• Tag Archives Android

  • SandroRAT Mobile Phone Android Malware that Disguises as Kaspersky Mobile Security

    Posted on by admin Comment
    Researchers have warned users of Android devices to avoid app downloads from particularly unauthorized sources, since a new and sophisticated piece of malware is targeting Android users through phishing emails.
    The malware, dubbed SandroRAT, is currently being used by cybercriminals to target Android users in Poland via a widely spread email spam campaign that delivers a new variant of an Android remote access tool (RAT).
    The emails masquerade itself as a bank alert that warns users of the malware infection in their mobile device and offers a fake mobile security solution in order to get rid of the malware infection.
    The mobile security solution poses as a Kaspersky Mobile Security, but in real, it is a version of SandroRAT, a remote access tool devised for Android devices, whose source code has been put on sale on underground Hack Forums since December last year.
    A mobile malware researcher at McAfee, Carlos Castillo, detailed the new variant of Android remote access trojan over the weekend. According to the researcher, the package spread via phishing campaign is capable of executing several malicious commands on the infected devices.
    SandroRAT gives the attacker an unrestricted access to sensitive details such as SMS messages, contact lists, call logs, browser history (including banking credentials), and GPS location data stored in Android devices and store all the data in an “adaptive multi-rate file on the SD card” to later upload them to a remote command and control (C&C) server.

    Spam campaigns (via SMS or email) are becoming a very popular way to distribute Android malware, which can steal personal information or even obtain complete control of a device with a tools like SandroRat,” wrote Carlos Castillo. “This attack gains credence with the appearance of a bank offering security solutions against banking malware, a typical behavior of legitimate banks.”

    This new version of SandroRAT also has a self-update feature in it and it can install additional malware through user prompts for such actions. The malware gives the attacker full control over the messages, who can intercept, block and steal incoming messages, as well as insert and delete them.
    It also appears that the attacker can send multimedia messages with specific parameters sent by the C&C server and can also record nearby sounds using the device’s mic.
    Castillo also notes that the SandroRAT variant of malware had decryption capabilities for older releases of Whatsapp messaging app. But, the users running the latest version of Whatsapp in their Android devices are not vulnerable because the developers adopted a stronger encryption scheme.

    This decryption routine will not work with WhatsApp chats encrypted by the latest version of the application because the encryption scheme (crypt7) has been updated to make it stronger (using a unique server salt),” Castillo explained. “WhatsApp users should update the app to the latest version,” he advised.

    Users are advised to avoid application downloads from unauthorized sources, particularly when the app download link is send through an email. Good practice is to always prefer downloading apps from the Google Play Store or other trusted sources.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida

     


    📂This entry was posted in Virus Threats 📎and tagged

  • Android security loophole lets apps take and upload pics without you knowing

    Posted on by admin Comment

    Google is always keen to downplay the problem of malware on Android, for obvious reasons, but that doesn’t make the underlying threats any less troubling. New threats are being discovered all the time, and as the platform grows – with over 1.5 million Android devices being activated every day – the potential to infect ever more devices grows too.

    It must be said that Google does a pretty decent job when it comes to eliminating malware from its own Play Store – less than 0.1% of apps there contain malicious code, according to F-Secure (pdf) – and efforts such ason-device monitoring have also helped to limit the impact of rogue software. But third-party Android stores fare considerably worse than this; according to Forbes, in one third-party store, a staggering 33% of apps were found to be infected.

    One such threat was documented by security researcher Szymon Sidor this week, who found that by creating an app that exploited a simple loophole in the OS, he was able to get a device to capture photos using its camera, and then upload them to a remote server, without the user having so much as a hint that anything untoward had happened.

    [​IMG]
    Your phone could be taking photos of you looking like this, without you knowing!

    Sidor said that he had observed numerous apps on Google Play that were capable of taking photos covertly, but each of them required a visible indication of the app’s activity on screen and, critically, for the screen to be switched on. As he wrote on his Snacks For Your Mind blog, he set about trying to see if there was a way to perform the same task, but without that visible indication.

    He succeeded, and he was able to do so by exploiting a simple loophole in Android’s security features. Android requires that, when a photo is being taken, a preview of the image viewfinder must be shown on the screen; it’s a measure to ensure that users know that the camera is engaged and not taking photos or videos of them without their knowledge.

    But Sidor adjusted the code in his testbed app to continue displaying that preview, but only on a single pixel. That makes it completely impossible for a user to be able to see the preview, and therefore none the wiser if an app were to covertly be capturing snaps of them and uploading them elsewhere. The app was also able to capture other details from the device, such as battery level (crucial in helping to avoid detection of the app via its battery drain), and even the current location of the device. Check out the video below:

    Perhaps the most disturbing finding is revealed in this little snippet (emphasis is ours):

    The result was amazing and scary at the same time – the pixel is virtually impossible to spot on Nexus 5 screen (even when you know where to look)! Also it turned out that even if you turn the screen completely off, you can still take photos, as long as the pixel is still there.

    Sidor’s post on his findings is well worth a read – and he also includes a few handy tips on how to protect yourself from the threat of malicious apps on your Android device. He acknowledges that he was not, in fact, the first to discover this flaw, but also adds that he has contacted Google with the details of his own research, in the hope that they will close the loophole with a future security patch.

     

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida

     


    📂This entry was posted in Computer News 📎and tagged

  • Android iBanking Trojan Source Code LEAKED ONLINE

    Posted on by admin Comment

    Smartphone is the need of everyone today and so the first target of most of the Cyber Criminals. Malware authors are getting to know their market and are changing their way of operations. Since last year we have seen a rise in the number of hackers moving from the Blackhat into the Greyhat.

     

    iBanking, a new mobile banking Trojan app which impersonates itself as an Android ‘Security App‘, in order to deceive its victims, may intimidate a large number of users as now that its source code has been leaked online through an underground forum.

    It will give an opportunity to a larger number of cybercriminals to launch attacks using this kind of ready-made mobile malware in the future.

     

    Since many banking sites use two-factor authentication and transaction authorization systems in order to deal with the various threats, by sending unique one-time-use codes to their customers’ registered phone numbers via SMS, but in order to defraud them, cyber criminals have started to create various mobile malware like iBanking to solve their purpose.

     In addition, with the iBanking malware, Computer malware is used to defeat the mobile-based security mechanisms used by the banking sites.

    Apart from the server-side source-code, the leaked files also include a builder that can un-pack the existing iBanking APK file and re-pack it with different configurations, essentially providing fraudsters with the means to create their own unique application,” added Daniel Cohen.

    In addition to SMS Sniffing, the iBanking app allows an attacker to redirect calls to any pre-defined phone number, capture audio using the device’s microphone and steal other confidential data like call history log and the phone book contacts.

    During the installation process, the malicious app attempts to Social Engineer the user into providing it with administrative rights, making its removal much more difficult.

    Latest Computer news and virus and malware threats at Complete computer Repair Services Fort Lauderdale and all South Florida Latest Computer News and Repair Services

    www.ccrepairservices.com


    📂This entry was posted in Computer News Virus Threats 📎and tagged