A new report by Trend Micro paints a worrying picture about the number of malicious Android apps in existence. According to the report, which was created by Trend Micro’s TrendLabs threat response team, there were just 5,000 malicious Android apps in circulation during the first three months of 2012. However that number has quadrupled between April and June to 20,000. The vast majory of these apps reside in unreliable third party stores. However, Trend also discovered that 17 apps did manage to get into Google Play and were downloaded over 700,000 times before they were removed.
Trend Micro Around 30% of the malicious apps found disguise themselves as highly popular [...]
Android’s security issues are well-known, documented and much debated, but even with the introduction of a new “Bouncer” system, the number of malicious apps in Google Play doesn’t seem to be dropping.
The latest malware app to be discovered is called (or rather was called) “Find and Call” and has already been removed from Google Play. What’s interesting is that the spam-sending app managed to make its way to iOS as well, a platform that has been praised as much more secure than Android.
In fact, the discovery of “Find and Call” in Apple’s App Store can be called iOS’ biggest security vulnerability ever, questioning what many thought to be the best designed and [...]
Yesterday, I wrote about evidence that suggested the existence of an Android botnet which was under control of spammers and is being used to send out spam via Yahoo! Mail. The accusation came from Terry Zink over at Microsoft.
Of course, once Google heard about this, they weren’t too happy! The creators of Android issued the following statement: “The evidence does not support the Android botnet claim. Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they’re using.” So the question is who is right?
In light of the “scandal”, [...]
Cyber security experts from Microsoft have spotted real-world examples of spam email sent, not from a dedicated spam server, but from Android phones. The spam being sent is the run-of-the-mill type trying to sell fake Rolex watches and other items (which can’t be mentioned in polite conversation) and their existence implies that the spammers have control of an Android based botnet. A botnet is a group of private resources (traditionally desktop PCs or servers) which have been infected with malware. Once infected the spammers can control the device and use it to send spam emails. This way they don’t consume their own resources in sending the [...]
Researchers at NC State University have found a weakness in the Android framework (meaning the Android GUI and services, not the underlying Linux kernel) which has allowed them to create a proof-of-concept prototype rootkit that can alter which apps are launched when an icon is tapped. The result is that malware could easily install fake apps which look and feel the same as normal apps but which steal information off the phone.
The example given by Xuxian Jiang, who led the research team, shows how malware could hide the smartphone’s built-in browser and replace it with a browser that looks and acts the same but steals banking information and login credentials as the [...]
German security researcher Thomas Skora has developed an app that can read the details off a contactless credit / bank card using an NFC-enabled (near field communications) handset. The app, which appeared briefly in Google Play before Google removed it, can read the card number, issue date, expiry date, and bank code from contactless cards.
Skora was only able to test his app using German PayPass Mastercards, but it is also believed to work on Germany’s popular GeldKarte. However, the technology behind the different cards is very similar, and if he managed it with one bank’s card then it is probably possible with them all! Once news broke [...]
Android’s security concerns have been the primary focus of an on-going debate for a while now. Google has been trying to fend off malicious app developers, with the introduction of a new security system called “Bouncer”, but we have still seen over 5,000 malicious apps already in just the first quarter of 2012.
In what is a further cause for concern, Kaspersky Labs Expert Denis Maslennikov has uncovered a fake Android security application that steals incoming SMS messages from infected devices. In a blog post, he wrote that he discovered at least 6 files that go under the name “Android Security Suite Premium,” but are in fact malicious [...]
Making your smartphone “smarter” also means granting it permission to do certain things. Some apps collect usage statistics, for example, and others read your e-mails and messages. That’s not really a problem when you’ve downloaded your app from a trusted developer, but what happens when you’ve been bitten by the app bug and you go on an app downloading spree?
Not every app on the Google Play store is safe, and some of them could be collecting all sorts of information from your device for some nefarious and dastardly end. Some discriminating device users will avoid apps that ask for access to too many permissions, but what about the [...]
In February of this year, Google revealed some details of a new malware scanner which it had been developing during the latter half of 2011. Dubbed “the Bouncer”, the automated service runs each app submitted to Google Play to see if it has any malicious intentions. According to Google’s initial figures, the Bouncer has been responsible for a 40% drop in malicious apps available in Google Play.
However, this week security researchers Jon Oberheide and Charlie Miller will present a new method they have developed which allows them to bypass the Bouncer and successfully submit malware to Google Play.
As with real world spies and secret agents, the key to [...]
Mobile device usage continues to climb and companies like Google and Facebook are working hard to cash in on the potential revenues available from mobile users. But they aren’t the only ones trying to make money from mobiles. Cyber criminals, organized crime gangs and malware authors are also trying to get a slice of the pie. As an Android user, it is important to step back a moment and look at the security implications of using a mobile device, and more specifically of using an Android based mobile device.Physical access
Before looking at all the sophisticated ways hackers can try and steal data off your mobile phone, it is [...]