon app store or even Amazon Prime instant streaming also sets that flag. But most that do it are doing it to avoid paying for software.

    4. Re:key words by Anonymous Coward · · Score: 0

      My unknown sources was only momentarily turned on to install the Humble Bundle installer. There is no other warnings asides from the install / permissions screen. That's the "UI" to configure "known sources".

    5. Re:key words by Terry+Pearson · · Score: 1

      Yeah there's no UI to configure "known sources".

      It'd be nice to trust a certain repository only. For example, I replaced the old 2.3.x stock rom with CM11. Google Play is too heavy for the device but f-droid runs fine. But you need to check the unknown sources option.

      (Google have no interest in encouraging users to go outside the play store, naturally. The checkbox is mainly there so developers can load an apk via adb over USB)

      You are absolutely correct.

      In many Linux distributions, we are allowed to import a key and to add specific trusted software sources. Android, on the other hand has a "trusted source" (i.e. the play store) and everything else is untrusted. It would make sense to update this model in the future to allow additional trusted sources (of course with warnings explaining this is not for the faint of heart). That way, one might add an f-droid repository, but forgo installing from other outside sources.

      This would work a lot like Yum or Apt on modern Linux platforms. Most users would never see it, but it would give a degree of security to those looking to trust only a small subset of outside sources.

    6. Re:key words by mlts · · Score: 1

      I wish Android had the ability to have a "default store", so that Google's Play Store, Amazon's store, F-Droid, or other stores/repositories could be used without having to turn on the "unknown sources" option. That way, a device could be shipped, and the user pick a store they use, or have the ability to download and install from multiple items without needing to go through the sideload mechanism.

    7. Re:key words by Anonymous Coward · · Score: 0

      (Google have no interest in encouraging users to go outside the play store, naturally. The checkbox is mainly there so developers can load an apk via adb over USB)

      Sounds like a particularly lazy and un-secure way of doing what iOS accomplishes more securely with "Developer Mode".
       
      ...notwithstanding the recent iOS social-engineering Trojan that dupes people into opting-into an "Enterprise Distribution" "Store" to download pirated Apps. Nothing can be completely stupid-proof...

    8. Re:key words by Anonymous Coward · · Score: 0

      Many people think only rotten, dirty pirates set that unknown sources flag. But of course anyone wanting to use the Amazon app store or even Amazon Prime instant streaming also sets that flag. But most that do it are doing it to avoid paying for software.

      So, what you are saying is, most people are right in their assessment.

      CAPTCHA: Motive

    9. Re:key words by Anonymous Coward · · Score: 0

      That's great, do you then turn it back on every time you want the humble installer to actually install the game, because I would find the "Install Blocked" dialogue, instructing me to go into settings to enable installation from untrusted sources a bit of a hindrance to actually using the humble app installer...

  11. Corporate networks.... really? by Reprint001 · · Score: 4, Informative

    "could be used to launch targeted attacks against corporate networks" A corporate network operator that allows BYOD Android devices with no MDM installed, direct network access deserves an attack. And corporately owned Android devices would normally have a secure MDM installed with settings like "unknown sources" disabled and not user changeable. For this malware to get access to a corporate network it would require some really poor security practices on the part of the device owner and network owner which would probably mean the company were vulnerable to much simpler attacks.

    1. Re:Corporate networks.... really? by Anonymous Coward · · Score: 0

      This. I, and I think most of the /. audience, is tired of these "security hazards" that are actually ID-10-T problems. If you leave your house doors unlocked on the bad part of town, you can't complain when some burglar "cleans it up".

    2. Re:Corporate networks.... really? by sociocapitalist · · Score: 1

      "could be used to launch targeted attacks against corporate networks"

      A corporate network operator that allows BYOD Android devices with no MDM installed, direct network access deserves an attack.

      And corporately owned Android devices would normally have a secure MDM installed with settings like "unknown sources" disabled and not user changeable.

      For this malware to get access to a corporate network it would require some really poor security practices on the part of the device owner and network owner which would probably mean the company were vulnerable to much simpler attacks.

      You're assuming that the MDM increases security whereas in my current experience, in order to get my device 'compliant,' I have been forced to unroot thus losing both full backup and firewalling capabilities, lessening the security of my device.

      --
      blindly antisocialist = antisocial
  12. Oh, for a successor to Open Moko by Anonymous Coward · · Score: 0

    Firefox OS. I love my Flame even though it's basically a beta (actually a developer's reference device, but functional), and there are several other models.

    https://www.mozilla.org/en-US/firefox/os/devices/

    https://developer.mozilla.org/en-US/Firefox_OS/Developer_phone_guide/Flame

  13. Wisdom follows, pay attention! by Anonymous Coward · · Score: 0

    > Android Botnet Evolves, Could Pose Threat To Corporate Networks

    Android Botnets do NOT pose a threat to Corporate Networks, because any network that lets Android devices connect is unworthy of the name "corporate".

    Corporations use Windows Mobile, Blackberry or Apple iOS exclusively, won't touch the Android anarchy with a tele-operated vaulting rod and will actively ban Android devices from connecting by enforcing NAP/NAC style tech measures.

    Considering the Google business model to collect all info and sell off to the highest bidder, corprations would be unable to use the Android platform even if its security was equal to Fort Knox, rather then cheddar. Letting Android into a corporation is thereby creating double jeopardy, an act illegal in and itself an those responsible to the shareholders and regulatories just can't do that.

    1. Re:Wisdom follows, pay attention! by amalcolm · · Score: 2

      Shill

      --
      Time for bed, said Zebedee - boing
  14. Re:HAHAHAHAHAHA!! by amalcolm · · Score: 1

    You would lose that bet

    --
    Time for bed, said Zebedee - boing
  15. Firefox OS, Sailfish OS by Qbertino · · Score: 1

    It's not that there are not enough viable alternatives to Overlord Google.

    --
    We suffer more in our imagination than in reality. - Seneca
    1. Re:Firefox OS, Sailfish OS by Anonymous Coward · · Score: 0

      It's not that there are not enough viable alternatives to Overlord Google.

      iOS.

  16. Windows Phone Wins Again! by Anonymous Coward · · Score: 0

    This is why I would never allow Google into my household.

  17. Evolved? by anchovy_chekov · · Score: 1

    Can we just for once stop using terms like "evolved" as if this thing has any kind of ability to mutate outside of the agency of people - intelligent designers if you will - actually making changes to the code.

  18. Could by Anonymous Coward · · Score: 0

    That's one big iffy word - "could" - without any hard data about how likely the possibility would be. This app "could" blow up the planet, or "could" cause a universe-destroying singularity.

  19. Thanks, Google. Thanks, Samsung. Thanks, Android. by Rakarra · · Score: 1

    It's my f#$@ing phone. If I want root on my own phone, I should be able to get it, just like I can get root on my home computer.

    But the only way to root, say, the Galaxy S5 is to run an older version of the kernel.. a version vulnerable to a root exploit. The exploit of course allows OTHERS to root the phone if I'm not careful, but installing ANY security updates or upgrading the OS on the phone fixes the "flaw" that gives me root.

    So the only way to get root is to leave my phone running older, insecure software.
    All because these shitty companies go ballistic at the thought of the user being the administrator of his own device.