Slashdot Mirror

← Back to Stories (view on slashdot.org)

3-in-1 Android Malware Acts As Ransomware, Banking Trojan and Info Thief

Posted by timothy on from the now-how-much-would-you-pay? dept.

An anonymous reader writes: Why stop at asking ransom for encrypted files when you can also steal personal info, passwords, online banking credentials and credit card details, and sell it or use it to get even more money? Palo Alto researchers have recently analyzed Xbot, a Trojan that is capable of doing all the aforementioned things, and have found it mimicking 22 different Android apps.

25 comments

  1. Hah. by toonces33 · · Score: 5, Informative

    Good grief:

    The malware does encrypt files, but it does so by simply XORing each byte in all files by the fixed integer number 50. That means that the malware’s claims that the files can’t be decrypted without paying the ransom and receiving the decryption key is not true.

    1. Re:Hah. by inasity_rules · · Score: 2, Funny

      Stop reading tfa... What is this 1999?

      --
      I have determined that my sig is indeterminate.
    2. Re:Hah. by gstoddart · · Score: 2

      Really, you expect honesty from malware writers? :-P

      --
      Lost at C:>. Found at C.
    3. Re:Hah. by AmiMoJo · · Score: 1

      Yawn. Can we stop posting about Android malware unless it does something interesting? Yeah, we get it, a platform that gives you the freedom to install apps from outside the curated app store also gives you the freedom to shoot yourself in the foot. In other words, it's like every OS ever except for iOS.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    4. Re:Hah. by Jane+Q.+Public · · Score: 1

      iOS... you mean the one in which many useful apps aren't even possible because of the sandboxing.

      It really is a tradeoff. If you want a perfectly safe world, be prepared to give up a lot of freedom. Personally, I don't want a nanny OS. But that's just my preference.

    5. Re:Hah. by Khashishi · · Score: 1

      Such weak encryption. I would've doubled the security by doing a double XOR 50.

  2. Plus ça change.... by Bearhouse · · Score: 3, Insightful

    The actual article is here:

    http://researchcenter.paloalto...

    1. Re:Plus ça change.... by Anonymous Coward · · Score: 1

      Yeah, I went there also.
      Anyone see the list of the 22 apps?
      Me either.

  3. Why do people use Android? by Anonymous Coward · · Score: 0

    I know people like shiny things - but Android is a security nightmare. Really - friends don't let friends use Android.

    1. Re:Why do people use Android? by Anonymous Coward · · Score: 0

      I've been using Android for like 10 years and have never had an issue. Not only that, but I do not personally know anyone that has had an issue. I think most of these 'Android malware' things are just proof of concept stuff that cannot spread in the wild.

    2. Re:Why do people use Android? by Anonymous Coward · · Score: 0

      If you're careful which apps you download you don't really have any issues with it. Well, that and not randomly attaching yourself to every open wifi in the neighborhood.

    3. Re:Why do people use Android? by 110010001000 · · Score: 1

      100% correct. If you look more closely these "researchers" are actually Palo Alto Networks who will sell you a device that "protects" you from this. If you look at the threat it screams scam: there are .ru URLs where you need to enter your credit card information into all over the place. I doubt anyone would be dumb enough to fall for this.

    4. Re:Why do people use Android? by Crowd+Computing · · Score: 1

      I know people like shiny things - but Android is a security nightmare. Really - friends don't let friends use Android.

      I have read this so many times this doesn't even qualify as a good troll. Most operating systems nowadays are secure enough so long as you observe a number of commonsense security habits, like: Don't visit shady sites. If you have to, remember the old advice about not eating where you poop. Use a different device to browse porn and to bank online. Don't use a heavily modded or tampered device unless you absolutely know what you're doing. This includes the installation of "cracked" apps and root kits recommended by some pseudonymous forum member.

    5. Re:Why do people use Android? by JustAnotherOldGuy · · Score: 1

      ...there are .ru URLs where you need to enter your credit card information

      Oh yeah, that's something I'd do without hesitation, lol. No one in Russia would ever do anything bad with my credit card number.

      --
      Just cruising through this digital world at 33 1/3 rpm...
    6. Re:Why do people use Android? by gstoddart · · Score: 2

      I doubt anyone would be dumb enough to fall for this

      Yeah, about that:

      "No one ever went broke underestimating the intelligence of the American public."

      Turn that to "general public", and you see where we're at.

      These things work because people do fall for them.

      --
      Lost at C:>. Found at C.
    7. Re:Why do people use Android? by Anonymous Coward · · Score: 0

      The general public does fall for this stuff.

  4. Android 5.0 by Anonymous Coward · · Score: 0

    “While Android users running version 5.0 or later are so far protected from some of Xbot’s malicious behaviors, all users are vulnerable to at least some of its capabilities.

    Unfortunately, I have a Motorola Bravo with Android 2.2.2. Why don't I upgrade? Because Motorola won't let me.

    WTF, Motorola!

    Buy a new phone you say? Well, It's a hand-me-down from my wife and we spent $99 on it. It works OK for calls and gmail/Goggle voice - even though it's a bit flaky. I have better things to do with money than buy every new fancy shiny gadget that comes out. But I'm not their market.

    The smartphone market is for people who want the latest and greatest and waste their money on it.

    1. Re:Android 5.0 by phishybongwaters · · Score: 1

      Don't sideload apps from untrusted sources. 99.9% of your android problems cease to exist if you follow that 1 piece of advice. Sadly, being 2.2 (omg!!) you are pretty screwed regardless of how safe you play it, replace it dude, most companies offer trade ups and such, I'm not even saying stick with android, but something that old and unpatched is not worth the risk unless you literally use it for phone calls and phone calls alone.

    2. Re:Android 5.0 by Anonymous Coward · · Score: 0

      omg!!

      Fuck off, consumerist whore, I have a similar phone, but upgraded to 4.0.4- (cyanogenmod) and it runs beautifully, provided you don't install those massive 50Mb google services and other google "upgrades" to the original ROM apps.
      The last versions of the play store don't even show the package size!

      Death to M$ for killing the best phone manufacturer

  5. Banking info by Anonymous Coward · · Score: 5, Insightful

    If it steals banking info, it should automatically log in to your bank and pay the ransom itself.

    1. Re:Banking info by Anonymous Coward · · Score: 0

      That is so meta!! (How hipster was that)

  6. Most common non-techie response... by zarmanto · · Score: 0

    Outrageous! Who would be so incompetent as to let this happen?? Let's all switch from iPhones to Androids, immediately!

    Huh? It's Android that got hit, not iPhones? Oh. Right, than...

    (Delete, delete, delete...)

    Outrageous! Who would be so incompetent as to let this happen?? Let's all switch from Androids to iPhones, immediately!

  7. Hey Slashdot by Anonymous Coward · · Score: 0

    It would be more helpful at this point for you to post about software that isn't vulnerable, cause I haven't heard of any.

  8. Cut out the middle man ( you ) by Anonymous Coward · · Score: 0

    If they can steal your banking data they can 1: encrypt your files 2: transfer the money to themselves to pay the ransom 3: decrypt your files and 4: save everybody a lot of time.