Android Virus Protection?

[pureinsanity]

Just stumbled across this today! I think its time to get a Virus App for my Android!

Quote:

The folks over at Android Police published details yesterday of what they describe as “the mother of all Android malware” that was initially spotted by reddit contributor lompolo.

Lompolo posted details of 21 Android apps which were repackaged version of legitimate apps, at current count now more than 50 malicious apps appear to be involved. The repackaged versions include the rageagainstthecage or the exploid exploit which is capable of gaining root access to the device. Not only do these trojanised apps steal device details such as IMEI and IMSI but they also install further hidden malware which siphons even more user information off the device and into the hands of criminals. Further research from Android Police reports that this second payload also contains a dropper capable of downloading further code.

In a response to the intial posting by lompolo one of the developers of the legitimate apps that have been hijacked commented:

“I’m the developer of the original Guitar Solo Lite. I noticed the rogue app a bit more than a week ago (I was receiving crash reports sent from the pirated version of the app). I notified Google about this through all the channels I could think of: DCMA notice, malicious app reporting, Android Market Help…they have yet to respond. Thankfully this was posted on Reddit, since after the post the rogue dev and all his apps have been removed from the market. There really should be a faster/easier way to get Google to act on it!”

Trend Micro detect this threat (popularly known as DroidDream) as ANDROIDOS_LOTOOR.A, further details in the link.

During the five days these apps were available an estimated 50,000 downloads have taken place. Google have now pulled the apps and blocked the rogue developer from Android marketplace, they have also remotely removed the apps from affected handsets. Of course this remote kill switch will not remove any other code that may have been dropped onto the device as a result of the initial infection. So if you are one of the estimated 50,000 people who have downloaded these malicious apps it could be worth your while investigating the possibility of getting a replacement handset or reinstalling the operating system on the one you have if possible.

The Android app ecosystem is by definition open, there is a wide array of app stores available and apps can be published to the user community in minutes. This greater openness of the developer environment has been argued to foster an atmosphere of creativity, but as Facebook have already discovered it is also a very attractive criminal playground.

It is worth remembering that full security suites are now available for Google Android, such as this one. The number of threats to mobile platforms is growing and growing at a steady rate. Of course the sheer volume of mobile malware is a long way from the epidemic proportions of Windows based malware, but criminal interest is clearly there and growing. We see multi-platform attacks distributed by the same criminal groups that traditionally have focused on Wintel systems, and the growth in complexity of threats, for example ZeuS malware now incorporating mobile elements aimed at intercepting SMS banking authentication codes is striking. Criminals are driven by consumer behaviour and as the money-making opportunities move to mobile platforms criminals will, in fact already are, following.

More than 50 Android apps found infected with rootkit malware

Google acts to remove apps after developer finds 'DroidDream' malware can take over phone and send personal details to remote server (updated)

More than 50 applications on Google's Android Market have been discovered to be infected with malware called "DroidDream" which can compromise personal data by taking over the user's device, and have been "suspended" from the store.

Google removed the apps from the Market immediately on being alerted, but it is not clear whether it has removed them from devices to which they have been downloaded. As many as 200,000 Android devices could have been infected.

The revelation comes from Android Police, a news site on Google's operating system, which calls it "the mother of all Android malware", noting that its examination had found that it "steals nearly everything it can: product ID, model, partner (provider?), language, country, and userID. But that's all child's play; the true pièce de résistance is that it has the ability to download more code. In other words, there's no way to know what the app does after it's installed, and the possibilities are nearly endless."

Lookout, a security company, which in a blogpost lists the 50-plus apps discovered to be infected. (The list is also below, via Lookout.)

Smartphones running Google's Android software have become enormously popular and are reckoned to be close to taking over worldwide as the fastest-selling smartphone platform, ahead of Finland's Nokia. Its growth has been fuelled by the fact that the software is free to license, and for developers there is no charge or checks to putting apps on the Market – unlike Apple's iPhone App Store, which checks every app against a suite of tests for suitability before allowing it on its store.

That has led the Market to grow rapidly, but also makes situations like the latest one – which is not the first case of malware found on the Market – harder to avoid.

The malware was first discovered by a Reddit user, Lompolo, who spotted that the developer of one of the malware apps had also posted pirated versions of legit apps, using the developer name "Myournet". But two other developers' products have also been found to include DroidReam.

Lompolo noted that "Myournet" had "taken 21 popular free apps from the Market, injected root exploit

 into them and republished". More worryingly, those had seen between 50,000 and 200,000 downloads altogether in just four days.

DroidDream contains code which can "root" – take complete control of – a user's decice, and send detailed information such as the phone's IMEI (International Mobile Equipment Identity) and IMSI (International Mobile Subscriber Identity) numbers and send them to remote servers. But as Android Police's team found, the code can go much further in rooting through a phone.

Update: details of how the root code works are here. Note that this is a "privilege escalation" attack - once the app starts it uses the fact that it has user privileges to jump out of its sandbox and root the phone.

It's a rather brutal reminder of the fact that Android's openness is both a strength and, at times like this, a weakness – though Google's rapid action, in which it pulled the apps from the Android Market within just five minutes of being alerted, is encouraging.

It now looks likely that security companies will begin to compete to offer antivirus and anti-malware products for Android devices – which, given its rapid growth, could prove a fertile area for them with PC sales flat.

If you have downloaded any of the apps below, you should contact your phone company.

Full list of infected applications published by "Myournet": •

Falling Down • Super Guitar Solo • Super History Eraser • Photo Editor • Super Ringtone Maker • Super Sex Positions • Hot Sexy Videos • Chess • 下坠滚球_Falldown • Hilton Sex Sound • Screaming Sexy Japanese Girls • Falling Ball Dodge • Scientific Calculator • Dice Roller • 躲避弹球 • Advanced Currency Converter • App Uninstaller • 几何战机_PewPew • Funny Paint • Spider Man • 蜘蛛侠

Full list of infected applications published by "Kingmall2010″: • Bowling Time • Advanced Barcode Scanner • Supre Bluetooth Transfer • Task Killer Pro • Music Box • Sexy Girls: Japanese • Sexy Legs • Advanced File Manager • Magic Strobe Light • 致命绝色美腿 • 墨水坦克Panzer Panic • 裸奔先生Mr. Runner • 软件强力卸载 • Advanced App to SD • Super Stopwatch & Timer • Advanced Compass Leveler • Best password safe • 掷骰子 • 多彩绘画

Full list of infected apps under the developer name "we20090202″: • • Finger Race • Piano • Bubble Shoot • Advanced Sound Manager • Magic Hypnotic Spiral • Funny Face • Color Blindness Test • Tie a Tie • Quick Notes • Basketball Shot Now • Quick Delete Contacts • Omok Five in a Row • Super Sexy Ringtones • 大家来找茬 • 桌上曲棍球 • 投篮高手

the &#09283 are Chinese characters, that is why they do not show up on here.

I knew it was only time, but I didn't think it would happen this fast!

[Shack]

Every month there is talk about the new Android Virus.

Google:

Android Gets Its First Ever Virus--You're a Mandroid, My Son (Updated)

BY ADDY DUGDALETue Aug 10, 2010

Most all of the prior "virus" leaks where just rumor. Same with the iPhone. The only protection needed is keeping the end users phone from themselves and the app store and none app store sites.

I believe Android runs off the Linux plate form. All you need is a good firewall so no body can come into the phone via the wifi network and malware protection so no hitch hikers make money off of what your doing from some hidden feature of an unknown app. This just comes back to research on the phone users part. Virus spreading on Linux though, I honestly do not think this will ever be much of an issue.

Just watch out what app you are choosing to allow full access to or even allow minimal access on your phone. If it sounds too good to be true or is not a tried and true app, google it pass on it.

[pureinsanity]

I don't use many apps, and obviously if a flash light is asking for network permissions, and other things I would think something is up

I dont even use many apps anymore these days.

[upnorth]

Hackers love to cause problems.

[pureinsanity]

I have been hacked once, luckily it wasn't anything fancy and easily removed. I think i was 13-14 at the time?

I also remember in high school I some how worked my way into the novell system at school from the computer lab and was able to change teachers rights and gives students admin rights lol.

[Shack]

Yep, most people who hack do so for the principal of hacking and that is it. It is when this hack is spread to those who have a reason to hack and do not have instructions on the how to is when things go south.

[upnorth]

Yeah part of the reason Novell went by the wayside was the security was pretty lax.

Hackers, and others make a lot of work for people like me. Job security is one thing, the headaches are another.

[pureinsanity]

Ive always thought about starting strictly a malware removal business. But risky starting a business these days. Glad you have job security! I do now, unless this health care reform removes my position

[SkitterPopper]

There is virus protection out there. I looked into it and found a app called Lookout. This app has had the best reviews I could find. It scans every app that you download from the Market and then some. I don't know if it will help but it can't hurt.

[pureinsanity]

Trend Micro Makes one.

Also Symantec Norton makes one. go to their HSOforum on your mobile device. "us.norton.com"

[MN Mike]

Avg has one too I see, it's right on their homepage.

Mike

[delcecchi]

These days many hackers are also criminals, sorry to say.

[CAMAN]

I've used Lookout for the past 6 months or so and it's worked as far as I know. It hasn't alerted to anything bad but I do like how it quickly scans everything I download. It's probably just a peace of mind type thing but it seems to do what it is supposed to. They seem to do a regular update every couple weeks or so, so I feel they are trying to stay on top of all the new viruses and malware.

[SledNeck]

I havent got a virus on my iphone4 yet

[LMITOUT]

Don't pretend they don't exist because they do, and it was similar to what Android is dealing with.

The open style market that Android uses is the main reason why this is happening. The alternative is the locked-down version where you have to get Steve Jobs' blessing before an app is available.

Pick your poison.

Hackers are going to target the most popular platform, just like PC's, and guess who's number one in the smartphone market? I'll give you two clues: It ain't Blackberry(RIM) and it ain't Apple.

[Shack]

Or the easiest. You have open source on any level you will have hackers. Most of the "hacks" happen here and by legit people who find them. It takes a criminal to use the hack in an illegal way. Anyone who is at the level of searching out a hack knows it is just the same with finding a trace back for a conviction. The "I did it" is too much and it is leaked out to prove that person did. That is when things go south. Not saying an open source geek will not act upon what they have found, but most have an on-line image to tend to as us here at HSO. Figuring it out will get you credit & praise. Using it will get you banished and busted.

I assume Androidgeeks have declared this huh? Thanks to most being forced into this OS with the free upgrade, I could see how it could be on top right now. Jobs is alive & well with the force into the Android realm. Well, at least he gives Verizon customers an option now.

Still holding firm that Linux will hold back the real creepy stuff. With a billion dollar market to be had, a little scare now and then means money. If a roving worm was created & released that grew in a Linux portable device OS, I would doubt AVG's $5.00 (?) app would do anything. More of a piece of mind thing I would say. Just cause they have it don't mean it is good as gold. Apple store is full of $0.99-$5.00 apps that are bogus.

[Shack]

The alternative is the locked-down version where you have to get Steve Jobs' blessing before an app is available.

How is this any diffrent than having a third party app that tells you this is a bad thing or good thing (Google, no Android though, secure browser is famous for falsely dictating with rule of fear). Personally I can not stand Apple on a pc based iOS level and understand where this is a point where the "man" wins, but the security of Jobs rule has my phone more involved with stuff I just do not use with my pc for the fear of some radical reading and learning how to roll my bank and other account info from an updated gaming app that includes a modified piece of script. That is where my allegiance to Apple ends. It is up to me to protect my phone from their.

[LMITOUT]

Quote:

THE IPHONE 4 AND BLACKBERRY TORCH were hacked on day two of the Pwn2Own hacking contest in Vancouver, BC.

Charlie Miller, a researcher who has successfully performed Apple smartphone hacks in previous years, broke into the Iphone 4. He had help from his Independent Security Evaluators colleague Dion Blazakis, taking advantage of a browser flaw which has now been fixed in IOS 4.3.

[upnorth]

Ya beat me to it. I just read the same thing.

[Nick Kuhn]

I like Charlie Miller's quote:

"Owning a Mac is like having a place in the country with no locks, and owning a Windows machine is like having barred windows in the bad part of town."

Surprisingly though he didn't win the contest this year, as some other guy hacked a Mac in 5 seconds.

[LMITOUT]

LOL!

[upnorth]

I like Charlie Miller's quote:

"Owning a Mac is like having a place in the country with no locks, and owning a Windows machine is like having barred windows in the bad part of town."

Surprisingly though he didn't win the contest this year, as some other guy hacked a Mac in 5 seconds.

Good one Nick!!!

[Shack]

Ah you guys just hate stuff because of your man-love-pride thing.

I had a post typed out but really do not care much about about hackers & OS vs iOS. Just give me something electronic & cool no matter the brand name. I know many will never think like this and I understand mobile device OS's are like politics. You have your more inhibited & liberal Android and your conservative Apple.

Thing that cracks me up when Apple haters bring the Jobs topics is Jobs has nothing to do with their lives, based on what they have said in the past (or not said I guess), yet these people have so much distaste and even hate towards him? Almost like like that little school girl who pesters and harasses a boy like she hates him, but after all she really has a crush on him kind of way, yet even more childish.

[DTro]

I actually like the fact that Apple has introduced some ground breaking pop culture gadgets.

I also like the fact that a much better/cheaper open source copy of that gadget will be released a few months afterwards.

[LMITOUT]

Why Apple is so "special"