Forgot your password?
typodupeerror
Android Security News

SMS-Controlled Malware Hijacking Android Phones 94

Posted by samzenpus
from the Taking-over dept.
wiredmikey writes "Security researchers have discovered new Android malware controlled via SMS that can do a number of things on the compromised device including recording calls and surrounding noise. Called TigerBot, the recently discovered malware was found circulating in the wild via non-official Android channels. Based on the code examination, the researchers from NQ Mobile, alongside researchers at North Carolina State University said that TigerBot can record sounds in the immediate area of the device, as well as calls themselves. It also has the ability to alter network settings, report its current GPS coordinates, capture and upload images, kill other processes, and reboot the phone. TigerBot will hide itself on a compromised device by forgoing an icon on the home screen, and by masking itself with a legit application name such as Flash or System. Once installed and active, it will register a receiver with a high priority to listen to the intent with action 'android.provider.Telephony.SMS_RECEIVED.'"
This discussion has been archived. No new comments can be posted.

SMS-Controlled Malware Hijacking Android Phones

Comments Filter:
    • I'm having a hard time understanding why anyone would install the typical greyware apps from a random source outside of the android market... seems pretty risky.

      • Re: (Score:1, Flamebait)

        by OzPeter (195038)

        I'm having a hard time understanding why anyone would install the typical greyware apps from a random source outside of the android market... seems pretty risky.

        Because they're free to do so .. not like those Apple hipsters that force you to use their walled garden.

        What's the point of a differentiating your market (walled vs non-walled) if your customers can't exploit all of the possibilities?

        So the Android crowd has traded oversight for freedom, and rationalized that the risk is worth it..

        • I've used both platforms, and both seem to have an 'approved' appstore and both can access others by jailbreaking (sic). Even the android phones I used were locked down by the carrier to only use the 'real' appstore. I don't see what the substantive difference is in those kinds of cases.

          • by chrb (1083577)

            both can access others by jailbreaking (sic)

            Most Android phones will, without rooting, happily allow you to load an .apk archive from the web, or over USB (with debugging enabled in settings), or to add a new app store (enable "unknown sources" in settings). The only carrier I heard of that blocked third party app stores was AT&T, and they caved when their customers started demanding access to the Amazon Appstore. There are millions of people using the Amazon Appstore, and the vast majority have not jailbroken their phones. Even the Amazon specif

          • by Krojack (575051)
            I've used 2 different Android phones from 2 different carriers. Neither were locked down.

            Settings -> Applications and check "Unknown sources" which is always disabled by default.
          • Re:NQ Mobile link (Score:5, Informative)

            by mean pun (717227) on Monday April 09, 2012 @03:12PM (#39621759)

            I've used both platforms, and both seem to have an 'approved' appstore and both can access others by jailbreaking (sic). Even the android phones I used were locked down by the carrier to only use the 'real' appstore. I don't see what the substantive difference is in those kinds of cases.

            Apart from what others have posted: the apps in the Google App store are hardly vetted: any developer can post whatever s/he likes, and it is immediately available in the store. Google may remove the app later on if it breaks some of the rules, and I don't think that happens very often. In contrast, Apple checks every version of every app, and only when it is approved it is published.

            • by dudpixel (1429789)

              Google do run automated checks against every app that is submitted on android market.

              It works much like antivirus I suppose, and is continually improving. This is since mid 2011.

              Its not as "free for all" as you might expect.

              Apple have gone for a more radical approach, but remember there are pros and cons with both.

              Just owning an android phone does not mean you will have your data compromised.

              • by Xest (935314)

                In reality Apple's checks wont be much better anyway, there's now over 600,000 apps on the app store, and only 4 years since the app store opened up which means an average of over 400 apps submitted each day.

                To do any kind of worthwhile security audit on that you'd need more than a day per app, and you'd need some pretty skilled staff. Factor in weekends, and holidays, and you'll be looking at well over 1,000 staff just to do this. you then have to factor in costs of supporting those staff - premises, elect

                • by mean pun (717227)

                  I think you underestimate the repetition there is in the app market: identical book wrappers around hundred of different books, club/idol fan apps that are identical except for a few logos and urls, and so on. And not every app is regularly updated.

                  Moreover, Apple has strict guidelines about good coding practices, and they have the tools to enforce them on the source code. That's much more than the Android market does, even counting the virus checking that the parent post mentions. So even if all Apple w

                  • by Xest (935314)

                    Whilst the points you mention may improve quality, they do absolutely nothing to protect against a determined attacker and that's precisely the problem here. Repetition and so forth is entirely irrelevant, the same features do not equate to the same executable code, and when the executable code is different there is always scope for subtle introduction of an exploit.

                    Code inspection tools aren't going to highlight any differences as a result of improved code quality though regardless, the fact is that the co

        • Re: (Score:3, Insightful)

          by Anonymous Coward

          That's not the WHY though.

          They WHY is because people with the 'click' mentality, that is stronger on a mobile, have less fear of adding a possibly infected program. I just don't think the regular Joes of the world have as much awareness of possible malware laden software when it comes to their phone.

      • Re:NQ Mobile link (Score:5, Informative)

        by tlhIngan (30335) <slashdot AT worf DOT net> on Monday April 09, 2012 @01:01PM (#39620279)

        I'm having a hard time understanding why anyone would install the typical greyware apps from a random source outside of the android market... seems pretty risky.

        Easy - piracy. It's the same reason people will happily torrent new release games and applications and run them on their PCs, or download Windows 7 to install on a brand new PC. Hell, malware infested versions of OS X and Photoshop abounded a couple of years ago (they installed a botnet client during the install).

        And face it - a large number of places do not support Google Wallet/Checkout/whatever, especially in places like China. They might now, but once a habit is ingrained, it tends to stay such.

        These sites popped up because of that (you couldn't get the app otherwise) and the end result is they florished and people pretty much got used to the idea of "apps are free" - why pay $2 at Play when your favorite app site has it for free within hours? And if you didn't know of any, your friends who told you what phone to get will steer you in the right direction.

        Even Google's DRM thing isn't that effective - I have seen many DRM-cracker apps available on the torrents that remove it from an APK file.

        And let's not even begin to talk about AOSP-based phones which have to be rooted/hacked to run Play - it's often easier to just download the damn app for free than hack in Play or hope that whatever market came with the device (if any) will carry it.

        For those, perhaps many of these stores have their own market apps and they get preloaded, so users don't know any better. Especially if normal developers also use those stores

        Heck, you should see the iOS piracy sites sometimes - they get overrun with people who buy the latest Apple iDevice and plead "HOW DO I INSTALL?!?!? I NEED IT NOW!!!" long before jailbreaks are released (you have to jailbreak to install the modified installer binary to allow unsigned stuff to run). Of course, without that 15-minute Google refund thing, new apps actually have to be bought and paid for, so app selection is far more limited.

        That, and Apple tends to ensure everywhere they can officially buy devices to access the App Store, Apple is right there willing to sell. (The biggest news is that Apple finally allowed Chinese customers pay in Yuan instead of US dollars).

        • by Rasperin (1034758)
          How about for apps like the Amazon app store (where you get the free app of the day) and the Hulu app (which is a free app, but isn't on the market for my Samsung Galaxy S II) I had to download a hacked version of it to run it on my phone.
        • by Inda (580031)
          The largest problem with 'grey' sites is the constant stream of app updates that the market (Play) will not handle. I have uninstalled most of my apps because of crashes and bugs - both of which are probably fixed but I couldn't find the APKs quickly.
      • by Hentes (2461350)

        From the articles it seems that the malware can't circumvent the permission system. If you give unlimited permissions to untrusted apps you have only yourself to blame, but otherwise you don't have to worry about where your apps came from.

      • Actually, some of these come from the market as well. That is why I wish that Google would create another market in which code is looked over for security reasons and then the app is sold (say .99 like Apple's). While I would likely not do this, my 70 y.o. parents as well as my in-laws, WOULD. They need to KNOW that there is very little risk for them. And if it means constraining their selection a bit and having to pay a small amount, they are fine with it. I suspect that a number of regular users would be
      • by thegarbz (1787294)

        I don't understand why anyone would install any non-Microsoft software on a windows computer. It seems pretty risky. I mean there's all sorts of things programs are known for including leaking your information onto the internet, phoning home to the vendor, serving up unwanted ads, and all of that just in legitimate non-malware apps.

        It's even worse on windows machines because when I install an application I don't get given a list of specific permissions it has, such as access to my harddisk, internet, webcam

    • Dr. Xuxian Jiang [ncsu.edu] has been busy identifying all sorts of Android malware.

  • by Neil_Brown (1568845) on Monday April 09, 2012 @12:33PM (#39619917) Homepage

    ... such as Flash...

    I'm sure there's a joke in here somewhere, but I can't find it...

    • I was about to ask how does this malware gets installed in the phones on the first place. But now after reading your post, I can see this was all a joke so I feel safe again.
      So... where is the joke anyhow? I don't appreciate you leaving the question half answered, you insensitive clod!

  • And quietly wondering what "SMS-Controlled Mahjong Android Phones" were?
  • Not News (Score:5, Insightful)

    by girlintraining (1395911) on Monday April 09, 2012 @12:37PM (#39619967)

    Downloading things from backwater websites has a higher risk of malware being present than downloading from reputable sources. ...That's some fine detective work there, Lou.

    More seriously; It shouldn't come as any surprise that given how valuable your location data and personal information is, and how much of that is stored on a cell phone, and how most companies have declared themselves to have absolute rights to it (go ahead, try and stop us! *evil overlord laugh*), it shouldn't be surprising that other people (legitimately or otherwise) are hopping on the "All Your Privacy Are Belong To Us" gravy train.

    So people will be all like "Oh noes! Someone wrote an evil bot!" ... Of course, they'll forget that the malware that the telecos have loaded on your phone makes that look positively amateur.

    • Re:Not News (Score:4, Interesting)

      by OzPeter (195038) on Monday April 09, 2012 @12:47PM (#39620095)

      Downloading from reputable sources

      I'm genuinely curious .. how does the Android marketplace (and I mean this generally) define and validate a "reputable source'?

      • by chrb (1083577)

        Downloading things from backwater websites has a higher risk of malware being present than downloading from reputable sources

        how does the Android marketplace (and I mean this generally) define and validate a "reputable source'?

        The same way you defined and validated a "reputable source" before - we have had personal computers for several decades now, and this problem has always existed, and yet we managed to cope.

        There is no magic bullet solution - the Apple app store has exactly the same problem, in that you are allowing a random unknown developer somewhere in the world to run his code on your device. The only difference is that, with Apple's store, the developer has to pay some money to register. It's a slightly higher financ

  • by Bigby (659157) on Monday April 09, 2012 @12:38PM (#39619975)

    If you root your phone, your phone could be rooted!

  • by acidradio (659704) on Monday April 09, 2012 @12:41PM (#39620013)

    I can't record my own audio on my Android phone but a malware app can? So let me get this straight - to get what I believe should be a regular functionality I have to have someone install a malware app? Ridiculous. This is almost like giving someone syphillis to cure them of AIDS!

    • by bartoku (922448)
      I came hear to complain about the same thing. I have had little luck with Android phone recording apps. If they sold this Trojan in the Android Market, I mean Google Play, they could make some mad cash!
    • by jeffmeden (135043)

      I can't record my own audio on my Android phone but a malware app can? So let me get this straight - to get what I believe should be a regular functionality I have to have someone install a malware app? Ridiculous. This is almost like giving someone syphillis to cure them of AIDS!

      FUD much? Like there aren't a dozen call recording apps in the (legit version of the) app market, that keep you miles away from any malware like this article mentions?

      • But all of them require you to turn on speakerphone mode, since they can't record directly from the mouthpiece. At least, last time I checked, that was true.

        • by LiENUS (207736)
          Not all do. I use total recall call recorder on my galaxy s2 just fine without speakerphone.
    • Honestly, I'd rather have syphilis than AIDS. At least there's a cure for syphilis: penicillin. There's not cure for AIDS yet.

  • I've been waiting for an app that allows me to directly record calls on my DX... now, it seems someone has figured out how to make that happen.

    On the downside, they stuck the code in some malware I have no intention of installing.

    On the up side, someone wrote the code that allows such recording, so making an app that utilizes said code without the whole 'botnet' aspect should be fairly easy, right?
    • by robmv (855035) on Monday April 09, 2012 @01:22PM (#39620509)

      ohh please stop trolling and use the Market/Play search box [google.com]

      • by H0p313ss (811249)

        ... my kingdom for a mod point...

      • by geminidomino (614729) on Monday April 09, 2012 @01:33PM (#39620631) Journal

        Was going to mod you down, but I'll post instead. Did you even LOOK at the results page you linked to? There are a handful of call recording apps (which don't seem to work on most phones. I've tried all of the ones on page 1 on both my Moment and my Evo 4G), and nine hundred and something apps with the word "call" or "record" somewhere in there.

        You'd think that an app store run by google would have smarter search capabilities...

      • ohh please stop trolling and use the Market/Play search box [google.com]

        At last check (which, granted, was several months ago) all "call recording" apps for the DX do not record the call stream, but rather use the speaker to record calls through the mic.

        But by all means, continue with your childish assumptions. After all, what fun would the internet be if everyone actually owned a clue?

        • by GIL_Dude (850471)
          One solution would be to use Google Voice and allow the call to be recorded on Google's system. Then you can access the recording from your phone, your computer, etc. I got my GV number well before you could "port" a number to GV, so I got a new number. I know that is a deal breaker for some folks so look into porting your existing number to GV. It definitely lets you record calls with no problem at all.

          I guess I should point out that the service is still mostly USA only.
          • One solution would be to use Google Voice and allow the call to be recorded on Google's system. Then you can access the recording from your phone, your computer, etc. I got my GV number well before you could "port" a number to GV, so I got a new number. I know that is a deal breaker for some folks so look into porting your existing number to GV. It definitely lets you record calls with no problem at all. I guess I should point out that the service is still mostly USA only.

            Although my goal would be to have a local recording (i.e., process is not reliant on someone else's equipment), I'll have to check your solution out. While not ideal, it's better than nothing.

            Much 'preciated.

            • Using sipdroid with Google Voice or any SIP provider you can record calls locally, silently and if wanted, automatically. I assume other similar apps (like csipsimple) behave similarly, but I've only used sipdroid personally.

              Google Voice alone will record calls if you press 4 during the call, but does not record locally and announces that you are recording to both sides of the call. You have to enable this feature first. See: http://support.google.com/voice/bin/answer.py?hl=en&answer=115082 [google.com]

              As always, be

              • Oh, and so you're aware, Google Voice (alone) cannot record outbound calls. Page linked in my previous post explains that as well. Apps such as sipdroid do not have this limitation.

                • Thanks, I'll be looking into your suggestion.

                  As always, be familiar with the laws about recording telephone calls in your jurisdiction. If unsure, don't. ;)

                  Good advice; Fortunately, I live in a "one-party consent" state, meaning that so long as at least 1 person in the call knows it's being recorded, everything is legal beagle :D

        • by robmv (855035)

          someone wrote the code that allows such recording

          The same kind of hacks those applications do, so you want the same thing that malware do without the malware part, so I pointed you to the search where the first and second application tell you that there is no API for that and that they some tricks (that works on some devices

        • by Inda (580031)
          Not true.

          Total Recall rings a bell. It's the app I was using to record calls before it started behaving badly on my S2 and I had to uninstall it (warez, say no more).

          It was a fantastic app though.
          • Samsung S2 != Motorola DX

            If I'm not mistaken (which I could be, as it's been some time since I researched this), Motorola actually locks the call stream access functionality out of their devices at the hardware level, meaning that no matter what, an app cannot access the inbound call stream.

            Why they would do this to their customers is beyond me.
      • A app store put together by Google has a crappy search engine. Talk about irony.

        When I search for stuff in the Play Store (what a stupid name change) the problem usually isn't no results. The issues is there's no preferences to sort by highest rated or other criteria. Most searches return dozens of hits but it's a mixed bag as far as relevancy.

  • by Scutter (18425) on Monday April 09, 2012 @01:08PM (#39620353) Journal

    This is not the first Android malware reported, and the story is always missing three key pieces of information:

    1) What applications (or sites) were hosting the malware so that we can check to see if we have those apps.

    2) How to tell if you are infected (and saying "it will register a receiver with a high priority to listen to the intent with action 'android.provider.Telephony.SMS_RECEIVED" doesn't really explain anything, especially to the layperson).

    3) What to do about it if you are infected.

    This story is no different

    • by Critical Facilities (850111) on Monday April 09, 2012 @03:50PM (#39622121) Homepage

      2) How to tell if you are infected

      3) What to do about it if you are infected

      This [avg.com] would probably be a good place to start.

      • by dudpixel (1429789)

        android market already automatically scans all apps for known threats. its like running avg on the store, rather than on your phone.

        my recommendation is to use avg etc only for alternative store downloads

    • by gl4ss (559668)

      *
      2) How to tell if you are infected (and saying "it will register a receiver with a high priority to listen to the intent with action
      'android.provider.Telephony.SMS_RECEIVED" doesn't really explain anything, especially to the layperson).
      *
      I guess if you knew the control sequence on the sms you could try sending yourself one and see if it vanishes before the os tells you of an incoming message. that's what you can do on android sms received intent.. you can change your priority to be higher than than the buil

  • This is not available on AndroidMarket/GooglePlay, so how widespread is it?

    "TigerBot hasnâ(TM)t yet surfaced in Google Play (formerly Googleâ(TM)s Android Market) but does appear to be making the rounds on alternative markets." TFA [threatpost.com]

C'est magnifique, mais ce n'est pas l'Informatique. -- Bosquet [on seeing the IBM 4341]

Working...