Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Targets All Android Phones — Except Those In Russia (csoonline.com)

Posted by timothy on from the talk-about-localization dept.

itwbennett writes: MazarBOT, a malware program that can take full control of Android phones, appears to be targeting online bank accounts. The malware has been seen advertised on Russian underground forums in the last few months and surfaced over the weekend. '[On] Friday, a swarm of SMSs were sent to random phone numbers in Denmark and likely elsewhere. The content of the SMS had the purpose of luring the recipient into clicking the provided link, which would serve up a malicious APK,' wrote Peter Kruse, an IT security expert and founder of CSIS Security Group. One interesting feature: 'MazarBOT will stop installing itself if it detects an Android device that is running within Russia,' writes Jeremy Kirk.

18 of 78 comments (clear)

  1. Obligatory by Anonymous Coward · · Score: 3, Funny

    In Soviet Russia, malware not target you

  2. Russia refuses to police their country by Anonymous Coward · · Score: 4, Insightful

    Why is it that so much malware and online crime comes from Russia? The country simply refuses to police themselves, even when things are obviously illegal. The overall effects are pretty severe to other countries. I'd support sanctioning Putin directly to prevent him from entering the EU. Then I'd also effectively cut them off from the internet by terminating any wired links between them and the EU while dropping all connections coming from IPs assigned to entities in Russia. Cutting Russia off from the internet to the best of our ability is really the only way to stop the excessive crime from that country.

    1. Re:Russia refuses to police their country by Anonymous Coward · · Score: 2, Funny

      The country simply refuses to police themselves

      They believe in freedom. They have an amendment to the constitution that deregulates malware writing.

    2. Re:Russia refuses to police their country by Archtech · · Score: 2

      "I'd support sanctioning Putin directly to prevent him from entering the EU".

      Wow, what a deterrent. That would really scare him.

      As a matter of interest, why would he want to enter the EU?

      --
      I am sure that there are many other solipsists out there.
    3. Re:Russia refuses to police their country by Anonymous Coward · · Score: 4, Insightful

      Why is it that so much malware and online crime comes from Russia?

      It isn't Russia specifically. I see enough malware coming from the US too.
      The thing that is new here is that the criminals have realized that neither country gives a shit about what happens to people in other countries. Russia isn't going to bother with criminals that doesn't hurt their own population and they aren't going to let foreign police dick around. This means that by only targeting population in other countries the criminals know that there won't be an investigation.

    4. Re:Russia refuses to police their country by Flavianoep · · Score: 4, Funny

      The Eurodisney is in EU.

      --
      Linux is for people who don't mind RTFM.
  3. And the fix for it is.... by tekrat · · Score: 4, Funny

    A patch for Android that makes all phones think they are in Russia!

    --
    If telephones are outlawed, then only outlaws will have telephones.
    1. Re:And the fix for it is.... by OzPeter · · Score: 2

      A patch for Android that makes all phones think they are in Russia!

      All your phone are belong to us?

      --
      I am Slashdot. Are you Slashdot as well?
  4. How is this even a thing? by Gumbercules!! · · Score: 4, Insightful

    Firstly, the link in the article above takes you to a site which has nothing at all in it about Android malware. It's completely about Linux malware that's injected via Windows machines. So what the hell is it doing in the article as the primary link?

    Then, if I understand correctly (based on the summary alone - because, you know, the primary linked article is clearly completely wrong), you'd need to:

    1. Get an SMS with a link in it.
    2. Click the link.
    3. Get redirected to a website (which Chrome doesn't block).
    4. Download an APK from that site.
    5. Attempt to sideload it.
    6. Realise you can't sideload it without disabling default security options (because the second link does indeed say that the user needs to manually install the APK).
    7. Go disable default security options.
    8. Sideload the APK.

    WHO THE FUCK FALLS FOR THIS SHIT?!?!

    Seriously? How the hell do people successfully find idiots who will do that kind of thing?

    1. Re:How is this even a thing? by LordWabbit2 · · Score: 2

      People who want stuff for free. It's amazing what loops people will jump through to save themselves a couple bucks.

      --
      There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
    2. Re:How is this even a thing? by Killall+-9+Bash · · Score: 3, Interesting

      Ever root your android phone? Because unless you really REALLY know what you're doing, you're just downloading things and following instructions (which is why I'm not bothering to root mine).

      People who root their phones are doing exactly this, although with (allegedly) non-malware payload.

      --
      "Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
    3. Re:How is this even a thing? by CaptSlaq · · Score: 3, Interesting

      Firstly, the link in the article above takes you to a site which has nothing at all in it about Android malware. It's completely about Linux malware that's injected via Windows machines. So what the hell is it doing in the article as the primary link? Then, if I understand correctly (based on the summary alone - because, you know, the primary linked article is clearly completely wrong), you'd need to: 1. Get an SMS with a link in it. 2. Click the link. 3. Get redirected to a website (which Chrome doesn't block). 4. Download an APK from that site. 5. Attempt to sideload it. 6. Realise you can't sideload it without disabling default security options (because the second link does indeed say that the user needs to manually install the APK). 7. Go disable default security options. 8. Sideload the APK. WHO THE FUCK FALLS FOR THIS SHIT?!?! Seriously? How the hell do people successfully find idiots who will do that kind of thing?

      Amazon is already priming the pump for this: Underground and Prime video require sideloading.

    4. Re:How is this even a thing? by gstoddart · · Score: 2

      WHO THE FUCK FALLS FOR THIS SHIT?!?!

      Apparently, quite a few people.

      Seriously? How the hell do people successfully find idiots who will do that kind of thing?

      For the same reason spam has never gone away, and all those scam calls everybody gets, it's simply a numbers game ... a 1-2% success rate can make it worth doing it. So, those people calling from "teh Microsoft Support", or "Rachael from Cardholder Services", or that "you've won a cruise", or that Nigerian prince scam ... if they didn't pay off, they'd have stopped by now. That they haven't pretty much says.

      The scammers and thieves have pretty much made incoming telephone calls, email, SMS, and in some cases people who come to your door as completely untrustworthy.

      The best thing I ever did for my parents as they started to use technology was to teach them to trust nobody, and assume there's a decent chance you're being lied to. Because the sad reality is, that's probably what's happening in a lot of cases.

      The world is full of crooks and thieves, and has just enough people who are a little too naive to keep them in business. When you can send this shit out by the millions, it doesn't take many people to make it profitable.

      --
      Lost at C:>. Found at C.
    5. Re:How is this even a thing? by Wrath0fb0b · · Score: 2

      I get what you're saying - but they're not rooting their phone with an APK they got, unsolicited, in an SMS, from a total stranger. They're rooting their phone with an APK they got from a site full of people they have at least some level of trust for.

      And that package is code-signed by whom?

      Because I'll grant that Cyanogen (or ...) deserves some trust. What's missing is the part where some entity verifies that the thing to be installed actually originated from the person(s) that are trusted.

    6. Re:How is this even a thing? by houghi · · Score: 2

      The same people who fall for 419 scams or any other of them. These people are stupid, like your gradma, your mom or your little sister or enough people who are not on /.

      Now how many do you need to make this profitable? For all I know, 1 or 2 can be enough to make a profit and that could be the cat playing with the device when the SMS comes in and presses it by accident.

      And are you REALLY surprised this happens? Then you must never have worked with security. Perhaps you have programmed security on systems, but that is not the same.

      Security in IT is a technical solution to a social problem and time and time again, IT tries to keep out that social part.

      Now why would an SMS work?
      1) People do not expect an SMS to be send by a virus, as the sender needs to pay (in Europe at least)
      2) They panick when they see it is from their bank and do not want to do anything bad.
      3) They follow the instrictions from their bank (they think)
      4) They have NO idea what APK is, means or whatever
      5) They have no idea what sideloading is and just follw the instructions
      6) They will keep following instructions, because they believe it is from their bank and they do not want to do anything bad against their bank.
      7) Still following their banks instructions
      8) Be happy that they did not piss of their bank.

      The majority of people will believe everything their bank tells them to do blindly, because they still think the bank has their best interest at heart. People trust others and for a good reason. Bad people abuse that trust.

      BTW, I know what I am talking about. I work for Microsoft and I noticed there is a Virus on your computer. Please give your number, so I can call you to solve this.

      --
      Don't fight for your country, if your country does not fight for you.
    7. Re:How is this even a thing? by shawn2772 · · Score: 2

      ...
      8. Sideload the APK.

      Don't forget, you also need to disable Verify Apps, the built-in malware scanner.

      WHO THE FUCK FALLS FOR THIS SHIT?!?!

      Hardly anyone, actually. Watch for the "State of Android Security" paper that should come out in the next few weeks for more detail, but the fact is that very, very few Android devices have any malware on them. Last year's numbers, IIRC, were on the order of 0.1% of devices, and that's with a pretty broad definition of "malware" ("Potentially Harmful Apps" is the term Google uses).

      Full disclosure: I work for Google, on Android security, though on platform crypto features, not on anti-malware efforts.

  5. Good Thinking! by Bob_Who · · Score: 2

    ...Clever Estonians

  6. Pot meet kettle by sjbe · · Score: 3, Insightful

    Why is it that so much malware and online crime comes from Russia?

    You could ask the same question about any large country including the United States. Russia in particular has a bit of the wild west going on and I think the authorities there might turn a blind eye if it negatively impacts rival countries.

    The country simply refuses to police themselves, even when things are obviously illegal.

    You mean like how in the US we have police straight up murdering black people without repercussions? Or how the NSA blatantly violates the constitution? Or how we imprison people in Cuba indefinitely without any trial? Yeah, Russia has some problems but it's not like our poop lacks odor...

    I'd support sanctioning Putin directly to prevent him from entering the EU.

    Umm, are you aware that Russia supplies much of the EU with huge amounts of oil and gas that cannot be gotten elsewhere quickly? All Putin has to do is shut off a key pipeline or two (which he has done a few times) and it gets awfully cold really fast in some parts of the EU. Furthermore actions like what you suggest are frankly kind of a juvenile response. Putin might be behind all of it (he isn't) but keeping the head of state of Russia arbitrarily out would accomplish very little and would actually do more harm than good in all likelihood.

    Cutting Russia off from the internet to the best of our ability is really the only way to stop the excessive crime from that country.

    No it really wouldn't.