We've seen our fair share of Android malware hit the scene, but the guys over at Kaspersky Labs have stumbled upon something rather alarming: the first IRC bot for Android. For those unaware, an IRC bot is a tool that provides automated function inside of an IRC channel. While very useful in many scenarios, IRC bots are also often used for malicious intent, such as the case at hand. It's worth noting here that, with the way this attack works, remote commands could be sent via any medium - SMS, webserver, etc. The attacker has just chosen IRC as the platform for this exploit.
Google continues to be admirably quick to react to DroidDream, the nasty Android Trojan we helped uncover on Tuesday. After removing the offending apps from the Market in just a few minutes of finding out about them, a new post on the Google Mobile Blog reveals that they're now ready to take further steps.
"There is no need to download and install this application on your own.
This is an Android Market security update that undoes exploits caused by the malicious applications that were removed from Android Market on 03/01/2011.
First off, no, we're not trying to be sensationalist. And I'll admit up front that we're a bit light on details at the moment, but we've got a guy who is a professional, seasoned coder, and that's not the type of guy whose opinion you ignore. With that said: yes, we really think that we found something worse.
Among the flood of (mostly) related security/piracy tips we received in the wake of the DroidDream discovery was something that was worth a closer look: two more developers who were putting up more stolen apps.
Wow - from our perspective, it's almost like the world exploded overnight. We have more information and details on the virus - which Lookout has named "DroidDream" (the word was consistently used in package names by the malware developers) - and some updates on where things stand.
First, we're absolutely amazed at how quickly Google reacted. As mentioned last night, our own Justin Case pinged a contact and the apps were pulled from the market within minutes.
Update: For more details on DroidDream, check out out the follow-up post. It includes more information about the virus and how it works, who's to blame, and provides a link to a flashable .ZIP that prevents the virus from working.
Openness - the very characteristic of Android that makes us love it - is a double-edged sword. Redditor lompolo has stumbled upon a perfect example of that fact; he's noticed that a publisher has taken "...
I've been avoiding this one for a few days because it doesn't really seem like much of an issue to me, but it hasn't gone away, so I've changed my tune. Maybe this post will help somebody from getting a Trojan - and that has to count for some brownie points or something, right?
For the past few days, security-app maker Lookout (who you may remember for their App Genome Project) has been warning folks about a new AndVirus (yeah, just made that up) they've found called Geinimi. Word on the street is that this bad boy steals user data, and shows signs of "botnet-like capabilities." Scary stuff, indeed.
It’s been an interesting week so far… Steven Slater decided to set the bar ridiculously high for those looking to make dramatic exits from their workplace, we learnt that school is in fact spelt ‘shcool’ in North Carolina, and Android got a wake up call in the security department.
It was bound to happen at some point; as Android proves to be as popular as ever, it will be targeted by more malicious developers looking to exploit users of the platform. This particular trojan, identified as Trojan-SMS.AndroidOS.FakePlayer.a, is being spread around by text message.
How does it work? According to Kaspersky, users who receive the text message are prompted to install a 13kb application, which claims to be a media player.