Cyber security experts from Microsoft have spotted real-world examples of spam email sent, not from a dedicated spam server, but from Android phones. The spam being sent is the run-of-the-mill type trying to sell fake Rolex watches and other items (which can’t be mentioned in polite conversation) and their existence implies that the spammers have control of an Android based botnet. A botnet is a group of private resources (traditionally desktop PCs or servers) which have been infected with malware. Once infected the spammers can control the device and use it to send spam emails. This way they don’t consume their own resources in sending the [...]
Researchers at NC State University have found a weakness in the Android framework (meaning the Android GUI and services, not the underlying Linux kernel) which has allowed them to create a proof-of-concept prototype rootkit that can alter which apps are launched when an icon is tapped. The result is that malware could easily install fake apps which look and feel the same as normal apps but which steal information off the phone.
The example given by Xuxian Jiang, who led the research team, shows how malware could hide the smartphone’s built-in browser and replace it with a browser that looks and acts the same but steals banking information and login credentials as the [...]
German security researcher Thomas Skora has developed an app that can read the details off a contactless credit / bank card using an NFC-enabled (near field communications) handset. The app, which appeared briefly in Google Play before Google removed it, can read the card number, issue date, expiry date, and bank code from contactless cards.
Skora was only able to test his app using German PayPass Mastercards, but it is also believed to work on Germany’s popular GeldKarte. However, the technology behind the different cards is very similar, and if he managed it with one bank’s card then it is probably possible with them all! Once news broke [...]
Android’s security concerns have been the primary focus of an on-going debate for a while now. Google has been trying to fend off malicious app developers, with the introduction of a new security system called “Bouncer”, but we have still seen over 5,000 malicious apps already in just the first quarter of 2012.
In what is a further cause for concern, Kaspersky Labs Expert Denis Maslennikov has uncovered a fake Android security application that steals incoming SMS messages from infected devices. In a blog post, he wrote that he discovered at least 6 files that go under the name “Android Security Suite Premium,” but are in fact malicious [...]
Making your smartphone “smarter” also means granting it permission to do certain things. Some apps collect usage statistics, for example, and others read your e-mails and messages. That’s not really a problem when you’ve downloaded your app from a trusted developer, but what happens when you’ve been bitten by the app bug and you go on an app downloading spree?
Not every app on the Google Play store is safe, and some of them could be collecting all sorts of information from your device for some nefarious and dastardly end. Some discriminating device users will avoid apps that ask for access to too many permissions, but what about the [...]
In February of this year, Google revealed some details of a new malware scanner which it had been developing during the latter half of 2011. Dubbed “the Bouncer”, the automated service runs each app submitted to Google Play to see if it has any malicious intentions. According to Google’s initial figures, the Bouncer has been responsible for a 40% drop in malicious apps available in Google Play.
However, this week security researchers Jon Oberheide and Charlie Miller will present a new method they have developed which allows them to bypass the Bouncer and successfully submit malware to Google Play.
As with real world spies and secret agents, the key to [...]
Mobile device usage continues to climb and companies like Google and Facebook are working hard to cash in on the potential revenues available from mobile users. But they aren’t the only ones trying to make money from mobiles. Cyber criminals, organized crime gangs and malware authors are also trying to get a slice of the pie. As an Android user, it is important to step back a moment and look at the security implications of using a mobile device, and more specifically of using an Android based mobile device.Physical access
Before looking at all the sophisticated ways hackers can try and steal data off your mobile phone, it is [...]
UPDATE: We have an updated Best Android antivirus app list, click here to see.
With startling headlines like “Number of malicious Android apps grows by 2200% year over year” and “86% of all malware delivered via repackaging of legitimate apps” it is worth looking at what measures you can take to protect yourself from malware. Besides common sense items like not downloading apps from an untrusted app store or not installing apps which ask for odd permissions (like a game wanting SMS permissions), there is the option of installing an anti-virus app for your device. There are quite a few big [...]
Unsuspecting victims of fake versions of Angry Birds, Assassin’s Creed and Cut the Rope, posted on third party Android app stores, will be getting their money back, after the UK phone regulator PhonepayPlus took action against the premium rate number provider, A1 Agregator Limited.
The fake apps contained malware which charged vicitm’s £15 ($23) every time one of the apps was opened. The malware did this by sending three £5 premium rate texts. Once they were sent, the malware hid the sent and received messages that would normally notify the user that the text incurred a charge. The first time victims would know about the scam was when they received their [...]
The Department of Computer Science at the North Carolina State University has started the Android Malware Genome Project in an attempt to dissect Android based malware and see what makes it tick. The researchers are working with a collection of some 1,200 examples of Android malware, including the very first Trojans found in August 2010.
The team has started to systematically analyze the malware and create a database of the varying characteristics, including how the malware gets installed, how it is activated, and the nature of the malicious payloads. Not surprisingly, one “discovery” made by the team is that malware is “evolving rapidly to circumvent the [...]