Google has a lot of moving parts behind the scenes, trying to keep malware off of the Play Store. But with seven figures of apps posting and updating constantly, even it doesn't have a perfect record. Such is the claim from a security researcher last week, which said they found ten apps with variations on a trojan horse program. The apps are fairly innocuous based on their title and description, but each is designed to scrape a user's phone for Facebook login credentials. Read More
Google's reign over the Play Store often feels arbitrary, with legitimate apps disappearing for bogus reasons like out-of-context words or images while malware is striving. Another case has surfaced of an app turning into malware right under Play Protect's nose, and this time, the perpetrator is a Play Pass app with over 10 million installs: The generically named Barcode Scanner app. It has been removed since its discovery, but the developer's account remains active and offers other applications. Read More
Using app-generated one-time passcodes (OTPs) is perhaps the easiest and most cost-effective way to add a second authentication layer to all your online accounts and services. They eliminate almost any chances of an unauthorized person accessing your accounts even if they’ve got hold of your passwords. But it would be a scary situation if the passcodes within those apps were compromised, and that's just the threat Google Authenticator is facing right now thanks to some banking malware. Read More
We've seen our fair share of Android malware hit the scene, but the guys over at Kaspersky Labs have stumbled upon something rather alarming: the first IRC bot for Android. For those unaware, an IRC bot is a tool that provides automated function inside of an IRC channel. While very useful in many scenarios, IRC bots are also often used for malicious intent, such as the case at hand. It's worth noting here that, with the way this attack works, remote commands could be sent via any medium - SMS, webserver, etc. The attacker has just chosen IRC as the platform for this exploit. Read More
Google continues to be admirably quick to react to DroidDream, the nasty Android Trojan we helped uncover on Tuesday. After removing the offending apps from the Market in just a few minutes of finding out about them, a new post on the Google Mobile Blog reveals that they're now ready to take further steps.
: The tool Google is using to bulldoze DroidDream malware off your phone has surfaced in the Android Market: Android Market Security Tool
. From the app's description:
"There is no need to download and install this application on your own.
This is an Android Market security update that undoes exploits caused by the malicious applications that were removed from Android Market on 03/01/2011.
Update: After having a back and forth with Android Security, there's some disagreement as to just how malicious these apps we linked in this post are. We may have jumped the gun here, so hold tight, and we'll keep you informed.
First off, no, we're not trying to be sensationalist. And I'll admit up front that we're a bit light on details at the moment, but we've got a guy who is a professional, seasoned coder, and that's not the type of guy whose opinion you ignore. With that said: yes, we really think that we found something worse.
Among the flood of (mostly) related security/piracy tips we received in the wake of the DroidDream discovery was something that was worth a closer look: two more developers who were putting up more stolen apps. Read More
Wow - from our perspective, it's almost like the world exploded overnight. We have more information and details on the virus - which Lookout has named "DroidDream" (the word was consistently used in package names by the malware developers) - and some updates on where things stand.
First, we're absolutely amazed at how quickly Google reacted. As mentioned last night, our own Justin Case pinged a contact and the apps were pulled from the market within minutes. Read More
Openness - the very characteristic of Android that makes us love it - is a double-edged sword. Redditor lompolo has stumbled upon a perfect example of that fact; he's noticed that a publisher has taken "... Read More
I've been avoiding this one for a few days because it doesn't really seem like much of an issue to me, but it hasn't gone away, so I've changed my tune. Maybe this post will help somebody from getting a Trojan - and that has to count for some brownie points or something, right?
For the past few days, security-app maker Lookout (who you may remember for their App Genome Project) has been warning folks about a new AndVirus (yeah, just made that up) they've found called Geinimi. Word on the street is that this bad boy steals user data, and shows signs of "botnet-like capabilities." Read More
It’s been an interesting week so far… Steven Slater decided to set the bar ridiculously high for those looking to make dramatic exits from their workplace, we learnt that school is in fact spelt ‘shcool’ in North Carolina, and Android got a wake up call in the security department.
It was bound to happen at some point; as Android proves to be as popular as ever, it will be targeted by more malicious developers looking to exploit users of the platform. This particular trojan, identified as Trojan-SMS.AndroidOS.FakePlayer.a, is being spread around by text message.
How does it work? According to Kaspersky, users who receive the text message are prompted to install a 13kb application, which claims to be a media player. Read More