Skip to main content

Malware

See All Stories

Android vulnerability gives an attacker complete control of device, even when locked [Video]

A set of Android vulnerabilities discovered by security researchers would allow an attacker complete control of a device, when locked and the screen is switched off.

The image above illustrates just one attack vector, clickjacking – where the user thinks they are okaying one thing while invisibly okaying something else. For illustrative purposes, the researchers have made the real action visible behind the overlay, but in real use (seen in the video below) the permission box would be invisible to the user …


Expand
Expanding
Close

A new example of Android malware is discovered every 10 seconds, say security researchers

Security company G Data says that a new piece of Android malware is discovered every 10 seconds. At this rate, the company is predicting that there will be 3,500,000 new malicious Android files by the end of the year.

The threat level for users with smartphones and tablets with an Android operating system remains high. In all, the G DATA security experts expect around 3.5 million new Android malware apps for 2017.

The company said that the risk was heightened by the fact that only a small minority of users are on the latest version of Android …


Expand
Expanding
Close

132 apps on Google Play were infected with malware, from the wrong OS…

Site default logo image

googleplay_august

While it’s pretty rare that you’ll come across malware on Android, sometimes it slips through the cracks and presents a threat. Recently, though, a security firm made an interesting discovery ─ 132 apps on Google Play had been secretly hiding the capability to infect user devices with malware. Specifically, malware designed for Windows…


Expand
Expanding
Close

Quadrooter flaws leave 900M Android devices vulnerable to rogue app gaining total control

zdnet-hero-pic

Four separate vulnerabilities in Qualcomm chips – used in 80% of Android devices – could allow a rogue app to provide an attacker with complete control of the unit, including camera and microphone.

The combined flaws, dubbed Quadrooter, were discovered by CheckPoint researcher Adam Donenfeld, and presented yesterday at the Def Con 24 hacking conference …


Expand
Expanding
Close

HummingBad malware said to have infected 85M Android devices, be generating $4M/year

hummingbad

Android malware known as HummingBad has so far infected 85M devices, putting data at risk, installing further malware and displaying ads sold by the Chinese company controlling it. The claims appear in a blog post by CheckPoint, the security company that first detected the malware.

The group tries to root thousands of devices every day and is successful in hundreds of attempts. With these devices, a group can create a botnet, carry out targeted attacks on businesses or government agencies, and even sell the access to other cybercriminals on the black market. Any data on these devices is at risk, including enterprise data on those devices that serve dual personal and work purposes for end users …


Expand
Expanding
Close

New ‘Mazar’ Android malware spreads via SMS, tricks users into granting a malicious app full permissions

androidvirus

Danish security firm Heimdal has detected a nasty piece of malware that spreads via SMS and tricks users into downloading a malicious app. The text message containing the download link has already been sent to 100,000 phones in Denmark, though common sense security practices should keep users safe.


Expand
Expanding
Close

PSA: Make sure you haven’t installed any of the 13 malicious apps now banned from the Play store

androidvirus

ArsTechnica reports that Google has pulled 13 malicious apps from the Play store after they were found to make unauthorized downloads. The apps (listed below) are particularly dangerous in that they attempt to gain root privileges that would allow them to remain installed even after a factory reset.

The malware used a clever technique to make the apps appear safe, giving them high download numbers and positive ratings.

The apps are capable of using compromised devices to download and positively review other malicious apps in the Play store by the same authors. This helps increase the download figures in the Play Store.

Although the family of malware known as Brain Test has been around for a while, affected apps have previously only been found in third-party app stores. This is the first time Brain test apps have been found in the Google Play store …


Expand
Expanding
Close

Porn app for Android takes pictures of users, holds them for $500 ransom

tapjacking-android

BBC News reports that security firm Zscaler recently discovered an app for Android which advertised itself as a way to access pornography, but which actually blackmailed its users for money:

Adult Player appeared to offer pornography, but secretly took pictures of users with the phone’s front-facing camera.

It then locked the user’s device and displayed a demand for $500 (£330) which was difficult to bypass.

Ransomware is the name given to malicious software which gains access to a computer — desktop or otherwise — and then threatens to wipe the device or release private information gathered from it if the owner doesn’t send the demanded amount of money. The BBC for its report quotes Intel Security as saying examples of this software appearing in the wild have increased 127% since 2014. “Apps like this rely on the embarrassment factor. If you don’t pay, your reputation is on the line,” said Raj Samani, chief technology officer for Intel Security.

One very important line in this story is somewhat buried, however:

The app was not available from vetted storefronts such as Google Play, but could be installed directly from a webpage.

What this means is that for someone to actually install this ransomware on their Android device, they’d have to intentionally bypass the security measures put in place specifically to prevent nightmares like what this software can do from occurring. And it’s clear that from descriptions of the app that its misbehaviors, like locking the device and constantly displaying messages across the system, would be blatant enough to trip up Google’s Bouncer anti-malware screening:

Zscaler said the app’s ransom message kept the phone’s screen switched on at all times, and reappeared if the handset was restarted.

Samani’s advice for steering clear of software like Adult Player is the same thing we heard during the desktop era:

Only download apps from the proper Google Play store. And if you receive an app download link in an email, don’t click it.

When it comes to software-based technology, attackers will always be digging from new exploits which means us consumers will always be on the defense. This is another case in particular, however, where the solution is simple: Download your apps and files from reputable providers, and if you need to download a new app store altogether, like Amazon’s, grab it straight from their official HTTPS-secured website.

Snapdragon 820 will be first chip to include Qualcomm’s anti-malware Smart Protect feature

qualcomm-signage

In a press release this morning, Qualcomm announced a brand new technology to help keep us protected from potential malware threats on our smartphones. Smart Protect will be built into chips in the near future and provide “real-time, on-device machine learning designed to support accurate and effective detection of zero-day malware threats for improved personal privacy and device security”. Qualcomm’s Snapdragon 820 chip will be the first to feature the new technology when it hits the market in 2016.


Expand
Expanding
Close

OxygenOS 1.0.2 update released with Stagefright patch for OnePlus One users

oxygenos

OnePlus One users running OxygenOS can now download the security patches to deal with the Stagefright vulnerability. OnePlus One announced in a blog post this morning that Oxygen OS 1.0.2 is now available to download, and fixes what some dubbed the worst Android vulnerability in the mobile device era. Customers are advised to ensure they back up all their data before flashing. Those using OxygenOS already won’t need to reset their devices.


Expand
Expanding
Close

Motorola confirms StageFright bug fix coming to 11 smartphone lines including new Moto X and Moto G

moto x style

Motorola has joined several other Android OEMs in confirming that it will be rolling out a StageFright software fix for many of its popular smartphone lines. As you’d expect, this includes the newly announced Moto X and Moto G handsets as well as a number of older devices.

The new devices will be patched from launch, while others may be subject to the usual carrier approval and testing. Carrier partners will receive the software and start testing on August 10th. In all, there are 200 variants of software to be patched, tested and released. So it could take time for you to get your fix.

The list of devices includes:

  • Moto X Style (patched from launch)
  • Moto X Play (patched from launch)
  • Moto X (1st Gen, 2nd Gen)
  • Moto X Pro
  • Moto Maxx/Turbo
  • Moto G (1st Gen, 2nd Gen, 3rd Gen)
  • Moto G with 4G LTE (1st Gen, 2nd Gen)
  • Moto E  (1st Gen, 2nd Gen)
  • Moto E  with 4G LTE (2nd Gen)
  • DROID Turbo
  • DROID Ultra/Mini/Maxx

As I’m sure you’re now aware, it recently came to light that Android had a serious, gaping hole left in its coding. Dubbed ‘Android’s worst vulnerability in Mobile OS history‘ StageFright would essentially allow anyone with the ability and motive to include malware in any video MMS message. It could potentially affect your phone before you even open or see the message. To be safe, be sure to read our guide on how you can protect yourself against it until your software fix arrives.

How to check & protect against the “worst Android vulnerability” ever, Stagefright

stagefright

When mobile security researchers recently discovered what they described as the “worst Android vulnerability in the mobile OS history,” there appeared little you could do about it beyond waiting for your carrier or manufacturer to push Google’s fix. The exploit could auto-run as soon as you received an MMS designed to trigger it, whether or not you opened the message.

The same researchers have now created an app that allows you to check whether or not your devices has been patched against Stagefright, together with a step you can take to prevent the exploit from running automatically … 
Expand
Expanding
Close

“Worst Android vulnerability in the mobile OS history” affects almost every Android phone, say researchers

Site default logo image

hangouts

Mobile security researchers at Zimperium say that they have discovered the “worst Android vulnerability in the mobile OS history” – and it can infect your smartphone simply by receiving an MMS message. Unlike most malware, it is not necessary to open the message in order for your phone to be compromised, reports NPR.

“This happens even before the sound that you’ve received a message has even occurred,” says Joshua Drake, security researcher with Zimperium and co-author of Android Hacker’s Handbook. “That’s what makes it so dangerous. [It] could be absolutely silent. You may not even see anything.”

Once the MMS has been received, it activates code which gives the attacker complete control of your Android device – everything from copying data to taking over the microphone and camera … 
Expand
Expanding
Close

Chrome extensions will soon require Chrome Web Store distribution for all Mac & Windows users

Site default logo image

Chrome-web-store-extensions-02

Back in May of last year, Google started enforcing a policy that requires Chrome extensions be hosted on its Chrome Web Store, but only on Windows. The goal was to prevent malware hidden in extensions installable from outside its store, and it even started disabling extensions already installed on users’ systems that weren’t hosted on the Chrome Web Store. Now, Google says it will bring that requirement to Mac Chrome users over the coming months, as well as the Chrome developer channel for Windows that wasn’t previously enforcing the policy:
Expand
Expanding
Close

Google-sponsored study says ad malware affects millions of users

Site default logo image
An example of a webpage made almost unusable by injected ads

An example of a webpage made completely unusable by injected ads

A Google-sponsored study carried out by the University of California, Berkeley and Santa Barbara found “tens of millions of instances” of ad malware in the course of just a few months. In all, they found that a staggering 5.5% of unique IP addresses – representing millions of users – were affected.

Ad injection malware drops its own ads into whatever web page an infected machine displays. Revenue from these ads is filtered through ad networks, where genuine companies end up paying the bills, effectively stealing revenue that should have gone to the websites themselves.

Some of this malware goes further than simply injecting ads … 
Expand
Expanding
Close

Report: Chinese smartphone maker Coolpad hides malicious backdoor on millions of Android devices

Coolpad

While most malware is the result of third-party attackers trying to gain access to your device or information, security research firm Palo Alto Networks has discovered that Chinese handset maker Coolpad has deliberately installed a backdoor on two dozen of its Android handset models. The so-called “CoolReaper” backdoor presents several security risks and is believed to impact over 10 million users.
Expand
Expanding
Close

Google Play Store now lets you flag content as inappropriate from the Web

Site default logo image

Google Play Store flag as inappropriate

The ability to flag content on the Google Play Store as inappropriate, a feature long available on Android, has recently hit the Web version as well. The link to do just that can now be found on the web interface under Report within the Additional information section of the content’s description. While the feature is likely targeted toward apps that may violate some policy or have a lower-than-appropriate content rating, it does extend to other media like books, music and TV shows, and music distributed on the Google Play Store as well.


Expand
Expanding
Close

Google-owned VirusTotal releases Mac-compatible version of malware detection app

Site default logo image

osx-app-screen[1]

Google-owned VirusTotal today released a version of the VirusTotal uploader application (via The Next Web) compatible with Mac OS X. Previously the software was only available for Windows-based machines.

VirusTotal Uploader works in conjunction with the VirusTotal web service to check files and links for malware. Google hopes that the release of the software for the Mac will help users more easily detect attacks on Apple’s platform. From the VirusTotal blog:


Expand
Expanding
Close

Google patches Android icon security flaw

Site default logo image

android-malware

Cyber security vendor FireEye recently announced that Google has patched a software flaw that left Android users open to phishing attacks. The firm says that it identified a malicious app that could modify the icons of other Android software applications. The strategy behind this attack, would be to trick an unknowing Android user into clicking a false app icon that would direct them to a phishing website.

These bogus sites would then try to steal their personal information. Some of the permissions attacked by the malware include  “com.android.launcher.permission.READ_SETTINGS” and “com.android.launcher.permission.WRITE_SETTINGS.” These permissions allow an application to reconfigure an Android device’s launcher, including its software icons.


Expand
Expanding
Close