News  Android
News  Android
Android two-factor authentication compromised


Malware known as "Android.Bankosy" has been identified by Symantec which attacks the SMS password two-factor authentication processes used by many online banking systems. Even the automated voice calls, which can be used as an alternative to the SMS method, can be intercepted by the attackers.

The malware has the ability to enable silent mode whilst locking the handset - this means the user is unaware they are being targeted.

Initially disclosed in 2014, variations of this malware have been detected which try to get the victim to enter their payment card details which are then forwarded on to the attackers,

The Bankosy trojan relies on a popup window which overlays a legitimate application, such as one for an online bank. 

News  Android
Lockscreen hack

Video shows how to hack affected handsets

When users hear about hacks to smartphones they usually conjure up images of darkened rooms, hunched figures over keyboards and masses upon masses of software tools, debuggers and general highbrow geekiness. A new hack has emerged which blows that away - it lets users (eventually) unlock a locked handset using nothing but their thumb. Ok, it's as tedious as it is ingenious, and it must be stressed upfront this doesn't hit all Android handsets - a fix has already been issued - but the video shows a hack that has to be admired for the convoluted way it achieves its objective.

News  Android

Messaging trojan discovered

The National Computer Virus Emergency Response Center in China is alerting users of a new Android virus discovered called Android/SmsSpy.ccr. The state news agency, Xinhuanet, is warning that it can create its own variants in a short time and so spreads quickly to other vulnerable handsets. The virus also blocks messages by giving infected devices the Android permissions required to receive, read and send SMS messages to any contact in the devices contact list.

The virus hides itself after infection by removing its icon from the launcher. It also "activates controls to prevent uninstallation", although what these are exactly is not specified.

VERC is advising concerned users not to open text messages from unknown senders. No word yet from the anti-virus providers on how serious this really is, but the usual advice regarding only installing software from trusted sources applies.

News  Android

Author worked at security company

The author of the Dendroid malware creation system has been caught and will be sentenced on December 2nd - he faces a maximum term of 10 years in prison and a $250,000 fine. According to his Linked In profile, he spent 4 months at FireEye working on improving Android malware detection tools.

Dendroid wasn't just a regular virus but formed an SDK - a set of tools which allowed other virus authors to develop them. A student of Carnegie Mellon University, the author Morgan Culbertson, 20, provided a system which let authors access the phones camera, downloaded audio and video and could record phone calls.