Android Trojan Found, Spreading From Chinese App Stores 277
wiredmikey writes that researchers from Lookout Mobile have discovered a sophisticated Trojan targeting Android devices.
"The company says the mobile malware is 'The most sophisticated Android malware we've seen to date. Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user's phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.' What makes the Trojan different from most 'standard' mobile malware is that Geinimi is being 'grafted' onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets."
First post (Score:5, Funny)
Posting from my Androi^B^B BUY HERBAL VIAGRA
Re: (Score:3)
Re: (Score:2)
The average doofus wouldn't be downloading APKs from Chinese warez sites in the first place. He'd just be using Android Market.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I shouldn't reply to the troll, but...
10 x .999 = 9.990
Therefore: .999 .999
a =
10a = 9.990
10a - a = 9.990 -
9a = 8.991
a=.999
Re: (Score:2)
Re: (Score:3)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
A hosts file certainly does not require "a lot of work" to maintain, and it quite effectively kills a LOT of advertising and tracking schemes. In fact, I never would have considered trying to use it for ddefending against viruses or malware. But computer without "locally administered DNS poisoning" is ill equipped to be on the Internet these days unless you like herbal Viagra ads.
Re:Easy to stop, & how to do so... apk (Score:5, Insightful)
ANDROID OS allows for the usage of custom HOSTS files,
None of that is necessary. Why even post this crap?
Simply load your apps from the Android market instead of dodgy Chinese warz sites.
Re: (Score:2)
Re: (Score:2)
But that's the reason people buy Android phones, to have the freedom to do stupid things and install dodgy software?
Re: (Score:3)
But that's the reason people buy Android phones, to have the freedom to do stupid things and install dodgy software?
Right on. Choose your store, choose your virus. Android is much more of a general computing platform than iOS will ever be. And that's not always a good thing.
Re: (Score:2)
I thought the point of Android was that it was totally open and free?
Re: (Score:2)
It won't. What will is a simple wipe to factory settings. Then the user just logs back in and this time only installs apps from reputable apps stores.
Re: (Score:2)
Yeah because as we know malware authors are unsophisticated and easy to predict. They would never do anything like incrementing a number in a hostname www255.frigd.com www256.frigd.com. Why do you post nonsense as Anonymous Coward and sign as APK?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
So your solution to malware is to have users jailbreak/root their phones, and put in a bogus hosts file so that the malware cannot resolve its "control server"? And you think that's solved the problem?
Ok so what if the botnet uses IP addresses? Or the user does not have root access on their phone. Last and most important, your solution requires the user to know something about the malicious software they are installing specifically what hostnames it would try to resolve, before installing it. If the user
Re: (Score:2)
http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34715272
Read that, it covers your points on this quote from you:
"Ok so what if the botnet uses IP addresses?" - by cmdr_tofu (826352) on Thursday December 30, @05:44PM (#34715798)
Sorry saying that malware writers "generally" don't use IP addresses, does not mean you can trust that they never will as a form of security.
"Or the user does not have root access on their phone" - by cmdr_tofu (826352) on Thursday December 30, @05:44PM (#34715798)
That's WHY I had to use ADB for Android (dev tools are the 'secret' here & they're free, afaik @ least, for phones!)
---
ADB does not give you a rootshell. It's not a secret. The dev tools are easily available from http://developer.android.com./ [developer.android.com] If you get a shell with adb on a non rooted device, I think you will have a tough time writing to /etc/hosts
People:
1.) Make mistakes
2.) Folks get "lured" into clicking on URL's that MIGHT be "bad ones" (tiny URL for example? It "backfires" here, imo @ least)... especially from folks you "trust"
3.) You might "let your guard down"?
There's others, those are just some "possibles"... offhand, on "short-notice" etc.! apk
Clicking a url, is not the same as installing an application, unless there are some serious software vulnerabilities I don't know about
Re: (Score:2)
In a hosts file, don't you normally assign 127.0.0.1 (localhost) instead of 0.0.0.0 (default router/every ip)? Or is it different for phones for some reason?
Re: (Score:2)
Speaking on behalf of everyone here, you are an idiot.
Re: (Score:2)
Re: (Score:2)
Side note: if the malware authors want a way around this, they can do one of a number of things:
At least, that's off the top of my head.
It's always best, no matter the OS, to only install software from reputable sources. Admittedly, that's easier said than done as a general rule. In t
Re: (Score:2)
yes, but owning an iOS device also means I can bait APK.
Re: (Score:2)
iOS is not invulnerable.
Nobody said it was. In your reply, you make the points that absolutely nothing is invulnerable, and that iOS is less vulnerable than Android, which supports, not refutes, the OP.
It's strange that whenever there are Android malware stories, or jailbroken iOS malware stories, that there are always posts saying that "iOS has vulnerabilities too, and all systems are insecure". Yet somehow, every single time it's not unhacked-iOS that gets the malware.
Inherently, Android is less secure than iOS. This is due to d
Re: (Score:2)
If you buy an Android and want to take security seriously, you stick to known websites to get your apps from, preferably just the Android Store. You simply don't go to warez.r.us.cn and load pirated/cracked apps. Stick to known good sites, and you're as secure as iOS.
If you buy an iOS device and want to load cracked apps, jailbreak it. Jailbreak it, and you're as insecure as everyone else.
Sure, if you go out of your way to make iOS insecure, and go out of your way to be secure on Android, you can be safer on Android.
But in their default states, and their intended usage patterns, iOS is more secure than Android.
The most dangerous insecurity is the illusion of security,
It is not an illusion. There have been no trojans/viruses/worms for non-jailbroken iOS devices. There have been some for jailbroken iOS devices and for Android phones.
People have been making the same claim about Mac OS X for a decade now, yet the deluge of OS X malware has failed to ma
ummm... (Score:1)
...no link?
Re: (Score:3)
Here you go. [cnet.com] And here's a better one. [gizmodo.com]
I guess RTFA went out the window entirely... (Score:5, Informative)
Re: (Score:2)
Thank you for the link... The blog post says that the Trojan can "control" the phone but nowhere does it say that "control" means anything other than prompting the user to install or delete other applications.
Re: (Score:2)
You need a new grammar file.
And that's why children, (Score:2, Interesting)
proper code signing (and not letting unsigned code run) is important.
Re: (Score:2)
The problem with buying from Chinese app stores (Score:3, Funny)
An hour later and you're hungry for privacy again.
Not "malware" (Score:5, Informative)
Lookout Mobile appears to be in the process of trying to redefine "malware" to mean "software that sends more data about a phone to a remote server than Lookout think it should". This is not the standard definition of malware that we all know and love.
This Android "trojan" is not like regular viruses from the PC world in many ways. It cannot resist uninstallation. It cannot infect other applications. It cannot lie about what it will do - the permission screen states quite clearly what the apps in question have access to. It cannot steal your passwords or bank details.
There are legitimate questions to ask about apps that send phone IDs surreptitiously to some remote people, but calling these apps "trojans" or "malware" is dangerous, it makes people think they need a virus scanner for their phone when in reality they don't. That's exactly what "Lookout" want of course but it's no reason to believe them.
Re: (Score:2)
If the software tries to send information without explicit consent from the user in one way or another, it's malware. Some of that information may be implicit (e.g. pointing out updates, retrieving news for a news application, sharing high-scores for games). Sending out personal information while the application is not meant for that information to be send is clearly malicious. If a program is designed to send information maliciously, isn't it malware (== malicious software) by definition?
Re: (Score:3, Informative)
It is like a robber that has to knock on your door and ask you to give him your wallet, keys and laptop.
Re: (Score:2)
It does so while giving you false information. Believe me, those kind of robbers are as common as the one that are breaking down your door, and can actually do way more damage. Or are you claiming that everybody that knocks on your door (or better, some unsuspecting elderly person) is to be trusted?
Re: (Score:2)
This *is* malware. From TFA:
"Once the malware is installed on a user's phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone."
From wikipedia:
"A Trojan horse, or Trojan, is malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access to the user's computer system."
This a textbook example of real malware.
Re: (Score:2)
Re: (Score:2)
Mweh, I haven't had much need to go outside the Google Market to be honest. If I did, it was for some demo code or specialized geeky application which I don't think they will ever target. I don't think most people will visit such sites or share apps with friends (I get loads of tips on apps, but they are by name only, and I look them up / check them out in the Google Market myself). I cannot see anybody visiting Chinese app stores unless they are linked up with them by a Chinese provider.
Sounds like an INSIDE job... (Score:2)
"Android Trojan Found"? (Score:5, Funny)
.
Re:"Android Trojan Found"? (Score:5, Funny)
Re: (Score:2)
Really? I just saw a very distressed electric sheep running out the back door...
Ewe......
Link to Post (Score:2)
Sorry, Android still rocks (Score:2)
Re: (Score:2)
Speaking of "fanbois" I don't believe anybody really claimed anything about Apple's phones yet. We won't let that ruin your day, though, so go ahead and troll on sister.
Re: (Score:2)
Beneficial in what sense? Not trying to be a troll, just curious. Personally, I think there should be both open/closed systems, it spurs innovation. But perhaps you have another take.
Anti-malware? (Score:2)
Re: (Score:2)
Re: (Score:2)
.
WTFA? (Score:2)
Where's The Fucking Article?
What The Fuck,Aye?
Punch Yourself in The Genitals ?: (Score:5, Insightful)
* Download and prompt the user to install an app
* Prompt the user to uninstall an app
Question: If you were asked to punch yourself in the genitals, would you still click "Ok" ?
FTFA under "How to stay safe":
* Only download applications from trusted sources
* Always check the permissions an app requests
I think it's pretty obvious the malware writers were not able to circumvent the normal Android security measures to get the software installed. The problem is that people who don't take responsibility to keep crap off their phones are going to get pwn3d. Big surprise.
This is why.... (Score:2)
can you feel the FUD coming? (Score:2)
I can feel the FUD storm building...
You may not have a choice (Score:2)
Awhile back I was looking at cheap Android devices for something that would play movies for long trips. There are many cheap (sub-$200) Android tablets out there that (probably for licensing reasons) do not have access to the Android marketplace. The literature says "you can download thousands of apps from other sources".
I'm thinking the great majority of the devices pwned by this virus will be of this cheap variety.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
So beware of downloading things from Chinese websites? That's news?
Um, what if you are Chinese?
Re: (Score:2, Funny)
Re: (Score:2)
Um, what if you are Chinese?
Sucks to be you.
Re: (Score:2)
Re: (Score:2)
The summary suggests that the list probably changed while you were writing that...
Re: (Score:3)
There are a number of applications—typically games—we have seen repackaged with the Geinimi Trojan and posted in Chinese app stores, including Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010.
Re: (Score:2)
Fucking President versus Aliens sounds like the best game ever. Brilliant move on the malware author's part to hide his warez in such a kick ass sounding game. If this was 1988 and I was down at the local arcade, and saw a game called President versus Aliens I would have put all my quarters into it by now.
Re: (Score:2)
my name is michael kristopeit.
You killed my father.
Prepare to die.
Re: (Score:2)
No, I am Michael Kristopeit!
Re: (Score:2)
Re: (Score:2)
This is the only possible explanation.
Re: (Score:2)
Re:A lot like Windows after all (Score:4, Informative)
Yeah, except this is not a virus and Android doesn't seem to be very susceptible to viruses.
Re: (Score:2)
Yeah, except this is not a virus and Android doesn't seem to be very susceptible to viruses.
Keep in mind that there HAS been Linux viruses ("virii" if you really want to annoy some folks) but they have a rather limited life span. The question is why. And does Android do anything to interfere with that? I suspect due to the nature of how Android and Android devices are handled (closer to the Windows environment than Linux), Android is a much more interesting target.
Re: (Score:2)
I'm not sure you can give an Android app permission to write to other application files, which a virus would need in order to spread. Then again, most Windows worms a couple of years back seemed to rely on user stupidity, and I don't think Android differs too much in that regard. An app that can read your address book and send SMS can also spam your contacts with "Hello friend, I just doanlowded this new Android game from http://spam-r-us.cn/andoird.apk [spam-r-us.cn] and its great, thank you!" or similar, and at least so
Re: (Score:2)
Android is not Windows. App stores / package stores are much less susceptible to malware than each application having its own download/install/update mechanism. Beside that, Android apps play in a sandbox, and if you want to break out of that, you will have to inform the user. Of course, if you install apps using unsigned code from an unverifiable location and ignore all the permissions you have to grant...
Re: (Score:2)
My fear is that the other shoe will drop -- to "fix" the problem, each carrier will have its own app store and lock their devices to it.
Why is this bad?
Two reasons. First, developers will have to grease palms in order for their app to be usable by all. Second, carriers will want exclusivity agreements, so Goatse Tower Defense only appears on one cellular carrier, but no other. This will be used as a way to peddle phones, similar to how game titles are used to sell consoles (if you want Halo, you buy an X
Re: (Score:3)
Shame that Android is based on Linux then isn't it?..
Linux can't stop Joe Sixpack from downloading malware from the Internet and installing it on his computer. At least, not without becoming another iThing that only allows installation of Jobs-approved software.
Re: (Score:2)
However, that does not mean Windows is any more secure; not all windows malware is user-supplied.
Re: (Score:3, Insightful)
And neither can Windows, yet it is always blamed for someone installing malware on their systems
What's the percentage of Windows users who install malware on their system rather than being hit by a remote exploit?
Pretty much every major Windows security story I've read in the last couple of years is due to some hole being exploited either in Windows or commonly used Windows software which lacks the sandboxing that's common on Linux (Apparmor, SELinux, etc), not users downloading trojans.
Re: (Score:2)
Pretty much every major Windows security story I've read in the last couple of years is due to some hole being exploited either in Windows or commonly used Windows software which lacks the sandboxing that's common on Linux (Apparmor, SELinux, etc), not users downloading trojans.
Err, so we rip on UAC for a few years then pretend it doesn't exist when it's convenient?
Re: (Score:2)
Oh and many Linux distros do not come with either SELinux installed or even enabled by default so to try to act like that is common or even remotely universal is a lie.
Re: (Score:2)
What's the percentage of Windows users who install malware on their system rather than being hit by a remote exploit?
I don't know and I certainly doubt you do either. But considering how much anecdotal evidence there is to show that people are in large numbers willingly clicking on malware in emails and installing malware from pops to websites, it's not nearly as small as you try to make it out.
Not exactly a clear answer, but it looks like drive-by attacks are far higher up the threat list than attacks requiring user interaction.
http://news.softpedia.com/news/Drive-By-Download-Attacks-Were-the-Biggest-Online-Threat-Last-Month-170525.shtml [softpedia.com]
Re: (Score:2)
The windows security holes people complain about are generally not "Joe sixpack opened an EXE and clicked OK to the run as admin prompt",
That's funny because there are still constantly stories about people doing exactly that from files in their emails that install worms, trojans, viruses on their computer. Hell, I know someone from a local State Farm branch in Houston that had their entire office infected that way. To claim that this isn't a general case of malware infection is to be completely dishonest.
Re:A lot like Windows after all (Score:5, Informative)
Whenever anything bad happens on the android platform related to malware, trojans, etc this distinction is heavily downplayed.
Again, if I download and install malware on one of my Linux boxes, how is this a Linux problem?
Linux protects much better than Windows against remote attacks, it can't protect against stupid users.
Re: (Score:2, Insightful)
Whenever anything bad happens on the android platform related to malware, trojans, etc this distinction is heavily downplayed.
Again, if I download and install malware on one of my Linux boxes, how is this a Linux problem? Linux protects much better than Windows against remote attacks, it can't protect against stupid users.
Sure it can, at least a lot more than it does now. It can sandbox all apps by default, automatically check a malware blacklist and elevate permissions for trojans to ones that are useful to malware only when explicitly told to do so by the user, i.e. he goes in and checks the (allow to send mass e-mails) checkbox for that app.
There is a lot that can be done to more tightly secure Linux distros, applying SELinux style permissions universally is good start. The difference is, for normal home use users don't n
Re: (Score:2)
Again, if I download and install malware on one of my Linux boxes, how is this a Linux problem?
Linux protects much better than Windows against remote attacks, it can't protect against stupid users.
IMHO a strong case could be made that any non geek buying an Android product is by definition a 'stupid user' as there a better user experience out there for the same price that they would have selected if they were smart.
Re: (Score:2)
Android could protect itself from nearly all stupid users if it's developers wanted that. Simply require all binary code to be cryptographically signed by someone reputable (like google, or verisign, or whoever), and give those who sign the apps the ability to revoke their signatures.
It has been working great for websites ever since SSL came out, and has worked pretty well so far with iOS, why not do the same thing everywhere?
If apps had to be signed, then it would be impossible to re-package a popular and
Re: (Score:2)
Again, if I download and install malware on one of my Linux boxes, how is this a Linux problem?
Linux protects much better than Windows against remote attacks, it can't protect against stupid users.
Ok I'll bite, what is 'Linux' doing to protect you from attacks that 'Windows' isn't?
Re: (Score:3)
Ok I'll bite, what is 'Linux' doing to protect you from attacks that 'Windows' isn't?
For starters, not trying to execute stuff that comes in from questionable routes like USB drives, CD and DVD ROMs, embedded in various files like jpegs, PDFs and so on.
But you knew that because you're clearly not stupid.
Re: (Score:2)
The ... Android Market ... only legitimate places to get software that I know of.
So then what is your excuse for this [bit-tech.net]?
Re: (Score:2)
So then what is your excuse for this [bit-tech.net]?
Fair point. Although it should be noted, on further digging, I don't think anyone actually uncovered any malicious behavior for these apps. The banks were rightfully concerned as they didn't produce the apps and they couldn't verify that they weren't malicious. Considering the nature of the service involved, it's judicious to assume that they were. But for all we know, they could have been simply charging $.99 to people who didn't know how to set a bookmark.
Re: (Score:3)
The last time "sophisticated" was attached to the word malware, a certain Middle East country had problems with its uranium-enrichment program. So what are the chances of this being the mobile version of the Stuxnet worm?
About the same as the chances of anyone using an Android phone to concentrate uranium.
Zero.
Re: (Score:2)
**cough**widgets**cough**flash**cough**sd slot**cough**customizable interface**cough**fanboi**cough
And of course you mean "on a non-rooted iPhone".