Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday April 08 2020, @07:57PM   Printer-friendly
from the rooted-in-your-phone dept.

Arthur T Knackerbracket has found the following story:

An Android malware package likened to a Russian matryoshka nesting doll has security researchers raising the alarm, since it appears it's almost impossible to get rid of.

Known as xHelper, the malware has been spreading mainly in Russia, Europe, and Southwest Asia on Android 6 and 7 devices (which while old and out of date, make up around 15 per cent of the current user base) for the past year from unofficial app stores. Once on a gizmo, it opens a backdoor, allowing miscreants to spy on owners, steal their data, and cause mischief.

It has only recently been picked apart by Kaspersky Lab bods, and what makes the malware particularly nasty, the researchers say, is how it operates on multiple layers on the tablets and handsets it infects.

"The main feature of xHelper is entrenchment," explained Igor Golovin on Tuesday. "Once it gets into the phone, it somehow remains there even after the user deletes it and restores the factory settings."

[...] The best thing to do, though, is go a step further than a factory reset, and erase the flash memory completely, including the system partition, and put in a fresh clean copy. "If you have Recovery mode set up on your Android smartphone," said Golovin, "you can try to extract the libc.so file from the original firmware and replace the infected one with it, before removing all malware from the system partition. However, it’s simpler and more reliable to completely reflash the phone."

Even better advice is to avoid downloading any suspicious apps from the Google Play Store, just to be safe, and definitely don't use unauthorized third-party stores at all.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by Anonymous Coward on Wednesday April 08 2020, @10:30PM (2 children)

    by Anonymous Coward on Wednesday April 08 2020, @10:30PM (#980407)

    "...However, it’s simpler and more reliable to completely reflash the phone."

    What a pity it is, then, that phone manufacturers, in their ever-enduring quest to wrench away control and ownership of the phone from those who paid for them, have made it damn near impossible to reinstall the phone OS from scratch outside of a "factory reset." A factory reset that relies on archives of the software that are kept on a partition of the phone's main flash chip. A partition on the chip that, at the end of the day, is just as changeable as the rest of the chip, whether it's storing your latest tech message, or the most important code on the phone.

    So, for a lot of users, you'd need either expensive, factory-level tools, or to hack the phone so you can bypass the lockouts. A very ironic situation where recovering from a failure in security requires you to have avoided patching yourself to death with whatever controlling updates the company tried to ram down your throat.

    Of course, all of this is one of major advantage to PCs, which can have separate installation media if you bought it or bothered to make it when you got the machine. Although Big Tech is doing their best to try to erode that away, as well, and have done a wonderful job of making sure that PCs have firmware that's similarly hackable, even if it isn't too common to see that in practice at the moment.

    Starting Score:    0  points
    Moderation   +3  
       Insightful=2, Interesting=1, Total=3
    Extra 'Insightful' Modifier   0  

    Total Score:   3  
  • (Score: 0) by Anonymous Coward on Thursday April 09 2020, @12:20AM

    by Anonymous Coward on Thursday April 09 2020, @12:20AM (#980442)

    Pass a law requiring phone manufactures to make the tools available to the public to backup, restore and modify their device using a PC?

  • (Score: 4, Interesting) by TheReaperD on Thursday April 09 2020, @04:19AM

    by TheReaperD (5556) on Thursday April 09 2020, @04:19AM (#980493)

    I remember a technology preview given by Intel for their "new" remote management tools (don't remember the marketing speak for the name at the time) that were going to be baked right into the CPU. I asked about security implications at the time. They didn't answer my question and my name was suspiciously absent from the guest list the next conference whereas my coworker's name was still on it. Low and behold, the system is getting pwned left and right now and Intel is having to gut their CPU performance to try and combat the problem with only limited success.

    --
    Ad eundum quo nemo ante iit