It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

The Mother Of All Android Malware Has Arrived

page: 1
16

log in

join
share:

posted on Mar, 2 2011 @ 09:21 AM
link   
I am posting this for the members' attention since the android phones are becoming widely used, it appears that a company has inserted trojans into 21 apps. The apps have been removed, but in case some members may have missed this, I wanted to give you all a "heads up"


androidpolice.com

Openness – the very characteristic of Android that makes us love it – is a double-edged sword. Redditor lompolo has stumbled upon a perfect example of that fact; he’s noticed that a publisher has taken "… 21 popular free apps from the market, injected root exploits into them and republished." The really scary part? "50k-200k downloads combined in 4 days."
Lompolo explains the situation quite well:



The apps are listed at the source so those with those type devices can make sure their phones are free of this one.. A fix is in the works for those affected..

here's a related article for those interested..
www.digitaltrends.com...




posted on Mar, 2 2011 @ 09:45 AM
link   


The offending apps from publisher Myournet:
•Falling Down
•Super Guitar Solo
•Super History Eraser
•Photo Editor
•Super Ringtone Maker
•Super Sex Positions
•Hot Sexy Videos
•Chess
•下坠滚球_Falldown
•Hilton Sex Sound
•Screaming Sexy Japanese Girls
•Falling Ball Dodge
•Scientific Calculator
•Dice Roller
•躲避弹球
•Advanced Currency Converter
•App Uninstaller
•几何战机_PewPew
•Funny Paint
•Spider Man
•蜘蛛侠

Android Police

(just for quick reference)
edit on 3-2-2011 by rogerstigers because: (no reason given)



posted on Mar, 2 2011 @ 10:53 AM
link   
Here's more on what Android users should do if they have any of the 21 malicious apps..


dailytech.com

The other good news is that Google may be able to remove the offensive apps with its "remote kill switch". Google has already used this capability before to remove other Trojans.

Users should also be able manually remove the apps, though they may want to format their Android Phone to be on the safe side. To format your phone, go to Settings > Privacy > Restore Factory Settings (NOTE: You will want to back up your pictures, phone numbers, etc. first).




posted on Mar, 2 2011 @ 11:12 AM
link   
And this was just the work of a malicious hacker (or group), imagine what our governments are capable of doing, especially with the major providers in their corner (AT&T, Verizon, GE, Motorola, Google, Microsoft, etc.), you think they don't have their backdoors into your phone or computers? This is one place the paranoid has every right to be worried.

You have dedicated groups in Russia and China that do nothing but exploit these devices to gain your personal details and credit card numbers. Ever hear of the "Hang Up" gang? or the "Russian Business Network"? The information they steal from you ends up fueling the "carding" black markets, where identities and CC numbers are bought and sold.

I'm always appalled that consumers buy these devices and then put so much personal information in them.

Me, I'll stick with my prepaid throwaway phone. Go ahead and hack it, I don't even bother keeping a contact list in it.



posted on Mar, 2 2011 @ 11:24 AM
link   
It should be pointed out that all 21 of these identified Trojan apps are pirated clones of legitimate market apps. It is simple - if you don't want to pay for an app and go looking for free hacked versions, you get what you deserve.

AndroidSPIN
Google pulls market apps
The mother of all android malware
Google spikes 21 malicious apps



posted on Mar, 2 2011 @ 11:29 AM
link   
reply to post by JacKatMtn
 

Thanks.

I've been thinking about getting an android phone.

This is good information to be aware of.



posted on Mar, 2 2011 @ 03:08 PM
link   
reply to post by Arbitrageur
 


No problem... me? not into the new gadgety phone deal.. but I understand that plenty of folks are and have seen many members mentioning posting, browsing ATS via android devices.. so I wanted to make sure that they all could see this.. and keep their eyes open for the fix.

do not tell anyone but I do not text or use voicemail to me a phone is a phone






posted on Mar, 2 2011 @ 04:57 PM
link   
reply to post by EKron
 


I see no problem in obtaining software that you cannot afford, and most who enjoy it, will eventually fork out the cash for the software they enjoy after using an obtained copy.

Also, if you're not intelligent enough to find virus-free "software" for a smart phone, computer or anything of the likes, you shouldn't be pirating to begin with.



posted on Mar, 2 2011 @ 09:03 PM
link   
First of all, thanks for the heads-up, Mod/OP. I come here for all the latest news, and get it before MSM by 2 days, the local paper 3 days. Some stuff I find here never goes MSM. I love going into work and saying, "Hey, did you hear about *insert story here*, and they give you a blank look. Two days later they come back and say, hey, I heard about that *story*, and yadda, yadda, yadda. Fascinating.

Second of all, I had to chuckle when I read the title. Really? I thought for a few seconds, and delved whole-heartedly into the links provided. Half an hour later, I was still chuckling. Time to bring folks back to reality....

I do have a "smartphone". I am a geek. My first modem was a 300 baud hooked to an rs-232 port of a c-64. That was pre-internet days, and you dialed sites directly. It had 64kb of memory. I was 16. My, my, how things have changed.

My "smartphone" runs Android. I should be concerned, sweating the security of my data. I chuckle instead. I am an older geek now. I know how stuff works.

My "smartphone" is actually a 1ghz processor with half of a gigabyte of ram. It has a 8gb stock sdcard (down to 2.3 free) and I'm gonna upgrade soon to the maximum of 32gb. Call the sdcard a hard drive if you will, but when you consider the access times between physical and flash memory, there is no comparison, as flash memory is literally, lightning fast. It's a mini-computer with the ability to make phone calls. It has a touch screen interface. (I have a Tricorder app. Yeah, you can't be a geek without loving Star Trek.) It is more than just a mini-computer, because it also has other "non-standard" computer features.

My "smartphone" has an accelerometer and a magnetometer. It has built-in GPS, eliminating the need for a tom-tom. It has wi-fi, bluetooth, and someday 4g. It has Swype, which is in my opinion one of the crowning achievements of the Technology Age. It's an Evo 4g by Sprint. Verizon has the clone and they call it the Thunderbolt, to be released soon. Regardless, they pack a punch, and they adhere to certain guidelines.

They run an operating system, called Android. The OS is on a flashable ROM chip. You can change your flavor of OS. The OS is open-sourced, meaning free, and meaning anyone can change it. If you know how.

Malware: Malicious software. Software designed by the programmer to cause subverted behavior. It's does something you, the end-user, didn't agree to. A program. One that is run on an OS.

To install malware on your "smartphone" requires you to tap a few spots on your touch screen. It is sooooo easy to install an app. To remove it is just as easy. Longpress on the app, then drag it to the remove icon. I have run many apps in and out of my "smartphone", never ever ever worrying about a trojan, malware, or a virus. There's a reason for this.....

Safeguards. I rooted my phone, did a backup and installed a custom ROM, (not playing favorites here, but you COULD google Azrael), and then created a Nandroid. I have a copy of MY Nandroid stored on my phone as well as a few backups on my LAN. All I have to do is hook my phone to my laptop, (or, perhaps, any pc in the whole wide world with a USB slot (yes, I have my Nandroid on a flash drive as well), with a usb cable), power it down, and hold the volume down while pressing the power on button. The hardware is irrevelant, it's the software that's been keyed to operate as such. Any stock Android "smartphone" can be booted into "recovery" mode accordingly. The whole Android OS is chock full of Safeguards. A Nandroid is the best safety, it's like formatting your pc with the OEM cd, but it's all flash, and it restores your phone, all your contacts and installed apps, sans any malware you may have encountered. Takes about 15 minutes to restore a Nandroid. Poof, either stock OEM, or whatever ROM you were running and all the apps you had.

Safeguards. This ties in with identity theft. If you input all your contacts into a device, all your personal information, your SSN, your birthdate, and you don't know how that device operates, and then you know it accesses the internet, what kind of idiot are you? Every app you install tells you the permissions it needs, but most people just lah, lah, lah, click,click, click, app installed. As the end-user, you click with the slightest touch of your finger, but you have no idea what you are doing. Most people with Android have no idea behind the concept, yet they use the device regularly. Millions of us do. Android has taken over market share. 67% at my last check.

Safeguards. The hack in the MSM is only for Android 2.1 users. My Evo is 2.2. Goto settings>phone info and it lists the version of Android you are running. Even my buddy at work, running Android on T-Mobile, said he just got the 2.2 OTA upgrade a few days ago. "Smartphones" UPDATE themselves. Ok, Android phones do. So MSM said 50k people downloaded the apps. IT DIDN'T list how many were running Android 2.2. If you have a modern "smartphone", you are safe, the hack can't effect you, the OS has been modified to nullify that hack. That's the beauty of Open Source, it can evolve QUICKER than the coders can. For every freak out there trying to subvert the system, there are 100k that know how to fix it. Case in point, I flashed my "smartphones" ROM, and three days later the source released a new version, from 3.1 to 3.2. Did I upgrade? Heck no. Everything runs smooth, my HAVS are optimized, and I have no complaints about juiced battery life. Kudos to RICSIM for an awesome ROM, and updating it, but I like how what I have works, and it works fine. Thank you.

Safeguards. Just because 50k downloads were recorded, far fewer were affected. People with 2.2 Android weren't at risk, which is everything modern, so only the outdated folks have to worry. What you need to know however, is that the software developers take instances like this SERIOUSLY, and 3.0 Android is going to be really robust. It'll have all the safeguards, but it still all winds up on the end-user touching, ok, ok, ok. Install this app even though I didn't read through the TOS. Sorry.

The mother of all malware? Not really. Maybe 300 people with outdated phones MAY be affected. Too much hype, too much ignorance.



posted on Mar, 3 2011 @ 07:05 AM
link   
reply to post by Druid42
 


Thank you for putting some proper clarity into such things. I have a TMOUS-HD2 with Nandroid running Gingerbread and its amazing. There is quite a bit of choice with custom roms and I don't stress much on "malware" when I know it can and will be easily re-flashed in about a month anyway.


Also, people should PAY ATTENTION to how things appear in The Marketplace. There are warning signs that can tip you off on a bad vs good app. I always look at how long an app has been in the marketplace, the ratings it gets and how "real" the ratings comments appear. For example, If an app has nothing but good ratings and they are all written out in perfect english and the app is new..I skip right over it. Its rigged to get ratings at the very least which makes me uncomfortable enough. Just because something is a top rated app of its category does not mean there is not something equally as functional or better on the Marketplace.







 
16

log in

join