'Fee-Deduction' Malware On Android Spotted In the Wild 169
wiredmikey writes "New malware has been discovered embedded in more than 20 Android applications circulating via various forums on the Internet which auto-dials phone numbers to incur high user fees. Dubbed BaseBridge, the malware can be embedded in legitimate applications, and during the application's installation, the malware prompts the user to upgrade. If the user chooses to upgrade, the malware is installed on the Android device under the name 'com.android.battery'. Then, another prompt would pop up to ask the user to restart the app to run it, and the malware is formally activated upon restart. Once activated, the malware can activate three malicious services — AdSmsService, BridgeProvider and PhoneService, to communicate with a control server, from which it will download a configuration file to read related information and dial calls or send out SMS messages, incurring fees for users."
Rather selfish (Score:2, Interesting)
That is the treat of sideloading. And I wouldn't give it up for anything.
So you would doom millions to be raked over the coals by exploits like this, all so you can sideload. Awesome.
Shouldn't the model be more of one where people who cannot manage systems have systems pre-secured for them, and the ones who can handle security can open them?
It's worked well for iOS from a security standpoint.