News  Android
News  Android

Legitimate banking app rebuilt to infect

Once again Android users are being warned of the dangers from loading apps from untrusted sources, such as the plethora of 3rd party app stores we've seen exploding over the web in the last 12 months. This time a legitimate banking app has been taken from the Play Store, reverse engineered and had code added which in effect, allows it to download and install malware at any point in the future. It's a Trojan for the smartphone itself.

It was spotted by Symantec in December 2014, but recently seems to have reared its ugly head again. To trick users into downloading extra malware, the app shows a popup saying "Google play need to be updated".

News  Android
Android malware time bomb

Millions of downloads

The usual advice given to smartphone users who want to avoid smartphone virus infections is to only download from trusted sources. That's been questioned recently following the discovery of an app in the Google Play store which pulls a sneaky new trick - it waits 30 days before plastering your handset with ads.

The app has between 5 and 10 million downloads and is a card game called Durak. It even shows the ads when you unlock your handset, i.e. the app itself isn't running at all.

Ads designed to scare

Even the actual ads shown aren't your regular pet food or soda drink offerings. These scare users with dire warning of their handset being riddled with pornography or viruses, and insist on clicking links to cure this which - you guessed it - just results in further malware being downloaded.

This new trend is a worry because of the time delay. Users often install an app, use it for a day or so then just leave it. So, if 30 days later their phone starts to misbehave there is no immediate connection between that and the app they ran. When you consider the number of apps users churn through in that time, tracking the offender down becomes nearly impossible.

News  Android
ASM Security

Android security is broken and we think we can fix it

North Carolina State University and the German institution Technische Universitat Darmstadt have created a proposal to radically shake up and harden the Android security model. Termed ASM, for Android Security Modules, the proposal is aimed at creating a flexible kernel capable of embracing current and future security systems without compromising functionality. 

There is a downside, however, in that implementing it requires some serious changes to the core Android security model - not least of which is root access to the devices - and these may well prove to be too difficult to implement whilst retaining backward compatibility with the millions of Android Apps currently available. Once installed however, root access isn't required for Apps to take advantage of the system from then on. The hope is that users won't see any of all this disruption, however, as manufacturers are encouraged to bake it into their devices so it's onboard when they leave the factory.

News  Android
SandroRAT is Android malware disguised as a security app

Beware SandroRAT: Android malware disguised as a security App

A nasty Remote Access Tool (RAT) has been uncovered which goes by the name of SandroRAT.

Disguised in a supposedly legitimate email from various respected financial institutions, the malware starts out by (ironically) warning users malware has been detected on their phone.

Once infected, compromised devices can find their SMS messages, contacts, call logs and browser history is then stolen and reported back to the bad guys. It can even activate the devices microphone, store recordings on the SD card and upload them remotely later.