Android Ransomware Threatens To Share Your Browsing History With Your Friends

An anonymous reader writes: The newly discovered Lockdroid ransomware is unique in two ways. First it uses perfectly overlaid popups to trick users into giving it admin privileges. This trick works on devices running Android versions prior to 5.0 (Lollipop), which means 67% of all Android smartphones. Secondly, after it encrypts files and asks for a ransom, it also steals the user's browsing history and contacts list, and blackmails the user to pay the ransom, or his browsing history will be forwarded to his contacts.

Flogging | tar & feathers

[cold+fjord]

Bring it back.

A good thing?

[by+(1706743)]

Anything to force vendors to, you know, provide up-to-date software. Unfortunately, this probably won't have much of an effect...

Re:A good thing?

[Admiral_Grinder]

Does that mean I can finally hang Verizon on the hook for failing to update my Droid Maxx in a timely manner?

Re:A good thing?

[sycodon]

I was about to post a snarky comment on how some Slashdotter will defend this in some backhanded manner.

Guess I was too slow.

Re:A good thing?

[Coren22]

No, but you could buy a new phone already. That thing has got to be like 4 years old already.

Re:A good thing?

Snarky comments are for Reddit users. Because over there every post requires a snarky reply often followed by a follow up snarky reply to the first snarky reply, and so on - all equally inane. Everyone needs to feel good about their life that they waste on Reddit, so snarky comments are required. If your post is popular enough on reddit, it always requires an addendum beginning with EDIT: where by the user thanks all the SJWs there for upvoting his or her retarded showerthought. There may also be thanks for some reddit gold. This is the Reddit way. However, this is Slashdot. Slashdot, thankfully is not Reddit. Continue on

Re:A good thing?

[MobileTatsu-NJG]

Force vendors ...? It should force Google to design an OS that doesn't require vendor approval to get an update. Even Windows manages to do that!

Re:A good thing?

[Carewolf]

Anything to force vendors to, you know, provide up-to-date software. Unfortunately, this probably won't have much of an effect...

Even the most up-to-date software allows a user to be an idiot and install untrusted software and give it permission to take his phone ransom. It is not abusing a software vulnerablity, but an idiot user vulnerablity, and those are not easily fixed without taking away user freedom.

Re:A good thing?

[macs4all]

No, but you could buy a new phone already. That thing has got to be like 4 years old already.

Wow, and people talk about Apple creating forced obsolescence (which they generally have a MUCH better track-record of NOT doing)...

Re:A good thing?

[Coren22]

Apple is guilty of the same thing. In this case, it isn't Google doing anything of the kind, it is usually the carrier as they feel they HAVE to load their crapware on every phone.

Apple and Google have pretty much the same support time frame.

When iOS 8 shipped, the iPhone 4 was not supported anymore. That is 4 years.

Google supports their Nexus line for 3 years.

Most phone batteries frankly don't last past 2 years anyways, and as they aren't replaceable on most phones anymore, the phone lasts only as long as its battery. Expecting companies to support their products forever is naive at best.

Here is a cute little comparison chart of Apple vs Google in support timeframes.

http://lifehacker.com/this-cha...

Re:A good thing?

[sims+2]

Droid MAXX is only 2 years, 5 months, 7 days old

The phone I use on a daily basis is a 2 year, 4 month, 29 day old stupid phone and verizon last pushed a software update to it just 2 weeks ago

The MAXX was $699 when it was first released.
My Samsung Convoy 3 was $199 when it was released.
They were released just 9 days apart. If I had paid $699 for a phone and it wasn't being kept as up to date as a $199 flip phone I think I would be pretty pissed too.

Re:A good thing?

[sims+2]

Something that does still irk me is that I happen to have a LG tv made in 2012 model 55LM6700 msrp $2,299.99 and it has no netflix profiles support. Yet my 2006 model RVL-001 msrp $249.99 nintendo Wii does WTH?

Re:A good thing?

[LinuxIsGarbage]

Nexus is Google's flagship phone, and since Google is directly involved, they want the crapware free experience, and relatively long support period.

The moment you start looking at OEMs, it goes downhill.

Take the Samsung SIII. It was Samsungs flagship phone at one point, and sold in high numbers.

Released May 29, 2012, in most markets the last official version is 4.3 JellyBean, with limited markets / unofficial support for 4.4.4 Kitkat.
Kitkat was released October 31, 2013, and Lollipop November 12, 2014. So you're topping out on 1.5 years on a flagship phone.

The moment you look at bargain android phones, even new, they are usually outdated when you buy them.

Apple, as much as I hate them, usually has a predictable support life. For sale from carriers, you will usually only see N,N-1, and N-2 models. Right now that is 6S, 6, and 5S. The current iOS (9.2.1) supports back to 4S (a phone released October 2011).

Re:A good thing?

Something that does still irk me is that I happen to have a LG tv made in 2012 model 55LM6700 msrp $2,299.99 and it has no netflix profiles support. Yet my 2006 model RVL-001 msrp $249.99 nintendo Wii does WTH?

There are likely MORE cheap Wii's out there than expensive commodity televisions of that price range. Bulky products have a lot of inertia. They don't move adapt well. Buy small, buy often, and you still come out a winner in some senses. That said, it doesn't quite apply to the bottom of the barrel: want a sub 100 android phone? it'll give you memory full errors within a year. Your $600 flagship? maybe 12 months later. We ought to thank Google for that. I've been decrappifying phones were their framework alone balloons from 10 mb to 90mb. Their choice to auto-update all apps by default allows all your unremovable shovelware to just inflate until it takes up your whole RAM. Then someone had to make the stupid^W genious design choice of not allowing our enormously empty SD cards to have shared ram (a-la video cards) or some form of disk swapping.

I've been lamenting this since the days of MacOS 8 when your browser would show just as much memory need as your operating system. Programmers have only gotten more spoiled since the mid-nineties, with entitlement complex to their RAM... but nothing is ALWAYS affordable everywhere, and not everything is a desktop-class machine to stick RAM and expansions into.

Re:A good thing?

Force vendors ...? It should force Google to design an OS that doesn't require vendor approval to get an update. Even Windows manages to do that!

Let's not give them any ideas!
It's hard enough to find intel drivers on HP or dell sites when they have so many installers and lack of serial numbers, and I just found an official driver yesterday that gave me an error asking me to seek the manufacturer's edition instead of their official one.

Remember the dark days of 2005 when Ubuntu and some distros would needed you to point to driver dlls from your windows partition as a last resort to get laptop Wifi working?
If the OEMs just hide everything in some nightmarish closed package repository enforced by Windows ten's crazy update policies, it will all be over.

Re: A good thing?

Although idiot users are an issue, this is absolutely an issue that can be fixed without taking away user freedom. The easiest thing to do would be to have the os mark a file as downloaded, and refuse to install it unless it gets moved to a special directory that normal apps don't have write access to. Another option would be to forbid a web browser from running the apk installer. Or requiring the user's pass code / pattern / picture / whatever to run the apk installer.

Basicly anything that doesn't permit an app to run the apk installer in a way that 1. It can allow an installation with one tap of the install button, while 2. Drawing over the install button with another button that says "cancel".

Installing an application would always be a privileged operation, that should never be performed by an unprivileged application, nor done by an unauthenticated user. Regardless of the host system's OS. The fact that android permits this to occur, shows a complete disregard for security and should be fixed asap.

Re:A good thing?

[whoever57]

My phone got an OTA update about 4 months ago. It's a T-Mobile Samsung Galaxy S 2, which was released about 4 1/2 years ago.

Re:A good thing?

But I like my phone. I liked it when I bought it and I like it now. I don't want a new interface. I want the one that came with my phone when I bought it, and that's what I have and why I have it.

Even if there was a new version and I didn't mind the new interface, it may very well cripple my old hardware like what happens every time a new version of iOS is released.

In the meantime, I'll make sure to avoid downloading things from unknown third parties that may very well be ransomware. Seems to have worked this long, and I don't foresee it being a problem in the future. If this is the kind of problem you find yourself running into, by all means, go with the appropriate gadget to mitigate the problem.

Re:A good thing?

[ihtoit]

my phone is just over twelve years old. The battery is still good for nine days standby. It gets daily use. I won't even consider another phone.

MotorRAZR V3 for the win.

Re:A good thing?

[ihtoit]

the Nexus uses some of Motorola's patents they sold to Google in 2012...

Re:A good thing?

[AmiMoJo]

No need. I mean, you have to go find an alternative download site for the "Porn 'o' Mania" app, enable unknown sources, click through the warning about enabling unknown sources, then click through the warning about installing apps from untrusted locations. Then it fails to install anyway because by default the Play Store app scans even sideloaded apps for malware.

The combination of extreme stupidity, enough intelligence to sideload apps, and the short window of vulnerability before Google kills it means that doing an OS update is probably a bit of an over-reaction. In any case, chances are Google will back-port the feature that stops the overlay this trojan relies on, since the application installer is updatable via Play.

Re:A good thing?

[bbeagle]

No, Apple is NOT guilty of the same thing. You do NOT have to rely on carrier updates if you own an iPhone. The phones can be updated without worry who your carrier is. Google has failed in their update method.

Re:A good thing?

[Karlt1]

iPhone 4s - introduced 9/2011 -- still running the latest OS probably until 9/2016.

I'm just saying.....

Re:A good thing?

[Karlt1]

Apple is guilty of the same thing. In this case, it isn't Google doing anything of the kind, it is usually the carrier as they feel they HAVE to load their crapware on every phone.

Apple doesn't allow the carrier to load crapware.

Apple and Google have pretty much the same support time frame.

I can buy a PC from any manufacturer running Windows and get security updates from Microsoft. Why can't I do the same with third party Android phones?

Google supports their Nexus line for 3 years.

And what about third party phones running Google licensed versions of Android? Microsoft doesn't just provide updates for Surface computers.

Here is a cute little comparison chart of Apple vs Google in support timeframes.

It's "cute" and all but why if MS makes it their responsibility to support their licensed OS on third party hardware then why doesn't Google do the same?

Re:A good thing?

And my S3 hasn't had an update in over 18 months!

Re:A good thing?

My Apple IIc still boots( floppies ehh). My Dell (when it was a good company) lasted 10 years. My iMac, 2009?, Yosemite running sweet.

Re:A good thing?

AFIAK, (and please correct if inaccurate) Apple has yet to have a single incident of malware in the field on iOS, much less ransomware.

Re:A good thing?

[Coren22]

Do you not speak English? You are arguing things I didn't say.

Google updates the only phones they can update, which is the Nexus phones. All the other phones are the carriers holding them up, not Google. Apple stops supporting phones too, despite your venom.

Re:A good thing?

[Coren22]

I can buy a PC from any manufacturer running Windows and get security updates from Microsoft. Why can't I do the same with third party Android phones?

Talk to the carriers about that. This is not something you can pin on Google, it is carrier greed and need for control that you are seeing.

And what about third party phones running Google licensed versions of Android? Microsoft doesn't just provide updates for Surface computers.

Many of them can be updated to whatever you like, it just might not work properly because of Qualcomm's control issues.

It's "cute" and all but why if MS makes it their responsibility to support their licensed OS on third party hardware then why doesn't Google do the same?

I am sure Google would love to control updates on their phones, but the Carriers and Manufacturers, and Qualcomm won't let them.

Re:A good thing?

That's my strategy, except my next phone will be a dumb phone. I got a smart phone and then realized I had little use for any of its apps except, well, the apps that let it be a phone and camera. (Next phone probably won't have camera if I can avoid it.) I also have a vulnerable tablet that serves as a helpful dumb terminal for my server in the clouds or to occasionally figure out where rare drops in Monster Hunter are.

So basically, if either device is infested with evil, the browsing history will consist of: slashdot.org, soylentnews.org, and kiranico.com. I might have visited my bank's website once, but usually I'm only comfortable doing that using up-to-date free software.

Re:A good thing?

This.

If you know what you are doing and flash CyanogenMod or another well made ROM, enable a GPS spoofer, and a privacy manager like XPrivacy or DonkeyGuard, and don't just run any "securityupdate.apk" update foisted to you by a website, you will be in excellent shape.

However, there are fewer and fewer phones which allow this. New Samsung devices don't even have a working root hole, much less a unlocked bootloader. Last year, there was one, but it took a five-digit bounty for someone to step forward and do it. Pretty much, you have Nexus devices and HTC devices that you can unlock the bootloader, and the number is getting fewer and fewer as time goes on, due to "enhanced security measures"... i.e. forcing customers to throw their phone away since it won't be updated with security patches, and it can't be moved to a ROM which will.

Re:A good thing?

[leonardluen]

are you sure about that?

these were even posted to slashdot. and i am sure this isn't all of them.

225000 accounts comporised via ios malware

Apple xcodeghost malware more malicious than originally reported

Advertising malware affects non-jailbroken ios devices

apple cleaning up app store after is first major attack

Re:A good thing?

[Karlt1]

Talk to the carriers about that. This is not something you can pin on Google, it is carrier greed and need for control that you are seeing.

Apple forbids any carrier from adding anything to their phones. Why couldn't other manufacturers?

Many of them can be updated to whatever you like, it just might not work properly because of Qualcomm's control issues.

Why not all of them? I was able to install Windows 7 on an old 2006 Core Duo Mac Mini. This was out any support from Apple (no I didn't have to use BootCamp).

I am sure Google would love to control updates on their phones, but the Carriers and Manufacturers, and Qualcomm won't let them.

But the carriers "let" Apple control their own updates. Apple also uses Qualcomm chipsets. Why is Google so much less powerful than Apple when Android runs on about 5x as many phones as iOS?

Re:A good thing?

[darkmeridian]

Buy Google Nexus devices. Monthly security updates pushed out over the air. Developers also flock to these devices so you will always have great ROMs. Also, Google supports those devices for a long time. The 2012 Google Nexus 7 Wi-Fi tablet was updated to Android 5.1.1.

Re:A good thing?

[darkmeridian]

Android supports monthly updates; it's the carriers that don't give a crap. The Google Nexus devices get monthly Android security updates pushed over the air, so it's possible. However, carriers want a few months to "certify" the devices to run on their own networks, i.e., cram that shit full of their "value-added" software. If you give a shit, buy a Google Nexus device.

Re:A good thing?

Are you SUGGESTING that apple isn't the best company in the world, you dirty google rat?

Re:A good thing?

[malditaenvidia]

why if MS makes it their responsibility to support their licensed OS on third party hardware then why doesn't Google do the same?

Because Microsoft charges a hefty license for every copy of their OS sold, google doesn't get a cent for android licenses (they profit through other means).

Re: A good thing?

[Karlt1]

Google charges license fees for Google Play Services like Maps, the Play Store, etc.

Re:A good thing?

[macs4all]

are you sure about that?

these were even posted to slashdot. and i am sure this isn't all of them.

225000 accounts comporised via ios malware

Apple xcodeghost malware more malicious than originally reported

Advertising malware affects non-jailbroken ios devices

apple cleaning up app store after is first major attack

Yes, yes; Slashdot breathlessly (and more to the point, hit-mongering-ly) "reports" each and every such story, as part of their unstated and ongoing mission of pandering to Apple Haters.

So, lets' take these one-by-one, shall we?

225000 accounts comporised via ios malware --- According to TFS, " The theft is executed via variants of the KeyRaider iOS malware, which targets jailbroken iOS devices.", so Doesn't Count. "Next..."

Apple xcodeghost malware more malicious than originally reported --- According to the Comments to TFA, this only affected Chinese Developers that Downloaded an UNOFFICIAL BINARY from grey-market "App Stores". Does it count? Meh. The best thing is that Apple likely tightened their signature-verification process for XCode installation. Oh, and I believe that I read that the "victims" had to IGNORE a warning that the Signature didn't match, and ALSO SPECIFICALLY TURN OFF GATEKEEPER.

Advertising malware affects non-jailbroken ios devices --- Another day, another breathless Slashdot non-story. Well, according to the TFS, again, this is due to Distribution through NON-APPROVED CHANNELS (Enterprise Distribution), which SOME Users see as a way to "side load" mostly Pirated Apps from (once again) Grey-market "App Store" clones. "YiSpecter's malicious apps were signed with three iOS enterprise certificates issued by Apple so that they can be installed as enterprise apps on non-jailbroken iOS devices via in-house distribution. " So, again, meh. Sensing a pattern here?

apple cleaning up app store after is first major attack --- This non-story is simply a followup about Apple making sure that Applications built with the "tainted" XCode containing "XCode Ghost" (see above) were NOT in the iOS App Store. And in fact, that "Malware" didn't seem to do anything, anyway. According to TFS "Palo Alto Networks Director of Threat Intelligence Ryan Olson said the malware had limited functionality and his firm had uncovered no examples of data theft or other harm as a result of the attack." So, plainly, this "Story" isn't about a "Malware Attack", per se; rather, this is Apple being diligent. So, once again, meh.

So, by my tally, that's pretty much ZERO on the "Real Malware Threat" scale. The XCodeGhost incident was close, but no cigar.

Someday, it will happen; but not today...

Now, do you want to see the list of REAL Malware Articles on Slashdot for Android??? Didn't think so.

Re: A good thing?

LOLOLOL so a 3 year old phone was finally updated to use a year and a half old OS and you call that progress? You android fanboys are something else.

Re:A good thing?

[leonardluen]

well if you are going that route then it should also be pointed out that this android malware also only comes from non-approved channels

from the article:

The malware is disguised as a porn app called Porn ‘O’ Mania. The malicious app is not found on Google Play and may be downloaded from third-party app stores, forums, or torrent sites. Users who have Google Play installed are protected from this app by Verify Apps even when downloading it outside of Google Play.

sounds like the infection vector for the examples i linked above for apple are quite similar to the one for android in this article.

i don't hate apple by any means, i just don't like it when people seems to think apple is immune just because it is apple. Both this and the articles above prove that if something stupid you are going to get malware.

Re:A good thing?

[macs4all]

well if you are going that route then it should also be pointed out that this android malware also only comes from non-approved channels

Bzzt! WRONG!!! Thanks for Playing!

What "route" is that? You mean the "FACTS" route? Then yes, I will go that route every single time. Unlike you, apparently...To wit(less) :

Malware has been found on the Google Play store MANY times. Where the FUCK have YOU been?!?

BTW, that took exactly ONE SECOND of Google-ing.

Research, THEN Post. Otherwise prepare to be outed as the idiot you are.

Re:A good thing?

[leonardluen]

You pointed out that all the apple articles were only from non-approved sources, so i was just pointing out that the malware from this article is also installed from non-approved sources. i didn't mention anything saying android hadn't had any other malware infections.

you want only app store apps for apple? how about this one

and here is a proof of concept showing that apple isn't immune.

BTW, that took exactly ONE SECOND of Google-ing.

Research, THEN Post. Otherwise prepare to be outed as the pompous ass you are.

Re:A good thing?

[macs4all]

You pointed out that all the apple articles were only from non-approved sources, so i was just pointing out that the malware from this article is also installed from non-approved sources. i didn't mention anything saying android hadn't had any other malware infections.

you want only app store apps for apple? how about this one

and here is a proof of concept showing that apple isn't immune.

BTW, that took exactly ONE SECOND of Google-ing.

Research, THEN Post. Otherwise prepare to be outed as the pompous ass you are.

1. I didn't say the Articles were from "non-approved sources". Rather that the Software-containing-Malware was from sources other than the iOS App Store.

2. Actually, you DID state quite clearly that "it should also be pointed out that this android malware also only comes from non-approved channels". So I'm not sure what you are talking about with "i didn't mention anything saying android hadn't had any other malware infections." Is English a second-language for you; or are you just illiterate?

3. The "Find and Call" App WAS apparently actually a Trojan that affected both iOS and Android, I will give you that. However, it was NOT part of the original examples that I argued-against; so it constitutes a "moving of the goalposts". Also, you fail to mention that Apple not only pulled the Dev's credentials; but also modified iOS so that that type of App cannot work in the background to steal personal information. So ultimately, the system still worked. As I said, I NEVER said iOS was IMMUNE; just that the examples given were not legit examples of "Malware from Approved Sources" (in this case, the iOS App Store). That remains a true statement, sorry!

4. While the "Jekyll" App may have actually worked in a real-world application (and no, a Proof-of-Concept is not "Real-World"), there are three things that make your inclusion of this a strawman: a. It was not in the original "List", and thus constitutes a moving of the goalposts.

b. It was never actually "In the Wild".

c. I NEVER said that iOS was IMMUNE; rather, again, I simply stated that the four EXAMPLES in the original post were not scenarios for people using Apps from the iOS App Store with non-jailbroken phones (a point which you haven't actually rebutted).

So, after your EXHAUSTIVE search, we have a sum-total of ONE legit Trojan from 2012 (which fortunately doesn't seem to have targeted the U.S.A.), and one possible Proof-of-Concept in 2013. Not 100% perfect; but the difference between a typical iOS user's exposure to Malware vs. a typical Android user is both striking and utterly undeniable.

Again, wanna compare that track-record to Android, even from the Play Store?

Confusing title?

Friends vs contacts? Why put up such a stupidly worded title?

Re:Confusing title?

[xxxJonBoyxxx]

>> Friends vs contacts? Why put up such a stupidly worded title?

The article assumes that you are acting as a consumer on a personal PC, that many of your contacts are friends (as opposed to work colleagues), and that your personal browser history contains a lot of naughty stuff. Unfortunately, it also assumes that any of your contacts would do more than delete a lengthy message like this on sight; you probably don't have hundreds of "friends" who care THAT much about you. (e.g., Even if Hillary Clinton herself emailed me a list of her classified emails, my short attention span would still compel me to delete the message before reading it and go on to something shorter and more interesting in my inbox.)

Re:Confusing title?

personal Personal Computer

That's probably only if they use chrome while logged on to google.

Joke's on them

I don't have any friends and my contact list is empty.

Re:Joke's on them

I don't have any friends and my contact list is empty.

If you're installing an app called "Porn 'O' Mania" I'd say that's probably true.....

Re:Joke's on them

[MobileTatsu-NJG]

I don't have any friends and my contact list is empty.

Coincidentally you hate anything Social Media related with a passion.

Re: Joke's on them

True.

Did you have a point?

Sideloaded

[farble1670]

"Once the malicious app (a fake porn-viewing app in this case) is installed and run by the user"- exactly. Also, the user would have had to enabled side loading ignoring all of the various warnings.

Re:Sideloaded

"Once the malicious app (a fake porn-viewing app in this case) is installed and run by the user"- exactly. Also, the user would have had to enabled side loading ignoring all of the various warnings.

In many markets sideloading is the norm, for various reason. And only a small minority of app installs coming through official app stores. Phones are sold with the warning you are talking about deselected by default from the retailer (and various apps pre-installed in-store). Reasons for not using app stores: 1. Phones are pure AOSP - no (paid license) access to Google services. 2. They don't use email or have credit cards. 3. They exchange apps peer-to-peer directly, as discovery method and to save data cost (check out Zapya app-sharing-app).

Re:Sideloaded

[farble1670]

that's fine, but the point is that if you backdoor install shady apps, c'est la vie. the good: you are passing around pirated apps that you don't have to pay for, and your phone was cheaper because it doesn't license google play services. the bad: malware.

Re: Sideloaded

You know how I know you don't use android, and a shill?

Google has never made you enter credit card information. You're free to use the phone without one even while accessing Play Store. You don't even need a gift card or any payment services, unlike i devices.

You also can create a free gmail as part of the setup process, so not sure where you're going with the email...

But you already knew that. For some reason, you like being uninformed.

Re:Sideloaded

How you go from equivocating "shady apps" and "pirated" (via parallelism as your grammatical tool to make it indirect) I have no idea. There are quite a few apps neither shady nor pirated when you install them via sideload. Newsflash: being a news for nerds, people around here know better. So...are you a troll, paid shill, propagandist, or just someone who doesn't know enough to say anything?

Re:Sideloaded

[Trogre]

So... any app not sanctioned enough by Google to appear on their Play Store is automatically shady and pirated huh?

What an amazing world view you must have. I hope you never install software on your PC that is not first approved by Microsoft Corporation, or eat food that doesn't come from the local supermarket.

Re: Sideloaded

You know how I know you don't use android, and a shill?

Google has never made you enter credit card information. You're free to use the phone without one even while accessing Play Store. You don't even need a gift card or any payment services, unlike i devices.

You also can create a free gmail as part of the setup process, so not sure where you're going with the email...

But you already knew that. For some reason, you like being uninformed.

I don't think you understood that I wasn't talking about US or European markets. But many of the very large emerging markets where cheap AOSP phones are the most popular, without access to Google Play. And where a lot of people don't *use* email even if they could. And where the data cost is a significant worry and WiFi spotty, so the major part of app distribution is happening either in-store or peer-to-peer with extremely popular apps like Zapya. But yeah, everyone who doesn't see things your way is a shill.. got it Godwin.

Re:Sideloaded

[farble1670]

So... any app not sanctioned enough by Google to appear on their Play Store is automatically shady and pirated huh?

no, but some are. evidence? THE ARTICLE YOU ARE READING.

not that i ever said that in the first place of course.

Re:Sideloaded

[farble1670]

How you go from equivocating "shady apps" and "pirated" (via parallelism as your grammatical tool to make it indirect) I have no idea.

that's good, because i didn't.

There are quite a few apps neither shady nor pirated when you install them via sideload.

yes, because after all, i did state that all sideloaded apps are pirated.

Newsflash

newflash: you missed your dose of lithium this morning.

Re:Sideloaded

[Trogre]

This is true, but not particularly helpful.

The problem is not that apps can be installed outside of a walled garden, which is a normal part of operating an Android device; the problem is that malicious software exists, and has done so for as long as long as computers have been affordable.

Some of the comments here suggest an attitude that wants to marginalise side-loading, as if it were the software equivalent of walking down a dark alley and accepting sweeties from a man in a trenchcoat lurking in the shadows. That is very dishonest and short-sighted view that if carried out has but one logical conclusion - a car with the hood welded shut. If people want that sort of nonsense they may as well give up and buy an iPhone.

Re:Sideloaded

[farble1670]

Some of the comments here suggest an attitude that wants to marginalise side-loading

this is just like when someone says "muslim terrorist" and we hear "not all muslims are terrorists!". of course not. i thought that was a big fat DUH but i guess not.

side loading is by far the biggest attack vector for android malware. that's a fact. it doesn't mean all side loaded software is malware. it doesn't mean all side loaded software is pirated. it doesn't mean side loading is bad, or should be disallowed.

If people want that sort of nonsense they may as well give up and buy an iPhone.

or you should stick with your android device and not enable side loading. there are lots of choices between sideloading sketchy free pr0n apps on Android and iOS.

Stupid traps for stupid people

[wardrich86]

You still have to accept and side-load an application off of a sketchy site. Will people ever learn?

Kudos to the app author, though. The technique is pretty interesting.

Re:Stupid traps for stupid people

[alvinrod]

Can you imagine of other news stories were written using the same type of alarmist approach that we see with technology?

New report shows that toasters are extremely deadly!

Researchers have found that the common household toaster is an exceptionally dangerous product. Users who intentionally went out of their way to remove key safety features of the appliance and then connect an extension cord to the device so that they can submerge in a tub full of water while standing in that tub were found to suffer grievous bodily harm.

. . .

I can understand that is generates clicks, but we'd be better of spending time writing about why you shouldn't visit dodgy sites and install third party applications unless you know what you're doing and provide some examples of what these malicious programs might look like or how they might try to trick you. That would be far more useful to the average consumer.

Re:Stupid traps for stupid people

I'm always wondering how people get infected with viruses. Yes, I run anti-virus on my desktops and phone, but I've only ever once had an anti-virus program once ever pop up when browsing a website. Even that one lone time that virus still would not have infected my machine because I wasn't going to run the file being downloaded and I wasn't running with admin privileges. BTW, not a sketchy site, but a small town city website ran by someone with no business maintaining any type of technology. Viruses infect people who are uneducated about technology in general. Just stop clicking on stupid shit people. Yes, that funny video of a cat, may be enticing to watch because you have no life, but get a life and get busy with real world stuff and remove your face from the screen.

Maybe I just don't hit the dark parts of the web, but ad-blockers help probably a lot more than any sort of anti-virus software. Hell even the pr0n sites I visit never trigger anything.

Re:Stupid traps for stupid people

[Actually,+I+do+RTFA]

So, instead of having an OS with security built into it, we get an OS with a weak security model, but it's okay because if you let Google control everything you see/get a cut they'll keep you safe?

There's no real reason the Google store is any safer than any sideloaded app. All google does is runs some automated detection software, and that could be run clientside.

Re: Stupid traps for stupid people

You've taken precautions and have also been lucky.

The people that actually write some of these nastier bits of malware are loyal customers of multiple anti-virus software makers. How else to test their creations?

The point is it's a type of arms race.
You've just never been on the front lines.

Re:Stupid traps for stupid people

The OS security is fine. but you have flexibility. You can install a new app to perform the phone functionality and manage contact lists instead of the stock stuff. If you want to. Another app might be more to your liking than standard stuff. This flexibility also has a price - because you can install an app to keep & manage your contact list, it is certainly also possible to install an app that uploads your contact list somewhere and then removes the local copy. If you don't want your phone 'managed' that way, don't install such an app then!

Caveat emptor - especially when installing an app that nobody has reviewed seriously - not even checked that it isn't obvious malware.

Re:Stupid traps for stupid people

[wardrich86]

You can report bogus apps and they will eventually be pulled.

You can't report bogus apps on sketchy sites to have them pulled.


I much prefer the lax security on Android - Google trusts that I know what I'm doing and allows me freedom over my device, whereas Apple assumes we are all morons and keeps us in a padded circle room and only lets us play with Idiot-approved applications.

Re:Stupid traps for stupid people

[Actually,+I+do+RTFA]

"Eventually get pulled" is a kludge for no real security.

I agree, i want to be trusted. But there should be a big difference between "I sideloaded an app" and "I ran an app in admin mode". there doesn't seem to be, security-wise.

Needs rooted phone

[Namarrgon]

Of course, users can't grant root access to anything, on a stock phone regardless of version. Only rooted phones would be potentially vulnerable, and all others wouldn't show an admin-access dialog at all.

This is on top of requiring the user to actually want to sideload an app called Porn'o'Rama in the first place, if that's what it was really called.

Re:Needs rooted phone

>This is on top of requiring the user to actually want to sideload an app called Porn'o'Rama in the first place

Do you have the link? It sounds great. Where is the side port on my phone to load it?

Re:Needs rooted phone

[Rei]

The permissions it needs are access to modify/erase files and the ability to lock the screen, both of which can be granted on non-root phones if the user confirms. This app uses a trick (that really shouldn't have been there in the first place... who thought that letting anything have higher window layering than the privilege window was a good idea?) to get users to agree to the privilege escalation without realizing it.

The main weakness of this app (apart from its ahem rather specific market) is that it requires side installation. That makes it only a minor threat. What I worry about is the day when someone finds a vulnerability that lets them install ransomware without user interaction via the ads that one finds in a large chunk of the free apps on the app store.

Re:Needs rooted phone

[Namarrgon]

If that's so, then I guess that limits the damage that can be done to /mnt/sdcard (which could still be enough). I'm surprised that unknown code can be downloaded and executed before the install privileges dialog has completed, though. Or am I missing something else?

At least it's a minor threat to mainstream markets, but I imagine it's aimed more at the vast and growing Chinese base, where sideloading and unvetted stores are the norm.

Re:Needs rooted phone

[Rei]

A description is in the article. The program uses a clickthrough overlay so that the user thinks that they're confirming something else when in reality they're confirming the permission escalation. They see the overlay, but it doesn't take clicks; they fall through to the hidden window underneath, the permissions dialog. After the user has unwittingly confirmed privilege escalation, then the encryption and locking begins.

Re:Needs rooted phone

[Namarrgon]

Yeah I got that part, but I was presuming the standard Android permissions dialog was shown before install, and was just curious as to how the program managed to raise a custom overlay so early. If it's talking about a later-stage specific permission escalation (e.g. SuperSU or as introduced in Marshmallow) while the app is already running, I can see how that works.

Only affects users who sideload

[tlhIngan]

If you stick with Google Play, you're safe from this.

It is only a problem if you side load apps from untrusted sources.

Re:Only affects users who sideload

I thought Google Play *WAS* an untrusted source...

Re:Only affects users who sideload

Yeah like we didn't see an AC posting that joke from about 6 light years away. What a noob.

Re:Only affects users who sideload

[allcoolnameswheretak]

Seriously, who downloads and installs an app called "Porn âOâ(TM) Mania" on his device?

I would say it's natural selection, unfortunately the offenders don't die.

Re:Only affects users who sideload

[allcoolnameswheretak]

Fucks sake. Will Slashdot, the self-styled site for GEEKS ever update to UTF? Drag your ass out of the stone age and get with the times man.

Re:Only affects users who sideload

[91degrees]

I'd imagine there's an overlap between the people who install that software, and the people who really don't want their browser history shared.

Re:Only affects users who sideload

[Trogre]

Some of us prefer to use FOSS repositories such as F-Droid.

Re:Only affects users who sideload

[WaffleMonster]

If you stick with Google Play, you're safe from this.

It is only a problem if you side load apps from untrusted sources.

There is a trusted source for apps?! Where??

Re:Only affects users who sideload

[Rei]

Seriously... it's so annoying I even set it to my sig. :P

Re:Only affects users who sideload

[tepples]

Will Slashdot, the self-styled site for GEEKS ever update to UTF?

No. The last time Slashdot tried Unicode, it led to moderation score spoofing. SoylentNews supports it though.

Re:No, not symantec.com again

Since I'm clicking the link in the summary to read 1 single post why would i want a clickbait / ad infested site over whats linked in the summary. symantec's simple post not infested by ads

trend of past 25 years... don't act surprised.

The overarching themes of the last 25 or so years of personal computing have been:

(1) Remove control from the owner of the device. Give said control to random web sites or the device or OS vendor.

(2) Dumb everything down. Hide what's really happening because "that'd be confusing".

(3) Reward bad behavior. Company locks you out of your own bootloader? Give them billions of dollars! Web site requires you run scripts just to view what could be static content? Reward them with popularity!

We're now reaping the rewards of these directions. Don't be surprised by the clusterfuck that is the smartphone world. This is the natural result of building a world based on ignorance and layers upon layers of obfuscation, designed for the most technically ignorant.

Re:trend of past 25 years... don't act surprised.

Wish I had mod points. Sums up the "evolution" of personal computing splendidly !

Dear friends and family...

[pla]

Dear friends and family... I look at porn. So do you. Deal with it.

Blackmail me now, suckah!

Re:Dear friends and family...

[Cro+Magnon]

Oddly enough, I don't think I've ever looked at pr0n on my phone. Now if they hacked my PC, that would be different.

Re:Dear friends and family...

Dear friends and family... I look at porn. So do you. Deal with it.
Blackmail me now, suckah!

To be truly safe from blackmail, you have to star in porn.

Re:Dear friends and family...

I don't look at porn, I have a boyfriend.

Re:Dear friends and family...

So you're a homosexual?

Re:Dear friends and family...

[CQDX]

Bet your boyfriend does... check your email

Re:Dear friends and family...

Oddly enough, I don't think I've ever looked at pr0n on my phone. Now if they hacked my PC, that would be different.

Get married. Then your phone will be your only porn outlet.

Re:Dear friends and family...

Not the same AC but, nothing says original AC isn't a girl.

Re:Dear friends and family...

The run-on sentence creating a non sequitur confirms it's not a guy.

Men are visual and like porn. There's no magic about a complex social construct like "having a boyfriend/girlfriend" that changes this. There is no requirement when posting AC to keep up appearances.

FWIW I look at porn more when I'm in a relationship because I'm sexually active. When I'm single, I don't pay so much attention to my sexual side. But I'll look at porn either way.

Re:Dear friends and family...

[truck_soccer]

Sounds like you married the wrong woman.

Re:Dear friends and family...

This is what confuses me.
Me, all my friends, and probably a bunch of my family, all look at adult content in some ways, or know each of them do

The only people this could possibly offend are prudish, overly-religious types.
Quite frankly, I couldn't give two shits about those people in the slightest as they are everything wrong with the world.
I'd rather have banker-abusing scum by the millions than have those types of people. They are insufferable, boring twats.

Re:Dear friends and family...

[mlheur]

When I was young I used to do a lot of stupid things that I didn't want to get caught at, which usually involved a lot of lying.

After getting caught in one such incident a wise young man taught me the only infallible way to never get caught - don't do it in the first place.

I've tried to live by this ever since, and as best I can recall, I've not done anything in the past 15 years where I'd be worried if anyone found out.  Sure there are some things I wont volunteer, but if word got out I'd still stand by my actions or at least own up to them.

Actually, thinking back, I have done things in the past 15 years where I didn't want to get caught, but I did anyways - so, whatever.

Re:Dear friends and family...

[squiggleslash]

But do they know what kind of porn you view?

Even in a society with no shame associated with viewing porn, which we're rapidly becoming (and why not?) a little privacy in that area is probably welcome for everyone, not just the porn viewer, but also those who really don't want to imagine what that viewer gets up to in private...

Re:Dear friends and family...

You'll probably regret saying that after we find out that you like bestiality and scat porn.

Rgrds,
Mom

Re:Dear friends and family...

I was young...I needed the money.

Re:Dear friends and family...

Wait, what's bad about abusing bankers?

Re:Dear friends and family...

Those of us with an exciting sex life don't need it.

You look at porn to fantasize. I'm probably the one living your fantasies.

Stupid people.

[truck_soccer]

Stupid people make stupid choices and get pwned. Details at 11.

Re:Stupid people.

Stupid people make stupid choices and get pwned. Details at 11.

You almost had it! In actuality, it's "Poor People, make poor choices and get pwned."

And bore my family and friends?

[BrianBeaudoin]

Those animals!

Incognito Mode

Share my browsing history all you want... I'm sure my friends will be shocked to know I visit google, ebay, and my bank. All the fun stuff stays in incognito mode.

Re:Incognito Mode

Share my browsing history all you want... I'm sure my friends will be shocked to know I visit google, ebay, and my bank. All the fun stuff stays in incognito mode.

Yea but if you are installing an app called "Porn 'O' Mania" your browser is probably suspect.....

Re:Incognito Mode

[fph+il+quozientatore]

I wonder if there is a Pavlov effect tied to it by now --- do many people nowadays get aroused at the mere sight of the Chrome Incognito Mode starting window?

Re:This is why I have an iphone

Says the Fandroid guy in a Android ransomware story.

Oh Shit

Folks are going to find out I surf Slashdot. I don't mind about the kiddie porn, but Slashdot? My reputation will be ruined 4ever.

Re:No, not symantec.com again

This is slashdot. Everyone uses NoScript. Symantec.com doesn't work without JS -- it's pure JS.

Softpedia is a spam site but this is slashdot. Slashdot readers already have multiple layers protecting themselves from ad-infested sites. It also works without enabling JS.

Captcha: chrome

Re:Flogging | tar & feathers

Come on. This guy is just a Reeesearcher looking to expose vulnerabilities.

Cut him some slack.

Re:This is why I have an iphone

[Coren22]

Says the Apple fan-boy acting like Apple has never had a single exploit.

So what?

I'm not going to parade my history out to my friends, but if they see something they don't like me doing and stop being my friends, maybe we're both better off. In any case I wouldn't pay jack or shit to anyone pretending it gives them some leverage over me.

Re:No, not symantec.com again

You forgot about other spam sites like CSO, HelpNet or The Stack. Some social media departments need to cut down on the links submitted here.

Plausible deniability.

Seems kind of silly.

Not a lot of people probably do anything embarrassing on their phones. So most people wouldn't care. But if you're going to do such a thing why not just make up fake "bad" sites the user visited and include those in a fake list. But if you're going to use a partially fake list, why not just use a wholly fake list? Or even if you want it to look authentic, if it's known you are including fake data the victim can plausibly just say "Oh, that's fake! I didn't go there!".

So no, I don't visit kinkymidget.com/crossdressers/ball-stomping 16 times a day. Malware is lying.

Re:Plausible deniability.

[neminem]

Entirely unrelatedly, the Kinkymidget Ball Stompers would make a great punk band name.

Re:No, not symantec.com again

lol, ad-infested... there are 3 ads on the softpedia page... you need to visit forbes.com once in a while

Re:This is why I have an iphone

Google just cant itself anymore

Re: This is why I have an iphone

Say the two numbnuts involved in an OS Holy War

If malware forwards me my friend's history...

[istartedi]

If malware forwards me my friend's browsing history, I would totally believe he went to all those sites, because there's no way a malware could possibly lie, or that a compromised machine could have been used as a proxy for some other agent. /s.

Re:If malware forwards me my friend's history...

I know, it's not very well thought through. Don't worry though, version 2.0 will film you fapping and post it to your snapchat.

Re: This is why I have an iphone

I'll have you know that I'm a Windows Fanboy, and you can all get off my fully-exploited mom^H^H^Hlawn.

Now it's an unholy war.

Be safe, follow my example.

[hey!]

I don't have any friends.

My boss once got a virus that emailed porn links

[tandavanadesan]

My boss once got a virus that emailed porn links to ask his contacts. When he realised what had happened he sent out an aplology, but said he was surprised at how many responseshe got before that said "thanks", " that's s good one", or returned the favour by sending porn links of their own.

Re:This is why I have an iphone

[malditaenvidia]

It is a shame that these are the only two serious options in terms of smartphones.

Get a cheap chinese smartphone as a canary

[John+Allsup]

Given how cheap you can get smartphones from China these days, get one of those, and try stuff out on that, rather than your main phone.

Context

[gatfirls]

It really, really matters with search history.

Example: Lot of people probably searched for 'ashley madison' when it was in the news. Now, to a spouse without the context of the time that would look really bad. And that's a tame example. Imagine the search queries you may use to look up a recent horrific crime in the news, you would probably use just keywords and the locale. Without context it would make you look pretty bad.

Re:Context

People don't know about incognito mode? Nothing from that (including history) is saved, so it doesn't matter what this ransomware is doing it cannot go back and dig up stuff that no longer exists...

Re:This is why I have an iphone

It is a shame that these are the only two serious options in terms of smartphones.

You think that's a shame? Wait until the election.

My browsing history

[Gaygirlie]

Oh, I'm sure all the people that know me would be absolutely terrified when they saw that.....I've spent most of my day surfing Hackaday, esp8266.com, Github, Orange Pi - forums and loading all sorts of specsheets. At least when they saw that I've been browsing Slashdot several times a day they'd permanently block me!

Re:My browsing history

Mike - is that you ?

Re:Flogging | tar & feathers

For the people who download and install random shady shit? Seriously, malware only affects idiots. This shit would never get anywhere near my gear.

Nah, just ask the AUS Gov we have it on tap

Bah, the Australian Government has it all on tap, just ask or offer to buy and you can have the entire history of the Australian public.
Big brother is not only alive and well in Australia, he's tapping into our TV camera and microphone.

Brave

This is why I'm doubting the new Brave browser's approach of keeping all your browser tracking local instead of being tracked by 3rd parties: your data is in one place on your computer, and subject to hacking attempts like this. I don't want all my tracking data _anywhere_.

mpaa and riaa

MPAA and RIAA officials having a field day on sending out statements to people whom alerted them of their counterfeiting .

share with friends?

Hah. I have no friends.

Re:Flogging | tar & feathers

[zieroh]

For the people who download and install random shady shit? Seriously, malware only affects idiots. This shit would never get anywhere near my gear.

Hahahahahaha!

Good one!

Popups and overlays

Browsers should never have allowed either one, and they should be blacklisted and removed from the web going forward. They are the primary way average computer users are tricked by scammers.

No reputable website NEEDS to pop-up a window, particularly one that can be decorated to look like a normal desktop window opened by the OS or some other application. Every example of overlays I seem to see recently is tied to some company advertizing or spying on people.... particularly all those facebook transparent overlays polluting non-facebook web pages all over the internet.

Does anybody here know when Mozilla made facebook no longer enforce the "block popups" option? Users used to be able to check that option and then get no popups, but checking the option on recent versions seems to have no effect.

One thing any computer user should ALWAYS be able to depend upon is that any window that pops up on his screen was put there by a local application, NOT by some remote code he does not even know exists, and any application that lets a remote application fake this (web browsers, this means YOU) should be considered malware.

MGLP!

[jandersen]

Oh Ghod, this is terribly! Just imagine what would happen to my nerd-creds if it was widely known that I don't watch any porn to speak of, that I sometimes approve of government control, when I feel it makes sense, and I'm not all that keen on having the latest, bleeding edge gadgets?

Re: Flogging | tar & feathers

Unless you are root, there is little you can do.

Re:Flogging | tar & feathers

I've been using and working with computers since before you were born and have never had a single one get infected with a virus or malware of any kind.

It boggles the mind how anyone could have that happen unless they went out of their way to make it happen and/or they are a complete moron.

How is this a threat?

[um...+Lucas]

By that, I mean, what's the difference between asking for money in order to not send your actual browsing history to your friends, or asking for money in order to not send a made up (and far more incriminating) browsing history to friends?

Seems like the writers could have skipped that step and still done just fine.

Loading Your Community Experience

[tepples]

All I get in Firefox is a black screen with light gray text saying "Symantec Connect Loading Your Community Experience". Checking the error console reveals a JavaScript error that "occurs when $compile attempts to fetch a template from some URL, and the request fails." If Symantec's web site is fragile enough to completely break when a JavaScript file fails to load, why should I trust Symantec with anything?

I do not agree.

[emil]

What is to stop an application from opening a socket to a trojan server, downloading a binary, writing it, chmod 700, then executing it?

Google might not recognize that malware for what it is until far, far too late.

And since the majority of Android devices are vulnerable to towelroot, that binary owns the phone.

A mass install of a popular app with such stealth malware could see thousands upon thousands of phones suddenly compromised, and there is nothing that Google can do.

Re:No, not symantec.com again

All I get is a blank screen.

Re:Flogging | tar & feathers

Flogging | tar & feathers

What? Are you admitting to your choice of porn up front?

Re:Flogging | tar & feathers

[Nehmo]

I've been using and working with computers since before you were born and have never had a single one get infected with a virus or malware of any kind.

It boggles the mind how anyone could have that happen unless they went out of their way to make it happen and/or they are a complete moron.

Impossible.

And since you must know that such a history is imposible, what's your point?

ransomware is the answer

[Nehmo]

In the news stories I've seen, when people hack into politician's accounts, they don't do anything creative with them. They simply expose the fact that the account was compromised, and maybe the hacker's funny screenname gets credit. The result is the politician gets accused of being sloppy and unsafe.

Now, I see ransomware is the answer. Politicians wouldn't want their porn history exposed.

Re:Flogging | tar & feathers

Well we now know that Nehmo is one of those morons with constantly virus infected machines.

Re:Flogging | tar & feathers

[zieroh]

I've been using and working with computers since before you were born

Unlikely at best and laughable at worst. I have been programming longer than most people whose names aren't Kernighan or Ritchie.

and have never had a single one get infected with a virus or malware of any kind.

The plural of anecdote is not data. Your one experience means less than nothing. The simple fact is that people continue to be infected by malware of all types on all platforms. This is not a debatable point.

It boggles the mind how anyone could have that happen unless they went out of their way to make it happen and/or they are a complete moron.

Right. Now you're just being stupid.