You hear a lot of reports about malware and other undesirable third-party apps these days, especially from security researchers (and people who want to sell you something to make you feel safe). It's undeniable that malicious apps are a problem on an open system, but new data from Google indicates that the amount of actual harm being done might be negligible. QZ.com reports on a presentation from Google's Android Security Chief Adrian Ludwig at the Virus Conference in Berlin.
A new piece of Android malware has been discovered by security researchers at Kaspersky Labs. That by itself wouldn't be big news, but this Trojan does things no other malicious app has done. It exploits multiple vulnerabilities, blocks uninstall attempts, attempts to gain root access, and can execute a host of remote commands. Backdoor.AndroidOS.Obad.a, as it has been dubbed, is the most sophisticated piece of Android malware ever seen.
There are two previously unknown Android vulnerabilities exploited by Obad.
We talked a little bit about Bitdefender's new antivirus offering earlier today in our giveaway post, but now we want to dive a little deeper into the app and explain what makes it good, how it differs from Bitdefender's paid mobile security service, and how it compares to similar antivirus offerings.
The first question you may have is "since Bitdefender's Mobile Security app was already free(mium), why release this?" That answer is actually pretty simple: as of today, the model for Mobile Security has changed to a trial period-only.
We've got an LG Nexus system dump and endless desire to spoil every Googley surprise we can. Today's edition of the Android 4.2 Teardown could be alternatively subtitled "The Super-Serious Security Edition," because we're talking about the sort of stuff that should make your sysadmin jump for joy.
Please keep in mind this is just as forward-facing and time-ambiguous as all my other teardowns. This is a list of new stuff in the 4.2 dump, not a list of "confirmed for 4.2" features.
A new app update means a new APK Teardown here at AP. Today's victim is the Google Play Store, which was just freshly updated to 3.9.16. We've got all sorts of stuff to talk about.
A Built-In Malware Scanner
Yes, it's hard to believe, but Google is working on a malware scanner for the Play Store. The string file doesn't lie:
Even if you haven't played it before, there's a decent chance you've seen Plague Inc. around the internet. Usually, it involves seeing a screenshot that informs you your mom has killed thousands of people. If you've ever wondered how you—yes, you!—can also create silly-named diseases that annihilate Earth's population with your Android phone, the answer has arrived! Go here, download the game, then spend 15 minutes staring at the screen trying to come up with something clever.
We at Android Police take our mobile security pretty seriously. It's in the job description. Entering the realm of mobile security today is yet another contender on the good side of the battle: VirusTotal has released its client for Android. Prior to this, VirusTotal was a simple website where you can upload suspicious files to be scanned by a multitude of antivirus engines. Having provided this desktop OS-oriented service for several years now, VirusTotal has brought its experience and expertise to mobile.
As Android has grown from a small hobbyists OS to the mainstream-conquering behemoth it is today, so has the amount of malware directed towards it. A large chunk of the problem comes from malicious apps that make it into the Android Market - often times, duplicates of popular apps with a few strings of code thrown in that allow the app to transmit personal information or hijack the device.
Makers of anti-virus apps claim that there's more malware in the market than ever, painting the picture of a wild west-esque place that's ever-more attractive to the scum of the app universe.
Antivirus apps are big business on Android. Just run a search on our site and you can see there are tons of big-name apps for our beloved OS that help protect users from malware, track lost devices, and manage privacy (among other things). Millions have downloaded such apps, and sometimes paid fairly large sums (in relation to other apps, anyway) for the protection they offer.
We've seen our fair share of Android malware hit the scene, but the guys over at Kaspersky Labs have stumbled upon something rather alarming: the first IRC bot for Android. For those unaware, an IRC bot is a tool that provides automated function inside of an IRC channel. While very useful in many scenarios, IRC bots are also often used for malicious intent, such as the case at hand. It's worth noting here that, with the way this attack works, remote commands could be sent via any medium - SMS, webserver, etc.