Three new malware strains infect 20k apps, impossible to wipe, only affect Android

2456789

Comments

  • Reply 21 of 166
    lwiolwio Posts: 110member
    Quote:

    Originally Posted by markbyrn View Post

     

    I'm afraid we might have to raise the FUD flag.  It's very easy to determine if your device has been rooted and not that difficult to unroot the device and reinstall the firmware.  Claiming you have to replace the device is hysterical nonsense.  


    http://arstechnica.com/security/2015/11/new-type-of-auto-rooting-android-adware-is-nearly-impossible-to-remove/

     

    "If a user is comfortable enough to drop a fresh ROM on there it can be removed. But not every user has that level of sophistication. If you knew what to look for you could probably also remove the files manually with root and adb. Might need to pull down a few extra binaries such as chattrr."

     

    ?At a rough guess 99% of users wouldn't know where to start.

  • Reply 22 of 166
    rp2011rp2011 Posts: 159member
    The more we hear about android security flaws, the more its image may be irrecoverably tarnished to give way for MS or someone else to have a second shot as a viable alternative to the duopoly we have now. I wish nothing but the best for android but it is still difficult for anyone to ignore as we all put more and more dependence on smartphones as our main computers.
  • Reply 23 of 166
    Quote:
    Originally Posted by Lwio View Post

     

    http://arstechnica.com/security/2015/11/new-type-of-auto-rooting-android-adware-is-nearly-impossible-to-remove/

     

    "If a user is comfortable enough to drop a fresh ROM on there it can be removed. But not every user has that level of sophistication. If you knew what to look for you could probably also remove the files manually with root and adb. Might need to pull down a few extra binaries such as chattrr."

     

    ?At a rough guess 99% of users wouldn't know where to start.




    The quote you cited about manually removing the files suggests that an automated removal could be produced by an enterprising security app developer.  

  • Reply 24 of 166
    lwiolwio Posts: 110member
    Quote:

    Originally Posted by markbyrn View Post

     



    The quote you cited about manually removing the files suggests that an automated removal could be produced by enterprising security app developer.  




    Listen to what you are saying. This a phone people should not have to probably buy a removal tool. They should not have to watch a Youtube video with 21 steps or whatever to get their device back. They should not have to buy antivirus or malware or adware tools.

    It should not be happening in the first place.

    Android is a complete disaster on the Windows xp scale. 

  • Reply 25 of 166
    Quote:
    Originally Posted by Gatorguy View Post



    LOL! Talk about timing!



    Yes, it is time to cry "conspiracy", Gatorguy...

    Lol indeed.. (sigh)

    Another piece of double standard approach from you. Again.

    For some reason you didn't apply the same logic when talking about Xcode exploit...I wonder why...

    I think your image needs to be under "Hypocrisy" definition in a dictionary.

  • Reply 26 of 166
    chadbagchadbag Posts: 1,999member
    Quote:

    Originally Posted by markbyrn View Post

     

    I'm afraid we might have to raise the FUD flag.  It's very easy to determine if your device has been rooted and not that difficult to unroot the device and reinstall the firmware.  Claiming you have to replace the device is hysterical nonsense.  




    The average user doesn't unroot and reinstall firmware.  They go to the store and say it doesn't work, etc.  

  • Reply 27 of 166
    gatorguygatorguy Posts: 24,176member

    Yes, it is time to cry "conspiracy", Gatorguy...

    Lol indeed.. (sigh)

    Another piece of double standard approach from you. Again.

    For some reason you didn't apply the same logic when talking about Xcode exploit...I wonder why...

    I think your image needs to be under "Hypocrisy" definition in a dictionary.
    You need to go back to that thread and read it again then. You might understand it this time thru.
  • Reply 28 of 166
    sflocalsflocal Posts: 6,092member
    Quote:

    Originally Posted by markbyrn View Post

     

    I'm afraid we might have to raise the FUD flag.  It's very easy to determine if your device has been rooted and not that difficult to unroot the device and reinstall the firmware.  Claiming you have to replace the device is hysterical nonsense.  




    Right... because every Android user has the chops (simple or not) to just "unroot the device and reinstall the firmware".  For many, it's not worth the hassle on a $50 junk phone, $1 if it's running Android.

  • Reply 29 of 166
    gatorguygatorguy Posts: 24,176member
    sflocal wrote: »

    Right... because every Android user has the chops (simple or not) to just "unroot the device and reinstall the firmware".  For many, it's not worth the hassle on a $50 junk phone, $1 if it's running Android.
    Heck I wouldn't even attempt rooting, much less fixing it if it went wrong.
  • Reply 30 of 166
    Quote:

    Originally Posted by Gatorguy View Post





    You need to go back to that thread and read it again then. You might understand it this time thru.



    Why? Have you corrected your hypocrisy in your previous posts? Otherwise, why would I need to re-read those?

  • Reply 31 of 166
    Quote:
    Originally Posted by Gatorguy View Post





    Not fixed. So far about 300 apps removed. There's also some new variants of it out and about, no longer restricted to China, and the original researcher still communicating with Apple to mitigate issues.



    EDIT: This is the most recent security post about it.

    https://www.fireeye.com/blog/threat-research/2015/11/xcodeghost_s_a_new.html

    So, you have just ignored the fact that I pointed you to that the majority (90%+) of attempts that apps made to connect to servers were from iPhones Chinese Apps ONLY and the largest portion of those attempts went through university and school infrastructure (2/3 of all attempts)?

    In other words those were Chinese students in the US. Hence your point about "no longer restricted to China" has no leg to stand on. 

    Germany has a large Chinese student body as well, BTW.



     

  • Reply 32 of 166
    mac_dogmac_dog Posts: 1,069member
    well, that's one way to get their numbers up. i think i just saw an "android troll" tumbleweed blow across the bottom of my screen.
  • Reply 33 of 166
    froodfrood Posts: 771member
    Quote:

    Originally Posted by markbyrn View Post

     

      Claiming you have to replace the device is hysterical nonsense.  


     

    You do know who the author is?

  • Reply 34 of 166
    gatorguygatorguy Posts: 24,176member
    So, you have just ignored the fact that I pointed you to that the majority (90%+) of attempts that apps made to connect to servers were from iPhones Chinese Apps ONLY and the largest portion of those attempts went through university and school infrastructure (2/3 of all attempts)?

    In other words those were Chinese students in the US. Hence your point about "no longer restricted to China" has no leg to stand on. 

    Germany has a large Chinese student body as well, BTW.


     
    Um, that's not my claim. Read the research note that I got that from. The reason I offer links is so folks can read things for themselves. TBH the subject shouldn't have been raised in the first place as it distracts from what we're supposed to be discussing, Android exploits. We already have a thread with an ongoing conversation that includes it.
  • Reply 35 of 166
    MacProMacPro Posts: 19,718member
    gatorguy wrote: »
    Not fixed. So far about 300 apps removed. There's also some new variants of it out and about, no longer restricted to China, and the original researcher still communicating with Apple to mitigate issues.

    EDIT: This is the most recent security post about it.
    https://www.fireeye.com/blog/threat-research/2015/11/xcodeghost_s_a_new.html

    So to be clear, your only reason to spend so much time on AI is to jump to the defense of Google whenever required? Out of interest, do your typical pro Google and Android fan sites have Apple stooges that devote their entire working day monitoring and defending Apple? There might well be I just don't know since I wouldn't waste my time on a Google Android site.
  • Reply 36 of 166
    Quote:
    Originally Posted by Gatorguy View Post





    Um, that's not my claim. Read the research note that I got that from. The reason I offer links is so folks can read things for themselves.



    But it is, since it doesn't follow from their data - I have just demonstrated, why it is the case. Majority of those who have apps in the US and Germany are Chinese students. SO, if they carry their iPhones with them with apps that were compiled by XcodeGhost, how can one claim that it "got out of China"? Yes, the devices are here in the US, but they are noncontagious and also they can't even connect with severs, because update from the same malicious source is needed.

  • Reply 37 of 166
    gatorguygatorguy Posts: 24,176member

    But it is, since it doesn't follow from their data - I have just demonstrated, why it is the case. Majority of those who have apps in the US and Germany are Chinese students.
    Who are the others? Like i've already said we should continue this discussion in the thread we already started and not start another here. Way too many threads here get sidelined.
  • Reply 38 of 166
    idreyidrey Posts: 647member
    rp2011 wrote: »
    I try not to go overboard with these type of claims but my girlfriend loves her Note 5 but now I am planning on accidentally breaking it and replacing it with an iPhone 6 to make amends. Not because I'm paranoid or anything...

    Lol. Yeah you don't sound paranoid at all.
  • Reply 39 of 166
    Quote:
    Originally Posted by Gatorguy View Post





    Who are the others?



    Look at Figure in that report that shows which apps are producing 95%+ of all attempts. 

    Notice that all of those apps are named with chinese glyphs. Maybe you can INFER something from that? 



    Nah, of course you can't...



     

  • Reply 40 of 166
    gatorguygatorguy Posts: 24,176member

    Look at Figure in that report that shows which apps are producing 95%+ of all attempts? 

    Notice that they are even called with chinese glyphs? Maybe you can INFER something from that?


     

    *sound of head banging on table
Sign In or Register to comment.