The image above illustrates just one attack vector, clickjacking – where the user thinks they are okaying one thing while invisibly okaying something else. For illustrative purposes, the researchers have made the real action visible behind the overlay, but in real use (seen in the video below) the permission box would be invisible to the user …
Malware Stories May 26, 2017
Malware Stories May 24, 2017
PSA: Many major media players vulnerable to attack via malicious subtitles files [Video]
Security researchers have discovered a surprising new way for attackers to gain control of a machine: malicious subtitles. The vulnerability is device-independent, meaning it could be used to gain control of anything from a smartphone to a PC or Mac.
Malware Stories May 4, 2017
Security company G Data says that a new piece of Android malware is discovered every 10 seconds. At this rate, the company is predicting that there will be 3,500,000 new malicious Android files by the end of the year.
The threat level for users with smartphones and tablets with an Android operating system remains high. In all, the G DATA security experts expect around 3.5 million new Android malware apps for 2017.
The company said that the risk was heightened by the fact that only a small minority of users are on the latest version of Android …
Malware Stories March 2, 2017
While it’s pretty rare that you’ll come across malware on Android, sometimes it slips through the cracks and presents a threat. Recently, though, a security firm made an interesting discovery ─ 132 apps on Google Play had been secretly hiding the capability to infect user devices with malware. Specifically, malware designed for Windows…
Malware Stories December 21, 2016
Malware Stories November 30, 2016
Revealed today by Check Point Research, there’s seemingly another Android malware campaign in the wild. This one goes by the name of Gooligan, and, according to Check Point, it’s already breached as many as 1 million Google accounts. And this number is still rising by 13,000 accounts on a daily basis.
Malware Stories August 8, 2016
Four separate vulnerabilities in Qualcomm chips – used in 80% of Android devices – could allow a rogue app to provide an attacker with complete control of the unit, including camera and microphone.
The combined flaws, dubbed Quadrooter, were discovered by CheckPoint researcher Adam Donenfeld, and presented yesterday at the Def Con 24 hacking conference …
Malware Stories July 5, 2016
Android malware known as HummingBad has so far infected 85M devices, putting data at risk, installing further malware and displaying ads sold by the Chinese company controlling it. The claims appear in a blog post by CheckPoint, the security company that first detected the malware.
The group tries to root thousands of devices every day and is successful in hundreds of attempts. With these devices, a group can create a botnet, carry out targeted attacks on businesses or government agencies, and even sell the access to other cybercriminals on the black market. Any data on these devices is at risk, including enterprise data on those devices that serve dual personal and work purposes for end users …
Malware Stories April 19, 2016
Google’s second annual Android security report reveals 6 billion apps checked for malware and PHAs every day
Android is widely considered by many to be the least secure of all mobile operating systems, but in recent years, Google has made serious efforts to change that perception. In its second annual security report, the company has revealed some mind-boggling numbers.
Malware Stories March 2, 2016
$17 smartwatch sending data back to China shows perils of buying unknown brands [Video]
Malware Stories February 16, 2016
Danish security firm Heimdal has detected a nasty piece of malware that spreads via SMS and tricks users into downloading a malicious app. The text message containing the download link has already been sent to 100,000 phones in Denmark, though common sense security practices should keep users safe.
Malware Stories January 8, 2016
ArsTechnica reports that Google has pulled 13 malicious apps from the Play store after they were found to make unauthorized downloads. The apps (listed below) are particularly dangerous in that they attempt to gain root privileges that would allow them to remain installed even after a factory reset.
The malware used a clever technique to make the apps appear safe, giving them high download numbers and positive ratings.
The apps are capable of using compromised devices to download and positively review other malicious apps in the Play store by the same authors. This helps increase the download figures in the Play Store.
Although the family of malware known as Brain Test has been around for a while, affected apps have previously only been found in third-party app stores. This is the first time Brain test apps have been found in the Google Play store …
Malware Stories September 7, 2015
Porn app for Android takes pictures of users, holds them for $500 ransom
BBC News reports that security firm Zscaler recently discovered an app for Android which advertised itself as a way to access pornography, but which actually blackmailed its users for money:
Adult Player appeared to offer pornography, but secretly took pictures of users with the phone’s front-facing camera.
It then locked the user’s device and displayed a demand for $500 (£330) which was difficult to bypass.
Ransomware is the name given to malicious software which gains access to a computer — desktop or otherwise — and then threatens to wipe the device or release private information gathered from it if the owner doesn’t send the demanded amount of money. The BBC for its report quotes Intel Security as saying examples of this software appearing in the wild have increased 127% since 2014. “Apps like this rely on the embarrassment factor. If you don’t pay, your reputation is on the line,” said Raj Samani, chief technology officer for Intel Security.
One very important line in this story is somewhat buried, however:
The app was not available from vetted storefronts such as Google Play, but could be installed directly from a webpage.
What this means is that for someone to actually install this ransomware on their Android device, they’d have to intentionally bypass the security measures put in place specifically to prevent nightmares like what this software can do from occurring. And it’s clear that from descriptions of the app that its misbehaviors, like locking the device and constantly displaying messages across the system, would be blatant enough to trip up Google’s Bouncer anti-malware screening:
Zscaler said the app’s ransom message kept the phone’s screen switched on at all times, and reappeared if the handset was restarted.
Samani’s advice for steering clear of software like Adult Player is the same thing we heard during the desktop era:
Only download apps from the proper Google Play store. And if you receive an app download link in an email, don’t click it.
When it comes to software-based technology, attackers will always be digging from new exploits which means us consumers will always be on the defense. This is another case in particular, however, where the solution is simple: Download your apps and files from reputable providers, and if you need to download a new app store altogether, like Amazon’s, grab it straight from their official HTTPS-secured website.
Malware Stories August 31, 2015
In a press release this morning, Qualcomm announced a brand new technology to help keep us protected from potential malware threats on our smartphones. Smart Protect will be built into chips in the near future and provide “real-time, on-device machine learning designed to support accurate and effective detection of zero-day malware threats for improved personal privacy and device security”. Qualcomm’s Snapdragon 820 chip will be the first to feature the new technology when it hits the market in 2016.
Malware Stories August 14, 2015
OxygenOS 1.0.2 update released with Stagefright patch for OnePlus One users
OnePlus One users running OxygenOS can now download the security patches to deal with the Stagefright vulnerability. OnePlus One announced in a blog post this morning that Oxygen OS 1.0.2 is now available to download, and fixes what some dubbed the worst Android vulnerability in the mobile device era. Customers are advised to ensure they back up all their data before flashing. Those using OxygenOS already won’t need to reset their devices.
Malware Stories August 10, 2015
Motorola confirms StageFright bug fix coming to 11 smartphone lines including new Moto X and Moto G
Motorola has joined several other Android OEMs in confirming that it will be rolling out a StageFright software fix for many of its popular smartphone lines. As you’d expect, this includes the newly announced Moto X and Moto G handsets as well as a number of older devices.
The new devices will be patched from launch, while others may be subject to the usual carrier approval and testing. Carrier partners will receive the software and start testing on August 10th. In all, there are 200 variants of software to be patched, tested and released. So it could take time for you to get your fix.
The list of devices includes:
- Moto X Style (patched from launch)
- Moto X Play (patched from launch)
- Moto X (1st Gen, 2nd Gen)
- Moto X Pro
- Moto Maxx/Turbo
- Moto G (1st Gen, 2nd Gen, 3rd Gen)
- Moto G with 4G LTE (1st Gen, 2nd Gen)
- Moto E (1st Gen, 2nd Gen)
- Moto E with 4G LTE (2nd Gen)
- DROID Turbo
- DROID Ultra/Mini/Maxx
As I’m sure you’re now aware, it recently came to light that Android had a serious, gaping hole left in its coding. Dubbed ‘Android’s worst vulnerability in Mobile OS history‘ StageFright would essentially allow anyone with the ability and motive to include malware in any video MMS message. It could potentially affect your phone before you even open or see the message. To be safe, be sure to read our guide on how you can protect yourself against it until your software fix arrives.
Malware Stories August 7, 2015
When mobile security researchers recently discovered what they described as the “worst Android vulnerability in the mobile OS history,” there appeared little you could do about it beyond waiting for your carrier or manufacturer to push Google’s fix. The exploit could auto-run as soon as you received an MMS designed to trigger it, whether or not you opened the message.
The same researchers have now created an app that allows you to check whether or not your devices has been patched against Stagefright, together with a step you can take to prevent the exploit from running automatically … expand full story
Malware Stories July 27, 2015
Mobile security researchers at Zimperium say that they have discovered the “worst Android vulnerability in the mobile OS history” – and it can infect your smartphone simply by receiving an MMS message. Unlike most malware, it is not necessary to open the message in order for your phone to be compromised, reports NPR.
“This happens even before the sound that you’ve received a message has even occurred,” says Joshua Drake, security researcher with Zimperium and co-author of Android Hacker’s Handbook. “That’s what makes it so dangerous. [It] could be absolutely silent. You may not even see anything.”
Once the MMS has been received, it activates code which gives the attacker complete control of your Android device – everything from copying data to taking over the microphone and camera … expand full story
Malware Stories May 13, 2015
Back in May of last year, Google started enforcing a policy that requires Chrome extensions be hosted on its Chrome Web Store, but only on Windows. The goal was to prevent malware hidden in extensions installable from outside its store, and it even started disabling extensions already installed on users’ systems that weren’t hosted on the Chrome Web Store. Now, Google says it will bring that requirement to Mac Chrome users over the coming months, as well as the Chrome developer channel for Windows that wasn’t previously enforcing the policy: expand full story
Malware Stories May 6, 2015
A Google-sponsored study carried out by the University of California, Berkeley and Santa Barbara found “tens of millions of instances” of ad malware in the course of just a few months. In all, they found that a staggering 5.5% of unique IP addresses – representing millions of users – were affected.
Ad injection malware drops its own ads into whatever web page an infected machine displays. Revenue from these ads is filtered through ad networks, where genuine companies end up paying the bills, effectively stealing revenue that should have gone to the websites themselves.
Some of this malware goes further than simply injecting ads … expand full story
Malware Stories December 17, 2014
While most malware is the result of third-party attackers trying to gain access to your device or information, security research firm Palo Alto Networks has discovered that Chinese handset maker Coolpad has deliberately installed a backdoor on two dozen of its Android handset models. The so-called “CoolReaper” backdoor presents several security risks and is believed to impact over 10 million users. expand full story
Malware Stories July 16, 2014
The ability to flag content on the Google Play Store as inappropriate, a feature long available on Android, has recently hit the Web version as well. The link to do just that can now be found on the web interface under Report within the Additional information section of the content’s description. While the feature is likely targeted toward apps that may violate some policy or have a lower-than-appropriate content rating, it does extend to other media like books, music and TV shows, and music distributed on the Google Play Store as well.
Malware Stories May 26, 2014
Google-owned VirusTotal today released a version of the VirusTotal uploader application (via The Next Web) compatible with Mac OS X. Previously the software was only available for Windows-based machines.
VirusTotal Uploader works in conjunction with the VirusTotal web service to check files and links for malware. Google hopes that the release of the software for the Mac will help users more easily detect attacks on Apple’s platform. From the VirusTotal blog:
Malware Stories April 15, 2014
Cyber security vendor FireEye recently announced that Google has patched a software flaw that left Android users open to phishing attacks. The firm says that it identified a malicious app that could modify the icons of other Android software applications. The strategy behind this attack, would be to trick an unknowing Android user into clicking a false app icon that would direct them to a phishing website.
These bogus sites would then try to steal their personal information. Some of the permissions attacked by the malware include “com.android.launcher.permission.READ_SETTINGS” and “com.android.launcher.permission.WRITE_SETTINGS.” These permissions allow an application to reconfigure an Android device’s launcher, including its software icons.
Malware Stories October 31, 2013
Google added automatic malware blocking to latest ‘Canary’ build of Chrome
Bad guys trick you into installing and running this kind of software by bundling it with something you might want, like a free screensaver, a video plugin or—ironically—a supposed security update. These malicious programs disguise themselves so you won’t know they’re there and they may change your homepage or inject ads into the sites you browse […]
In the current Canary build of Chrome, we’ll automatically block downloads of malware that we detect.
Confusingly, Google has four versions of its Chrome browser available at any one time: the official, public release; a developer version; a beta version, for those who want early access to new features; and Canary. Canary is essentially a beta version that installs as a second browser, so you can use that most of the time and fall back to the official version if something doesn’t work.
While not all Canary features make it into the official build, this one seems likely to – and would make Chrome the ideal browser to recommend to any of your less-techy family and friends who cheerfully download anything and everything, usually identifiable by the fact that the top half of their browser window comprises half a dozen different toolbars …
Malware Stories July 9, 2013
Google patches Android to block application signature vulnerability
Google has issued a patch to handset manufacturers to block a security hole that could, in theory, allow almost any Android application to be turned into malware, reports ZDNet.
It doesn’t get much scarier than this. Bluebox Security claimed to have discovered a vulnerability in Android’s security model that could allow attackers to convert 99 percent of all applications into Trojan malware. Google has told ZDNet that the hole has been patched and that it has been released to original equipment manufacturers (OEM)s.
Handset and tablet owners will have to rely on the manufacturer to push the patch to their device, but the vulnerability isn’t as scary as it sounds. While it would in principle allow an attacker to change almost any application to malware without Android detecting the change, Google reports that there is no evidence of the exploit having actually been used.
“We have not seen any evidence of exploitation in Google Play or other app stores via our security scanning tools. Google Play scans for this issue – and Verify Apps provides protection for Android users who download apps to their devices outside of Play,” said Gina Scigliano, Google’s Android Communications Manager.
Malware Stories June 26, 2013
Google’s latest Transparency Report reveals that the company is flagging 10,000 websites a day as unsafe due to phishing and malware, with around a billion people protected.
So in 2006 we started a Safe Browsing programto find and flag suspect websites. This means that when you are surfing the web, we can now warn you when a site is unsafe. We’re currently flagging up to 10,000 sites a day—and because we share this technology with other browsers there are about 1 billion users we can help keep safe … expand full story
Malware Stories April 9, 2013
Malware Stories July 19, 2011
If found in their data center’s servers, Google will now notify you if you have malware running on your computer when making a Google Search. Google announced the new feature today, and hopes to use their vast wealth of information to make this effective. Google explains:
Recently, we found some unusual search traffic while performing routine maintenance on one of our data centers. After collaborating with security engineers at several companies that were sending this modified traffic, we determined that the computers exhibiting this behavior were infected with a particular strain of malicious software, or “malware
Obliviously this won’t pick up every single piece of malware out there, but it’s a nice little addition to an already great search platform.