We often talk about malware in the mobile space, and most reports out there usually paint Google’s mobile OS as an easier target for individuals that want to take advantage of security flaws in mobile devices to make money off of unsuspecting smartphone and tablet users.
The following story is no different, although it’s not exactly known how many Android users were affected by the malware apps that we’re going to talk about.
A French 20-year-old hacker from Amiens has been arrested for collecting around 500,000 Euros from 17,000 “clients” in under two years.
The hacker, who didn’t have any formal training but who was “described by prosecutors as extremely smart,” designed apps that looked like original apps from other developers and then offered them for download free of charge.
Once downloaded, the malware apps would send SMS text messages in the background to a number set up by the hacker without the owner of the phone knowing what was happening. He also obtained via the same apps sign in credentials for gaming and gambling sites used by the victims.
While the BBC article that details the story doesn’t offer details on what mobile operating sytems were more prone to such attacks, it does say that “smartphones that use Google software were the most susceptible.”
His motivation wasn’t apparently pure greed though,”but rather a love of computers and an ambition to be a software developer.”
We have recently learned that Android 4.2 may include additional security features that would stop such malware apps from sending text messages to premium numbers, or at least warn the user that such an SMS message is about to be sent. However, not all Android devices will be updated to Android 4.2, which means that hackers like this guy in Amiens, France, will be still able to target the Android ecosystem with similar malicious apps.
Have you been the victim of such malware apps?
Like this post? Share it!
Always the fench!
One smart kid. Teach him a lesson then put him on good use!
If you read between the lines, his 17,000 clients were participating in piracy and got burned. He probably took the paid app, decompiled it, added his special modifications and then rebuilt the package. He then offered this as the paid app “for free.” I notice there was no indication that these were offered through Google Play.
That means the end-users had to specifically enable non-Play apps, and then download and install the malware. It’s easier to pull off on Android than on the iPhones because of the ability to install apps from outside of Play (Apple forces you to use their distribution channel), but doesn’t mean that Android itself is any less secure.
Just like clicking on suspicious links in an e-mail, installing questionable apps is just asking for trouble.
so that makes it okay for people to steal from you..? you’d make a great lawmaker
Nope. That’s not what I said. The article made it sound like Android, the operating system, was less secure than iOS because it was more susceptible to these types of attacks. My point is that the users that got burned had to consciously bypass the protections already in Android in order for this exploit to be successful.
There were no good guys in this one. The users who were stolen from were themselves trying to steal by pirating apps – the only difference being method and scale. Neither is okay.
My final point still holds. One of the best ways *not* to be stolen from is to *not* install questionable apps. Apps are so cheap, there’s no real excuse for not plunking down a couple bucks for the real thing.
Hello, Chris Smith, a.k.a. iSheep.
obviously they have downloaded the apps from other side instead of googleplay like usual..http://www.net-security.org/malware_news.php?id=2298&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29
Awesome kid. Too bad he couldn’t put his skills into good use.
If everything was priced reasonably with consideration shared between both the seller and the buyer for each other there would be no need for piracy. The “like my app? buy me a bear!” movement is one of the most beautiful things I’ve seen in software development where apps cost no more than a chilled beverage. But when apps cost more than $2-$3 that’s when you get people who decide it just isn’t worth their money.
Applications are not a material “good”. There is no supply/demand aspect to anything digital. Fruit must be grown and a farmer can only grow so much. I can make 1000000 copies of an application at the cost of an ass scratch. Which should be more expensive?
I hate French people
Stay classy mate