New Malware

[Kamau]

Spookiest Smartphone Malware Yet? - Atlantic Mobile

Even though the article says it's not in the wild yet, I wonder how long it will be before someone replicates it and does put it out there.
It also makes me wonder what else is out there that we don't know about.

 

[9to5cynic]

There's a lot of spooky android malware out there.

Android has a feature that allows one app to pull focus from another. So, if I make, say, a popular game application and include this focus call... it can jump into the foreground.

So say you play my awesome game, and decide that you need to check facebook or do some Amazon shopping. Well, luckily, my app calls itself to the foreground with a ripped off log in screen for those apps... now I've got your credentials.

I was at a talk the other day, and one of the researchers mentioned this. He said that when the warned google about this risk, google was like, 'oh, that's a feature, we can remove that.' </facepalm>

Sure there are legit apps that could use this, but so could malicious apps.

They also mentioned that there is an app that you can buy that is basically a rootkit of the device with botnet capabilities. So it can record your conversations and then be used for a ddos. OUCH!

All the more reason to be vigilant of what we install I'd say.

--

I really liked the author's disclaimer at the bottom. (My podcast app quit downloading over wifi. )
And it was developed by a guy who works for the navy with surface warfare, yep. I'm thinking this has some cool cyberwarfare implications.

 

[SIII groupie]

Install smart. It is not rocket science? I hear and see people stress over crap. If you got a virus on your Windows you might get one with Android.

No one can protect you from yourself better than you.

 

[Kamau]

Stressed, no. Concerned, most definitely with every right to be.
Viruses & malware have grown from just an annoyance to big problems over the years for systems & phones/tablets. And they have gotten more sophisticated every time one turns around.
So paranoia is not called for now, but vigilance certainly is, both proactive & reactive.

 

[Trooper]

All this aside, I still do not see a reason to run AV on Android phones.

 

[Kamau]

All this aside, I still do not see a reason to run AV on Android phones.

Maybe not yet, but soon. It's only a matter of time before those people that have too much time on their hands and no respect for others, make it necessary.

 

[Kamau]

Man-in-the-Browser malware scam goes universal - CSO Online - Security and Risk

As I said before, it won't be long before just being cautious with what you download won't be enough.

 

[9to5cynic]

^ is that the zeus botnet?
Ahh, I'll just check it out in a minute. Man in the browser is so genius. One of my favorites. So long as it's not on *my* computer.

EDIT:

Okay, so it doesn't go into details really. Instead of just going for specific fields, it'll grab everything and parse it on the spot. Cool. But the researches say it isn't in the wild yet. Well, that's probably because it is in beta. I'm guessing that it's just too expensive for the criminals to buy from the authors at this point.... and the MitB is working wonders as is.

Very cool article. You're getting a 'thanks' and a 'like' for that.