New Android "RAT" infects Google Play apps, turning phones into spyware zombies

2456710

Comments

  • Reply 21 of 186
    snovasnova Posts: 1,281member
    Quote:
    Originally Posted by mstone View Post

     
    Quote:
    Originally Posted by snova View Post

     
     Therefore, I am glad Google has acknowledged there is a challenge because they are the #1 target, and hopefully for the sake of their users they will step up the effort, even if it means being less "open".


    Toothpaste cannot be put back in the tube. Google unleashed Android on the world and they can't recall it.


    you can put toothpaste back into the tube, it just isn't pretty or very productive. It cheaper and less hassle to buy a new tube.   Not sure what this means for Google, but at least we have the toothpaste myth covered. ;-)

  • Reply 22 of 186
    nexusphannexusphan Posts: 260member
    Quote:
    Originally Posted by SolipsismX View Post



    RAT has got to be the best acronym for malware.

    Sure, they have gotten some security updates with the lateral move Google implemented, which is good, but does that mean that all the holes that are in version 2.3 are now closed as if they were running 4.4? And why have the different versions if the actual OS version doesn't mean anything? And what about the different API versions? 2.3 "Gingerbread is API Level 10 while 4.4 "Kit Kat" is API Level 19. Those have to mean something otherwise why have them at all?

     

    Yes. That's exactly how it works.

    This is truly an embarrassing article. It was on the Play store for a day and Google immediately remotely uninstalled it from any devices that had downloaded it (less than 50 BTW).

    It's insanely easy to avoid malware in Android. Don't use 3rd party app stores. The only reason this is even an issue is because of China. Google refuses to comply with Chinese government censorship requirements (as they rightfully should, unlike Apple) so they can't distribute the Google Play app store in China, thus the reason 3rd party app stores with malicious apps exist.

    Even if you install a malicious app from a 3rd party app store, you have to select continue after a pop-up notification warns you that the app you're trying to install was scanned and shown to contain malicious code.

  • Reply 23 of 186
    snovasnova Posts: 1,281member
    Quote:

    Originally Posted by NexusPhan View Post

     

    It's insanely easy to avoid malware in Android. 


    this is a great quote juxtaposed against the classic Steve Jobs' quote. 

  • Reply 24 of 186
    gatorguygatorguy Posts: 23,514member
    Android 2.3 has known vulnerabilities that Google is never going to patch. That, and every security and networking company of record on the subject has echoed what Juniper says (a pic even included in the story for you): majority of Android users are unpatched.

    You claimed "Most of these will never receive security updates" which is easily proven false. Granted there may be some vulnerabilities that go unpatched (do you have any example) but that's not at all the same as going overboard with "No security updates for you" scareware. Google has demonstrated it's commitment to protecting it's users while still allowing a high degree of customizing. I think they've done pretty well finding a middle ground that fills most of it's buyers needs while avoiding a hard lockdown of the ecosystem. Android was never intended to be an OS controlled from top to bottom by a single manufacturer.
  • Reply 25 of 186
    mstonemstone Posts: 11,510member
    Quote:

    Originally Posted by Dick Applebaum View Post

     
    How could these denial of service attacks be fended off?


    DDOS usually attacks web servers. We have been affected on several occasions when we were in a shared colo-datacenter. We had a gamer company on the same firewall/router that we we're on. When some hackers went after the gamer company we got DDOS too. We used to have our own mini datacenter but we opted for the big data center bandwidth and security. As it turns out we had to abandon that program because of DDOS on our neighbors. We brought everything in-house again. A lot more expensive but no attacks for the last year or two. Neighborhood is an accurate analogy. Difference between living in the city and out in the suburbs.

     

    When a data center gets attacked with DDOS they bring in the Cisco security team and try to identify the packet signature and set up an edge router rule to drop the request. This usually takes a couple hours. Once they have identified the packet they notify the upstream providers and start blocking it at the major peering points. Takes a long time and the damage is usually done by the time they get a handle on it.

  • Reply 26 of 186
    solipsismxsolipsismx Posts: 19,566member
    nexusphan wrote: »
    Yes. That's exactly how it works.
    This is truly an embarrassing article. It was on the Play store for a day and Google immediately remotely uninstalled it from any devices that had downloaded it (less than 50 BTW).
    It's insanely easy to avoid malware in Android. Don't use 3rd party app stores. The only reason this is even an issue is because of China. Google refuses to comply with Chinese government censorship requirements (as they rightfully should, unlike Apple) so they can't distribute the Google Play app store in China, thus the reason 3rd party app stores with malicious apps exist.
    Even if you install a malicious app from a 3rd party app store, you have to select continue after a pop-up notification warns you that the app you're trying to install was scanned and shown to contain malicious code.

    Just to be crystal clear, you're claiming that when they do these lateral updates via Google Play it also then updates the kernels and every bit of code for the Android OS so that it is no longer v2.3 but instead v4.4 in every way except name.
  • Reply 27 of 186
    dasanman69dasanman69 Posts: 13,002member
    Android 2.3 has known vulnerabilities that Google is never going to patch. That, and every security and networking company of record on the subject has echoed what Juniper says (a pic even included in the story for you): majority of Android users are unpatched. 

    It’s not in Google’s interest, nor that of the carrier or hardware maker, to create and distribute updates. All they want to do is ship volumes as broadly as possible, just like the PC makers who presided over the Windows Malware Era. 

    Google turned back the clock after iOS and promised a new world of exciting openness. It was wrong. Android’s "Open" has been a total failure across the platform. 

    Such a penchant for melodrama. The world didn't end with the malware magnet that was Windows XP, and it surely isn't going to end now.
  • Reply 28 of 186
    snovasnova Posts: 1,281member
    Quote:

    Originally Posted by Gatorguy View Post

     
    Quote:

    Originally Posted by Corrections View Post



    Android 2.3 has known vulnerabilities that Google is never going to patch. That, and every security and networking company of record on the subject has echoed what Juniper says (a pic even included in the story for you): majority of Android users are unpatched.




    You claimed "Most of these will never receive security updates" which is easily proven false. Granted there may be some vulnerabilities that go unpatched (do you have any example) but that's not at all the same as going overboard with "No security updates for you" scareware. Google has demonstrated it's commitment to protecting it's users while still allowing a high degree of customizing. I think they've done pretty well finding a middle ground that fills most of it's buyers needs while avoiding a hard lockdown of the ecosystem. Android was never intended to be an OS controlled from top to bottom by a single manufacturer.

    to be fair. most != none != some.   I guess we would have to quantify "most" as a percentage of Android marketshare. 

  • Reply 29 of 186
    solipsismxsolipsismx Posts: 19,566member
    mstone wrote: »
    You know Mythbusters actually used one of our products in their show. They called us up to ask permission. The show wasn't about our product, just that they used it to debunk something else.

    Which episode was this. I want to see if I can figure it out.
  • Reply 30 of 186
    Heh—be funny if it were called DEDroid. ;)
  • Reply 31 of 186
    dick applebaumdick applebaum Posts: 12,527member
    mstone wrote: »
     
    [CONTENTEMBED=/t/162893/new-android-rat-infects-google-play-apps-turning-phones-into-spyware-zombies#post_2483380 layout=inline]How could these denial of service attacks be fended off?[/CONTENTEMBED]
    DDOS usually attacks web servers. We have been affected on several occasions when we were in a shared colo-datacenter. We had a gamer company on the same firewall/router that we we're on. When some hackers went after the gamer company we got DDOS too. We used to have our own mini datacenter but we opted for the big data center bandwidth and security. As it turns out we had to abandon that program because of DDOS on our neighbors. We brought everything in-house again. A lot more expensive but no attacks for the last year or two. Neighborhood is an accurate analogy. Difference between living in the city and out in the suburbs.

    When a data center gets attacked with DDOS they bring in the Cisco security team and try to identify the packet signature and set up an edge router rule to drop the request. This usually takes a couple hours. Once they have identified the packet they notify the upstream providers and start blocking it at the major peering points. Takes a long time and the damage is usually done by the time they get a handle on it.

    Can you block/refuse access to your servers based on platform and OS version -- or can that be easily spoofed?
  • Reply 32 of 186
    gatorguygatorguy Posts: 23,514member
    snova wrote: »
    to be fair. most != none != some.   I guess we would have to quantify "most" as a percentage of Android marketshare. 

    Nearly all Android devices in use are 2.3 and newer, I think Google says something less than 1% are on anything older. The very latest Google Android security improvement, VerifyApps in the background, is available to every one of them on 2.3 and above.
  • Reply 33 of 186
    mstonemstone Posts: 11,510member
    Quote:

    Originally Posted by SolipsismX View Post

     
    Which episode was this. I want to see if I can figure it out.


    I'll ask. I never watched it. I was told by my administrative assistant that the upper management approved it.

  • Reply 34 of 186
    mstonemstone Posts: 11,510member
    Quote:

    Originally Posted by Dick Applebaum View Post

     
    Can you block/refuse access to your servers based on platform and OS version -- or can that be easily spoofed?


    I suppose but the routers are what is being overwhelmed and they don't really look at the port 80 header attributes. It is more of a byte/hex signature they can look for. But perhaps they can look deeper. The problem is that they don't want to look deeper because they are already being overwhelmed.

  • Reply 35 of 186
    snovasnova Posts: 1,281member
    Quote:
    Originally Posted by Dick Applebaum View Post



    Can you block/refuse access to your servers based on platform and OS version -- or can that be easily spoofed?

    Unfortunately, you can't prevent bandwidth usage if it requires no flow control.   They just clog up your pipe bandwidth and there is little you can do about it. Block it all you want to the final destination (if your router can handle the load), but the fact of the matter is quality of service of passing good packets into the network will be unusable.

  • Reply 36 of 186
    dick applebaumdick applebaum Posts: 12,527member
    snova wrote: »
    Can you block/refuse access to your servers based on platform and OS version -- or can that be easily spoofed?
    Unfortunately, you can't prevent bandwidth usage if it requires no flow control.   They just clog up your pipe bandwidth and there is little you can do about it. Block it all you want to the final destination (if your router can handle the load), but the fact of the matter is quality of service of passing good packets into the network will be unusable.

    Can this be addressed statistically – by the various hops along the path to the destination server?
  • Reply 37 of 186
    mstonemstone Posts: 11,510member
    Quote:
    Originally Posted by Dick Applebaum View Post

     
    Can this be addressed statistically – by the various hops along the path router?


    No. the first "D" in DDOS means distributed. It is coming from everywhere.

  • Reply 38 of 186
    dick applebaumdick applebaum Posts: 12,527member
    mstone wrote: »
     
    [CONTENTEMBED=/t/162893/new-android-rat-infects-google-play-apps-turning-phones-into-spyware-zombies#post_2483426 layout=inline]Can this be addressed statistically – by the various hops along the path router?[/CONTENTEMBED]
    No. the first "D" in DDOS means distributed. It is coming from everywhere.

    Is DDOS or DOS against the law?
  • Reply 39 of 186
    snovasnova Posts: 1,281member
    Quote:
    Originally Posted by Dick Applebaum View Post

     
    Quote:
    Originally Posted by snova View Post

     
    Quote:
    Originally Posted by Dick Applebaum View Post



    Can you block/refuse access to your servers based on platform and OS version -- or can that be easily spoofed?


    Unfortunately, you can't prevent bandwidth usage if it requires no flow control.   They just clog up your pipe bandwidth and there is little you can do about it. Block it all you want to the final destination (if your router can handle the load), but the fact of the matter is quality of service of passing good packets into the network will be unusable.




    Can this be addressed statistically – by the various hops along the path to the destination server?

    technically yes, however in practice upstream ISP's won't take care of this for you on your behalf. They won't alter their upstream filters to protect you downstream.  Its your problem. 

  • Reply 40 of 186
    snovasnova Posts: 1,281member
    Quote:
    Originally Posted by Dick Applebaum View Post

     
    Quote:
    Originally Posted by mstone View Post

     
    Quote:
    Originally Posted by Dick Applebaum View Post



     

    ?


    No. the first "D" in DDOS means distributed. It is coming from everywhere.




    Is DDOS or DOS against the law?

    people have gone to jail for it yes. Good luck catching them however as the attack normally comes from stolen account from Cloud servers (i.e. Amazon cloud services) or from end user devices on a botnet (i.e.  PC and smartphones). 

Sign In or Register to comment.