Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Android OS - GOOG -- Ignore unavailable to you. Want to Upgrade?

To: sylvester80 who wrote (6422)	8/29/2014 5:07:04 PM
From: Heywood40	Respond to of 6432

Dangerous Android malware can do anything it wants with over 500K infected devices By Chris Smith on Aug 7, 2014 at 11:35 AM Email @chris_writes A new piece of dangerous malware has apparently been discovered, RT.com reports, and it’s running on more than half a million Android devices from the U.S., Europe and Russia. The malicious program, which has been discovered by Russian security firm Group-IB, gives attackers complete control of those devices once it’s installed. To fool unsuspecting users into installing the malware, hackers apparently use SMS and social networking-like campaigns. “People would receive different messages saying something like: ‘Hey, this is my fresh set of photos. Please download it.’ And it turns out that just that it’s a piece of malware,” Group-IB head of botnet intelligent Nikita Kislitsin said. “The criminals come up with new…social engineering techniques to trick people… They try to imitate well-known companies; they try to mimic to software updates to well-known software applications or plugins.” According to images provided by the publication, hackers have even mimicked pages from the Google Play Store in order to convince users to install malicious apps. Apparently hackers are actually hunting for SMS messages that deliver banking information, especially for Russia. Depending on the things they learn about a target, the hackers then take further action. “It’s no secret that all the banks in Russia – like 90 percent of them – they’re using SMS-messages to deliver secret codes in order to confirm money payments,” the exec said. “They’ll look in your messages for SMS from your bank to find out how rich you are. Mostly, you can find the information about your balance on your banking account and based on this information they can conclude how interesting you are.” In addition to stealing financial information, the malware can also grab other information from an infected device, including contacts and pictures, and can initiate phone calls and send SMS messages. Most importantly, the program can’t be tracked once it’s installed on the device, the firm said, although it did not reveal how it’s able to track it and how it knows that more than 541,000 devices have been infected. “Mostly, people notify that they’re hacked when they’re losing money… General people wouldn’t notice this malware for years because it doesn’t give a sign – any sign – that it’s installed,” Kislitsin said. “In 95 percent of the cases, people do install malware by themselves. It’s not a super Zero Day, which allows to execute any arbitrary code without any sign. Next advice is to use anti-viral software. But it’s not a guarantee at all,” he said. Images showing a fake Google Play Store web page and an interface of a program used to manage Android devices infected with the unnamed program follow below.

To: sylvester80 who wrote (6422)

8/29/2014 5:10:02 PM

From: Heywood40

Respond to of 6432

New Android Malware Krysanec Infects Legitimate Apps

A new remote access Trojan (RAT) for Android has been found to integrate malicious functionality in legitimate apps, allowing the attacker control over various functions of the device, such as camera, GPS and microphone.

The malware is currently distributed through multiple channels, ranging from websites sharing pirated content to social networks.

Security researchers from ESET have discovered that the malware authors have slipped the Android version of Unrecom RAT into legitimate apps. This means that the threat is disguised as valid software, preserving some of the original functionality, but it is laced with malicious features, too.

The sample they analyzed is detected as Android/Spy.Krysanec and was found in modified versions of apps for mobile banking (MobileBank, used to access Russian Sberbank accounts), monitoring data usage (3G Traffic Guard), as well as their own ESET Mobile Security.

“Quite often the legitimate functionality is present, but with a malicious aftermarket addition – the very essence of a trojan horse. And quite often the application purports to be a cracked version of a popular paid application – so the danger is greater on less-than-trustworthy app stores and forums – but this is certainly not an indisputable rule,” writes ESET malware researcher Robert Lipovski in a blog post.

Senior Malware Intelligence Analyst at Malwarebytes Nathan Collier has said via email that an individual with coding experience would not encounter much difficulty decompiling an existing Android app, adding malicious capabilities and repackaging it for distribution on alternative, non-curated markets.

“The tools to make this possible can be found by anyone with a good working knowledge of a search engine. A lot of the Android RATs used also utilize existing pre-built toolkits, making it relatively straightforward,” he explains.

It appears that Krysanec is modular in architecture and can execute different plug-ins downloaded from the command and control server, which has been identified to be hosted on a domain of the No-IP dynamic DNS provider.

On its list of capabilities are taking photos, recording audio using the device’s microphone, locating it via GPS, retrieving the list of installed apps, exfiltrating the list of calls, the contacts and short text messages sent through SMS or Whatsapp.

Users can stay protected by avoiding installation of Android apps from unreliable sources. Lipovski says that the software in official markets provides countermeasures against the changes by signing them with the developer’s certificates, and the variants impersonated by Krysanec did not include valid certificates; installing anti-malware mobile solutions is also recommended.