Researchers at Kaspersky Lab have identified a family of modular Android malware dubbed "Loapi," which is capable of mining the Monero cryptocurrency, inundating users with advertisements, automatically subscribing the user to paid services, and participating in DDoS attacks, among other functions. The cryptocurrency mining module maintains a load sufficiently high enough to cause physical damage to a test device after two days—the above photo shows a device which overheated to the point the battery bulged.
Computer security is important, even if the computer in question fits in your hand. There should be no doubt about that fact. However, you should be just as wary of security software as any other app. Case in point: there's a slick new app in the Play Store called Virus Shield. It's got a cool look and it's easy to operate. Just press a single button and your virus shield is activated.
You hear a lot of reports about malware and other undesirable third-party apps these days, especially from security researchers (and people who want to sell you something to make you feel safe). It's undeniable that malicious apps are a problem on an open system, but new data from Google indicates that the amount of actual harm being done might be negligible. QZ.com reports on a presentation from Google's Android Security Chief Adrian Ludwig at the Virus Conference in Berlin. He estimates that .001% of Android apps are able to get past Google's defenses.
A new piece of Android malware has been discovered by security researchers at Kaspersky Labs. That by itself wouldn't be big news, but this Trojan does things no other malicious app has done. It exploits multiple vulnerabilities, blocks uninstall attempts, attempts to gain root access, and can execute a host of remote commands. Backdoor.AndroidOS.Obad.a, as it has been dubbed, is the most sophisticated piece of Android malware ever seen.
There are two previously unknown Android vulnerabilities exploited by Obad. The malware installer contains a modified AndroidManifest.xml file, which is a part of every Android apps. The first big vulnerability is in the processing of this file by the system – it shouldn't be processed at all, but the app installs just fine.
We talked a little bit about Bitdefender's new antivirus offering earlier today in our giveaway post, but now we want to dive a little deeper into the app and explain what makes it good, how it differs from Bitdefender's paid mobile security service, and how it compares to similar antivirus offerings.
The first question you may have is "since Bitdefender's Mobile Security app was already free(mium), why release this?" That answer is actually pretty simple: as of today, the model for Mobile Security has changed to a trial period-only. Basically, you can try the full suite for two weeks, and after that are presented with the option to buy.
We've got an LG Nexus system dump and endless desire to spoil every Googley surprise we can. Today's edition of the Android 4.2 Teardown could be alternatively subtitled "The Super-Serious Security Edition," because we're talking about the sort of stuff that should make your sysadmin jump for joy.
Please keep in mind this is just as forward-facing and time-ambiguous as all my other teardowns. This is a list of new stuff in the 4.2 dump, not a list of "confirmed for 4.2" features. Anything could be cut or not fully implemented by the time 4.2 rolls around; similarly to how bits of Android are currently multi-user aware, yet multi-user functionality isn't accessible.
Yes, it's hard to believe, but Google is working on a malware scanner for the Play Store. The string file doesn't lie:
<string name="package_malware_title">App Check</string> <string name="package_malware_consent_text">"Allow Google to check all apps installed to this device for harmful behavior? To learn more, go to Settings > Security."</string> <string name="package_malware_banner_warning">Installing this app may harm your device</string> <string name="package_malware_banner_blocked">Installation has been blocked</string> <string name="package_malware_recommendation_warning">Google recommends that you do not install this app.</string> <string name="package_malware_recommendation_blocked">To protect you, Google has blocked the installation of this app.</string> <string name="package_malware_app_name">App name: \"%s\"</string> <string name="package_malware_checkbox_label">I understand that this app may be dangerous.</string> <string name="package_malware_consent_title">Verify apps?</string>
Even if you haven't played it before, there's a decent chance you've seen Plague Inc. around the internet. Usually, it involves seeing a screenshot that informs you your mom has killed thousands of people. If you've ever wondered how you—yes, you!—can also create silly-named diseases that annihilate Earth's population with your Android phone, the answer has arrived! Go here, download the game, then spend 15 minutes staring at the screen trying to come up with something clever. Fair warning: "BieberFever" has already been done to death.
Of course, there is actually a game part to this game. The action is rather slow-going at first, but that's the point.
We at Android Police take our mobile security pretty seriously. It's in the job description. Entering the realm of mobile security today is yet another contender on the good side of the battle: VirusTotal has released its client for Android. Prior to this, VirusTotal was a simple website where you can upload suspicious files to be scanned by a multitude of antivirus engines. Having provided this desktop OS-oriented service for several years now, VirusTotal has brought its experience and expertise to mobile.
However, its mobile offering is slightly different than its desktop counterpart. As mobile devices are often data-limited, VirusTotal for Android instead checks an identifying hash of each application installed on your mobile device against the website's database.
As Android has grown from a small hobbyists OS to the mainstream-conquering behemoth it is today, so has the amount of malware directed towards it. A large chunk of the problem comes from malicious apps that make it into the Android Market - often times, duplicates of popular apps with a few strings of code thrown in that allow the app to transmit personal information or hijack the device.
Makers of anti-virus apps claim that there's more malware in the market than ever, painting the picture of a wild west-esque place that's ever-more attractive to the scum of the app universe.