msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

31 Dec 12 Android malware mimics Play, performs DDoS attacks, sends text spam


Android malware

Those of you with an Android device should be on the lookout — the security firm Dr. Web is warning users of a new trojan that disguises itself using the Google Play icon. Dubbed Android.DDoS.1.origin, the malware creates an application icon that looks just like the Google Play icon. When opened, the malware actually opens Google Play, helping disguise the malicious activity taking place in the background.

Google Play iconOnce Android.DDoS.1.origin is running, it attempts to connect to a remote server and sends the device’s phone number down the pipeline. If successfully connected, the device is now compromised, and remains in a state awaiting commands from whoever is on the receiving end of the phone number. The cyber hooligans can then make the compromised device send SMS messages, or perform DDoS attacks on a specified target.

Aside from having your device compromised and responsible for a DDoS attack, the criminals controlling the device could also run up SMS and data charges depending on how frequently they send messages and perform DDoS attacks. Of course, the frequency and intensity of this malicious activity could affect the performance of a compromised device, based on simple processor and memory allocations and usage.

At the moment, Dr. Web reports that how the trojan spreads is unclear, but is most likely spread through social media tactics, getting users to download the code themselves in some manner.

As one might expect of a security company, Dr. Web notes that users running Dr. Web products for Android will be protected from the trojan. If you aren’t cool with that, just pay attention to what you download, or don’t enable the feature that allows you to download apps that didn’t come from the Google Play store.

via Dr. Web


Article source: http://www.geek.com/articles/mobile/android-malware-mimics-google-play-performs-ddos-attacks-and-sends-text-spam-20121230/

Tags: , , ,

28 Dec 12 New Android malware uses Google Play icon to trick users, conduct DDoS …


A new trojan for Android has been discovered that can help carry out Distributed Denial of Service (DDoS) attacks. The malware is also capable of receiving commands from criminals as well as sending text messages for spamming purposes.

The threat, detected as “Android.DDoS.1.origin” by Russian security firm Doctor Web, likely spreads via social engineering tricks. The malware disguises itself as a legitimate app from Google, according to the firm.

Once the app is installed, it creates an icon that resembles the one for Google Play. Tapping this icon will still launch Google Play, reducing suspicion that something isn’t right.

android ddos2 New Android malware uses Google Play icon to trick users, conduct DDoS attacks and send spam texts

After it is launched, the trojan immediately tries to connect to its Command and Control (CC) server. If successful, it sends the victim’s phone number to the criminals and then awaits instructions sent by SMS. The malware has two main functions: attack a specified server (criminals send over its address and the port), and send a text message (criminals send over the message text and the number to which it should be sent).

When it receives a DDoS attack command, the malware starts to send data packets to the specified address. One user won’t be able to hurt a site single-handedly, but if criminals have got the malware onto enough Android devices, they could potentially take down a site if if a critical mass of infected phones and tablets target it at the same time.

When it receives a command to send an SMS, it immediately spams the recipient. The infected device can hurt its victims not just by significantly reduced performance, but by unexpected charges for accessing the Internet and sending text messages.

Doctor Web notes Android.DDoS.1.origin’s the code of is heavily obfuscated, meaning its creators want to hide its true function. This shouldn’t be too surprising given that the threat can clearly be used for attacking websites (for competitive reasons, political motives, and so on), spamming products, or simply generating revenues by sending large amounts of text messages to premium numbers.

It’s important to note that we haven’t seen any indication that this threat is spreading quickly or that it is being widely distributed. That being said, it is still interesting to see Android malware used as a DDoS attack tool.

See also – Android malware surged in Q3? Sure, but only 0.5% came from Google Play and Over 60% of Android malware steals your money via premium SMS, hides in fake forms of popular apps

Image credit: Ali A

Article source: http://thenextweb.com/google/2012/12/27/new-android-malware-uses-google-play-icon-to-trick-users-conduct-ddos-attacks-and-send-spam-texts/

Tags: , , ,

20 Dec 12 Samsung working to fix latest Galaxy S III exploit


Samsung says it’s working “as quickly as possible” to fix an exploit in some of its Android phones, which could allow hackers to gain total control over the device.

The exploit was first reported on the XDA Developers forums on Saturday, and attracted lots of attention from the tech press. It allows malicious apps to control all physical memory on the device, thereby allowing for remote wipes, access to user data and other malicious activities.

All Samsung Android phones based on Exynos 4210 and 4412 processors are vulnerable. As Android Central notes, that includes the Galaxy S II on Sprint, Galaxy Tab 2, Galaxy Note 10.1 and certain Galaxy Player models. International versions of the Galaxy S III, Galaxy Note and Galaxy Note II are affected, as well as U.S. versions of the Galaxy Note II, but U.S. versions of the Galaxy S III are not affected.

In a statement to Android Central, Samsung says it’s aware of the issue and is working on a software update to fix it. “Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices,” the company said.

No biggie, says Samsung

Although this exploit sounds pretty dangerous, Samsung says that “most devices operating credible and authenticated applications” won’t be affected. In other words, if you’re downloading trustworthy apps from the Google Play Store, you probably have nothing to worry about. (It’s unclear whether Google’s malware scanner, which examines all new apps in its store, is picking up on this new exploit.)

Still, the exploit doesn’t look good for Samsung, which just a few months ago had to scramble to fix another software vulnerability. That security flaw allowed attackers to remotely wipe phones running Samsung’s TouchWiz UI, using only a Web link with malicious code.

To be clear, these are security flaws in specific Samsung phones, not to be confused with general malware such as apps that send premium-rate SMS messages without permission. The common thread, however, is Android’s open app ecosystem, which allows users to install any software they want. While all Google Play Store apps must pass a malware check, the system isn’t foolproof. Neither is the new built-in malware scanner in Android 4.2 for apps from outside the store.

Which brings us back to the usual refrain: An occasional security threat is the byproduct of having that open ecosystem. That means users should take some basic precautions before downloading an app, like seeing how many users have downloaded it, and what they’re saying about it. As Samsung says, credible applications won’t pose any danger, even for this new exploit. But if a little extra care sounds like too much work, there’s always the iPhone or Windows Phone instead.

Article source: http://www.pcworld.com/article/2022295/samsung-working-to-fix-latest-galaxy-s-iii-exploit.html

Tags: , , , , ,

20 Dec 12 Attack Turns Android Devices Into Spam-Spewing Botnets


From an attacker’s perspective, malware doesn’t need to be elegant or sophisticated; it just needs to work.

That’s the ethos behind a recent spate of Trojan applications designed to infect smartphones and tablets that run the Android operating system, and turn the devices into spam-SMS-spewing botnets.

By last week, the malware was being used to send more than 500,000 texts per day. Perhaps appropriately, links to the malware are also being distributed via spam SMS messages that offer downloads of popular Android games–such as Angry Birds Star Wars, Need for Speed: Most Wanted, and Grand Theft Auto: Vice City–for free.

[ Anonymous hacks Westboro Baptist Church in aftermath of Connecticut school shooting. Read more at Anonymous Posts Westboro Members' Personal Information. ]

Despite the apparent holiday spirit behind the messages, however, it’s just a scam. “If you do download this ‘spamvertised’ application and install it on your Android handset, you may be unknowingly loading a malicious software application on your phone which will induct your handset into a simple botnet, one that leverages the resources of your mobile phone for the benefit of the malware’s author,” according to an overview of the malware written by Cloudmark lead software engineer Andrew Conway.

The malware in question uses infected phones “to silently send out thousands of spam SMS messages without your permission to lists of victim phone numbers that the malware automatically downloads from a command and control server,” said Conway. Of course, the smartphone owner gets to pay any associated SMS-sending costs.

An earlier version of the malware was discovered in October, disguised as anti-SMS spam software, but it remained downloadable for only a day. “Apparently using SMS spam to promote a bogus SMS spam blocking service was not an easy sell,” said Conway. Subsequently, the malware was repackaged as free versions of popular games, and the malware’s creator now appears to be monetizing the Trojan by sending gift card spam of the following ilk: “You have just won a $1000 Target Gift Card but only the 1st 777 people that enter code 777 at [redacted website name] can claim it!”

As with the majority of Android malware, the malicious apps can be downloaded not from the official Google Play application store, but rather from third-party download sites, in this case largely based in Hong Kong. In general, security experts recommend that Android users stick to Google Play and avoid third-party sites advertising supposedly free versions of popular paid apps, since many of those sites appear to be little more than “fakeware” distribution farms. But since Android users are blocked from reaching Google Play in some countries, including China, third-party app stores are their only option.

After installing the malware and before it takes hold, a user must first grant the app numerous permissions — such as allowing it to send SMS messages and access websites. Only then it can successfully transform the mobile device into a spam relay. Of course, people in search of free versions of paid apps may agree to such requests. Furthermore, “not many people read the fine print when installing Android applications,” said Conway.

If a user does grant the malware the requested permissions, it will transform their Android device into node, or zombie, for the malware creator’s botnet. At that point, the malware immediately “phones home” to a command-and-control server via HTTP to receive further instructions. “Typically a message and a list of 50 numbers are returned,” said Conway. “The zombie waits 1.3 seconds after sending each message, and checks with the CC server every 65 seconds for more numbers.”

Again, the Android malware used to build the accompanying SMS-spewing botnet isn’t sophisticated, but it does appear to be earning its creator money. “Compared with PC botnets this was an unsophisticated attack,” said Conway. “However, this sort of attack changes the economics of SMS spam, as the spammer no longer has to pay for the messages that are sent if he can use a botnet to cover his costs. Now that we know it can be done, we can expect to see more complex attacks that are harder to take down.”

Your employees are a critical part of your security program, particularly when it comes to the endpoint. Whether it’s a PC, smartphone or tablet, your end users are on the front lines of phishing attempts and malware attacks. Read our Security: Get Users To Care report to find out how to keep your company safe. (Free registration required.)

Article source: http://www.informationweek.com/security/attacks/attack-turns-android-devices-into-spam-s/240144988

Tags: , , , , ,

18 Dec 12 Android banking Trojans were in Google Play store


3 days

Mobile banking Trojans for Android devices, disguised as real banking apps, have made their way into the official Google Play store, where at least one was up until earlier this week.

Google

Once a user downloads and launches one of the malicious apps, which are all variants of the CitMo Trojan, the app prompts users to enter their phone numbers. Then users are asked to enter a 5-digit code they receive via text message.

Entering that code “authorizes” the app, which then hides text messages to and from financial institutions by creating two new files.

“The file ‘hide.txt’ will contain information about the numbers which must be hidden if an incoming SMS message is received from [them],” Kaspersky Lab expert Denis Maslennikov said in a blog posting.

“The file ‘view.txt’ will contain information about numbers which must be shown on the screen if an incoming SMS message is received from [them]. These actions are performed in order to hide all the activities related to the transfer of money stolen from a user’s account.”

Maslennikov added that one developer, listed as “Samsonov Sergey” (the names are likely reversed),  was responsible for at least three banking Trojans that made it into Android’s official app store, all with the exact same functionality.

To its credit, Maslennikov said, Google rid Google Play of the offending apps Thursday, the day after Kaspersky alerted it to the bugs.

These aren’t the first malicious apps to make it into Google Play, but the official store is much safer to buy from than “off-road” app markets.

No matter where its owner shops for apps, every Android device should have anti-virus software installed.

Copyright 2012 TechNewsDaily, a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

319 days


HTC security flaw lets malicious apps steal Wi-Fi passwords

4 days

Samsung Smart TV

Who’s watching whom? Camera-equipped TV can be hacked, says researcher

Close post

Article source: http://www.nbcnews.com/technology/technolog/android-banking-trojans-were-google-play-store-1C7615013

Tags: , , , , ,

17 Dec 12 Android flaw leaves Samsung vulnerable, users charge


A suspected fault in how Samsung Electronics has implemented the Android’s kernel in several of its devices could allow a malicious application to gain total control over the device.

The vulnerability was described on Saturday by the user “alephzain” on XDA Developers, a forum for mobile developers. It affects devices using the Exynos processor models 4210 and 4412. Alephzain wrote that the issue was a “huge mistake.” (See also “Mobile Malware: It’s bad now, but will be worse in 2012.”)


By Sunday, another developer on the forum, Chainfire, had posted an Android application package (.apk) file that will successfully exploit the vulnerability.

“You should be very afraid of this exploit,” Chainfire wrote. “Any app can use it to gain root without asking and without any permissions on a vulnerable device.”

Affected devices include versions of Samsung’s S2 and S3 mobile phones, the Galaxy Note and Note II, Galaxy Note Plus and Galaxy Note 10.1, according to the post by Chainfire.

Hackers have increasingly targeted the Android operating system, building applications that appear benign but can contain code that can steal data from a device or perform other malicious actions. Google has responded to the rise of malicious Android applications by implementing an automated scanner in its Play marketplace to detect malicious ones.

But unvetted Android applications abound around the internet, posing a risk to users. Security vendors have found malicious applications that send SMS messages to premium rate numbers and ones that intercept one-time passcodes for banking applications.

Samsung officials did not have an immediate comment.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Article source: http://www.pcworld.com/article/2020711/android-flaw-leaves-samsung-vulnerable-users-charge.html

Tags: , , ,

17 Dec 12 Carberp banking malware gang load SMS stealing apps to Google Play


Several malicious Android apps designed to steal mobile transaction authentication numbers (mTANs) sent by banks to their customers over SMS (Short Message Service) were found on Google Play by researchers from antivirus vendor Kaspersky Lab.

The apps were created by a gang that uses a variant of the Carberp banking malware to target the customers of several Russian banks, Denis Maslennikov, a senior malware analyst at Kaspersky, said Friday in a blog post.

Many banks use mTANs as a security mechanism to prevent cybercriminals from transferring money from compromised online banking accounts. When a transaction is initiated from an online banking account, the bank sends an unique code called an mTAN via SMS to the account owner’s phone number. The account owner has to input that code back into the online banking website in order for the transaction to be authorised.

In order to defeat this type of defense, cybercriminals created malicious mobile apps that automatically hide SMS messages received from numbers associated with the targeted banks and silently upload the messages back to their servers. Victims are tricked into downloading and installing these apps on their phones via rogue messages displayed when visiting their bank’s website from an infected computer.

SMS stealing apps have previously been used together with the Zeus and SpyEye banking Trojan programs and are known as Zeus-in-the-Mobile (ZitMo) and SpyEye-in-the-Mobile (SpitMo) components. However, this is the first time a rogue mobile component designed specifically for the Carberp malware has been found, Maslennikov said.

Unlike Zeus and SpyEye, the Carberp Trojan program is primarily used to target online banking customers from Russia and other Russian-speaking countries like Ukraine, Belarus or Kazakhstan.

According to a report in July from antivirus vendor ESET, Russian authorities arrested the people behind the three largest Carberp operations. However, the malware continues to be used by other gangs and is being sold on the underground market for prices between US$5,000 and $40,000, depending on the version and its features.

“This is the first time we’ve seen mobile malicious components from a Carberp gang,” Aleksandr Matrosov, senior malware researcher at antivirus vendor ESET, said Friday via email. “Mobile components are used only by one Carberp group, but we can’t disclose more details at the present.”

The new Carberp-in-the-Mobile (CitMo) apps found on Google Play masqueraded as mobile applications from Sberbank and Alfa-Bank, two of Russia’s largest banks, and VKontakte, the most popular online social networking service in Russia, Maslennikov said. Kaspersky contacted Google on Wednesday and all CitMo variants were deleted from the market by Thursday, he said.

However, the fact that cybercriminals managed to upload these apps to Google Play in the first place raises questions about the efficiency of the app market’s anti-malware defenses, such as the Bouncer anti-malware scanner announced by Google earlier this year.

“It seems that it’s not that hard to bypass Google Play’s defenses because malware continues to appear there regularly,” Maslennikov said via email.

Bogdan Botezatu, a senior e-threat analyst at antivirus vendor Bitdefender, believes that it might be hard for Google’s Bouncer to detect ZitMo, SpitMo or CitMo components because they are functionally similar to some legitimate applications.

“The mobile version of the Trojan is only responsible with hijacking the received SMS and forwarding its contents to a different recipient, and this behavior is also found in legitimate applications, such as SMS management apps or even applications that allow the user to remotely control their devices via SMS in the event they get stolen or lost,” he said via email. “SMS interception is a feature that is well documented on forums, along with sample code. If the same sample code is used both in malicious and legit applications, it would be even harder to detect and block.”

The ability to use Google Play to distribute SMS stealing apps offers advantages to cybercriminals, Botezatu said. First of all, some user devices are configured to only install apps obtained from Google Play. Also, users are generally less suspicious of apps downloaded via Google Play and pay less attention to their permissions because they expect the applications to be what their descriptions claim they are, he said.

Article source: http://www.computerworlduk.com/news/security/3416740/carberp-banking-malware-gang-load-sms-stealing-apps-google-play/

Tags: , , , , ,

17 Dec 12 Samsung devices vulnerable to dangerous Android exploit


A suspected fault in how Samsung Electronics has implemented the Android’s kernel in several of its devices could allow a malicious application to gain total control over the device.

The vulnerability was described on Saturday by the user “alephzain” on XDA Developers, a forum for mobile developers. It affects devices using the Exynos processor models 4210 and 4412. Alephzain wrote that the issue was a “huge mistake.”

By Sunday, another developer on the forum, Chainfire, had posted an Android application package (.apk) file that will successfully exploit the vulnerability.

“You should be very afraid of this exploit,” Chainfire wrote. “Any app can use it to gain root without asking and without any permissions on a vulnerable device.”

Affected devices include versions of Samsung’s S2 and S3 mobile phones, the Galaxy Note and Note II, Galaxy Note Plus and Galaxy Note 10.1, according to the post by Chainfire.

Hackers have increasingly targeted the Android operating system, building applications that appear benign but can contain code that can steal data from a device or perform other malicious actions. Google has responded to the rise of malicious Android applications by implementing an automated scanner in its Play marketplace to detect malicious ones.

But unvetted Android applications abound around the internet, posing a risk to users. Security vendors have found malicious applications that send SMS messages to premium rate numbers and ones that intercept one-time passcodes for banking applications.

Samsung officials did not have an immediate comment.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Article source: http://www.itworld.com/security/328303/samsung-devices-vulnerable-dangerous-android-exploit

Tags: , ,

15 Dec 12 Android banking Trojans were in Google Play store – Technology on NBCNews …


2 hrs.

Mobile banking Trojans for Android devices, disguised as real banking apps, have made their way into the official Google Play store, where at least one was up until earlier this week.

Google

Once a user downloads and launches one of the malicious apps, which are all variants of the CitMo Trojan, the app prompts users to enter their phone numbers. Then users are asked to enter a 5-digit code they receive via text message.

Entering that code “authorizes” the app, which then hides text messages to and from financial institutions by creating two new files.

“The file ‘hide.txt’ will contain information about the numbers which must be hidden if an incoming SMS message is received from [them],” Kaspersky Lab expert Denis Maslennikov said in a blog posting.

“The file ‘view.txt’ will contain information about numbers which must be shown on the screen if an incoming SMS message is received from [them]. These actions are performed in order to hide all the activities related to the transfer of money stolen from a user’s account.”

Maslennikov added that one developer, listed as “Samsonov Sergey” (the names are likely reversed),  was responsible for at least three banking Trojans that made it into Android’s official app store, all with the exact same functionality.

To its credit, Maslennikov said, Google rid Google Play of the offending apps Thursday, the day after Kaspersky alerted it to the bugs.

These aren’t the first malicious apps to make it into Google Play, but the official store is much safer to buy from than “off-road” app markets.

No matter where its owner shops for apps, every Android device should have anti-virus software installed.

Copyright 2012 TechNewsDaily, a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

316 days


HTC security flaw lets malicious apps steal Wi-Fi passwords

1 day

Samsung Smart TV

Who’s watching whom? Camera-equipped TV can be hacked, says researcher

Close post

Article source: http://www.nbcnews.com/technology/technolog/android-banking-trojans-were-google-play-store-1C7615013

Tags: , , , , ,

15 Dec 12 Android banking Trojans were in Google Play store – Technology on NBCNews …


2 hrs.

Mobile banking Trojans for Android devices, disguised as real banking apps, have made their way into the official Google Play store, where at least one was up until earlier this week.

Google

Once a user downloads and launches one of the malicious apps, which are all variants of the CitMo Trojan, the app prompts users to enter their phone numbers. Then users are asked to enter a 5-digit code they receive via text message.

Entering that code “authorizes” the app, which then hides text messages to and from financial institutions by creating two new files.

“The file ‘hide.txt’ will contain information about the numbers which must be hidden if an incoming SMS message is received from [them],” Kaspersky Lab expert Denis Maslennikov said in a blog posting.

“The file ‘view.txt’ will contain information about numbers which must be shown on the screen if an incoming SMS message is received from [them]. These actions are performed in order to hide all the activities related to the transfer of money stolen from a user’s account.”

Maslennikov added that one developer, listed as “Samsonov Sergey” (the names are likely reversed),  was responsible for at least three banking Trojans that made it into Android’s official app store, all with the exact same functionality.

To its credit, Maslennikov said, Google rid Google Play of the offending apps Thursday, the day after Kaspersky alerted it to the bugs.

These aren’t the first malicious apps to make it into Google Play, but the official store is much safer to buy from than “off-road” app markets.

No matter where its owner shops for apps, every Android device should have anti-virus software installed.

Copyright 2012 TechNewsDaily, a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

316 days


HTC security flaw lets malicious apps steal Wi-Fi passwords

1 day

Samsung Smart TV

Who’s watching whom? Camera-equipped TV can be hacked, says researcher

Close post

Article source: http://www.nbcnews.com/technology/technolog/android-banking-trojans-were-google-play-store-1C7615013

Tags: , , , , ,