Malware Targets All Android Phones — Except Those In Russia (csoonline.com) 78
itwbennett writes: MazarBOT, a malware program that can take full control of Android phones, appears to be targeting online bank accounts. The malware has been seen advertised on Russian underground forums in the last few months and surfaced over the weekend. '[On] Friday, a swarm of SMSs were sent to random phone numbers in Denmark and likely elsewhere. The content of the SMS had the purpose of luring the recipient into clicking the provided link, which would serve up a malicious APK,' wrote Peter Kruse, an IT security expert and founder of CSIS Security Group. One interesting feature: 'MazarBOT will stop installing itself if it detects an Android device that is running within Russia,' writes Jeremy Kirk.
Obligatory (Score:3, Funny)
In Soviet Russia, malware not target you
Russia refuses to police their country (Score:4, Insightful)
Why is it that so much malware and online crime comes from Russia? The country simply refuses to police themselves, even when things are obviously illegal. The overall effects are pretty severe to other countries. I'd support sanctioning Putin directly to prevent him from entering the EU. Then I'd also effectively cut them off from the internet by terminating any wired links between them and the EU while dropping all connections coming from IPs assigned to entities in Russia. Cutting Russia off from the internet to the best of our ability is really the only way to stop the excessive crime from that country.
Re: (Score:2, Funny)
The country simply refuses to police themselves
They believe in freedom. They have an amendment to the constitution that deregulates malware writing.
Re: (Score:3)
"I'd support sanctioning Putin directly to prevent him from entering the EU".
Wow, what a deterrent. That would really scare him.
As a matter of interest, why would he want to enter the EU?
Re: (Score:2)
I suspect that when Putin enters the EU, he'll do it in a tank. 1/2 :)
Re:Russia refuses to police their country (Score:5, Funny)
Re: (Score:2)
Putin's going to need asylum eventually. The whole reason he's causing trouble in Ukraine and Syria is that he's incapable of improving either Russia's or Russian's situation. He's trying to counter with the "you're under attack, rally under my banner, I'm kinda tough guy" gambit. It's backfiring due to the resulting economic sanctions making normal Russians even worse off, and even in the case of Putin managing to break the EU, the result will sim
Re: (Score:2)
Putin - - - causing trouble - - - Ukraine - - -
Ukraine was content with it's normal corrupt government until the Cock brothers invested 14 billion dollars into destabilizing the country. That wasn't bad enough, but the Cock brothers installed a fascist government.
But, yeah, Putin is causing trouble. Got it.
Re: (Score:2)
Re: (Score:2)
Whatever you say. I saw the images from Maidan. Skinheads, nazis, and white supremacists. I trust no one who has anything in common with Porkochenko, or that other damned fool from Georgia.
In this conflict, I'll side with the Russians. They may not be "good", but they are less evil than the Cock brothers and associates.
Re: (Score:2)
Re: (Score:2)
Re:Russia refuses to police their country (Score:4, Insightful)
Why is it that so much malware and online crime comes from Russia?
It isn't Russia specifically. I see enough malware coming from the US too.
The thing that is new here is that the criminals have realized that neither country gives a shit about what happens to people in other countries. Russia isn't going to bother with criminals that doesn't hurt their own population and they aren't going to let foreign police dick around. This means that by only targeting population in other countries the criminals know that there won't be an investigation.
Re: (Score:1)
When it comes from the US it isn't called malware, it's called freedomware, thankyouverymuch.
Re: (Score:2)
Partially true.
The real reason for this is also that the best way to get "disappeared" in pretty much all of the former USSR, (you think Russia is bad - try Belarus), is to piss of either Putin and his cronies or the local mafia.
Often the same thing, of course.
Now, imagine if some boss or his arm candy gets hit by this thing; the authors are going to be found and put to death in some public and painful way pretty fast...
Pot meet kettle (Score:4, Insightful)
Why is it that so much malware and online crime comes from Russia?
You could ask the same question about any large country including the United States. Russia in particular has a bit of the wild west going on and I think the authorities there might turn a blind eye if it negatively impacts rival countries.
The country simply refuses to police themselves, even when things are obviously illegal.
You mean like how in the US we have police straight up murdering black people without repercussions? Or how the NSA blatantly violates the constitution? Or how we imprison people in Cuba indefinitely without any trial? Yeah, Russia has some problems but it's not like our poop lacks odor...
I'd support sanctioning Putin directly to prevent him from entering the EU.
Umm, are you aware that Russia supplies much of the EU with huge amounts of oil and gas that cannot be gotten elsewhere quickly? All Putin has to do is shut off a key pipeline or two (which he has done a few times) and it gets awfully cold really fast in some parts of the EU. Furthermore actions like what you suggest are frankly kind of a juvenile response. Putin might be behind all of it (he isn't) but keeping the head of state of Russia arbitrarily out would accomplish very little and would actually do more harm than good in all likelihood.
Cutting Russia off from the internet to the best of our ability is really the only way to stop the excessive crime from that country.
No it really wouldn't.
Re: (Score:2)
Re: (Score:2)
Brilliant. Let's go back to the Cold War and turn Russian into North Korea 2
Thus ensuring that the many, many decent and civilised Russian who rely on the Internet for objective news get walled-off like generations of poor bastards did behind the iron curtain.
Also, If NATO did precisely fucking nothing effective after the annexation of Crimea and the continuing atrocities in Ukraine and now Syria, do you really think they'll do something like you propose about Android Malware?
Re: (Score:1)
They are already that, only much more. Whoever was following Russia's activities, taken in response of Ukraine trying to move westwards, could make very rich picture of their omnidirectional efforts to set this back. And with a chunk of "taken back" pieces of Ukrainian soil, they surpassed North Korea by far.
What NATO should do in a country, that is not even a member of that treaty yet? By unlucky chance, abused by Putin in very lucky manner.
Thieves they are.
Re: (Score:2)
Why is it that so much malware and online crime comes from Russia? The country simply refuses to police themselves, even when things are obviously illegal. The overall effects are pretty severe to other countries. I'd support sanctioning Putin directly to prevent him from entering the EU. Then I'd also effectively cut them off from the internet by terminating any wired links between them and the EU while dropping all connections coming from IPs assigned to entities in Russia. Cutting Russia off from the internet to the best of our ability is really the only way to stop the excessive crime from that country.
According to these sources, America was the leading source of attacks in 2015:
http://www.statista.com/statis... [statista.com]
http://www.enigmasoftware.com/... [enigmasoftware.com]
So be careful what you ask for :-)
Question (Score:1)
And the fix for it is.... (Score:5, Funny)
A patch for Android that makes all phones think they are in Russia!
Re: (Score:3)
A patch for Android that makes all phones think they are in Russia!
All your phone are belong to us?
iPhone '70 (Score:2, Funny)
Re: (Score:2)
In Soviet Russia, you are belong to all your phones!
Re: (Score:2)
I find this more disturbing than a phone attack... in an "all your base are belong to us" sort of way.
An old trick in a new world.. (Score:1)
How is this even a thing? (Score:5, Insightful)
Then, if I understand correctly (based on the summary alone - because, you know, the primary linked article is clearly completely wrong), you'd need to:
1. Get an SMS with a link in it.
2. Click the link.
3. Get redirected to a website (which Chrome doesn't block).
4. Download an APK from that site.
5. Attempt to sideload it.
6. Realise you can't sideload it without disabling default security options (because the second link does indeed say that the user needs to manually install the APK).
7. Go disable default security options.
8. Sideload the APK.
WHO THE FUCK FALLS FOR THIS SHIT?!?!
Seriously? How the hell do people successfully find idiots who will do that kind of thing?
Re: (Score:3)
Re:How is this even a thing? (Score:4, Interesting)
People who root their phones are doing exactly this, although with (allegedly) non-malware payload.
Re: (Score:2)
Re: (Score:3)
I get what you're saying - but they're not rooting their phone with an APK they got, unsolicited, in an SMS, from a total stranger. They're rooting their phone with an APK they got from a site full of people they have at least some level of trust for.
And that package is code-signed by whom?
Because I'll grant that Cyanogen (or ...) deserves some trust. What's missing is the part where some entity verifies that the thing to be installed actually originated from the person(s) that are trusted.
Re: (Score:2)
Re:How is this even a thing? (Score:4, Interesting)
Firstly, the link in the article above takes you to a site which has nothing at all in it about Android malware. It's completely about Linux malware that's injected via Windows machines. So what the hell is it doing in the article as the primary link? Then, if I understand correctly (based on the summary alone - because, you know, the primary linked article is clearly completely wrong), you'd need to: 1. Get an SMS with a link in it. 2. Click the link. 3. Get redirected to a website (which Chrome doesn't block). 4. Download an APK from that site. 5. Attempt to sideload it. 6. Realise you can't sideload it without disabling default security options (because the second link does indeed say that the user needs to manually install the APK). 7. Go disable default security options. 8. Sideload the APK. WHO THE FUCK FALLS FOR THIS SHIT?!?! Seriously? How the hell do people successfully find idiots who will do that kind of thing?
Amazon is already priming the pump for this: Underground and Prime video require sideloading.
Re: (Score:3)
Apparently, quite a few people.
For the same reason spam has never gone away, and all those scam calls everybody gets, it's simply a numbers game ... a 1-2% success rate can make it worth doing it. So, those people calling from "teh Microsoft Support", or "Rachael from Cardholder Services", or that "you've won a cruise", or that Nigerian prince scam ... if they didn't pay off, they'
Re: (Score:2)
For the same reason spam has never gone away....it's simply a numbers game.
It is, but I don't think that it's the same numbers game you think it is. My unconfirmed suspicion (because I have no idea how you'd test this theory) is that spam doesn't work. However, it's cheap to send a shitton of it, and there's a fairly low barrier of entry.
Where I suspect spam makes its money is when sleazeballs see spam they, like you, think it's a number's game. At which point they decide to shell out some money to a spammer to spam something. Who is going to spread the word that they tried spammi
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Re: (Score:1)
If they weren't out there, everyone in IT would be out of jobs and these problems woudn't exist.
We would actually have to talk about important things like how the government is screwing us everyday.
Re: (Score:2)
Well, the "Allow non-market apps" checkbox is probably checked if the user uses Amazon or Humble Bundle apps, which require sideloading.
And rooting may be done by a user who finds they need to do it in order to install some APK they found on the web. Perhaps to avoid paying the 99 cents on the Play Store so they downloaded it elsewhere for free.
As for clicking the link to the APK and downloading/installing, it's trivial to do. There are categories of apps you can say the APK does that will get people to ins
Re: (Score:3)
...
8. Sideload the APK.
Don't forget, you also need to disable Verify Apps, the built-in malware scanner.
WHO THE FUCK FALLS FOR THIS SHIT?!?!
Hardly anyone, actually. Watch for the "State of Android Security" paper that should come out in the next few weeks for more detail, but the fact is that very, very few Android devices have any malware on them. Last year's numbers, IIRC, were on the order of 0.1% of devices, and that's with a pretty broad definition of "malware" ("Potentially Harmful Apps" is the term Google uses).
Full disclosure: I work for Google, on Andro
Re: (Score:2)
Firstly, the link in the article above takes you to a site which has nothing at all in it about Android malware. It's completely about Linux malware that's injected via Windows machines. So what the hell is it doing in the article as the primary link?
Then, if I understand correctly (based on the summary alone - because, you know, the primary linked article is clearly completely wrong), you'd need to:
1. Get an SMS with a link in it. ...
8. Sideload the APK.
WHO THE FUCK FALLS FOR THIS SHIT?!?!
Seriously? How the hell do people successfully find idiots who will do that kind of thing?
I think you underestimate how easily the random user follows directions claiming to give them access to something they normally don't or shouldn't get (i.e., pirated content, pr0n, free money). Combine with strong restrictions from government, corporate or parental overlords and it's fairly easy to scam people to do all sorts of bad things for a free token (because part of the reaction is "fuck this, I deserve free shit")
Good Thinking! (Score:3)
...Clever Estonians
Re: (Score:2)
The revenge against some imperialistic lunatics in Russia for wanting to side-load Estonia?
LOL.... That too!
I was thinking more like, "Putin won't care if we rob the west with malware so long as it never steals a ruble from the motherland."
It was more of a "don't poke the sleeping giant" sort of logic.
Re: (Score:1)
Instead, I'll just post (and without the karma modifier that will get my post in front of more eyeballs) to suggest that those with mod points make the correct
Re: (Score:2, Interesting)
Pftbtbt... this isn't real malware because it requires side-loading, and everyone knows that's super dangerous so you should only use the wall^H^H^H^H store. Let's meet over in the next thread so I can tell you about how awesome Android is because you can sideload apps!
Re: (Score:1)
God Damn APK (Score:1)
This APK guy is a real problem. First he fucks up Slashdot with his spam and now he's highjacking Android phones all over the world? This is just unacceptable!
Don't open crap (Score:1)