As the global adoption of smartphones has reached impressive levels during the past couple of years or so (with absolutely no sign of stopping anytime soon), it is surely not surprising to see that hackers have turned their evil eye towards exploiting the various weaknesses of your favorite mobile device. But although in the past we’ve talked how hackers exploit various soft spots in the OS, it turns out that attackers can actually use underlying technologies to get access to private information.
According to Ralf-Philipp Weimann, a researcher at the University of Luxembourg, Assisted GPS (A-GPS) is one of the technologies that hides such vulnerabilities. Just so that [...]
Another blemish on the reputation of the Google Play Store – a fake Infinity Blade 2 app went live on the Play store on July 28, and accrued more than 1000 downloads before being taken down.
The fake application, a 2.2 MB APK, prompted users to earn 50 points on Tapjoy (paid ad clicks) in order to unlock the full game download. Some users reported that the download never became available, while others said that the 1.03GB file was just “junk”.
The app was published by “2011 Chair Entertainment Group LLC” (the developer of the real iOS game is Chair Entertainment Group, LLC) and used the official branding and copy of the iOS game. It is unclear what the purpose [...]
A new Android application, developed with funding from DARPA, aims to show users precisely what security holes there are on their Android devices.
Called X-Ray, the app was created by Duo Security, and is now available for download at XRay.io as a standalone APK. What X-Ray does is analyze your Android system and look for known vulnerabilities, including privilege escalation bugs. According to X-Ray,
“Such vulnerabilities can be exploited by a malicious application to gain root privileges on a device and perform actions that would normally be restricted by the Android operating system. A number of such vulnerabilities have been discovered in the core Android [...]
A new piece of malware, dubbed FireLeaker, has been found by NQ Mobile’s Security Research Center. Unlike other types of malware, which send premium rate SMS message or install a keylogger to try and steal password and banking information, FireLeaker wants your contacts and system information.
What FireLeaker does is collect your contacts and then uploads them to a remote server. The precise reason for this data stealing isn’t yet known, but most likely the information will either be sold on to e-mail spammers, who will bombard people in your address book with all kinds of unsavory and strange offers; or it will [...]
A couple of weeks ago Trend Micro spotted a fake version of Skype for offer. Now Microsoft, who own Skype, has published some more details about this malware dressed up as a legitimate app.
How the malware works is like this: once an unsuspecting user installs the app, it sends SMS messages to premium rate numbers without the users’ consent. This costs the user money which goes straight into the malware author’s pockets.
The problem for the victim is that the charges for the premium SMS messages will most likely only be seen once the next bill arrives and long after the app has been uninstalled (as the victim realizes that it isn’t a legit version of [...]
It’s no secret to Android fans that the security of their favorite mobile platform has been often questioned after various malware programs managed to bypass security measures and affect Android devices – quite a few malware-containing apps even made it to the Google Play store. In addition to that, the Android devices themselves were prone to being attacked by smart hackers that knew what to look for in order to trigger malicious actions on the device.
But that doesn’t mean Google hasn’t paid special attention to these exploits. In fact, it looks like Jelly Bean’s security has been significantly improved to prevent future malware [...]
Based on image from Symantec
A nasty bit of malware known as Android.Dropdialer has been hiding out in Google Play since June 24 and has managed to generate somewhere between 50,000 to 100,000 downloads. The malware was hidden inside two games “Super Mario Bros.” and “GTA 3 Moscow City”. The malware was discovered by Symantec and was removed from the Play store once Google was notified.
The malware managed to remain undetected for so long because the malicious components where downloaded separately, from a Dropbox account, and did not form part of the original package submitted to Google Play. “What is most interesting about this [...]
A new report by Trend Micro paints a worrying picture about the number of malicious Android apps in existence. According to the report, which was created by Trend Micro’s TrendLabs threat response team, there were just 5,000 malicious Android apps in circulation during the first three months of 2012. However that number has quadrupled between April and June to 20,000. The vast majory of these apps reside in unreliable third party stores. However, Trend also discovered that 17 apps did manage to get into Google Play and were downloaded over 700,000 times before they were removed.
Trend Micro Around 30% of the malicious apps found disguise themselves as highly popular [...]
Android’s security issues are well-known, documented and much debated, but even with the introduction of a new “Bouncer” system, the number of malicious apps in Google Play doesn’t seem to be dropping.
The latest malware app to be discovered is called (or rather was called) “Find and Call” and has already been removed from Google Play. What’s interesting is that the spam-sending app managed to make its way to iOS as well, a platform that has been praised as much more secure than Android.
In fact, the discovery of “Find and Call” in Apple’s App Store can be called iOS’ biggest security vulnerability ever, questioning what many thought to be the best designed and [...]
Yesterday, I wrote about evidence that suggested the existence of an Android botnet which was under control of spammers and is being used to send out spam via Yahoo! Mail. The accusation came from Terry Zink over at Microsoft.
Of course, once Google heard about this, they weren’t too happy! The creators of Android issued the following statement: “The evidence does not support the Android botnet claim. Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they’re using.” So the question is who is right?
In light of the “scandal”, [...]