Droppers Is How Android Malware Keeps Sneaking Into the Play Store (bleepingcomputer.com) 38
Catalin Cimpanu, writing for BleepingComputer: For the past year, Android malware authors have been increasingly relying on a solid trick for bypassing Google's security scans and sneaking malicious apps into the official Play Store. The trick relies on the use of a technique that's quite common in desktop-based malware, but which in the last year is also becoming popular on the Android market. The technique involves the usage of "droppers," a term denoting a dual or multiple-stage infection process in which the first stage malware is often a simplistic threat with limited capabilities, and its main role is to gain a foothold on a device in order to download more potent threats. But while on desktop environments droppers aren't particularly efficient, as the widespread use of antivirus software detects them and their second-stage payloads, the technique is quite effective on the mobile scene.
I run Antivirus in/on my android... (Score:2)
... and in my mac, and in my Synology NAS, and in my windows (mostly virtual) machines.
If it is a General purpose computer, and you can install software written by someone else on it, even if the software only comes from an "App Store" that alegedly checks said software, one has to run an antivirus.
that goes for Windows, Mac, Linux, Android, ChromeOS, Fuscia, etc.
Re: (Score:2)
I'll see your "software written by someone else" and raise you connects to the internet.
Re: (Score:2)
I'll see your "software written by someone else" and raise you connects to the internet.
Amen colleague.
Re: (Score:2)
Somehow, the guys who implemented ClamAV did it for Windows, Linux, MacOS, BSD and Solaris...
So, it seems that for them too, and for a lot of other people, being able to run an antivirus in *nix platforms was important and valuable.
You do not seem to value that...
But then maybe that's why you are posting as anonymous COWARD, you are afraid that they'll revoke YOUR geek card...
Re: (Score:3)
As far as Solaris, BSD, and Linux, most AV scanners for those operating systems are for Windows accessible machines like file servers or mail servers. AVG ventured into the real-time antivirus monitoring arena for a little while back in the 00's. There wasn't any money in it li
Re: (Score:2)
How interesting it is, then, that Antivirus vendors are still implementing Antivirus for Mac and linux.
Even MORE so, they are implementing antivirus that hooks into your Virtualization/cloud platforms to protect your VMs, both virtual servers and Virtual Desktops...
Here is te solution from ESET for VMWare:
https://www.eset.com/int/busin... [eset.com]
Here is from Bitdefender, for many Hypervisors:
https://www.bitdefender.com/bu... [bitdefender.com]
Here is the one from Sophos:
https://www.sophos.com/en-us/m... [sophos.com]
But hey, I guess I'll b
Re: (Score:1)
Mac has a much greater argument for having an antivirus. It isn't the underlying operating system (BSD Unix), but how it is used, and how quickly the
Re: (Score:1)
Re: (Score:1)
So you're oblivious to the hundreds of pieces of malware that have gotten on the Play Store?
Re: (Score:2)
Answers to your questions:
1.) With any luck, the AV engine that Google runs will e different to the AV engine that my antivirus runs.
2.) As TFA said, malware disguises itself as beningn, and then downloads the malign part. Maybe all AV packages may miss the bennign part, but only an AV running on the phone itself will deteckt (pun intended) and hopefully block the trully malign part.
3.) The Antivirus I run, gives me other goodies (licke bricking the phone in case the SIM changes). Maybe the antivirus you ch
Re: (Score:1)
So you distrust software written by someone else yet run anti-virus which is... software written by someone else.
Re: (Score:2)
A "Norton" or "Avast" someone-else trumps no-name-yet-indie-game-developer someone else.
Why is self-modifying code allowed? (Score:3)
Shouldn't the executables be digitally signed by the author And signed in some matter specific to the device, and the platform should be designed so an app running in a sandbox can't launch an executable if it is unsigned or the signature doesn't match Or if the executable wasn't installed during an app installation?
Re: (Score:1)
Correct. This shows that there is a massive problem in the Android ecosystem which needs to be promptly fixed. Apps should never be allowed to update themselves with payloads which have not been vetted and signed by Google. Developers who attempt to do this should be detected and banned.
Re: (Score:2)
The Google Play store is Google's walled garden; they've always had the ability to take down malware.
The platform should be designed so that program's cannot modify themselves by adding new executable code or new executable program files,
and if somehow they manage to do so anyways, then the program contains an "exploit" that should be treated as malware.
Re: (Score:2)
This!
It's easy in linux to make the program directory unwritable by the program and the data directory unexecutable. Same for ram: easy to mark the program memory read-only and the data memory non-executable.
So how is this extraneous code successfully getting executed?
huh? (Score:1)
Huh? I thought almost every program on offer in the Play Store was malware? Guess we must have a different standard for "malicious".
obviously (Score:2)
the solution is to not allow applications to install executable files on your device.
What possible good reason/excuse could these applications have to do this?