Malware Targets All Android Phones — Except Those In Russia

itwbennett writes: MazarBOT, a malware program that can take full control of Android phones, appears to be targeting online bank accounts. The malware has been seen advertised on Russian underground forums in the last few months and surfaced over the weekend. '[On] Friday, a swarm of SMSs were sent to random phone numbers in Denmark and likely elsewhere. The content of the SMS had the purpose of luring the recipient into clicking the provided link, which would serve up a malicious APK,' wrote Peter Kruse, an IT security expert and founder of CSIS Security Group. One interesting feature: 'MazarBOT will stop installing itself if it detects an Android device that is running within Russia,' writes Jeremy Kirk.

Obligatory

In Soviet Russia, malware not target you

Russia refuses to police their country

Why is it that so much malware and online crime comes from Russia? The country simply refuses to police themselves, even when things are obviously illegal. The overall effects are pretty severe to other countries. I'd support sanctioning Putin directly to prevent him from entering the EU. Then I'd also effectively cut them off from the internet by terminating any wired links between them and the EU while dropping all connections coming from IPs assigned to entities in Russia. Cutting Russia off from the internet to the best of our ability is really the only way to stop the excessive crime from that country.

Re:Russia refuses to police their country

The country simply refuses to police themselves

They believe in freedom. They have an amendment to the constitution that deregulates malware writing.

Re:Russia refuses to police their country

[Archtech]

"I'd support sanctioning Putin directly to prevent him from entering the EU".

Wow, what a deterrent. That would really scare him.

As a matter of interest, why would he want to enter the EU?

Re:Russia refuses to police their country

Why is it that so much malware and online crime comes from Russia?

It isn't Russia specifically. I see enough malware coming from the US too.
The thing that is new here is that the criminals have realized that neither country gives a shit about what happens to people in other countries. Russia isn't going to bother with criminals that doesn't hurt their own population and they aren't going to let foreign police dick around. This means that by only targeting population in other countries the criminals know that there won't be an investigation.

Re:Russia refuses to police their country

When it comes from the US it isn't called malware, it's called freedomware, thankyouverymuch.

Re:Russia refuses to police their country

[Ritz_Just_Ritz]

I suspect that when Putin enters the EU, he'll do it in a tank. 1/2 :)

Re:Russia refuses to police their country

[Flavianoep]

The Eurodisney is in EU.

Re:Russia refuses to police their country

[DigiShaman]

Well, perhaps the Russian mafia that's behind these attacks have political connections too? Meaning, in the interests of Russia, why would they stop??!

Re:Russia refuses to police their country

[ultranova]

As a matter of interest, why would he want to enter the EU?

Putin's going to need asylum eventually. The whole reason he's causing trouble in Ukraine and Syria is that he's incapable of improving either Russia's or Russian's situation. He's trying to counter with the "you're under attack, rally under my banner, I'm kinda tough guy" gambit. It's backfiring due to the resulting economic sanctions making normal Russians even worse off, and even in the case of Putin managing to break the EU, the result will simply be that European countries will start regarding each other as potential enemies again, rearm, and leave Russia into dust due to it being demographically and economically far inferior.

Putin's a failure, and that is not something Russians tolerate in their leader.

Re:Russia refuses to police their country

[Runaway1956]

Putin - - - causing trouble - - - Ukraine - - -

Ukraine was content with it's normal corrupt government until the Cock brothers invested 14 billion dollars into destabilizing the country. That wasn't bad enough, but the Cock brothers installed a fascist government.

But, yeah, Putin is causing trouble. Got it.

Re:Russia refuses to police their country

[Bearhouse]

Brilliant. Let's go back to the Cold War and turn Russian into North Korea 2
Thus ensuring that the many, many decent and civilised Russian who rely on the Internet for objective news get walled-off like generations of poor bastards did behind the iron curtain.

Also, If NATO did precisely fucking nothing effective after the annexation of Crimea and the continuing atrocities in Ukraine and now Syria, do you really think they'll do something like you propose about Android Malware?

Re:Russia refuses to police their country

[Bearhouse]

Partially true.
The real reason for this is also that the best way to get "disappeared" in pretty much all of the former USSR, (you think Russia is bad - try Belarus), is to piss of either Putin and his cronies or the local mafia.
Often the same thing, of course.
Now, imagine if some boss or his arm candy gets hit by this thing; the authors are going to be found and put to death in some public and painful way pretty fast...

Re:Russia refuses to police their country

[edis]

They are already that, only much more. Whoever was following Russia's activities, taken in response of Ukraine trying to move westwards, could make very rich picture of their omnidirectional efforts to set this back. And with a chunk of "taken back" pieces of Ukrainian soil, they surpassed North Korea by far.

What NATO should do in a country, that is not even a member of that treaty yet? By unlucky chance, abused by Putin in very lucky manner.

Thieves they are.

Re:Russia refuses to police their country

[sociocapitalist]

Why is it that so much malware and online crime comes from Russia? The country simply refuses to police themselves, even when things are obviously illegal. The overall effects are pretty severe to other countries. I'd support sanctioning Putin directly to prevent him from entering the EU. Then I'd also effectively cut them off from the internet by terminating any wired links between them and the EU while dropping all connections coming from IPs assigned to entities in Russia. Cutting Russia off from the internet to the best of our ability is really the only way to stop the excessive crime from that country.

According to these sources, America was the leading source of attacks in 2015:
http://www.statista.com/statis...
http://www.enigmasoftware.com/...

So be careful what you ask for :-)

Re:Russia refuses to police their country

[superwiz]

You do know that the only reason Russia accused the protests in Ukraine of being fascist is to pre-empt the most obvious comparison between Putin and Hitler. Russia has a text-book to-the-letter fascist regime. Even if Ukraine had some neo-fascist parties (as most Eastern European countries do), they don't even register on the radar when it comes to elections. Putin's invasion of Georgia was already frequently invoking comparisons to Hitler's Czechoslovakia. Ukraine would have been to Putin what Austria was to Hitler: Austrian German is similar to German, similar majority ethnic group, a lot of internal sympathetic population, the comparisons continue. So they decided to confuse the issue by calling the protesters Nazis. This way anyone calling Putin's regime fascist doesn't look original anymore. But it's still by-the-book fascism.

Re:Russia refuses to police their country

[Runaway1956]

Whatever you say. I saw the images from Maidan. Skinheads, nazis, and white supremacists. I trust no one who has anything in common with Porkochenko, or that other damned fool from Georgia.

In this conflict, I'll side with the Russians. They may not be "good", but they are less evil than the Cock brothers and associates.

Re:Russia refuses to police their country

[superwiz]

Putin sells a lot more oil and wages wars around the world to continue selling oil than all the Koch brothers combined. Oh, there are movies showing people at maidan. I didn't see any skinheads. With so many sources of modern media, the fact that so few purported neonazis were even noticed says that you are way overexposed to a very small pre-selected amount of information. Because the non-skinheads completely dominate and drown out one or two skinheads that some Russian propaganda managed to find (and possibly place) in that crowd. Don't forget that the protesters weren't armed. And the only reason the president had to flee is that he lost all legitimacy after killing so many unarmed protesters. Oh, and "fool from Georgia"? Don't be naive. He is more intelligent and better educated than both Putin and Medvedev combined. He managed to turn Georgia into a western-style country despite the shambles that SU left it in and despite not having access to the kind of natural resources that Russia had and could have used to remake itself into a modern nation. Who is a bigger fool? Someone who raises a national from the dust? Or someone who manages to turn a nation of 50 million closest friends into 50 million bitter enemies?

Re:Russia refuses to police their country

[superwiz]

Honestly, I really don't get how you can bothered by a few crazies planted into a peaceful demonstration in Ukraine who were spouting xenophobic slogans, but you are ok with the RF government turning RF into a fascist state. Why do you care to hate enemies of RF if its biggest enemies are its own government. They are the ones who have turned the country into a prison again.

Question

[ajarin]

Is that right? owh.... what's kind of malware

And the fix for it is....

[tekrat]

A patch for Android that makes all phones think they are in Russia!

Re:And the fix for it is....

[OzPeter]

A patch for Android that makes all phones think they are in Russia!

All your phone are belong to us?

Re:And the fix for it is....

[FatdogHaiku]

Interestingly, the first link really talks mostly about Linux as a target, the word Android is not on the page.
I find this more disturbing than a phone attack... in an "all your base are belong to us" sort of way.

Re:And the fix for it is....

[Chris+Mattern]

All your phone are belong to us?

In Soviet Russia, you are belong to all your phones!

An old trick in a new world..

[evolutionary]

Here...phishy, phishy, phishy, phishy....

How is this even a thing?

[Gumbercules!!]

Firstly, the link in the article above takes you to a site which has nothing at all in it about Android malware. It's completely about Linux malware that's injected via Windows machines. So what the hell is it doing in the article as the primary link?

Then, if I understand correctly (based on the summary alone - because, you know, the primary linked article is clearly completely wrong), you'd need to:

1. Get an SMS with a link in it.
2. Click the link.
3. Get redirected to a website (which Chrome doesn't block).
4. Download an APK from that site.
5. Attempt to sideload it.
6. Realise you can't sideload it without disabling default security options (because the second link does indeed say that the user needs to manually install the APK).
7. Go disable default security options.
8. Sideload the APK.

WHO THE FUCK FALLS FOR THIS SHIT?!?!

Seriously? How the hell do people successfully find idiots who will do that kind of thing?

Re:How is this even a thing?

[LordWabbit2]

People who want stuff for free. It's amazing what loops people will jump through to save themselves a couple bucks.

Re:How is this even a thing?

[Killall+-9+Bash]

Ever root your android phone? Because unless you really REALLY know what you're doing, you're just downloading things and following instructions (which is why I'm not bothering to root mine).

People who root their phones are doing exactly this, although with (allegedly) non-malware payload.

Re:How is this even a thing?

[Gumbercules!!]

I get what you're saying - but they're not rooting their phone with an APK they got, unsolicited, in an SMS, from a total stranger. They're rooting their phone with an APK they got from a site full of people they have at least some level of trust for.

Re:How is this even a thing?

[CaptSlaq]

Firstly, the link in the article above takes you to a site which has nothing at all in it about Android malware. It's completely about Linux malware that's injected via Windows machines. So what the hell is it doing in the article as the primary link? Then, if I understand correctly (based on the summary alone - because, you know, the primary linked article is clearly completely wrong), you'd need to: 1. Get an SMS with a link in it. 2. Click the link. 3. Get redirected to a website (which Chrome doesn't block). 4. Download an APK from that site. 5. Attempt to sideload it. 6. Realise you can't sideload it without disabling default security options (because the second link does indeed say that the user needs to manually install the APK). 7. Go disable default security options. 8. Sideload the APK. WHO THE FUCK FALLS FOR THIS SHIT?!?! Seriously? How the hell do people successfully find idiots who will do that kind of thing?

Amazon is already priming the pump for this: Underground and Prime video require sideloading.

Re:How is this even a thing?

[gstoddart]

WHO THE FUCK FALLS FOR THIS SHIT?!?!

Apparently, quite a few people.

Seriously? How the hell do people successfully find idiots who will do that kind of thing?

For the same reason spam has never gone away, and all those scam calls everybody gets, it's simply a numbers game ... a 1-2% success rate can make it worth doing it. So, those people calling from "teh Microsoft Support", or "Rachael from Cardholder Services", or that "you've won a cruise", or that Nigerian prince scam ... if they didn't pay off, they'd have stopped by now. That they haven't pretty much says.

The scammers and thieves have pretty much made incoming telephone calls, email, SMS, and in some cases people who come to your door as completely untrustworthy.

The best thing I ever did for my parents as they started to use technology was to teach them to trust nobody, and assume there's a decent chance you're being lied to. Because the sad reality is, that's probably what's happening in a lot of cases.

The world is full of crooks and thieves, and has just enough people who are a little too naive to keep them in business. When you can send this shit out by the millions, it doesn't take many people to make it profitable.

Re:How is this even a thing?

[Big+Hairy+Ian]

There are plenty of idiots who fall for this kind of shit all the time they're called voters

Re:How is this even a thing?

[Wrath0fb0b]

I get what you're saying - but they're not rooting their phone with an APK they got, unsolicited, in an SMS, from a total stranger. They're rooting their phone with an APK they got from a site full of people they have at least some level of trust for.

And that package is code-signed by whom?

Because I'll grant that Cyanogen (or ...) deserves some trust. What's missing is the part where some entity verifies that the thing to be installed actually originated from the person(s) that are trusted.

Re:How is this even a thing?

[wbr1]

Many cheap Chinese tabs and phones come with sideloading security turned off. They also have adware baked in.

Re:How is this even a thing?

[jrumney]

Many of the tools, while they come from regular forum contributors who have built up a reputation for honestly giving owners control over their devices without any dirty tricks attached, are however hosted on some pretty awful ad-malware infested download sites. As long as you can check the GPG signature, you should be fairly safe with the rooting software, but you'd better make sure your browser is up to date and using ad-blocking before you download it.

Re:How is this even a thing?

[houghi]

The same people who fall for 419 scams or any other of them. These people are stupid, like your gradma, your mom or your little sister or enough people who are not on /.

Now how many do you need to make this profitable? For all I know, 1 or 2 can be enough to make a profit and that could be the cat playing with the device when the SMS comes in and presses it by accident.

And are you REALLY surprised this happens? Then you must never have worked with security. Perhaps you have programmed security on systems, but that is not the same.

Security in IT is a technical solution to a social problem and time and time again, IT tries to keep out that social part.

Now why would an SMS work?
1) People do not expect an SMS to be send by a virus, as the sender needs to pay (in Europe at least)
2) They panick when they see it is from their bank and do not want to do anything bad.
3) They follow the instrictions from their bank (they think)
4) They have NO idea what APK is, means or whatever
5) They have no idea what sideloading is and just follw the instructions
6) They will keep following instructions, because they believe it is from their bank and they do not want to do anything bad against their bank.
7) Still following their banks instructions
8) Be happy that they did not piss of their bank.

The majority of people will believe everything their bank tells them to do blindly, because they still think the bank has their best interest at heart. People trust others and for a good reason. Bad people abuse that trust.

BTW, I know what I am talking about. I work for Microsoft and I noticed there is a Virus on your computer. Please give your number, so I can call you to solve this.

Re:How is this even a thing?

[wkwilley2]

If they weren't out there, everyone in IT would be out of jobs and these problems woudn't exist.

We would actually have to talk about important things like how the government is screwing us everyday.

Re:How is this even a thing?

[tlhIngan]

Well, the "Allow non-market apps" checkbox is probably checked if the user uses Amazon or Humble Bundle apps, which require sideloading.

And rooting may be done by a user who finds they need to do it in order to install some APK they found on the web. Perhaps to avoid paying the 99 cents on the Play Store so they downloaded it elsewhere for free.

As for clicking the link to the APK and downloading/installing, it's trivial to do. There are categories of apps you can say the APK does that will get people to install it:
* Watch/view free porn
* Download apps for free
* Watch TV and movies for free
* Watch premium TV (HBO, etc) for free
* Download and watch YouTube videos offline
* Watch premium content for free
* [Latest hot game] download and play it for free
etc. etc. etc.

As a general lot, Android users are cheapskates - this from many developers who realize the only way to make money off Android is to put ads in apps because users will not pay for stuff. So telling them they can get the latest paid stuff for free gets you probably a good 30-50% of the population to install it.

Re:How is this even a thing?

[shawn2772]

...
8. Sideload the APK.

Don't forget, you also need to disable Verify Apps, the built-in malware scanner.

WHO THE FUCK FALLS FOR THIS SHIT?!?!

Hardly anyone, actually. Watch for the "State of Android Security" paper that should come out in the next few weeks for more detail, but the fact is that very, very few Android devices have any malware on them. Last year's numbers, IIRC, were on the order of 0.1% of devices, and that's with a pretty broad definition of "malware" ("Potentially Harmful Apps" is the term Google uses).

Full disclosure: I work for Google, on Android security, though on platform crypto features, not on anti-malware efforts.

Re:How is this even a thing?

[rsborg]

Firstly, the link in the article above takes you to a site which has nothing at all in it about Android malware. It's completely about Linux malware that's injected via Windows machines. So what the hell is it doing in the article as the primary link?

Then, if I understand correctly (based on the summary alone - because, you know, the primary linked article is clearly completely wrong), you'd need to:

1. Get an SMS with a link in it. ...
8. Sideload the APK.

  WHO THE FUCK FALLS FOR THIS SHIT?!?!

Seriously? How the hell do people successfully find idiots who will do that kind of thing?

I think you underestimate how easily the random user follows directions claiming to give them access to something they normally don't or shouldn't get (i.e., pirated content, pr0n, free money). Combine with strong restrictions from government, corporate or parental overlords and it's fairly easy to scam people to do all sorts of bad things for a free token (because part of the reaction is "fuck this, I deserve free shit")

Re:How is this even a thing?

[apoc.famine]

For the same reason spam has never gone away....it's simply a numbers game.

It is, but I don't think that it's the same numbers game you think it is. My unconfirmed suspicion (because I have no idea how you'd test this theory) is that spam doesn't work. However, it's cheap to send a shitton of it, and there's a fairly low barrier of entry.

Where I suspect spam makes its money is when sleazeballs see spam they, like you, think it's a number's game. At which point they decide to shell out some money to a spammer to spam something. Who is going to spread the word that they tried spamming and it didn't work? What spammer is going to publicize real click-rates?

Maybe one in a thousand spams doesn't actually get a click like many people think it does. But maybe one in 100,000, in a million, gets someone to believe it works enough to spend money on it. Is that enough to keep spam alive? The belief that it works?

Good Thinking!

[Bob_Who]

...Clever Estonians

Re:Good Thinking!

[Bob_Who]

The revenge against some imperialistic lunatics in Russia for wanting to side-load Estonia?

LOL.... That too!

I was thinking more like, "Putin won't care if we rob the west with malware so long as it never steals a ruble from the motherland."

It was more of a "don't poke the sleeping giant" sort of logic.

iPhone '70

[Thud457]

Just set your phone's system date to 1-1-1970. That way, it doesn't know the Iron Curtain has fallen, and the malwares thinks it can't get into your fone.

Pot meet kettle

[sjbe]

Why is it that so much malware and online crime comes from Russia?

You could ask the same question about any large country including the United States. Russia in particular has a bit of the wild west going on and I think the authorities there might turn a blind eye if it negatively impacts rival countries.

The country simply refuses to police themselves, even when things are obviously illegal.

You mean like how in the US we have police straight up murdering black people without repercussions? Or how the NSA blatantly violates the constitution? Or how we imprison people in Cuba indefinitely without any trial? Yeah, Russia has some problems but it's not like our poop lacks odor...

I'd support sanctioning Putin directly to prevent him from entering the EU.

Umm, are you aware that Russia supplies much of the EU with huge amounts of oil and gas that cannot be gotten elsewhere quickly? All Putin has to do is shut off a key pipeline or two (which he has done a few times) and it gets awfully cold really fast in some parts of the EU. Furthermore actions like what you suggest are frankly kind of a juvenile response. Putin might be behind all of it (he isn't) but keeping the head of state of Russia arbitrarily out would accomplish very little and would actually do more harm than good in all likelihood.

Cutting Russia off from the internet to the best of our ability is really the only way to stop the excessive crime from that country.

No it really wouldn't.

Re:This is why I own an iPhone

[MobileTatsu-NJG]

Pftbtbt... this isn't real malware because it requires side-loading, and everyone knows that's super dangerous so you should only use the wall^H^H^H^H store. Let's meet over in the next thread so I can tell you about how awesome Android is because you can sideload apps!

God Damn APK

This APK guy is a real problem. First he fucks up Slashdot with his spam and now he's highjacking Android phones all over the world? This is just unacceptable!

Re:Easy to block in hosts & firewalls... apk

[BronsCon]

It's downmodded because of who posted it. In this instance, I have to say it should be modded up because it's actually useful information (well, 2/3 of it) but, after a tiff with the poster which resulted in me losing a fair bit of karma, I don't have available mod points to correct it; had I not been stabbed in the back, this would not be the case.

Instead, I'll just post (and without the karma modifier that will get my post in front of more eyeballs) to suggest that those with mod points make the correction for the better of the community.

Re:This is why I own an iPhone

[BronsCon]

Sideloading is both perfectly safe and extremely dangerous at the same time. App I developed myself? Perfectly safe to sideload. Random app off the internet? Dangerous without implicit and properly-placed trust in the developer. App developed by my employer? Well, that depends on the employer and why they want me to install the app, but I'm probably safe there.

Don't open crap

[p51d007]

I block crap I don't know who its from, simple as that.