WARNING: Chinese Smartphones Contain Built-In Android Malware

There is a Chinese clone of the Samsung smartphone that steals personal data using a virus disguised as Google Play!


A Chinese Android smartphone that is selling on Amazon, eBay and other online stores have been found to contain a virus that pretends to be the Google Play Store.

This virus steals the user’s data when logged onto the bogus store.

The Star N9500, is resemblance to the Samsung’s Galaxy S4 Android smartphone.  It is manufactured in China but the phone is sold through resellers located in Belfast and Hong Kong.

The Trojan is known  as “Uupay.D“, its disguised as the Google Play Store.  It is pre-installed on the Android smartphone with no way to be removed by the user, according to German security company G Data.

G Data has analyzed one of the smartphones purchased directly from the factory in China and verified its vulnerability.

The scary aspect of this, is that online criminals have full access to these smartphones.

All Access

The malware attached to these Androids, steal personal data from the phone and sends it to an anonymous server located in China.  This Android malware is also capable of installing additional applications or viruses without the user’s knowledge.








The only thing users see is an app with the Google Play Store icon in the running process.  The virus enables criminals to track the location of the smartphone, intercept and record phone calls, make purchases and send premium text messages without the user’s permission.  All completely discrete and disguised.

The authentic phone usually costs £500 while the Chinese smartphones are going for £120.  Users are noticing reviews on this product range from one to five stars.  Although, they are complaining about the poor quality and noticing the phone starts to break down after a couple of months.

The device is offered with an extensive list of accessories which includes a second battery, car charging adapter and second cover.

The low price of a smartphone with such a wide range of features is a criminal tactic, according to Geschkat, a product manager at G Data.

Buyers Beware:  Cheap offers online that seem tempting should make buyers suspicious.  There is no such thing as free.

Android accounted for 97% of the malware targeted at mobile devices last year.  This is an increase of 20% a year, according to data from a security firm F-Secure.

Even though this malware is already installed onto these devices from the Google Play store, it accounts for only 0.1% of malware.

Malware from these Android’s can’t be blamed for all accounts.

The majority of all malware is downloaded from third-party app stores including the Chinese stores Baidu and Anzhi, where access to Google Play is restricted.

Have you come across these phones?  We’d love to hear from you, please leave your comments below!

References:

Gibbs, Samuel
Chinese smartphone on sale on Amazon and eBay contains built-in malware – TheGuardian
http://www.theguardian.com/technology/2014/jun/18/chinese-smartphone-samsung-amazon-ebay-malware-google-play
Published: June 18, 2014

Related posts:

Compromised Sites Serving Android Malware via Drive-by-Downloads 

Researchers Find More Android Malware: Some Send Expensive SMS, Others Steal Data

  Android Trojan Can Partake in DDoS Attacks, Send SMS Spam

  Watch Out for Mobile Adware

HzO WaterBlock is waterproofing everything!

[caption id="attachment_11475" align="aligncenter" width="600"] Photo Credit:[HzO][/caption]All the panic attacks from damaging your phone because a couple droplets of water touched your smartphone will no longer exist.  This new WaterBlock technology called HzO is waterproofing everything.  This technological advancement is a game changer.

Click here to view a video provided by FoxBusiness.com

This simple spray makes your cellphone, tablets, shoes, clothes, and just about everything you can think of water resistant.  HzO is a nano-coating that protects even the smallest electronics on the inside.  The WaterBlock technology defends against any moisture at the molecular level.  The product attaches to the circuits in devices and repels liquids away.  The HzO doesn't add any weight nor does it affect the performance of your device.

Not for consumers

The HzO is not for consumers, HzO is something device makers are going to start to incorporate into the manufacturing processes. HzO is soon appearing in gadgets from NavELite, putting it in the luxaury TAG Heuer smartphone. This special liquid blocking technology began for emergency response communications equipment that could function in maritime environments. This waterproof equipment would save thousands of lives, since electronic devices would never fail from water damage. In 2009, ZAGG had a vision of protecting electronics and other commercialized technology with the HzO solution.

Gorilla Glass

[caption id="attachment_11476" align="alignright" width="270"] Photo Credit: [cnet News][/caption]Gorilla Glass is another alternative to check out for protecting your smartphones. Although this isn't a waterproof protect ant, the Gorilla Glass is 8 to 10 times more resistant than normal smartphone screens. According to Corning, consumer complaint rates are more than twice as high for scratches on touch-screen notebooks than for scratches used for other mobile devices.   Dell is the first one in line to sign up for installing the Gorilla Glass this fall.

So relief is on the way...spending hundreds for your smartphone will be safer than ever. Clumsy mistakes, won't be so crucial to the life of your gadgets anymore.

Please visit http://www.hyphenet.com/blog/ for more posts on the latest technology and IT security news.

References:

New Gorilla Glass protects touch-screen notebooks - c|net
http://news.cnet.com/8301-1001_3-57595779-92/new-gorilla-glass-protects-touch-screen-notebooks/
July 29, 2013

HzO WaterBlock Technology
http://www.hzoinside.com/

HzO Makes Your Smartphone Waterproof... on the Inside - Mashable
http://mashable.com/2013/01/09/hzo-waterblock/
Jan 9, 2013

Waterproof Phones a Must Have in 2013 - Fox Business
http://video.foxbusiness.com/v/2080938609001/waterproof-phones-a-must-have-in-2013/
Jan 8, 2013



Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest security threats.

Super Malware that Attacks Android Discovered

Android and security threats go almost hand in hand as new and imminent threats are discovered on almost a weekly basis in today’s market. However, there was no threat that could potentially uproot Google’s Android as one of the most popular mobile operating systems in the world. But all that is set to change now, as a new virus has been detected that is very advanced and attacks the Android operating system in a new and innovative way. Also, the code is a little hard to completely remove, and can potentially detract users from using Android in the future.

Deadly Characteristics of the Virus

When a security researcher performs an assessment of any malicious software, he or she considers the most dangerous traits of that malicious software. From that viewpoint, this is one of the most dangerous Android malware discovered. Firstly, the code is so complex that it looks almost like a code that is written for a Windows computer, or even more advanced. The code also uses obfuscation techniques to confuse the OS about its true nature, thus evading detection. But the most dangerous trait of this malware is that it has been programmed to resist attempts of uninstallation by the user.

Kaspersky Labs behind the Discovery

Kaspersky, a leading security products company, detected this malware in Android and said that is has the capability of single handedly bringing down the Android operating system. They also reported that this malware exploits vulnerabilities in the Android OS that were previously, quite literally unknown.

References:
Android super-malware discovered – Is Google's platform in peril ...

virusfreephone.com/.../android-super-malware-discovered-is-googles-pla...‎

View shared post

4 days ago – Android super-malware discovered – Is Google's platform in peril? ... Android Mobile Attacks Spreading Across The Globe, McAfee Finds ›.

Android super-malware discovered – Is Google's platform in ..

malware.rsspump.com/?...android-super-malware-discovered--is...‎

View shared post

4 days ago – Android super-malware discovered – Is Google's platform in peril? ... and anti- malware software in light of the recent malicious attacks across  ...

Spammers Exploit Boston Marathon Bombing to Spread Malware

Click with caution if you receive unsolicited emails or find yourself wanting to click a website link related to the deadly bombing attack at the Boston Marathon on Monday.

Antivirus firms Avira and Sophos, along with email security provider AppRiver have already intercepted emails from spammers aspiring to dupe users into following malicious links by offering links to video footage of the attacks.

There are a variety of domain names and subject lines associated with this spam campaign; some of the subject lines in use are:

• Explosion[s] at Boston Marathon


• Boston Explosion Caught on Video


• Aftermath to explosion at Boston Marathon


• Video of Explosion at the Boston Marathon 2013


• Runner captures. Marathon Explosions


• 2 Explosions at the Boston Marathon

The body of the email appears to contain nothing more than a link pointing to a website that has legitimate videos from the attack. However, that same site is rigged with malicious code that will attempt to exploit Java plugin vulnerabilities in order to drop a backdoor Trojan on your machine.

Avira identifies the threat as TR/Crypt.ZPACK.Gen, while Sophos identifies it as Troj/Tepfer-Q.

Upon a successful infection, TR/Crypt.ZPACk.Gen (or Troj/Tepfer-Q) will modify the system registry and connect to a remote server, granting an attacker remote access to the affected PC.

Tips to Keep Your PC Safe

Avira warns that malicious links may also be posted on Facebook, so users should also exercise caution when following links shared on social networks. Here are a few other bits of advice to help keep your computer malware-free:

• Do not click links or download files attached to unsolicited emails.


• Stick to the official websites of your favorite news channel to get the latest updates.


• Keep your operating system and installed third-party software fully patched and up-to-date.


• Always run antivirus software and keep the virus definitions current.

Did You Already Fall for It?

Both Avira and Sophos offer security products capable of detecting and removing the malware being spread by these online attacks. So if you have the sinking feeling that you may have followed a bad link, you may want to try performing a full system scan using one of their products.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Tibetan Activists Targeted by Phishing Attack Toting Android Trojan

Phishing attacks targeting Tibetan activists aren’t anything new, and there have been a variety of malware spam campaigns affecting both Windows and OS X systems in recent months.

It appears as though the dangers have spilled over into the mobile world, however,  as Kaspersky Lab recently spotted a new spam campaign spreading malicious APKs – or Android applications.

Researchers say that the perpetrators hacked into the email account of a “high-profile Tibetan activist” & used it to fire off spam messages like the one below to other activists:

Subject: WUC’s Conference in Geneva

22 March 2013 World Uyghur Congress

In what was an unprecedented coming-together of leading Uyghur, Mongolian, Tibetan and Chinese activists, as well as other leading international experts, we were greatly humbled by the great enthusiasm, contribution and desire from all in attendance to make this occasion something meaningful, the outcome of which produced some concrete, action-oriented solutions to our shared grievances. The attachment is a letter on behalf of WUC, UNPO and STP.

Attached to the email is an APK file, WUC’s Conference.apk that, when installed on the recipient’s Android device, will populate an app named “Conference” in the app drawer.

When launched, the app displays text to the end-user related to the upcoming event, and proceeds to connect to its command and control server  in the background. At that point, the Trojan siphons the following data from the device and relays it back to its operators upon command:

• Contacts (stored both on the phone and the SIM card).


• Call logs.


• SMS messages.


• Geo-location.


• Phone data (phone number, OS version, phone model, SDK version).

The C&C for the Trojan, which Kaspersky detects as Backdoor.AndroidOS.Chuli.a has a Los Angeles, CA based IP address, 64.78.161.133.

Researchers noted that the domain, DlmDocumentsExchange.com has previously been associated with that IP. The domain name was registered to a Chinese address on March 8^th, and serves up a similar APK file with text discussing the disputed “Senkaku Islands / Diaoyudao Islands / Diaoyutai Islands” written in Chinese. That, plus the fact that the public-facing admin interface and server’s operating system are in Chinese, leads researchers to believe that the attackers are at least Chinese-speaking.

Either way, the attack would be unsuccessful without user-interaction, and can be easily avoided as a result.

As always, users are advised not to download or install Android applications distributed via email, SMS, or any untrusted sources, and always vet apps - even when downloaded from the Google Play store.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Watch Out for Mobile Adware Posing as Candy Crush Saga Apps

Think twice before you download apps that claim to offer cheats or guidance for the popular matching game, Candy Crush Saga.

TrendMicro warns that ill-willed developers have started cashing in on the game's popularity by creating fake Candy Crush apps containing the code for the Leadbolt & AirPush ad networks.

AirPush and Leadbolt have gained quite a poor reputation for their “aggressive marketing practices,” which include placing ads to the notification/status bar, placing ad-enabled search icons on your mobile desk, and collecting user information.

Infact, these ad networks (and a few others) have become such a nuisance that developers & mobile security app vendors have released apps capable of detecting their presence so users can determine which apps are displaying ads on their device (and need to be removed).

TrendMicro’s mobile security app detects the AirPush & Leadbolt ad networks as ANDROIDOS_AIRPUSH.HRXV and ANDROIDOS_LEADBLT.HRY, respectively.

How to Avoid Candy Crush Saga-Themed Adware

As a fan of Candy Crush Saga, I can tell you that a large part of the game relies on luck, so those “cheats” and guides won’t be of much use since the candies aren’t laid out in a specific pattern.  You’ll have to figure it out on your own.

Aside from that, you can gauge the safety of an app by:

• Check the number of downloads and the app’s rating.


• Reading user reviews – usually users will spill the beans on what’s really going on with an app.


• Do a little homework on the developer – i.e. Google their name and make sure there aren’t any red flags in the results.


• Review the app permissions – sometimes the permissions can be hard to gauge (as some legitimate apps require odd permissions), but other times they can throw a big red flag. Either way, look them over and listen to your gut if something seems off.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Facebook Pushes App Update to Android Users.... Outside of Google Play

Oh Facebook, WHAT are you doing?

There are reports that Android users that have the Facebook app installed on their devices are being nagged to download and install an update – OUTSIDE of Google Play.

While at first glance this may appear as if there were a bit of malicious activity going on – as authentic app updates are usually delivered via Google Play – it is actually a legitimate update that Facebook says they’re rolling out to a small number of users.

The reason why they decided to push it outside of the Google Play store is still left unclear, but hey, it’s not like it’s the first shady thing they’ve done with the Facebook App for Android.

Obviously this update cannot be applied unless the device is set to allow applications from “Unknown sources” (aka outside of Google Play) to be installed, but enabling this setting is obviously not recommended for security reasons.

Facebook claims that only users with WiFi enabled will get the update notification; however, complaints within the Help Center conflict with that statement. Judging from the thread, I’d say Facebook users are wondering why the social networking giant thinks they’re above pushing updates via Google Play like everyone else.

What are your thoughts on this? Would you install this update on your Android device?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Security Bug in iOS 6.1 Allows Lockscreen Bypass

If you’re protective over the information stored in your iPhone, you may want to keep a closer eye on it, especially if you’re running iOS 6.1 and expect the lockscreen to keep prying eyes out.

Somehow, someway a YouTube user named videodesbarraquito found a way to bypass the lockscreen on an iPhone 5 running iOS 6.0.1, 6.0.2, or 6.1 and gain access to contacts, call history, photos (by trying to add a photo to a contact), and the phone app to make calls.

All it takes to slip past the lockscreen is a systematic sequence of emergency phone call making (and quickly cancelling), power button pushing and voilà! You’re in.

How someone would possibly figure that out is beyond me, although I guess it's not all that farfetched since iOS 4.1 suffered from a similar bug a few years back.

The folks over at The Verge couldn’t resist temptation, tested the routine on a pair of UK iPhone 5s running iOS 6.1 and found that it actually worked. The Verge reached out to Apple for a comment, but no word back yet.

Update: A spokesperson for Apple told AllThingsD, "Apple takes user security very seriously. We are aware of this issue, and will deliver a fix in a future software update."

Better keep a closer eye on your iPhone until then.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Apple Locking App Screenshots to Stop Bait & Switch Scams

Any scammers that were hoping to pull the ol’ bait & switch routine in the Apple app store by switching the screenshots for their apps after it has been approved may have a rough time doing so thanks to Apple’s new policy change.

Last Wednesday, Apple announced to Apple Developers that “app screenshots will be locked in iTunes Connect once your app has been approved.”  The only way developers can upload new screenshots is to submit a binary for an update for an existing app, or a brand new app.

The idea behind this change is to stop the widely-used scam tactic where ill-willed developers upload legitimate screenshots to get their app approved and then swap them out with different screenshots (sometimes from another popular app) to trick users into downloading the app.

Hopefully this will prevent users from paying for apps that aren’t quite what they seem.

[via Security Watch]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Android Trojan Can Partake in DDoS Attacks, Send SMS Spam

Dr. Web researchers have discovered a new Android Trojan, Android.DDoS.1.origin that is capable of sending SMS spam and partaking in DDoS attacks.

While it’s not entirely clear how the Trojan is spread, researchers suspect that the attackers use social engineering tactics since the malware appears to disguise itself as a Google Play clone.

As a matter of fact, Dr. Web researchers wrote that, once installed, Android.DDoS.1.origin will create an icon that not only closely resembles that of Google Play, but launches Google Play when selected to reduce suspicion of foul play.

Screenshot Credit: Dr. Web

If it is launched, the Trojan will reach out to its command and control server (C&C) to relay the phone number belonging to the infected device and standby for further instructions to do one of the following:

• Participate in DDoS attacks by sending data packets to a specified server address & port


• Help with spamming efforts by sending the SMS spam message to the phone numbers specified by its C&C

Given the malicious activity, owners of infected devices will not only experience a decrease in performance but higher phone bills thanks to the SMS spamming & unauthorized data usage.

Dr. Web researchers note that the Trojan’s code is heavily obfuscated, indicating that the authors want to hide its function. That’s not much of a surprise given the malware’s capabilities; the attackers can easily use it to attack competitor websites, advertise products via SMS spam, or help generate revenue by sending text messages to premium numbers.

Keeping Your Android Device Safe

There is currently no evidence that users run a high risk of encountering this threat, or of it being distributed in the Google Play store. With that being said, here are a few steps that Android users can follow to keep their devices safe:

• Only download Android apps from official Android app stores like Google Play or the Amazon Appstore for Android.


• Always check the number of downloads, app rating and user reviews. If an app has a poor rating or a long list of poor reviews, you probably shouldn’t download it.


• Carefully review permissions before downloading and/or installing an app.


• Do not click links or download apps advertised in unsolicited text messages or emails.


• Consider installing a mobile antivirus app on your device; Sophos offers a free solution with remote wipe capabilities in the event that your device is lost or stolen. Check it out.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

SpamSoldier Android Trojan Spreading via SMS Spam

Android users that go against their better judgment & download apps advertised in unsolicited text messages run the risk of infecting their smartphone with mobile malware packing botnet capabilities.

The SpamSoldier Trojan is spread through SMS spam offering users to download a free version of popular paid apps such as The Need for Speed Most Wanted, Grand Theft Auto 3 and Max Payne HD.

Given that the apps are downloading outside of the Google Play store, victims are instructed to first change their security settings to allow apps from “Unknown Sources” be installed on their phone. At that point the target can download the game Trojan and accept the permissions to complete the installation process.

Upon a successful infection, SpamSoldier will connect to it’s command & control server (C&C) to retrieve a list of 50-100 phone numbers along with the SMS message to spam them with. SpamSolider will keep in contact with it's C&C to send progress reports and retrieve a new list once the previous one has been exhausted. (Hopefully the victim has unlimited text messaging on their plan, otherwise they could be looking at an expensive phone bill!)

In addition to pumping out SMS spam offering malicious downloads, SpamSoldier also attempts to trick unsuspecting folks into handing over personal information by offering free gift cards. Here are a few of the SMS spam messages that SpamSoldier has been known to send:

• Tired of SMS Spam? Download our free SMS Blocker today to finally rid yourself of unwanted messages! Download now at http://[redacted].com


• Download Grand Theft Auto 3 & Need for Speed Most Wanted for Android phones for free at http://[redacted].mobi for next 24hrs only!


• You have just won a $1000 Target Gift Card but only the 1st 777 people that enter code 777 at http://[redacted].com can claim it!

The domains associated with SpamSoldier are prone to change, but they are typically .mobi top-level domains.

What to Do If You Receive SMS Spam

If you do happen to receive text message spam, Cloudmark suggests that you

• Do not reply to the text message.


• Forward the text message to 7726 (S-P-A-M on your keypad).

Don’t bother replying with ‘STOP’ as that will only work if it’s coming from a legitimate commercial contact.

Tips to Keep Your Android Smartphone Safe

Keeping your Android smartphone isn’t terribly difficult; after all, user-interaction is required for SpamSoldier to take hold of your device. That being said, all you really have to do to keep your Android phone safe from this threat is to:

• Avoid clicking on links or downloading apps advertised in unsolicited text messages.


• Stick to official or reputable app stores such as Google Play or Amazon’s App Store for Android to download and install apps.

[via Cloudmark]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Cybercriminals Setup Fake Update Pages for Chrome, Firefox & IE

Do you know how to update your web browser?

One of the nice things about Google Chrome is that it automatically updates whenever a new browser version is detected.

Aside from that, you can manually check for updates by clicking the Menu icon and selecting ‘About Chrome’. If there are any updates found, it will download them automatically and install them whenever you decide to restart your browser.

Firefox is pretty much the same, as well as Opera.

Internet Explorer is a bit different as it usually involves downloading another browser, like Firefox or Chrome. – Just kidding! Internet Explorer 9 updates are provided via Windows Updates.

And yes, knowing how to update your web browser is important.

Aside from running the risk of having a browser vulnerability exploited in a cyber-attack, there’s always the chance of you downloading malware posing as a browser update.

StopMalvertising warns that cybercriminals have launched new phishing schemes using malvertisements and fake browser update webpages in hopes of tricking you into downloading malware onto your computer.

The risk of falling for a phony browser update page is present regardless if you use Firefox, Chrome or Internet Explorer. The pages are set to detect your browser of choice & customize the content just for you:

Screenshot Credit: StopMalvertising

In the event that the script cannot determine which browser you’re using, Mozilla 5.1, GoogleBot 2.1 or unknown unknown.1 Service Packs are offered for download.

A VirusTotal scan of the file served in the attack, index.exe found that it is actually Trojan:Win32/Startpage.UY.

Once it infects your machine, Trojan:Win32/Startpage.UY will change your browser’s homepage. While that may seem harmless, it’s important to note that TrendMicro’s analysis of this attack found that the updated home page may “host other malicious files that can further infect [your] system.”

One of the things that set this particular batch of fake browser update pages apart from the ones we saw back in January is the fact that these new pages pose a threat to mobile users as well.

Although it does not appear that payloads targeting smartphones are served, StopMalvertising noticed JavaScript on the site that will display pop-ups and notifications asking for your mobile phone number. Providing such information to a scammer can be a costly mistake as they won't think twice about signing you up for expensive SMS services, so don't do it!

How to Avoid Falling for Fake Browser Update Phishing Schemes

So now that you know the risks, what can you do to avoid becoming a victim?

• Always use your web browser’s built-in update mechanism or download updates from a legitimate source (like the vendor’s official website).


• Always run antivirus software that offers real-time scanning and always scan downloaded files before opening them.


• Remain vigilant when surfing the web and do your best to avoid suspicious links or website.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Apple Pulls Two Scam Apps from its App Store

Somehow, someway two scam apps made their way into Apple’s App Store on November 8th and remained available for 5 days before being pulled by the fruit-themed company.

Both apps were offered by the same developer, JB Solutions.

One of the apps pulled, IntelliScreenX for iPad and iPhone, claimed to add a pull-down list of notifications from the device’s lock screen.

Typically users would have to jailbreak their iOS device to have this feature, so it’s understandable why some jumped at the opportunity to use the IntelliScreenX for iPad and iPhone instead.

Unfortunately for IntelliScreenX buyers, the $1.99 app proved to be nothing more than an alarm clock once it was downloaded.

The other bait-and-switch app, NFC for iPhone 5, promised to magically enable Near-Field Communications support for $0.99 even though the iPhone is built sans NFC chip. So, it’s not too much of a surprise that it transforms into an app named RadioStreamer and plays music from online stations once it’s installed.

Apple is well-known for its rigorous app-screening process, so it's not clear on how these two apps managed to get the stamp of approval. Either way, it proves that it is always worthwhile to do a little research and always check app reviews before installing them, regardless of what platform you use.

[via The Register]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Teenage Researcher Creates Windows Phone 8 Malware Prototype

A young security researcher by the name of Shantanu Gawde claims to have created a prototype of mobile malware targeting the new Windows Phone 8 operating system.

Gawde is scheduled to unveil his proof-of-concept code at the International Malware Conference (MalCon) in New Delhi, India on November 24^th.

Details about the malware are rather scarce; however, the MalCon website hints at Gawde’s presentation involving a Trojan disguised as a legitimate app that will give attackers access to contacts, text messages, pictures and more.

If that’s the case, then the question of whether or not a malicious app can sneak past Microsoft’s approval process & become available within the Windows Phone Store remains. (Not to mention how sketchy the permissions screen may look to end-users.)

Microsoft is aware of Gawde's upcoming presentation and is ready to take appropriate action to help protect their customers following his MalCon demonstration.

[via The Register]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Reasons Why Android Malware Authors Dig China and Russia

We all know that cybercriminals have taken a shine to creating mobile malware, but the chances of actually encountering a malicious Android app usually depends on your geographic location.

According to Lookout Mobile’s  State of Mobile Security 2012 report, the likelihood of U.S. users encountering  mobile malware is just 1%. Meanwhile mobile users in China, Ukraine and Russia face a much higher risk of 7.6%, 28% and 42%, respectively.

But why is the risk so much higher in these countries? Three main reasons:

1. Users are a lot less likely to pay for apps


2. Third-party app stores reign supreme


3. Lax premium SMS regulations

As the saying goes, nothing in life is free.

When users go looking for a pirated version of a paid app in third-party marketplace that doesn’t screen submitted apps or download it off some random website, they run a high risk of downloading a Trojanized copy of whatever app they’re looking for.

Combine that behavior with the absence of safeguards like double opt-in requirements for premium SMS services and you’ve got the perfect breeding ground for mobile malware (which often involves texting a premium-rate number).

All that aside, sticking to official stores like Google Play won’t keep you completely safe either, for malware has even managed to sneak past Google’s app-scanning Bouncer in the past. What's an Android user to do?

Just like with PCs, users will always have to play their part to keep their devices safe. That means you should always:

• Stick to official app stores like Google Play or Amazon Appstore for Android to minimize your chances of encountering a “repackaged” app.


• Check the number of downloads, app rating, and user reviews for any red flags.


• Carefully review the required app permissions before downloading and installing the app. If you feel the permissions are out of line for that type of app, don’t install it.


• Keep an eye out for multiple permission screens – it’s a good indication that you may have downloaded a malicious app.

[via Lookout Mobile]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Spam Offers 'Benefits of a BlackBerry ID' with a Side Order of Malware

Security researchers are warning the public about an ongoing malware campaign targeting BlackBerry customers.

The attack starts off with a spam message posing as a notice from RIM that a new BlackBerry ID has been created. The email is said to be an exact copy of a legitimate email sent from Research in Motion (makers of BlackBerry) - complete with a spoofed email header to make it appear as if it were sent from a blackberry.com email address.

From: donotreply@blackberry.com
Subject: Your BlackBerry ID has been created

Your BlackBerry ID has been created

Hello,

You’ve created a BlackBerry ID!

To enjoy the full benefits of your BlackBerry ID, please follow the instructions in the attached file.

BlackBerry ID is your universal BlackBerry key. Here is what it offers:

• One sign in for all BlackBerry applications, services, and websites.


• Automatic transfer of some email accounts and services when you switch smartphones.


• Full access to all features in BlackBerry App World storefront.


• Protection of financial transactions using BlackBerry services.

You can learn more about BlackBerry ID by visiting https://blackberryid.blackberry.com/

The BlackBerry Team

This email has been automatically generated. Please do not reply to this email.

If you have not previously indicated that you wish to receive emails from Research in Motion Limited and/or its affiliated companies regarding exclusive offers and updates about BlackBerry products and services and you would like to do so, please click here.

Research in Motion Limited, 295 Phillip St., Waterloo, Ontario, Canada N2L 3W8

Attached to the email is a malicious file, “BlackBerry_ID19176974_Instructions.zip” (the string in the file name may vary), which houses malware that Microsoft detects as Worm:Win32/Gamarue.I.

Websense researchers warn that running the attachment drops other executable files and modifies the system registry to automatically start these malware programs when the system starts.

What to Do if You Receive BlackBerry Spam

If you receive a copy of this email, it’s recommended that you:

• Do NOT click on any links or download any attached files. (There’s no indication that the links are malicious, but that can change at any time.)


• Report the email to SpamCop.


• Delete the email immediately.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Researchers Find More Android Malware: Some Send Expensive SMS, Others Steal Data

I’ve said it before and I’ll say it again: If you plan on downloading apps on your Android device, make sure that you’re getting the apps from a trusted Android market like the official Google Play store or Amazon Appstore for Android.

Don’t download apps from random third-party sites, and don’t complete the installation process for apps that present two different permission screens.

Failure to heed such warnings can easily result in your beloved smartphone being infected with Trojan apps that either steal your data or rack up expensive cellphone bills by firing off SMS messages to a premium-rate number.

Android Malware Wants Your Contacts

An example of Android malware that steals data would be Android.Ackposts, which was recently discovered by Symantec researchers.

Android.Ackposts tends to find its way onto the smartphone of unsuspecting Android users by posing as a battery-saving app.

Only two permissions are requested during installation (on a single screen): full internet access and the ability to read contact data, which is all it really needs since its entire purpose is to harvest email addresses for spammers and upload the data to a remote server.

The fact that the Android.Ackposts targets contact information makes a little more sense once you realize that the app is being advertised via Japanese spam messages.

New OpFake Variant is... Less Fake, Actually Installs Opera Mini Browser

As far as SMS-sending Trojans go, OpFake is maintaining relevance thanks to a new variant that comes bundled with the mobile web browser it poses as instead of merely carrying the name and nothing more.

GFI Lab researchers found this new version of OpFake (detected as Trojan.AndroidOS.Generic.A) lurking on a fake Opera Mini support website. The Trojan is delivered in a package (ironically) named “com.surprise.me,” which contains a file named “opera_mini_65.apk.”

Users are presented with two permission screens during the installation process, which should throw a huge red flag that something‘s amiss. Unfortunately, the first screen applies to the actual malware itself, so it’s critical that users actually pay attention to the permissions being requested whenever they install an app. Once you agree to the first set, you will be shown the permissions for the legitimate Opera Mini app.

Btw, I can’t think of any reason why a browser would need SMS permissions.

 OpFake permission screens credit: GFI Labs 

After everything is said in done, the user can use the actual Opera Mini browser. However, the malware will also be using its approved permission set to send a SMS message to a premium rate number and connect to a remote server and read stored information including:

• Country location


• Operator name


• OS version


• Phone type


• Device ID (IMEI)

Keeping Your Android Device Safe

Despite the threats roaming about, it’s relatively easy to keep your Android device malware-free.

• Only download Android apps from official Android app stores like Google Play or the Amazon Appstore for Android.


• Always check the number of downloads, app rating and user reviews. If an app has a poor rating or a laundry list of poor reviews, it’s likely in your best interest to take a pass on downloading it.


• Carefully review permissions before downloading and/or installing. If you feel that the app is requesting permissions that it shouldn’t be, don’t install it.


• Watch for multiple ‘Permissions to Install’ screens. The first screen typically applies to the malware itself, so it’s important that you scrutinize app permissions. That second screen should serve as more of a “head’s up” that you may have just fallen into a malware trap.

Have you discovered any malware on your Android device?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

What the Android.Dropdialer Trojan Taught Us: Check Permissions & Install Process

If we learned anything from the malicious apps that were most recently pulled from Google Play, it’s that we should not only pay close attention an app’s permissions, but the installation process as well.

Last week, Symantec researchers discovered two malicious apps in the Google Play store titled “Super Mario Bros” and “GTA 3 Moscow City.” Both apps managed to remain available for over two weeks and were downloaded 50,000 – 100,000 times.

But how did this malware, which Symantec identified as Android.Dropdialer, slip past Google’s app-scanning Bouncer?

Instead of pushing one payload that contains all of the malicious code, the author of the apps broke the payload into separate modules that could be delivered independently. This allowed the Trojan apps to get the OK during the QA screening process since the offending piece of the app hadn’t been downloaded just yet.

How it Works

When users downloaded the Android.Dropdilaler Trojan app, they would view and accept an initial set of app permissions that seem safe, and the app would download and be installed. That’s when the real fun began.



After being successfully installed, an additional package named ‘Activator.apk’ would be downloaded from Dropbox.

The user would be prompted again to accept the permissions of the new app, one of which is to use services that cost you money. That’s no real surprise since the entire attack revolves around sending SMS messages to a premium-rate number.

Once the SMS message has been fired off, the Trojan will prompt the user to uninstall the secondary SMS-sending payload in an attempt to hide its true intentions.

So, the next time you download an app, make sure you keep an eye out for any suspicious permissions or screens that may attempt to trick you into downloading additional files.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Malware Dresses Up as Skype for Android, Racks Up Expensive SMS Bill

If you were looking to download Skype for Android, make sure that you download it from the Google Play store and not some random third-party website.

TrendMicro researchers discovered that cybercriminals have created websites offering fake Skype mobile apps to Android users in attempt to plant premium-rate SMS malware on their phones.

Thankfully it should be easy to avoid these fake sites as they are hosted on Russian domains (.ru), although the malware posing as Skype apps are downloaded from a Nigerian-based domain (.ne).

Even though the websites advertise different versions of the Skype app for Android, each download link points to the same malicious .JAR file (.APK files are the expected file format for Android apps).

TrendMicro researchers wrote that the .JAR file is a Java MIDlet that poses as an installer of Skype for the Android platform and only executes on older Symbian phones and Android devices that run Java MIDlet (a third-party app is necessary to allow Android to run Java MIDlet).

If the malware is successfully executed, the user is displayed two messages before ultimately being directed to a URL that fires off SMS messages to premium rate numbers, generating revenue for the bad guys.

TrendMicro has labeled this malware threat as JAVA_SMSSEND.AB.

Users can steer clear of this threat by downloading apps from the Google Play store or another trusted Android marketplace. Regardless of where you download the Android app from, always make sure you  check the # of downloads, user reviews and permissions before clicking that final ‘Download & Install’ button!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

'Android Security Suite Premium' App is Malware in Disguise

If you’re an Android user, there’s a good chance that you’ve caught a headline or two warning about the latest piece of malware targeting the mobile OS, and are now considering downloading a security app to add another layer of protection to your device.

Should this be the case, just make sure that you don’t inadvertently download malware masquerading as a mobile security application in the process.

Researchers at both Kaspersky Lab and Webroot recently found that a security app named “Android Security Suite Premium” was anything but what the name implied, as it adhered to the demands of its villainous command & control (C&C) server.

Such commands usually entailed stealing incoming SMS messages – possibly along with other system information – and relaying that information back to the attackers.

In analyzing six samples of the bogus security app, Kaspersky Lab discovered 6 different C&C domains encoded within them, one of which had been registered with the same fake data as ZeuS C&C domains.

It is for this reason that the “Android Security Suite Premium” app has earned title as the latest variant of ZitMo (short for ‘Zeus in the Mobile’) trojans.

Kaspersky Lab did not disclose where they had retrieved their APK samples; however, researchers over at Webroot found the Android Security Suite Premium app lurking in torrents and/or third-party Android markets.

So, if you’re on the hunt for a legitimate mobile security app, it is suggested that you:

• Download the app from the official Google Play store.


• Check the developer name, number of downloads and most important of all, user reviews.

It is worth noting that majority of PC antivirus vendors also offer a mobile security solution, so it may be best to do a little research before searching the Google Play store so you can verify the company's Google Play developer name, app permissions and the like.

Screenshot Credit: Kaspersky Lab

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+