04
Jun
image

Duo Security Sends A Trojan Horse Inside Google's Bouncer, Explores And Fingerprints Its Guts

Posted by in Android OS, Applications, News

The Google Play Store's "Bouncer," which Google launched back in February to protect Android users from malicious apps, is a service that scans potential Play Store apps by running them in a virtual phone environment, where the app's activities are monitored for any signs of mal-intent.

Taking advantage of that test period, security researchers Charlie Miller and Jon Oberheide have evidently found ways past Bouncer (which they will be presenting at the Summercon conference in New York this week). Their method, in short, allows an app to "know" that it is being run in a virtual environment, meaning malicious apps could conceivably resist carrying out malicious activities until they are running on a real system.

24
May
thumb

£50k Fine Slapped On Firm Responsible For Fake Angry Birds And Other Play Store Games That Sent Premium SMS Messages

Posted by in News

Fake apps in the Play Store are nothing new. We've seen countless fakes hit the Store, many of which contained some form of malware used to steal user data, or worse, charge premium features to their bill. A Latvian firm is now being fined for the latter due to fake apps designed to look like Angry Birds Space, Cut the Rope, and Assassin's Creed.

After downloading one of the aforementioned apps, though, the user wasn't greeted by flying birds or a hungry frog, but instead... nothing. The apps did absolutely nothing in the foreground. Little did the users who installed these apps know that they were being scammed behind the scenes.

31
May
android-virus-1

Lookout Team Pegs 25 Android Market Apps Infected With DroidDreamLight Malware

Posted by in News

Remember DroidDream - one of the worst malware apps that we've seen since Android's inception? Well, it appears that the developer of said malware is back at it again, with a  reported 25 infected apps (so far) found in the Android Market. Dubbed DroidDreamLight by the Lookout Security team, this infection is a stripped down version of its predecessor. Make no mistake, though - that doesn't mean it's any less malicious.

This malware was actually found by a developer of one the infected apps, when he noticed that a modified version of his own apk was being distributed in the Android Market.

12
Apr
adobeflashplayer_20100610172112

Critical Vulnerability Found In Adobe Flash For Android, Probably No Cause For Concern

Posted by in Applications, Apps/Games, News

With a great plugin comes great responsibility - to avoid malicious Flash files, that is. A zero-day exploit has been discovered in Adobe Flash that affects all Android versions of the software, Adobe announced today.

The most common vessel for the exploit is (fortunately) a Microsoft document (.doc) email attachment with an embedded Flash file (.swf) - and I'm not aware of any Word document viewers/editors in Android that support embedded Flash. Once the Flash file is executed, the exploiter can run malicious code on the target device. How, or whether, this could affect Android is unknown.

Still, it's important to remember that Adobe's products, ever the target of hackers and shady enterprise, share common elements across operating systems - including, at times, potentially dangerous flaws and exploits.

11
Mar
ric flair hacks ios and bb

Android Survives Hacking Competition - iOS, Blackberry Get "Pwned"

Posted by in News

With all of the recent concern about malware in the Android Market, it may lead one to make the generalization that the Android OS is nothing but a big loser in the mobile security department. It looks like that may be a faulty conclusion, if the results from hacking competition Pwn2Own are any indication. In this year's contest, held at the CanSecWest Security Conference, Android and Windows Phone 7 both survived unscathed, while iOS and Blackberry fell to the hackers.

Pwn2Own is a computer hacking contest where cyber attackers attempt to hack into a variety of devices and browsers, both mobile and desktop.