SoylentNews is people
SoylentNews
Arthur T Knackerbracket has found the following story:
An Android malware package likened to a Russian matryoshka nesting doll has security researchers raising the alarm, since it appears it's almost impossible to get rid of.
Known as xHelper, the malware has been spreading mainly in Russia, Europe, and Southwest Asia on Android 6 and 7 devices (which while old and out of date, make up around 15 per cent of the current user base) for the past year from unofficial app stores. Once on a gizmo, it opens a backdoor, allowing miscreants to spy on owners, steal their data, and cause mischief.
It has only recently been picked apart by Kaspersky Lab bods, and what makes the malware particularly nasty, the researchers say, is how it operates on multiple layers on the tablets and handsets it infects.
"The main feature of xHelper is entrenchment," explained Igor Golovin on Tuesday. "Once it gets into the phone, it somehow remains there even after the user deletes it and restores the factory settings."
[...] The best thing to do, though, is go a step further than a factory reset, and erase the flash memory completely, including the system partition, and put in a fresh clean copy. "If you have Recovery mode set up on your Android smartphone," said Golovin, "you can try to extract the libc.so file from the original firmware and replace the infected one with it, before removing all malware from the system partition. However, it’s simpler and more reliable to completely reflash the phone."
Even better advice is to avoid downloading any suspicious apps from the Google Play Store, just to be safe, and definitely don't use unauthorized third-party stores at all.
(Score: 3, Insightful) by Anonymous Coward on Thursday April 09 2020, @02:25AM (3 children)
Do you remember the days when in order to flash a BIOS you needed a physical disk in the drive and possibly a dip switch flick?
Remember how difficult it used to be? Then recall the day Microsoft, in their Almighty Wisdom decided to bridge the gap so the machine OS could flash the BIOS.
Then we had BIOS hacks from the OS.
Later they said "BIOS is not secure! This new EFI will fix that! Trust us!"
You could almost think it was planned.
(Score: 3, Informative) by anubi on Thursday April 09 2020, @03:07AM
In my day, one had to physically remove the bios chips ( usually two of em...low and high byte ), erase them under ultraviolet light, confirm they were now blank, now program the new code with special hardware ( eprom programmer ), and reinstall.
The absolute worst anyone could do was force me to wipe the drive and restore from backup... Which I did numerous times.
I knew good and well the position Microsoft was putting us all in.
I wasn't ranked high enough in the corporation to be taken seriously. They bought into it anyway. It is now far beyond my ability to keep it flying.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 3, Interesting) by istartedi on Thursday April 09 2020, @07:22AM (1 child)
And the only reason you ever flipped those DIP switches to flash your BIOS was because somebody royally f***ed up. I had plenty of PCs where there was never any reason to flash the BIOS. It is the Basic Input/Output System, after all. If they couldn't get that right, what made them think they could do anything more advanced?
Appended to the end of comments you post. Max: 120 chars.
(Score: 3, Insightful) by RS3 on Friday April 10 2020, @12:50AM
I wish I could clone myself and those clones would correct all of this type of thinking and argument around the Internet. (Clone thought inspired by last few days' "Dilbert"...) You're making the all-too-common all-or-nothing sweeping generalization.
BIOS flash is not always because "somebody royally f***ed up".
Long ago motherboards had switches and/or jumpers to select clock speeds, clock multipliers, Vcore CPU voltages, etc. Then chipsets + BIOS started auto-sensing the CPU and programmed the correct voltages, speeds, and other CPU-specific parameters. But the motherboard's BIOS made in 2002 wasn't able to predict that Intel would release faster CPUs 6 years later. They didn't exist yet, nor their parameters. I've done many BIOS updates for that very reason.
You can certainly make a good argument that software generally is crap and we're all beta testers. Sadly, most of the world accepts some kind of software update is normal everyday life. As such, I don't know how to fix it, but I'm glad for updates and patches.