Ransomware is one of the nastier types of malicious software to emerge in the last few years. It's not exclusive to mobile, but the basic gist is that it locks down either specific files or an entire machine until the user sends money to a shady, untraceable online account to get their digital life back in order. The combination of easily-exploited security vulnerabilities, relatively small payments spread out over thousands of devices, and users reliance on their phones or computers has proven incredibly lucrative for malware developers. Read More
We occasionally see apps pulled from the Play Store for trivial (but valid) violations of the rules. Google has been more proactive about enforcing its guidelines, but it's often pointed out it could be more consistent. Case in point: there are, right now, two listings on the Play Store from a warez site called BlackMart that offers paid apps for free. One of them has been up for months and has more than 100,000 downloads. C'mon, Google. Read More
Google has released its second Android Security Annual report, and it's full of big, impressive numbers. The full report is 49 pages long and covers the state of Android security in detail, but the basics are covered in Google's latest blog post. The gist is, Google scans all the things to keep Android users safe. We're talking about billions of apps; the Verify Apps service sure is working overtime. Read More
Over a year ago there was a lot of concern about this piece of malware that had not only a flashy, user-friendly interface, but also the ability to monitor audio and video on Android devices. Even worse, it was able to slip past the automated checking used by Google at the time. Technically, it was really a software toolkit to make it easier to package malware APKs and then do malicious things with them.
At long last, Morgan Culbertson was arrested last month after being charged with creating the software. Tuesday, Culbertson pleaded guilty in federal court, telling the judge "I committed the crime" when asked why he was entering the plea. Read More
People are hyper-aware of Android vulnerabilities after the announcement of the Stagefright exploit recently, so Trend Micro is taking the opportunity to detail a bug it found in Android recently. It's a bug in the mediaserver service that can be used to crash the phone, rendering it unusable until a reboot. Read More
Last year, there was a rather widely-covered story about a piece of Android malware (rather, an Android malware control suite) called Dendroid. That malware was published for sale on a cybercrime-aligned forum known as Darkode, and it just so happens that the FBI (with assistance from agencies in other nations) just arrested the guy who wrote Dendroid as part of a larger raid on Darkode's operators.
That guy is Morgan C. Culbertson, who has a pretty solid real name, but somehow the most tragically boring and uninventive criminal alias of all time: "Android." Come on, Morgan - you could have done better. Read More
A couple of months ago, we published a story about the scam problem in Google Play Books, and we haven't been alone in criticism of the store's issues.
The gist is this: Google's Play Books store was plagued by scammy "guide" books that, for a few dollars, promised access to cracked APKs, but in reality provided nothing but scams and malware.
Two of the publishers we mentioned in the post - Monster Guides Editor Pro and leon Master - were removed from the Play Store, but plenty remain, still distributing links to pirated apps and malicious sites, or outright selling the work of legitimate authors. Read More
It's not uncommon for security firms to raise their public profile by publishing analyses of device security and vulnerabilities. However, Bluebox Security really stuck its virtual foot in its mouth this time. After posting what appeared to be a damning exposé of malware shipping on Xiaomi's Mi4 last week, the company has had to post an addendum admitting that it was fooled by a fake and Xiaomi's phones aren't shipping with malware after all. Oops. Read More
We are, at this point, familiar with fake apps in the Play Store—they pop up from time to time, but Google swiftly eliminates them. It seems like for all its efforts in cleaning up the Play Store, Google has a blind spot when it comes to books. There are multiple publisher accounts in Google Play Books that claim to offer cracked APKs for a dollar or two, and people are buying them. Instead of getting a cheap game, all people are getting is disappointment and malware.
Pixel Battery Saver promises to save a little power by shutting off pixels in a grid pattern on AMOLED displays. For a long time, that's what it did for thousands of users, but now it has been sold to a third party. Pixel Battery Saver was updated as "Complete Virus Protection" yesterday evening before being pulled from the store. It's back now, but this is still just a huge mess.