Forgot your password?
typodupeerror
Android Security News

Over 60% of Android Malware Hides In Fake Versions of Popular Apps 111

Posted by Soulskill
from the 60-percent?-that's-almost-80-percent! dept.
An anonymous reader writes "Like any popular platform, Android has malware. Google's mobile operating system is relatively new, however, so the problem is still taking form. In fact, it turns out that the larger majority of threats on Android come from a single malware family: Android.FakeInstaller, also known as OpFake, which generates revenue by silently sending expensive text messages in the background. McAfee says that the malware family makes up more than 60 percent of Android samples the company processes."
This discussion has been archived. No new comments can be posted.

Over 60% of Android Malware Hides In Fake Versions of Popular Apps

Comments Filter:
  • by Terry Pearson (935552) on Friday October 05, 2012 @05:08PM (#41563003) Homepage Journal

    Meh...

    If you are not smart enough to install non-market Android apps, you have no problem.

    If you are smart enough to install non-market Android apps, you know what you are getting into.

    With great power comes great responsibility. I think these pieces keep surfacing because the Anti-Virus companies desperately need to get into this market. They see it is the future and they want a piece of it.

    • by icebike (68054) *

      If you are smart enough to install non-market Android apps, you know what you are getting into.

      Unfortunately, that is not true. If it did require smarts there wouldn't be a problem.

      There are far too many people that are duped into downloading from other than trusted sources.
      And it doesn't take a rocket scientist to check that box in settings that allows installation from untrusted sources. Most of these dodgy websites explain exactly what to check and uncheck to get their malware to install. Your average 14 year old teenager as well as your mom can make this change with four screen taps, and inst

      • by tlhIngan (30335)

        Its simply greed on the part of handset owners to try to scam a $2.00 app for nothing.

        Well, what you mean is "piracy". It's just people pirating apps, just like they pirate movies, music, software, etc.

        And piracy always exists, though the extent of which is debatable. Figures tossed around can easily be 90% on PCs and Androids, while "walled garden" devices like consoles, iOS, and Steam are far lower - 10% or so by other estimates. (Though, given that the Wii and PS3 are completely "open" at this point, how

        • Steam games are pirated all the time. It has nothing to do with being a walled garden it has to do with usability. If the pirated and non-pirated version are the same thing, or roughly the same thing, people will pirate it, as long as its not too hard to. Thats why even people who pirate xbox games usually have 2 xboxes, so they can legally purchase and play online centered games, which while possible to pirate, provide a vastly different experience than their pirated counterparts.
      • by mrbester (200927)

        The Amazon App Store app isn't on Play so you have to sideload by checking the box in the first place. I haven't seen anything from Amazon saying you should uncheck it after installation for your own protection.

      • And it doesn't take a rocket scientist to check that box in settings that allows installation from untrusted sources.

        checking the box in android puts up a sufficiently scary warning first. if you aren't going to read that or choose to ignore it, then you'll get what's coming to you. in the same way you will if you enter your root / admin password every time it pops up in windows / mac / linux.

        • by icebike (68054) *

          checking the box in android puts up a sufficiently scary warning first. if you aren't going to read that or choose to ignore it, then you'll get what's coming to you. in the same way you will if you enter your root / admin password every time it pops up in windows / mac / linux.

          Yup, another click thru message that nobody reads, and fewer understand.

          The claim was made:

          If you are smart enough to install non-market Android apps, you know what you are getting into.

          And nothing you've said convinces me that statement is true.

          All evidence suggests you don't need to be smart to install non-market apps, and the warning solves nothing.
          In fact intelligence is contraindicated for the installation of non-market apps.

      • by cjjjer (530715)

        And it doesn't take a rocket scientist to check that box in settings that allows installation from untrusted sources.

        So Android is becoming the next Windows with regards to user intelligence?

        • by icebike (68054) *

          So Android is becoming the next Windows with regards to user intelligence?

          Android at least assumes user intelligence, even if it fails to materialize.
          Apple just denies the possibility of user intelligence and spoon feeds you. For their customer base, they are probably correct.

          • by CastrTroy (595695)
            I think this is why the Apple model will win out in the long run for the vast majority of people. Most people won't take the time to learn about proper security practices. Some people think it will be better in 10 years, once most people have grown up with computers. But even the more savvy computer users I know, who aren't specifically into programming or computer security, are extremely stupid when it comes to computer security. Even many of the developers I know are downright blockheaded sometimes when
          • I wonder if any developer has released the same IQ testing app on both iOS and Android. It's be very entertaining to see the stats for each platform. I'm sure we all have our own biased perception of which way that would go!

    • by tooyoung (853621)

      If you are smart enough to install non-market Android apps, you know what you are getting into.

      Or you are doing it because your technical friends have touted this as a must have feature that clearly makes Android superior to "walled gardens".

      • by Nerdfest (867930)

        ... or you believe in the statement "those who would trade freedom for security deserve neither".

    • install applications from trusted sources to minimize failures, not only affected by the source that provides a free application but the quality is not good, it would be very unfortunate if the android is broken and all of our data to be lost, a little sacrifice by buying the paid apps I do not think No problem, it would be comparable to the benefits that we will get http://androiddevelopersindonesia.blogspot.com/ [blogspot.com]
    • Well...
      I'm on a boat with no WiFi and no admin to tether via USB. I could plug in an access point and get myself in trouble but I'd rather not. There's a similar problem when travelling in general.

      I'd like to be able to go to Google Play, get the .apk, scan it online or using a PC rather than using battery power on the phone itself and transfer it across to my phone. Google make it difficult to do that.
      So then we look at alternative app stores but how safe are they?

      Then, finally we cave and after finding it

    • by DrXym (126579)
      Android needs a trust model. Apps should be assigned to a trust group or level - implicit, trusted, store or untrusted, or one of a user's own making.

      Any action by the app which could cost a user money or reveal private data should be tested against the trust. For example, perhaps SMS messages are outright banned for untrusted apps and are put in a quarantine queue, but for Play store apps maybe domestic SMSs are permitted but not international ones and so on. Certain actions like dialling numbers could b

  • then there is no need for McAfee and CO. Makes you think!
    • by Mitreya (579078)

      then there is no need for McAfee and CO. Makes you think!

      McAfee is that nag-ware that comes pre-installed with all those new computers, right? So what does that have to do with malware?
      It does slow down your machine, but you can usually uninstall McAfee without needing any anti-malware tools.

  • Thank you Captain Obvious! Who would have thought to hide malware in a known program? [wikipedia.org]

  • NOT apps on Play (Score:5, Informative)

    by oGMo (379) on Friday October 05, 2012 @05:13PM (#41563047)

    Top of article:

    McAfee says that the malware family makes up more than 60 percent of Android samples the company processes.

    End of article:

    If you want to significantly reduce your chance of getting malware such as this one, only install apps from the official Google Play store. That being said, malware has snuck into the store before, so it can happen again.

    So in essence this article is a nearly-worthless scare piece. Unless you're downloading "pirated" versions of (presumably) commercial apps from a shady source, this article isn't relevant. But then, it's a McAfee article, so surprise.

  • by Stiletto (12066) on Friday October 05, 2012 @05:23PM (#41563153)

    Someone help me with that one. So it tricks users into sending an expensive SMS. So how in the world does that enrich the hackers? I pay my SMS fees to AT&T. Are we saying that AT&T is behind these attacks?

    • by compro01 (777531) on Friday October 05, 2012 @05:33PM (#41563269)

      Premium messaging services. Like those "text "joke" to 55555 for a joke of the day" ads on TV or donate-via-text things. The carrier pays them, and tacks that charge onto your bill.

      • by number11 (129686) on Friday October 05, 2012 @05:49PM (#41563423)

        Premium messaging services. Like those "text "joke" to 55555 for a joke of the day" ads on TV or donate-via-text things. The carrier pays them, and tacks that charge onto your bill.

        Hmm.. The malware dials a premium number, and the carrier charges you and sends the money to the holder of that premium number. If we could just track down who that is, we could find out just how much ill-gotten gains they've received. If there was just a way to identify them.

        • You would still have to prove that they are responsible for the hack. The fact that their legitimate (if silly) business benefits from some hacked code does not prove they are responsible for the hack.

          Or turn the problem around: if one provider of telecom services is ever condemned without any other proof than the fact they benefit from a hack, the bad guy just change their business model to extortion.

          • by number11 (129686)

            You would still have to prove that they are responsible for the hack. The fact that their legitimate (if silly) business benefits from some hacked code does not prove they are responsible for the hack.

            Mebbe. But in the US, much property is seized without any proof of a crime. Google "asset seizure" [duckduckgo.com]. Once that happens, it's "guilty until proven innocent", or sometimes "guilty even if you are proven innocent." Of course it's abuse, but law enforcement agencies do it all the time (for one thing, it's very lucrative for the agencies). Why should this be any different?

            Of course, I'm now going to have to go on the run from Google's lawyers, for using the word as a generic verb.

        • Typically the number is in a foreign country. The domestic carrier has a duty to pay the foreign carrier, who then pays the fraudster. The domestic carrier has no right to know the identity of the fraudster. The only way to make progress is to deal with the foreign carrier. They might shut down the premium rate number due to complaints, but they'll tend not to because they are making money from it too. There's almost no chance they'll refund you. There's always the possibility of taking legal action in the

    • by icebike (68054) * on Friday October 05, 2012 @05:39PM (#41563319)

      The malware sets the phone to use third party SMS gateways
      Those gateways deliver the SMS message to the recipient's carrier, and bills that carrier for the service [tutorialspoint.com]. You might be none the wiser, but your carrier is paying for that incoming message via bilateral agreements or "Hubbing [wikipedia.org]".
       

    • by tabrisnet (722816)

      Think 900 numbers, but for SMS.
      Think those "donate to Obama, send a text to XXXXX", or "donate to the Red Cross for Haiti"

  • by Anonymous Coward

    You can tell a beat up a mile away when it attacks one thing as the problem when the issue is an attribute shared by many things. The problem here is the stupid app store model. It means you get a core of apps ranked by popularity. It goes out information on which apps to attack. Then it provides a distribution vector for the malware that hides chaff amongst the grain. The problem isn't android, or the stores it uses, or android manufacturers but its the entire app store model. Android or apple or blackberr

    • Your conclusion doesn't match with reality. There has been virtually no malware for iOS. Yet for Windows, which doesn't use the app store model, viruses have been a perennial problem.

  • by NoobixCube (1133473) on Friday October 05, 2012 @05:29PM (#41563219) Journal

    The solution, of course, will be to buy Macafee's Android security offerings.

    • by thegarbz (1787294)

      An excellent product. It works by slowing the system down and draining the battery. A phone that can't be powered on can't rack up premium SMS charges.

  • by Anonymous Coward on Friday October 05, 2012 @05:34PM (#41563279)

    It's 2012 - most phones can connect to a mail server over 2G, 3G or wifi.

    Why are we still messing around with a 140-character hack that belongs in the 1990s and which requires the recipient to be using a phone?

    Just send an e-mail.

    • Because email is pull based and sms is push based.

      • email and IM are pushed based as well. it's push based at a higher level in the software stack but the end user doesn't care. well, they care because the email is free and the text is not (often, in the US).

    • by tokul (682258)

      It's 2012 - most phones can connect to a mail server over 2G, 3G or wifi.

      It is 2012 - landline phones don't know what 2G or wifi is.

      • It's 2012 - most phones can connect to a mail server over 2G, 3G or wifi.

        It is 2012 - landline phones don't know what 2G or wifi is.

        It is 2012 - What is this landline phone you speak of?

  • by Anonymous Coward

    Some of the legitimate apps at the legitimate app store have messed up policies as well:

    Mass Effect Infiltrator: needs to be able to change network connectivity, modify system settings, read phone status and ID and be able to read my contacts. Why?

    Order & Chaos online: needs to be able to edit text msgs, read txt msgs, receive txt msgs, change network connectivity incl connecting+disconnecting from wi-fi, disable my screen lock, send SMS messages, read phone status and ID, and run at startup. Why?

    I sk

    • I wish google would stand its ground on this issue and deny those apps with messed up policies until the developers fix that. If it is not required for the core functionality of the application then it should be blocked at OS level.

      • by Anonymous Coward

        Google does not have a human review the apps before they go on the store. There are pluses and minuses to this.

        The application will tell you if it wants various policies, and you need to determine if you want to install the application based on that. It requires a degree of personal responsibility on your part, of course.

  • by Anonymous Coward

    [quote]"Like any popular platform, Android has malware. Google's mobile operating system is relatively new, however, so the problem is still taking form. [/quote]

    Code user base size doesn't have any effect for amount of malware in software, because the amount of malware is about code quality.
    If you have perfect code, you can not write anykind malware code against it.

    Now in Android case, what by the way isn't operating system but a software system what uses the Linux operating system, the problem is on troja

  • by Anonymous Coward

    Google will clamp down on app approval and everyone on Slashdot will cheer Google as the savior, yet these same people will hypocritically bash Apple for taking the correct approach all along.

    • No, it will not cheer. Nice strawmen you got there. If you are talking about apple fans and them cheering when Jobs (hypothetical Jobs) decides to open up Apple market, I would agree, but not about Android Fanbois (not because I dont like apple or I like Android, but just based on the past responses of both Fanbois)

    • RTFA? this, and every other android malware report is with apps "side-loaded", which means installed from non-google play sources.

  • People who are stupid and cheap catch the majority of malware?! WHAT?! That's a new concept in the technology world apparently, lol.
  • by Anonymous Coward

    Many of the applications I need are labeled as "not available in your country"! or falsely labeled "incompatible with your phone".

    The only solution is to find a copy from elsewhere on the internet, some of which are bundled with malaware. I am not talking about pirated apps. I am talking about free apps. Many paid apps are also not available but their free counterpart is.

    Opensource my ass. Android is the swiss cheese of security and not much different from the old Windows OS in that sense. Add to that that

  • If the majority of people catching malware are cheap bums who wanted pirated versions and end up paying much more in background messaging, , then it's all good, as far as I'm concerned.

    Some say they first try the pirated versions for any problems before buying the real ones... Here's the thing:

    - most Android apps don't cost more than a cup of coffee. Pretty cheap, considering the long hours of work needed to get some type of decent software on that platform.

    - at Google Play, you can try an app for

Little known fact about Middle Earth: The Hobbits had a very sophisticated computer network! It was a Tolkien Ring...

Working...