Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sophisticated Bribe Scheme Gets Malware Onto Chinese Antivirus Whitelist

Posted by EditorDavid on from the black-hats-vs-white-hats dept.

An anonymous reader writes "Malware operators have bribed employees of a gaming company to bundle malware with their mobile apps." Because the app-maker reportedly had a good-faith agreement with China's biggest antivirus company, the apps were apparently whitelisted without a thorough check, according to Softpedia. They cite a report from Check Point which describes how attackers would later pretend to be shoppers on a popular Chinese site where pictures of the desired items are sent to sellers. "The seller would open the picture on a PC and become infected," writes Check Point, "because the Trojan would not be detected," and a subsequent request for a refund would deliver the login credentials for the seller's payment account.

"This example illustrates how important it is to avoid third-party stores and to instead at least rely on stores with more reliable security," argues Check Point. "But even still, stores like the App Store and Google Play aren't immune to threats."

20 comments

  1. Um... "Avoid 3rd Party Stores" except F-Droid! by Freshly+Exhumed · · Score: 3, Insightful

    Please don't lump in F-Droid with all the calls to avoid 3rd party app stores.

    --
    I deny that I have not avoided attaining the opposite of that which I do not want.
    1. Re:Um... "Avoid 3rd Party Stores" except F-Droid! by Dutch+Gun · · Score: 2

      Agreed, and I'd probably also exclude the Amazon store from being painted with that same brush. Malware infesting 3rd party Asian app stores isn't exactly news to someone who pays attention to these things. That alone accounts for a huge percentage of the malware found on Android devices.

      Still, as a general rule, I think it still holds. If someone don't know enough to make that evaluation for themselves, it's probably best for them to stick to the official store.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    2. Re:Um... "Avoid 3rd Party Stores" except F-Droid! by Anonymous Coward · · Score: 0

      it's probably best for them to stick to the official store.

      Umm... yeah.... the "official store" (aka Google Play) isn't available in China.

  2. Cyber-crime in China by Anonymous Coward · · Score: 0

    Cyber-crime in China puts even the Russians to shame

  3. then the 1st party app store needs no censorship by Joe_Dragon · · Score: 0

    then the 1st party app store needs no censorship (other then virus like code)

    No ban on emulators.

    Why not have an adults only part of the app store? They have rated R movies in there media store and music with explicit lyrics

  4. I love apps! by Anonymous Coward · · Score: 0

    All the ad sponsored flashlights a guy could ever dream of! Oh, not only that, there's ad sponsored flashlights too! Er ma Gerd, google stalks me everywhere I go too. It's so awesome.
    More apps! They are so useful.

    Did I mention the ad sponsored flashlights?

  5. Re:then the 1st party app store needs no censorshi by Anonymous Coward · · Score: 0

    Interesting idea, but I'm sure they'd charge premium prices though (that supply & demand thing) so getting an emulator or other advanced app would probably be costly.

  6. Mobile security is impossible? by Anonymous Coward · · Score: 0

    For desktops and servers, you can be reasonably secure (Gentoo Linux / OpenBSD while keeping a close watch on the software you have installed) and also protect yourself with an IDPS like snort and security focused extensions in your browser.

    On mobile, your choices are

    Android - permanently vulnerable across all versions due to a lack of security focus with both the system software and malicious apps
    jailbroken iOS - probably almost as vulnerable as Android
    non-jailbroken iOS - considered the most secure in the mobile world, but likely still vulnerable to state-level attacks and the state can at any time go full tyrant and literally round up Apple employees and their families and force them to assist at gunpoint

    And yes, the goal is to withstand and defeat both skids and state-level attacks. Plausible deniability with decoy encrypted partitions is preferred. I'm sure some absolutely wonderful person is going to reply to this with "YOU CAN NEVER BE SAFE FROM STATE LEVEL ATTACKS BECAUSE OF THE WRENCH ATTACK HURR DURR" and they should instead close their browser and visit reddit.

  7. chinese people by Anonymous Coward · · Score: 0

    If you ever met a chinese person you'll understand the lengths they go to earn money. it doesnt surprise me they did this

  8. FTFY by Anonymous Coward · · Score: 0

    This example illustrates how important it is to avoid anything to do with the goddam chinks.

    1. Re:FTFY by Anonymous Coward · · Score: 0

      The hilarious thing is that progressives will howl at you for saying this, even if you phrase it in a more diplomatic manner, while quietly following your advice.

  9. app names? by Anonymous Coward · · Score: 0

    so what are the names of the gaming company and apps?

  10. Wrong conclusion by enriquevagu · · Score: 3, Insightful

    Even after reading TFA, this example DOES NOT illustrate how important it is to avoid third-party stores.

  11. Misnomer by kbg · · Score: 1

    Chinese antivirus. That's like a nuclear waste company making food products or hiring a child molester as your babysitter.

    1. Re:Misnomer by Anonymous Coward · · Score: 0

      Chinese antivirus. That's like a nuclear waste company making food products or hiring a child molester as your babysitter.

      that's actualy a reality.....

  12. I expect... by Anonymous Coward · · Score: 0

    ...the persons using anti-virus software are the same ones practicing homeopathy.

  13. Apps that app other apps get apped! by Anonymous Coward · · Score: 0

    Apps!

  14. Hosts = better antivirus than antivirus by Anonymous Coward · · Score: 0

    APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.bing.com/search?q=%...

    Less power/cpu/ram+ IO use vs. local DNS servers + addons w/ less security issues vs. DNS + routers. Less complex vs firewalls (needing layered filtering drivers - hosts don't + firewalls block less used IP addresses, hosts block more used host-domain names) complimenting 'em. Antivirus = reactive. Hosts = FAR more proactive, blocking infection BEFORE you get it. Gets its data from 10 reputable security community sites.

    APK

    P.S. - Hosts get you more speed (hardcodes + adblocks) & faster vs. addons, security (vs. bad sites/dns security issues), reliability (vs. downed/poisoned dns), & anonymity (dns requestlogs/trackers) vs. other "so-called -solutions'" w/ what you natively have. Unlike Adblock/UBlock/Ghostery, hosts != blockable by ClarityRay/BlockIQ

  15. On the contrary by Anonymous Coward · · Score: 0

    People should ONLY use third party stores. The damage done by quasi monopolies is way worse than that done by malware.

  16. No GAPPS in China by wardrich86 · · Score: 1

    I may be mistaken, but I don't believe Google Apps (which includes the official Google Play Store) is not available in China, thus, they have to default to a bunch of shady back-alley app store sites instead.

    Admittedly, I haven't read TFA yet, but I'm really curious as to how loading an image manages to pull through and install a trojan.