Three new malware strains infect 20k apps, impossible to wipe, only affect Android

1234579

Comments

  • Reply 121 of 166
    mstonemstone Posts: 11,510member

    So what is the net effect of the malware? Do users even notice their device is infected?

  • Reply 122 of 166
    tmaytmay Posts: 3,530member
    Quote:
    Originally Posted by Gatorguy View Post





    You're talking about devices not available to the general public? I'm not. Anyone can buy a Priv. Anyone can buy a BlackPhone. Both are available to the "general population". They're not in the least disingenuous choices IMHO.



    Regarding Blackberry's entry I'd probably wait for the second version myself.. In general brand new entries have come with growing pains. 2nd gen is normally a big improvement. From a security standpoint tho Blackberry does understand it and what it requires.

    An implementation isn't a device build, it is how it is incorporated into the environment, and though their may be third party customizations of iPhone to increase security, Apple only sells iPhones off the shelf, in one build per generation wrt security.

     

    By implication, your example of two devices would indicate that you aren't fully confidant that Android OS devices are uniformly secure, and security is in fact dependent on the device build, where I would argue that it is the implementation of device, apps and services that provides the realizable level of security whether that be Android OS or iOS devices.

     

    This implication plays out in the statement that Android "is a mess" for security; likely true based on the set of Google activated devices. 

  • Reply 123 of 166
    gatorguygatorguy Posts: 20,261member
    mstone wrote: »
    So what is the net effect of the malware? Do users even notice their device is infected?
    "Malware" is a a generic term used by antivirus companies to describe any type of software or code that exploits a computer or the data it has. On a smartphone this could be anything from harvesting your contact information unnecessarily, or worse undisclosed to the user, to location tracking to actual harmful processes like expensive Russian SMS messaging. Most folks wouldn't notice contacts being collected by that app they're using, but it's still considered malware.
  • Reply 124 of 166
    So much arguing over the semantics of 3rd party Android stores. It's irrelevant.


    The bottom line, as I stated previously, is that Android will NEVER approach iOS for security and will remain an utter mess for years to come. The only reason so many are nitpicking about these 3rd party stores or reminding us that Google Play devices have side loading disabled (until the user overrides it) is they don't want to discuss the OVERALL state of security in Android.

    Classic deflection by people trying to avoid the REAL issue. Android is a joke for security.

    I'll agree with you that Android as a whole is not as secure right now. Although, Never say never.

    Apple has also yet another new security hole as well.


    iBackDoor: High-Risk Code Hits iOS Apps
    https://www.fireeye.com/blog/threat-research/2015/11/ibackdoor_high-risk.html

    These potential backdoors could have been controlled remotely by loading JavaScript code from a remote server to perform the following actions on an iOS device:

    Capture audio and screenshots
    Monitor and upload device location
    Read/delete/create/modify files in the app’s data container
    Read/write/reset the app’s keychain (e.g., app password storage)
    Post encrypted data to remote servers
    Open URL schemes to identify and launch other apps installed on the device
    “Side-load” non-App Store apps by prompting the user to click an “Install” button

    As of November 4, we have identified 2,846 iOS apps containing the potentially backdoored versions of mobiSage SDK. Among these, we observed more than 900 attempts to contact an ad adSage server capable of delivering JavaScript code to control the backdoors. We notified Apple of the complete list of affected apps and technical details on October 21, 2015.
  • Reply 125 of 166
    ahmlcoahmlco Posts: 432member
    "The contaminated apps Lookout found were harvested from Google Play, infected with a payload and then republished on third party app sites enabled by Google's open app model allowing Android users to find and download apps from multiple stores "

    Sounds to me like someone was trying to get something for nothing and got more than they bargained for.

    "Let's see, should I buy Candy Crush on the Play store, or should I go to this other site and download a version uploaded by someone other than the original author... for free?"

    Now, some of you may try to jump in and point out that Play isn't available everywhere and that's true. But it IS available in United States, Germany, Russia, India, Jamaica, Sudan, Brazil, Mexico and Indonesia, all places where "high concentrations" of infection exist.
  • Reply 126 of 166
    maxitmaxit Posts: 212member
    Quote:

    Originally Posted by markbyrn View Post

     

    I'm afraid we might have to raise the FUD flag.  It's very easy to determine if your device has been rooted and not that difficult to unroot the device and reinstall the firmware.  Claiming you have to replace the device is hysterical nonsense.  


    good luck in explaining to my sister how to root her phone ....

     

    Quote:

    Originally Posted by Anton Zuykov View Post

     



    Yes, it is time to cry "conspiracy", Gatorguy...

    Lol indeed.. (sigh)

    Another piece of double standard approach from you. Again.

    For some reason you didn't apply the same logic when talking about Xcode exploit...I wonder why...

    I think your image needs to be under "Hypocrisy" definition in a dictionary.


    not so difficult to spot his behavior....

     

    Quote:

    Originally Posted by Gatorguy View Post





    You need to go back to that thread and read it again then. You might understand it this time thru.

    what is very easy to understand is your agenda here, dude ....

     

    Quote:

    Originally Posted by digitalclips View Post





    So to be clear, your only reason to spend so much time on AI is to jump to the defense of Google whenever required? Out of interest, do your typical pro Google and Android fan sites have Apple stooges that devote their entire working day monitoring and defending Apple? There might well be I just don't know since I wouldn't waste my time on a Google Android site.

    Nope. This only happens on Apple's based forums.

    Go to MacRumors, if you dare: even among moderators there are well known Apple bashers.

  • Reply 127 of 166
    MacProMacPro Posts: 18,139member
    maxit wrote: »
    good luck in explaining to my sister how to root her phone ....


    Nope. This only happens on Apple's based forums.
    Go to MacRumors, if you dare: even among moderators there are well known Apple bashers.

    Thanks for the intel, I know what you mean on MR, I gave up there along time ago for that treason. oops I mean reason ;)

    Good job pointing out the agenda of the stooges here. Newbies may be mislead otherwise!
  • Reply 128 of 166
    rayz wrote: »
    Wow that was desperate. The way you tried to shift blame away from Google in that last sentence was particularly cringeworthy.

    Your 'impartial informer' personae has taken a real beating in this thread, and it hasn't been pretty. :-(

    You need to be a little more selective when choosing which of Google's battles you want to fight. Steer away from the indefensible.

    You don't need to help him keep up the "impartial" personae. The forum regulars see right through it.
  • Reply 129 of 166
    gatorguygatorguy Posts: 20,261member
    maxit wrote: »
    good luck in explaining to my sister how to root her phone ....

    not so difficult to spot his behavior....

    what is very easy to understand is your agenda here, dude ...
    That usually works. If a point can't be disputed any further just attack the poster. Not the first time nor the last time for that as it can really be quite effective with the proper audience.

    Good usage.
  • Reply 130 of 166
    gatorguygatorguy Posts: 20,261member
    rayz wrote: »
    Your 'impartial informer' personae has taken a real beating in this thread
    I missed your post the first time thru but see it requoted.

    I don't pretend to be impartial. Off the top of my head I can't think of anyone truly impartial here, tho some of AI's oldest members do a pretty good job of looking past the party-line. I have a respectable relationship with many of them.

    I also don't recollect posting FUD (not the same as inaccuracy. Yeah I'm wrong sometimes.) nor have much tolerance for lazy regurgitation of obvious examples of it, at least obvious to anyone taking just a few minutes to look.

    IMO some of the worst offenders are the infrequent visitors who rush in, snipe, and disappear. I truly enjoy discussion with most of the daily regulars, learning a whole heck of a lot from them. Smart guys.

    In any event I think the points and not the personae is what should be important. If something that's claimed as fact actually isn't why should it be promoted as such, and if there's pertinent facts that aren't being mentioned they should be in general. The forum commenters as a rule have no trouble doing so on subjects like chipsets, storage media, device operations and the like. FUD doesn't usually raise it's ugly head until an Apple competitor is mentioned, and an article about one of them seems written and published here nearly every day, inviting bad behavior. More consistent critical thinking might help avoid much of that. I know we can all sometimes think we're the smartest guy in the room, but we'd all benefit from listening more. Me included.

    (BTW [@]EricTheHalfBee[/@], sorry for being so slow to listen earlier. Sincerely)
  • Reply 131 of 166
    Quote:

    Originally Posted by SirLance99 View Post





    I'll agree with you that Android as a whole is not as secure right now. Although, Never say never.



    Apple has also yet another new security hole as well.





    iBackDoor: High-Risk Code Hits iOS Apps

    https://www.fireeye.com/blog/threat-research/2015/11/ibackdoor_high-risk.html



    These potential backdoors could have been controlled remotely by loading JavaScript code from a remote server to perform the following actions on an iOS device:



    Capture audio and screenshots

    Monitor and upload device location

    Read/delete/create/modify files in the app’s data container

    Read/write/reset the app’s keychain (e.g., app password storage)

    Post encrypted data to remote servers

    Open URL schemes to identify and launch other apps installed on the device

    “Side-load” non-App Store apps by prompting the user to click an “Install” button



    As of November 4, we have identified 2,846 iOS apps containing the potentially backdoored versions of mobiSage SDK. Among these, we observed more than 900 attempts to contact an ad adSage server capable of delivering JavaScript code to control the backdoors. We notified Apple of the complete list of affected apps and technical details on October 21, 2015.

     

    Shall we go through these one by one?

     

    Capture audio and screenshots: If the App itself has permission granted to do these in the first place.



    Monitor and upload device location: Again, only if the original App had permissions for location allowed.

     

    Read/delete/create/modify files in the app’s data container: Got it. So it can modify data that ONLY IT has access to. Stays inside the sandbox.

     

    Read/write/reset the app’s keychain (e.g., app password storage): So it can read & reset its OWN password, not passwords of OTHER Apps.

     

    Post encrypted data to remote servers: Who are they trying to scare here? ANY App that sends data to a server can encrypt it before it's sent. Why didn't they just say "Can post data to remote servers"? Oh right, because adding the word "encrypted" suddenly makes it sound much scarier.

     

    Open URL schemes to identify and launch other apps installed on the device: So they can start another App. They can't CONTROL the other App, or get access to any of it's data. So are they going to RickRoll you by opening up a bunch of Apps?

     

    “Side-load” non-App Store apps by prompting the user to click an “Install” button: This doesn't work in iOS 9. You can no longer simply press "accept" on the TWO prompts Apple will give you when trying to side-load an App using an Enterprise Certificate. You now have to go into Settings and authorize the developer/certificate. It's much more work than previous iOS versions where you were presented with TWO warnings and had to accept them both. That is, if the certificate is even valid, since Apple routinely cancels certificates for developers abusing this ability.

     

    The last one brings us to a key difference between iOS and Android when side-loading Apps. On iOS you have to specifically authorize each and every developer (by accepting their Enterprise Certificate) before an App can be installed. These certificates are issued and controlled by Apple after a developer pays the $299 fee to become an Enterprise Developer and is issued a certificate. Apple can revoke a certificate, which removes the ability for that developer to try and fool people into installing their App. And at $299 a pop, this can get expensive if Apple keeps removing them and you have to keep creating new, fake developer accounts.

     

    With Android, any developer can create their own App, package it into an APK and make it available anywhere. On regular websites, 3rd party App stores, through an e-mail or even straight off an SD card (if your device still has one). And since they don't rely on any sort of certificate, Google can do nothing to prevent people from installing them. Once you go into Android Settings and enable the ability to side-load non-Google Play Apps the doors are wide open.

  • Reply 132 of 166
    The only people using 3rd-party app stores are either pirating apps or don't have access to Google Play. If you aren't downloading apps from a developer's official source, you are clearly putting yourself at risk. Just like with any cumming device.

    Also, most big name manufacturers have software tthat will flash a phone's firmware, which would solve the problem. No need to buy a new device.

    To the people who think their iPhone's walled garden is safer - the App Store was compromised multiple times. You aren't anymore or less safe. Also, Android is a walled-garden garden until the user DISABLES the Unknown Sources feature, which warns the user of potential software vulnerabilities when turned off.

    Finally, LookOut doesn't even state what level of threat these apps actually are. Rooting a phone isn't as easy as downloading an app. Every phone has a different firmware (even from the same manufacturer) and different vulnerabilities. And with SELinux and the malware scanner being on all phones on 4.3 , are newer phones even affected by this? Of course there are no details on this because the author is irresponsible and LookOut just wants people to use its crappy app lister.
  • Reply 133 of 166

    You're forgetting SELinux and the built in Malware scanner that Android uses to scan sideloaded applications. Lookout, of course does not take either of these into account.

  • Reply 134 of 166

    And once again, the user has to actually disable the "Unknown Sources" option manually. 

  • Reply 135 of 166
    jfc1138jfc1138 Posts: 3,090member
    Quote:

    Originally Posted by Dickprinter View Post

     



    But if an Android phone is the conduit/passthrough device, or the Android OS is the software method which enables the passage of information going in and out of China, wouldn't that be a threat?




    Not when the information itself is controlled.

  • Reply 136 of 166
    cajuncajun Posts: 95member
    Nov 6, 2015 (Mountain View, CA) -- Alphabet, Inc., announced today that their line of smartphones had been hit with a malicious strain of malware that was impossible to remove, once loaded onto the phone. The malware, known as "Android," has impacted all smartphones sold by Google and Samsung. As this malware is impossible to remove, the only known cure for it is for the consumer to throw their Google phone away and buy an Apple iPhone.
  • Reply 137 of 166
    nhtnht Posts: 4,429member
    Quote:

    Originally Posted by Gwydion View Post

     

    Still waiting one of those "localized Play Stores"


     

    I am as big a non-fan of DED as you can find but Play stores are regionalized/localized just like the App Store.  If you go into dev setting you can turn on "Allow mock location".  Then set your location to a different region.  You should see a different set of apps offered.  Or you can just use a VPN.  There are plenty of HowTos on youtube.

     

    The incidence of compromised apps in the Play Store probably differ by region just like it does for the Apple App Store.

     

    Also I have no clue what you and Gator are trying to prove with respect to alternate app stores.  It has been and remains a core feature of Android and there are 50 to 100 million users of alternative app stores outside of China.  Samsung phones come preloaded with the Samsung store (except on Verizon) and they are up to 14M monthly active users.

     

    http://gadgets.ndtv.com/apps/features/fortumos-sanjay-sinha-on-alternate-android-app-stores-and-carrier-billing-626133

     

    http://venturebeat.com/2015/10/30/how-samsung-is-fostering-growth-in-its-galaxy-apps-store/

     

    And of course there is China.  Baidu and Tencent dominate the Chinese markets....Baidu in overall share and Tencent in terms of gaming share.

  • Reply 138 of 166
    jfc1138jfc1138 Posts: 3,090member
    Quote:
    Originally Posted by cajun View Post



    Nov 6, 2015 (Mountain View, CA) -- Alphabet, Inc., announced today that their line of smartphones had been hit with a malicious strain of malware that was impossible to remove, once loaded onto the phone. The malware, known as "Android," has impacted all smartphones sold by Google and Samsung. As this malware is impossible to remove, the only known cure for it is for the consumer to throw their Google phone away and buy an Apple iPhone.



    I've read at multiple sources that "Android" is so virulent infected devices are infected when bought brand new right out of the box.... terrifying.

  • Reply 139 of 166
    gatorguygatorguy Posts: 20,261member
    jfc1138 wrote: »

    I've read at multiple sources that "Android" is so virulent infected devices are infected when bought brand new right out of the box.... terrifying.
    I read about a three-headed cat once. I wonder if that was true? I should check later.
  • Reply 140 of 166
    nhtnht Posts: 4,429member
    Quote:

    Originally Posted by ahmlco View Post



    "The contaminated apps Lookout found were harvested from Google Play, infected with a payload and then republished on third party app sites enabled by Google's open app model allowing Android users to find and download apps from multiple stores "



    Sounds to me like someone was trying to get something for nothing and got more than they bargained for.



    "Let's see, should I buy Candy Crush on the Play store, or should I go to this other site and download a version uploaded by someone other than the original author... for free?"



    Now, some of you may try to jump in and point out that Play isn't available everywhere and that's true. But it IS available in United States, Germany, Russia, India, Jamaica, Sudan, Brazil, Mexico and Indonesia, all places where "high concentrations" of infection exist.



    Candy Crush is free to play with in app purchases.  Most games are these days.

     

    A lot of regions use QR codes for app advertising and distribution.  Amazon does this as well:

     

    https://developer.amazon.com/public/community/post/Tx2DXEZFC64BT7Z/Using-QR-Codes-to-link-customers-directly-to-your-apps

     

    Most useful for store apps, museum apps, and such.

Sign In or Register to comment.