Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday November 06 2015, @10:51AM   Printer-friendly
from the great-deals-coming-to-E-Bay dept.

Researchers at Lookout Security have discovered more than 20,000 adware samples that masqueraded as legitimite apps like Facebook, Twitter and Snapchat. Calling it "trojanized adware", they described what they found:

By taking legitimate apps from the Google Play store, malicious actors will repackage the app with baked-in adware, and serve it to a third-party app store. In many cases, the apps are still fully functional and doesn't alert the device owner.

It works like this: the user installs an app from a third-party store, and the app auto-roots gaining access to the entire phone's system -- an act alone that punches a hole in Android's security, opening up more ways for hackers to launch their attacks. Periodically from there, the app will serve ads, which generates money for the attacker.

The good news is there's no indication apps installed from the official Google Play store are affected. The bad news is, that short of reflashing the device's ROM, it's almost impossible to remove, forcing most users to replace their devices entirely.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by iwoloschin on Friday November 06 2015, @11:15AM

    by iwoloschin (3863) on Friday November 06 2015, @11:15AM (#259383)

    This is like trying to download a cracked application for free, sure, you might get whatever you crave, but you're more likely to get a fun extra payload with your warez. This is an old problem, only made new because "...on phones!"

    Also, if you have the right phone, it's not like reflashing the ROM is hard. Though maybe we should stop calling it a ROM if people are writing to it...?

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 1) by chrysosphinx on Friday November 06 2015, @12:50PM

    by chrysosphinx (5262) on Friday November 06 2015, @12:50PM (#259402)

    Though maybe we should stop calling it a ROM if people are writing to it...?

    It's called ROM by the execution model, you cannot simply perform common CPU instructions writing to that memory. It is much more like block device, you must do very special kind of I/O to erase and flash new content. Yes, it is not hard.

    But missing hardware locks is design decision for any postmodern devices with the sole purpose of herding people.

    Anyone remember plastic colorful "write" rings for magnetic tapes?

  • (Score: 3, Insightful) by DeathMonkey on Friday November 06 2015, @06:33PM

    by DeathMonkey (1380) on Friday November 06 2015, @06:33PM (#259578) Journal

    ...but you're more likely to get a fun extra payload with your warez.
     
    True, it did happen. But, the Warez groups are way more ethical than these adware scum so it was a lot less likely.

  • (Score: 2) by frojack on Friday November 06 2015, @09:22PM

    by frojack (1554) on Friday November 06 2015, @09:22PM (#259666) Journal

    Exactly.

    user installs an app from a third-party store,

    Ok, train left the tracks right there!

    Don't come crying if you get crapware from a warez site. Everyone knows the risks by now.

    Oh, and don't come around whining that I'm blaming the the victim, because that is EXACTLY what I'm doing.

    --
    No, you are mistaken. I've always had this sig.
    • (Score: 1) by anubi on Saturday November 07 2015, @01:33AM

      by anubi (2828) on Saturday November 07 2015, @01:33AM (#259756) Journal

      On the PC, I can at least do a form of integrity checking on the thing I download ( MD5 ).

      There are several sites I can go to and tell them the MD5 I got and they will tell me what I have ( their database is keyed to the MD5 ).

      This has helped me a lot in avoiding incidental malware installs.

      Something like this needs to be done for phones, where you can have your whatever vetted by some sort of digester which puts out the wrong digest if the thing has been monkeyed with.

      In the PC world, its very common for me to see well known packages bundled inside of hostile "installers", often from well publicized sites which give all appearances of authenticity. Be very wary of having *anything* installed from a site.

      Download the thing. Do NOT execute it. Let a MD5 digester look at it first and give you the hash. Google your hash. Then make your decision based on what you get back from Google.

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]