msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

06 May 12 NotCompatible Android Trojan; Spotify for iPad; Target Pulling Amazon Kindle


Security was top of mind on Wednesday, as Lookout Mobile Security reported that there are now hacked websites targeting Android devices with a new Android Trojan called NotCompatible, an attack vector previously only used to infect PCs with malware.

Lookout called the development “the first time hacked websites are being used to specifically target mobile devices.” Malware threats to Android phones in the past have largely come via apps.

In other news, just 5 percent of Android devices are running the latest version of the mobile operating system, Ice Cream Sandwich, according to stats released this week by Google.

Meanwhile, the streaming music service Spotify finally launched an iPad app. The Spotify for iPad app, which is now available in the App Store, lets users of Apple’s coveted tablet browse and play tracks from Spotify’s catalog of 17 million songs. iPad owners can enjoy the app for free during a 30-day trial, but will need to shell out $9.99 a month for a Spotify premium subscription to continue using it after the trial period.

And, if you’re in the market for a new Amazon Kindle, then don’t head to Target. The popular retailer confirmed yesterday that it will stop selling Amazon’s Kindle devices in the coming weeks. Kindle devices have already been pulled from the Target website. Searches for “Amazon Kindle” just bring up Kindle covers.

Also topping tech headlines on Wednesday:

For more from Angela, follow her on Twitter @amoscaritolo.

For the top stories in tech, follow us on Twitter at @PCMag.

Article source: http://www.pcmag.com/article2/0,2817,2403919,00.asp

Tags: , , , , ,

21 Apr 12 Proof-of-concept Android Trojan App Analyzes Motion Sensor Data to Determine …


A team of researchers from Pennsylvania State University (PSU) and IBM have designed a proof-of-concept Android Trojan app that can steal passwords and other sensitive information by using the smartphone’s motion sensors to determine what keys victims tap on their touchscreens when unlocking their phones or inputting credit card numbers during phone banking operations.

The Trojan horse is dubbed TapLogger by its creators and was designed to demonstrate how data from a smartphone’s accelerometer and orientation sensors can be abused by applications with no special security permissions to compromise privacy.

TapLogger was created by Zhi Xu, a PhD candidate in the Department of Computer Science and Engineering at PSU, Kun Bai, a researcher at IBM T.J. Watson Research Center and Sencun Zhu, an associate professor of Computer Science and Engineering at PSU’s College of Engineering.

Accelerometer and orientation sensor data are not protected under Android’s security model, and this means that they are exposed to any application, regardless of its permissions on the system, the research team said in a paper that was presented during the ACM Conference on Security and Privacy in Wireless and Mobile Networks on Tuesday.

The TapLogger application functions as an icon-matching game, but has several background components that capture and use data from the motion sensors to infer touchscreen-based user input.

When certain regions of the touchscreen are tapped during the normal phone operation, the device experiences subtle moves. For example, tapping somewhere on the right side of the touchscreen, will cause the phone to tilt slightly to the right.

These phone movements are picked up by the motion sensors and can then be analyzed to build patterns corresponding to specific tap events when performing certain actions, like when typing the screen unlock PIN or entering the credit card number during a phone call.

After installation, TapLogger runs in training mode and collects motion sensor data while the user plays the icon-matching game. This is necessary because tap-generated movements can be different for every phone and user.

After it has collected enough data, the Trojan app builds tap event patterns and starts using them to infer user input during targeted operations.

“While the applications relying on mobile sensing are booming, the security and privacy issues related to such applications are not well understood yet,” the researchers said in their paper, noting that other motion sensor-based attacks have been demonstrated in the past.

In August 2011, a pair of researchers from University of California proposed a similar attack and designed a concept application called TouchLogger to demonstrate it.

However, compared to TouchLogger, TapLogger uses additional orientation sensor readings and introduces the training mode for device-specific data. It also features stealth options and supports two practical attacks — inferring screen unlock passwords and credit card PIN numbers, the new Trojan’s creators said.

Another motion-sensor-based attack was presented in October 2011 by a research team from the Georgia Institute of Technology, who used data from an iPhone 4′s accelerometer and gyroscope to infer what was being typed on a computer keyboard positioned near the device.

Article source: http://www.pcworld.com/businesscenter/article/254170/proofofconcept_android_trojan_app_analyzes_motion_sensor_data_to_determine_tapped_keys.html

Tags: , , , , ,

20 Apr 12 Proof-of-concept Android Trojan uses motion sensor to determine tapped keys


IDG News Service - A team of researchers from Pennsylvania State University (PSU) and IBM have designed a proof-of-concept Android Trojan app that can steal passwords and other sensitive information by using the smartphone’s motion sensors to determine what keys victims tap on their touchscreens when unlocking their phones or inputting credit card numbers during phone banking operations.

The Trojan horse is dubbed TapLogger by its creators and was designed to demonstrate how data from a smartphone’s accelerometer and orientation sensors can be abused by applications with no special security permissions to compromise privacy.

TapLogger was created by Zhi Xu, a PhD candidate in the Department of Computer Science and Engineering at PSU, Kun Bai, a researcher at IBM T.J. Watson Research Center and Sencun Zhu, an associate professor of Computer Science and Engineering at PSU’s College of Engineering.

Accelerometer and orientation sensor data are not protected under Android’s security model, and this means that they are exposed to any application, regardless of its permissions on the system, the research team said in a paper that was presented during the ACM Conference on Security and Privacy in Wireless and Mobile Networks on Tuesday.

The TapLogger application functions as an icon-matching game, but has several background components that capture and use data from the motion sensors to infer touchscreen-based user input.

When certain regions of the touchscreen are tapped during the normal phone operation, the device experiences subtle moves. For example, tapping somewhere on the right side of the touchscreen, will cause the phone to tilt slightly to the right.

These phone movements are picked up by the motion sensors and can then be analyzed to build patterns corresponding to specific tap events when performing certain actions, like when typing the screen unlock PIN or entering the credit card number during a phone call.

After installation, TapLogger runs in training mode and collects motion sensor data while the user plays the icon-matching game. This is necessary because tap-generated movements can be different for every phone and user.

After it has collected enough data, the Trojan app builds tap event patterns and starts using them to infer user input during targeted operations.

“While the applications relying on mobile sensing are booming, the security and privacy issues related to such applications are not well understood yet,” the researchers said in their paper, noting that other motion sensor-based attacks have been demonstrated in the past.

In August 2011, a pair of researchers from University of California proposed a similar attack and designed a concept application called TouchLogger to demonstrate it.

However, compared to TouchLogger, TapLogger uses additional orientation sensor readings and introduces the training mode for device-specific data. It also features stealth options and supports two practical attacks — inferring screen unlock passwords and credit card PIN numbers, the new Trojan’s creators said.

Another motion-sensor-based attack was presented in October 2011 by a research team from the Georgia Institute of Technology, who used data from an iPhone 4′s accelerometer and gyroscope to infer what was being typed on a computer keyboard positioned near the device.

Article source: http://www.computerworld.com/s/article/9226421/Proof_of_concept_Android_Trojan_uses_motion_sensor_to_determine_tapped_keys?taxonomyId=144

Tags: , , , , ,

20 Apr 12 Android Malware Writers Exploit Instagram Craze to Distribute SMS Trojan Horse


In an attempt to take advantage of the popularity of free photo-sharing app Instagram among smartphone users, malware writers have created fake Instagram websites to distribute Android Trojan horses, according to security researchers from antivirus firms Sophos and Trend Micro.

Originally developed for Apple’s iOS devices, Instagram allows smartphone users to take photos, apply various digital filters to them and share the resulting images on social networking websites. There are over 30 million registered Instagram accounts as of April 2012, according to its creators.

At the beginning of April, an Android version of the app was released on Google Play and it was downloaded more than one million times during the first 12 hours.

The company that developed Instagram was acquired by Facebook for almost US$1 billion on April 12, which attracted the attention of the media and, as it usually happens with popular events, that of cybercriminals.

“We discovered a spoofed web page containing a rogue version of Instagram,” Trend Micro fraud analyst Karla Agregado said in a blog post on Tuesday. “The said web page mimics Instagram’s legitimate download page.”

The fake Instagram website contains text in Russian and distributes an Android Trojan horse that, once installed, sends SMS messages to premium-rate numbers without the phone owner’s authorization, said Graham Cluley, senior technology consultant at Sophos, in a blog post on Wednesday.

The rogue app’s installer, also called the APK, contains several pictures of a man that has been the subject of a photobomb-type meme in Russia. A large number of random images with this man’s picture digitally added into them can be found on Russian websites.

It’s not clear why the creators of this Android malware decided to include this photo into the malicious APK, but it isn’t the first time this has been done. In February, security researchers from Symantec reported about server-side polymorphic Android malware that contained the same picture.

“It’s quite likely that whoever is behind this latest malware campaign is also using the names and images of other popular smartphone apps as bait,” Cluley said.

Last week, security researchers from Sophos reported about a similar piece of Android malware that masqueraded as the new Angry Birds Space game in order to trick users into installing it on their phones.

Trend Micro researchers have seen several fake websites during the past few days that masquerade as download pages for popular games like Fruit Ninja, Temple Run or Talking Tom Cat, Agregado said. “Users are advised to remain cautious before downloading Android apps, specially those hosted on third-party app stores.”

Article source: http://www.pcworld.com/businesscenter/article/254078/android_malware_writers_exploit_instagram_craze_to_distribute_sms_trojan_horse.html

Tags: , , , , ,

16 Apr 12 Android Trojan Found on Apps in Japan: McAfee


New malware found in 15 Android apps
in the official Google Play marketplace should serve as a cautionary tale to
Android device users to pay attention to the permission requests that pop up as
an app is downloading, according to a researcher at antivirus software vendor
McAfee.

McAfee’s discovery of the
data-stealing apps also is an indication that Google’s new Bouncer security service, created to keep malware
out of the Google Play store, may not be able to catch everything.

In an April 13 post on McAfee’s official blog, Carlos
Castillo, a malware researcher with McAfee Labs, said the Android Trojan, aimed
at Android users in Japan, masqueraded as apps offering to display trailers of
upcoming Android video games or anime or Japanese adult videos.

According to Castillo, when the app
is downloaded and is about to be installed, two permissions are requested—one
to read the contact data on the Android device and the other to read the “phone
state and identity.” Neither of these permissions is needed for such
applications, he wrote, which should signal a warning to Android device users.

Once the permissions are granted,
users see a Web page indicating the trailer is loading. However, in the
background and unseen by the user, the malicious code takes sensitive
information from the device, including the Android ID, which Castillo said is a
64-bit number that is randomly generated the first time the Android device is
booted up and remains constant throughout the life of the device.

The “read phone state” permission
allows the malware to grab the phone number of the device, as well as the
names, phone numbers and email addresses of those people on the device’s
contact list. The information is then sent to a remote server and, if that is
successful, the malware requests a specific video be sent to the same server.
The video is then shown using a VideoView component, Castillo wrote.

If the information is not
successfully sent to the server—for example, the device is not connected to the
Internet—a message pops up in Japanese saying that an error occurred keeping
the video from loading, he wrote.

McAfee identified 15 apps from two
different developers that had been downloaded about 70,000 times, according to
Google Play statistics. All the apps have been removed from the Google Play
store, Castillo said. The vendor detected the Trojan as Android/DougaLeaker.A.

McAfee’s discovery of the Japanese
Android Trojan came around the same time that security software vendor Sophos
said it had discovered a Trojan horse masquerading as the popular Angry Birds Space game from
Rovio. In that case, the Android Trojan comes from apps downloaded from
third-party, unofficial Android app stores, not the official Google Play site.

With the rising popularity of
smartphones in general, the growing market share and open market for Android in
particular, devices with the Google operating system are coming under
increasing attack from scammers, according to a report released in February by Juniper Networks.

According to the report, while
malware specifically targeted at mobile operating systems in general—including
Android, Apple’s iOS and Research In Motion’s BlackBerry—grew 155 percent
between 2010 and 2011, the incidence of malware in Android jumped 3,325
percent.



Article source: http://www.eweek.com/c/a/Security/Android-Trojan-Found-on-Apps-in-Japan-McAfee-498128/

Tags: , , ,

16 Apr 12 Android Trojan distracts Japanese with anime and porn


Security experts are warning of yet more malicious applications found on Google’s official online apps market Play, this time designed to steal personal data in the background while promising to show trailers for Japanese anime, video games and porn.

McAfee malware researcher Carlos Castillo explained in a blog post that the new Android Trojan had been discovered in 15 applications on Google Play so far and downloaded by at least 70,000 users.

The malware, specifically designed to target Japanese users, is hidden in apps which show internet-based video trailers.

On installation, the malicious apps request the user grants them permission to read contact data and read phone state and identity which.

If granted by the user, this will enable them to pilfer Android ID, phone number and the victim’s entire contacts list including names, email addresses and phone numbers.

It will then attempt to send the data in clear text to a remote server and, if successful, will request a video from that same server to display, said Castillo.

“Due the privacy risk that these applications represent to Android customers, all of them have been removed from the market,” he cautioned.

“McAfee Mobile Security detects these threats as Android/DougaLeaker.A. Users should verify in the Google Play market prior installation that the application does not request permission to perform actions not related to its purpose.”

Google’s relatively open Android ecosystem has led to a huge surge in malware hidden in legitimate looking applications.

Apart from data-sucking Trojans, cyber criminals have looked to distribute apps containing premium dialler malware, SMS fraud Trojans and malware designed to turn a user’s handset into a bot.

Worryingly, two-thirds of Android anti-malware scanners are not up to the task, according to recent research from AV-Test.

The firm said that there are more than 11,000 strains of malware in the wild targeted at the platform – a figure growing at some pace. ®

Article source: http://www.theregister.co.uk/2012/04/16/japan_anime_adult_malware_android/

Tags: , , ,

15 Apr 12 Malware Masquerading as Angry Birds Game


Malware authors are using the popularity of the Angry Birds series of games as a way to infect the smartphones of users who download the exploit from unofficial Android app stores, according to a security software firm.

In an April 12 post on SophosLabs’ NakedSecurity blog, Graham Cluley said the Trojan horse masquerades itself as the Angry Birds Space game. When downloaded, the malware installs its malicious code onto the device.

“The Trojan horse, which Sophos detects as Andr/KongFu-L, appears to be a fully functional version of the popular smartphone game, but uses the GingerBreak exploit to gain root access to the device, and install malicious code,” Cluley wrote. “The Trojan communicates with a remote Website in an attempt to download and install further malware onto the compromised Android smartphone.”

Andr/KongFu-L is a known Android Trojan.

Once the malware is installed and the Android device compromised, cyber-criminals can then send instructions that will lead to more malicious code being downloaded or URLs to be displayed in the smartphone’s browser, he wrote.

“Effectively, your Android phone is now part of a botnet, under the control of malicious hackers,” Cluley wrote.

The Trojan that pretends to be the Angry Birds Space game from Rovio can be downloaded from third-party unofficial Android app stores, though SophosLabs did not name any of those stores. Cluley said the version of Angry Birds Space in the Google Play, Google’s official apps store—formerly called Android Market—is not affected by the malware.

Rovio also posted a warning on its Website about malware-infested versions of the game: “As you get ready to pop pigs in zero gravity, watch out for fake versions of Angry Birds Space, and make sure to download safe by getting the official game from Rovio.”

As smartphones increase in popularity with both enterprise users and consumers, they’re also becoming a growing target of cyber-criminals. According to a report released in February by Juniper Networks, malware specifically targeted at mobile operating systems more than doubled in 2011, growing by 155 percent across all platforms—including Apple’s iOS, Google’s Android, Research In Motion’s BlackBerry and Nokia’s Symbian.

Android saw the biggest leap in malware incidents, according to the Juniper report. Malware targeting Android grew 3,325 percent in the last seven months of 2011, and Android malware accounted for 46.7 percent of unique malware samples that targeted mobile platforms, followed by 41 percent for Java Mobile Edition.

According to Juniper, Android’s diverse and open marketplace—where developers can post their apps—and the platform’s growing market share made it an attractive target for cyber-criminals. It has almost half of the mobile operating system market, according to analysts.

“Hackers are incented to target Android, because there are simply more Android devices as compared to the competition,” Daniel Hoffman, chief mobile security evangelist at Juniper, said when his company’s report was released.

Hoffman said Google’s “Bouncer” service, which scans apps in the official Android market place and removes offenders, is making it more difficult for scammers to upload malicious apps. Bouncer, which began operating in the second half of the year, will “certainly help” reduce infection rates from downloads on the official market of known threats, he said.

Sophos’ Cluley said users of Android-based mobile devices need to take care when they decide to download an app.

“It feels like we have to keep reminding Android users to be on their guard against malware risks, and to be very careful—especially when downloading applications from unofficial Android markets,” he said.

 



Article source: http://www.eweek.com/c/a/Security/Malware-Masquerading-as-Angry-Birds-Game-574517/

Tags: , , , , ,