The firmware for Samsung’s Galaxy S III has leaked just over a week ahead of the device’s release. While you can’t flash the ROM to another phone just yet, developers are able to poke around inside and could be bringing elements of the TouchWiz Nature UX experience to a wider audience at some point. The first major finding to come out of the leak, however, is an APK for S Voice, Samsung’s Siri-style voice control application. It seems to work on any device running Android 4.0 — we tested the app on a Galaxy Nexus and a Sharp Aquos Phone, and got it up and running largely without issue barring a couple of crashes.
It’s clear that S Voice has been modeled very much in Siri’s image
Obviously, we don’t want to pass anything resembling a final judgement on leaked software that was designed for different hardware. It’s clear, though, that S Voice has been modeled very much in Siri’s image, right down to the near-identical microphone icon at the bottom. The software hooks into Android and lets you set calendar events, send messages to contacts, get Wolfram Alpha-powered answers to questions, find out weather forecasts, and so on. Voice recognition was mostly solid, but we had a few problems getting it to parse various names, and “The Verge” remains a common stumbling block for this kind of software. S Voice’s voice itself is a coldly mechanical female affair, some way away from Siri’s personable and slightly coquettish mannerisms (or indeed the dulcet male tones found in the British version).
It also seems that S Voice isn’t quite as attuned towards natural speech as Siri. For example, whereas Apple’s service will helpfully respond to vague statements like “I’m in the mood for Italian food,” S Voice won’t offer any advice beyond suggesting a web search. Even a more direct question like “Where’s a good Italian restaurant?” sends you to Google, and the tutorial advises using much less fluent syntax such as “Text Katie message are you free tonight for dinner.” S Voice doesn’t make much effort to indulge more esoteric queries, either, though it does at least tell you that the meaning of life is 42.
Overall, S Voice is the closest approximation of Siri we’ve seen (in English, at least), but it’s not quite as fluid — at least in its current form. We’re looking forward to giving it, and the rest of Samsung’s Nature UX, a fuller workout when we review the Galaxy S III itself.
Beware fake Chrome installers for Windows.
A file named “ChromeSetup.exe” is being offered for download on various websites, and the link to the file appears to be legitimately hosted on Facebook and Google domains. In reality, the software won’t install Google’s Chrome browser, but an information-stealing Trojan application known as Banker, according to antivirus vendor Trend Micro.
Once the malware–which appears to be targeting Latin American users, especially in Brazil and Peru–is executed, it relays the IP address and operating system version to one of two command-and-control (CC) servers, then downloads a configuration file. After that, whenever a user of the infected PC visits one of a number of banking websites, the malware intercepts the HTTP request, redirects the user to a fake banking page, and also pops up a dialog box informing the user that new security software will be installed.
In fact, the malware has been designed uninstall GbPlugin, which is “software that protects Brazilian bank customers when performing online banking transactions,” said Trend Micro security researcher Brian Cayanan in a blog post. “It does this through the aid of gb_catchme.exe–a legitimate tool from GMER called Catchme, which was originally intended to uninstall malicious software. The bad guys, in this case, are using the tool for their malicious agendas.”
[ Hacktivists take down the Kremlin's website in protest of Putin reelection. Read more at Anonymous Targets Russian Sites For Putin Protest. ]
Trend Micro gained access to a log file associated with the CC servers that were managing this strain of Banker and saw the number of PCs infected with the malware quickly multiply. “During the time the CC panel was analyzed … the phone-home logs jumped from around 400 to nearly 6,000 in a span of 3 hours. These logs are comprised of 3,000 unique IP addresses, which translates [into] the number of machines infected by the malware,” Cayanan said. But the CC servers–first spotted in use in October 2011–soon became inaccessible. That suggests that attackers were moving to new CC servers, he said, noting that whoever is behind Banker will likely continue to enhance the malicious application’s capabilities.
For now, however, Cayanan said Trend Micro was continuing to study the malware, noting that “the one missing piece” of information is how the malware “is able to redirect [users] from normal websites like Facebook or Google to its malicious IP, to download malware.”
In other malware news, GFI Labs is warning that a new piece of Android malware masquerades as free antivirus software. Advertised via Twitter spam promoting links to “sexi gerl see,” among other phrases, the malicious application has been available via websites sporting a dot-TK (.tk) address, which is the top-level domain name for Tokelau, a New Zealand territory in the South Pacific.
Clicking on the proffered Twitter link takes users to a Russian-language Web page–hosted in the Ukraine–that advertises numerous products, including fake updates for Opera and Skype, as well as an “Anit-Virus Scanner.” [sic] “Users who accessed and used this purported scanner are then given the option to download and install a file, which [varies] depending on whether the target is a PC or a phone,” said GFI Labs researcher Jovi Umawing in a blog post. Interestingly, the PC version–delivered as a Java archive file–will fail to execute. But the APK (Android application package) version will install on an Android device. The application’s Android icon, meanwhile, was copied from security firm Kaspersky.
Many security tools will have difficulty spotting the malicious APK file. According to Bulgarian antivirus researcher Vesselin Bontchev at FRISK Software, “the fake AV file is actually server-side polymorphic.” Polymorphic malware is designed to change every time it gets downloaded, which generates malware with identical attack capabilities but different fingerprints. That makes spotting the malware more difficult for signature-based security defenses.
“If you download it several times in a row, you’ll get different APK files,” said Bontchev. He said it’s also likely that the malware developer is updating the attack code every few days to make the malware more difficult to spot.
What’s the purpose of the Anit-Virus Scanner malware? As with most online attacks, blame the software on criminals trying to make a fast buck (or in this case, ruble). “If you went ahead and installed the app onto your mobile, it would attempt to send expensive SMS messages to premium rate services,” read a blog post from Graham Cluley, senior technology consultant at Sophos, who has also been studying the malware.
As with most malware, the fake antivirus scanner also has the ability to download and install further code from the Internet onto your Android smartphone, thus potentially allowing attackers to exploit devices, or the data they store, in numerous other ways.
Security information and event monitoring technology has been available for years, but the information can be hard to mine. In our SIEM Success report, we provide a step-by-step guide to make the most of your SIEM system. (Free registration required.)
Source: Trend MicroAdobe Flash Player users beware: A website that promises visitors a free copy of the download for all versions of Android is reportedly planting malware on smartphones running Google’s mobile operating system.
The infected web page used to distribute the malware was discovered in a number of Russian domains, wrote Karla Agregado, a fraud analyst with Trend Micro, in a recent company blog. A similar tactic emerged last month to infect Android phones with bogus copies of Angry Birds and Instagram.
When a visitor clicks the download button at the infected site, Agregado explained, a connection is made to another site that, without the guest’s knowledge, sends a malicious APK file to the mobile web surfer’s smartphone.
Once on the phone, the malware starts to secretly send text messages to premium numbers. This scam is a popular one among cyber criminals targeting Android phones. Symantec estimates in its most recent annual threat report that in 2011 some 18 percent of all mobile threats during the year involved premium SMS messages from infected phones.
“Malware that sends premium SMS text messages can pay the author $9.99 for each text and for victims not watching their phone bill could pay off the cyber criminal countless times,” Symantec noted.
Source: Trend MicroAgregado wrote that she identified a bunch of URLs hosted on the same IP address as the infected web site. “Based on the naming alone used in these URLs, it appears that Android is a favorite target for cybercriminals behind this scheme,” she said.
Mobile threats are a growing trend, increasing 93 percent in 2011 over the previous year, according to John Harrison, Symantec group product manager for endpoint threat protection and security technology and response.
“Malware authors are continuing to find ways to monetize a lot of these threats,” he told PCWorld. While mobile threats are small compared to desktop and laptop threats, he observed, “it’s a growing upward trend that we will continue to watch.”
Would you recommend this story?
Posting comment …
In an attempt to take advantage of the popularity of free photo-sharing app Instagram among smartphone users, malware writers have created fake Instagram websites to distribute Android Trojan horses, according to security researchers from antivirus firms Sophos and Trend Micro.
Originally developed for Apple’s iOS devices, Instagram allows smartphone users to take photos, apply various digital filters to them and share the resulting images on social networking websites. There are over 30 million registered Instagram accounts as of April 2012, according to its creators.
At the beginning of April, an Android version of the app was released on Google Play and it was downloaded more than one million times during the first 12 hours.
The company that developed Instagram was acquired by Facebook for almost US$1 billion on April 12, which attracted the attention of the media and, as it usually happens with popular events, that of cybercriminals.
“We discovered a spoofed web page containing a rogue version of Instagram,” Trend Micro fraud analyst Karla Agregado said in a blog post on Tuesday. “The said web page mimics Instagram’s legitimate download page.”
The fake Instagram website contains text in Russian and distributes an Android Trojan horse that, once installed, sends SMS messages to premium-rate numbers without the phone owner’s authorization, said Graham Cluley, senior technology consultant at Sophos, in a blog post on Wednesday.
The rogue app’s installer, also called the APK, contains several pictures of a man that has been the subject of a photobomb-type meme in Russia. A large number of random images with this man’s picture digitally added into them can be found on Russian websites.
It’s not clear why the creators of this Android malware decided to include this photo into the malicious APK, but it isn’t the first time this has been done. In February, security researchers from Symantec reported about server-side polymorphic Android malware that contained the same picture.
“It’s quite likely that whoever is behind this latest malware campaign is also using the names and images of other popular smartphone apps as bait,” Cluley said.
Last week, security researchers from Sophos reported about a similar piece of Android malware that masqueraded as the new Angry Birds Space game in order to trick users into installing it on their phones.
Trend Micro researchers have seen several fake websites during the past few days that masquerade as download pages for popular games like Fruit Ninja, Temple Run or Talking Tom Cat, Agregado said. “Users are advised to remain cautious before downloading Android apps, specially those hosted on third-party app stores.”
The release of an Android app and the $1 billion Facebook acquisition has put Instagram in the headlines of late, and not surprisingly, cyber scammers have already moved in to capitalize on this popularity.
Security firm Sophos identified several fake Instagram apps across the Web, which are intended to “earn money from unsuspecting users,” analyst Graham Cluley wrote in a blog post.
Cluley pointed to a Russian website that claimed to offer the Android version of the Instagram app. But “If you download your app from this site, rather than an official Android marketplace such as Google Play, then you are running the risk of infecting your smartphone,” Cluley wrote.
In testing the app, Cluley said Sophos found that the fake app was sending background SMS messages in order to earn revenue for its creators. Overall, it did a poor job of emulating the Instagram experience.
The malware in question on the app is known as Andr/Boxer-F.
The discovery comes shortly after Sophos also identified fake Angry Birds Space apps. “It’s quite likely that whoever is behind this latest malware campaign is also using the names and images of other popular smartphone apps as bait,” Cluley wrote.
Oddly, Sophos points out, the fake Russian Instagram app includes a photo of an unidentified man in the .APK file, who looks vaguely like Will Ferrell.
“Maybe the reason why his picture is included multiple times is to change the fingerprint of the .APK in the hope that rudimentary anti-virus scanners might be fooled into not recognizing the malicious package,” Cluley speculated.
On Google Play, formerly known as Android Market, there are a few apps that take advantage of the Instagram name – Instaroid, InstaPics, Instagram Heaven, and InstaG, among others – but none that appear to spoof it outright in the hopes of pulling in unsuspecting users.
Android malware was big news in 2011. Unlike Apple, Google does not have a strict approval process in place for its Android Market, and while that might make for a more open environment, it also makes the store vulnerable to some dangerous apps.
To address this issue, Google in February added a new layer of security to Google Play, dubbed Bouncer, that will scan apps for evidence of malware.
For more from Chloe, follow her on Twitter @ChloeAlbanesius.
For the top stories in tech, follow us on Twitter at @PCMag.
Article source: http://www.pcmag.com/article2/0,2817,2403207,00.asp
Developer redphx has released a Chrome extension that lets you download Android app files (.APK) directly onto your desktop. It hasn’t been impossible for Android users to get the files onto their computers before, but the new extension, called APK Downloader, makes it simple.
Why would you want to have the installation files for an Android app on your desktop and not your phone? Well, as seasoned Android users know, not all apps are available on all devices: you can’t find and download tablet apps for your phone, for example, and some apps are region locked. However, all apps are visible on the Android Market website, so with this extension you can easily download any app and then sideload it — something that’s especially helpful for Android devices that don’t have the Android Market, like the Nook Tablet and Kindle Fire.
The extension’s compatibile with Windows, OS X, and Linux, and when we tested the extension on a Windows 7 PC everything worked as advertised. It requires Chrome 17 or greater, and once you install the extension you need to make a quick change to your browser shortcut properties to disable SSL error warnings. Once you do that, you give the extension your Google account credentials (the developer invites you to check the source code to see that he isn’t collecting this information) and some information from your phone and then you’re good to go.
Update: The developer has removed the download link from his site after hearing that users might be able to download paid apps for free using the extension.