Fresh Off The Block


Dec
30
2012

Beware the fake Google Play store that’s actually malware

Malware on Android is nothing new. In fact, stories about this very subject can be found on most major news websites or tech blogs on an irregular basis, perhaps approaching once a month if not more. Usually the malware is easy to identify with the right amount of attentiveness, with the wrong developer names, low quality icons or badly written descriptions on the download page being a dead giveaway; and even if you're foolish enough to download these, the failure of the app to work; or unexpected behaviour while it's running should usually grab attention. But what if the Malware looks and acts like the official store where you buy the apps in the first place?

This is the latest threat to Android users, discovered by effective Russian security firm Doctor Web. Known as the "Android.DDoS.1.origin" trojan, infected devices can be used for an array of malicious purposes including spamming text messages; and even DDoS attacks. Once installed, the app creates an icon that is an exact replica of the Google Play Store. Clicking it will still send you to the Store, but also activates the trojan, which runs silently in the background. The trojan will immediately try to connect to its Command and Control (C&C) server and if it does, the server operators are sent the victim's phone number. From here, the virus can receive texts from its operators, which are intercepted so the phone isn't aware of their receipt, telling it what to do next. These instructions can include a request to start DDoSing; at which point, the malware will spam a given target with quick bursts of data from the infected phone

The DDoS attacks present a threat to the infected phone's user, who will find the data limits on their calling plans quickly used up unwittingly and criminally; and if enough phones attack the same location, it can also be bad for the receiving site, which may fail temporarily due to the sudden surge of traffic. Be careful out there!

What Our Visitors are Talking About


Latest CommentsOn Twitter Right Now
  • “Unlock” Dialogue for Clone System tool in Aomei Backupper 2.5 by William Sims
  • Microsoft gets 561 million euro fine for missing browser ballot “oversight” by Gamer Repulic's Dorthea
  • Microsoft gets 561 million euro fine for missing browser ballot “oversight” by Sherman Moya
  • Microsoft gets 561 million euro fine for missing browser ballot “oversight” by Microsoft gets 561 million euro fine for missing browser ballot “oversight” | The Sanitarium.FM
  • Valve’s Steam Gaming Computer: What we know so far by Valve's Steam Gaming Computer: What we know so far | The Sanitarium.FM
  • Tweet to @TMWeb to have your comments appear here!

    Previous Articles


    Jan
    15
    2012

    VirusTotal gets updated, file size limit increased to 32 MB and new interface

    This article was not written by the team at Technically Motivated. It was quoted heavily from a similar post from dotTech.org; which itself was based on a posting from the VirusTotal blog; and has been reprinted here under the terms permitted by the Creative Commons Attribution-Noncommercial license the original work was licenced under. Technically Motivated makes no claim of ownership for this article.

    VirusTotal is an awesome website. If you don't know about it already, you have been missing out on life — VirusTotal allows users to scan a file with 40+ anti-virus/anti-malware engines. VirusTotal recently introduced an update to the website. This update brings many goodies. Let's take a look at what they are:

    • New interface. VirusTotal has a new interface; it is more modern and streamlined.
    • New file size limit. In the past VirusTotal only accepted files that were 20 MB or smaller in size. That limit has now been increased to 32 MB. Oh happy days.
    • New back-end engine. VirusTotal has now been migrated to Google Apps Engine. This basically means VirusTotal runs on Google's cloud services. For most of us normal users, it makes no difference if VirusTotal is running on Google Apps Engine or some other cloud service. However Google Apps Engine allows VirusTotal to scale better when the need arises, ensuring a better service level; plus scans and analyzes should now be faster thanks to Google's infrastructure.
    • Other changes. Aside from the major changes mentioned above, other changes include:
      • Thanks to HTML5, VirusTotal now computes the hash of files locally thus if you are looking to scan a file that has already been scanned by VirusTotal, you don't have to upload the file before you are given the ability to view the older scan results.
      • The URL scanner uses more engines now, bringing the total to 19.
      • Releasing version 2 of the public API, improving responsiveness among other things.
      • And more.

    Hit up the link below to check out the new VirusTotal yourself:

    VirusTotal homepage

    [via VirusTotal Blog]

    Jul
    22
    2011

    Google starts warning users of malware infection

    A recent post on the Official Google Blog and cross-posted on the Google Online Security Blog will certainly please security researchers and anti-virus developers, as well as raise eyebrows for a lot of other people – Google has begun to warn users of its Search Engine when it believes they may be infected with a particular strain of malware.

    Reportedly, it all started when Google performed routine maintenance on one of their data centres, and took a look at search patterns performed on their search engine handled by it. Google discovered that some of the traffic looked highly unusual, and brought it up with security engineers at several companies that were sending this modified traffic. Together, it was determined that the computers exhibiting this behavior were infected "with a particular strain of malicious software".

    In a move to keep the users of Google services safe and prevent data theft – which would be a nightmare for everybody – Google has taken the unexpected step of warning its users when it detects a search request that its research indicates may mean the computer is infected with this malware. If such an infection is detected, this message will appear above their search results:

    "Your computer appears to be infected"

    "Your computer appears to be infected" - Google warns this user of a malware infection

    It should be made clear that this is not comprehensive protection. Google only detects one particular strain of malware and provides advice on how to remove it from infected computers – it does not (and cannot) actually remove the malware itself, and other bad software may not be detected at all. According to Google, "The malware appears to have gotten onto users’ computers from one of roughly a hundred variants of fake antivirus, or “fake AV” software that has been in circulation for a while. We aren’t aware of a common name for the malware. We believe a couple million machines are affected by this malware."

    Even with the limited protection it provides, Google believe this new step to keeping users safe has already resulted in tens of thousands of people being made aware of the malware that would not have been otherwise, and subsequently caused fewer lasting infections and made Google users much safer overall. Which is surely something to be commended.

    Apr
    05
    2011

    Symantec: Targeted computer attacks almost doubled in 2010

    Antivirus software maker Symantec said Tuesday that attacks increased some 93 percent from 2009 to 2010, with a staggering 286 million new threats reported last year alone. An increase in the number of attacks on enterprise systems was noted, as well as the use of social networks as an attack vector. Read the rest of this entry »

    Digiprove sealThis informative article has been Digiproved © 2011
    Acknowledgements: http://www.betanews.com/article/Syman more...
    Some Rights Reserved
    Feb
    12
    2011

    JottiQ: Scan mutiple files for malware at once – and get the results without opening your browser.

    Jotti’s malware scan is a service that allows users to scan files with 18 different anti-virus/anti-malware scanners and get a report from each. Users upload individual files to their website, and Jotti’s malware scan sends it to all the scanners, which then scan the file and report back the result. Jotti then collects and displays them on the page. You can only upload one file at a time, and there may be a delay before results come in, in order to prevent the server being overloaded.

    JottiQ is a desktop program that extends the usability of Jotti’s malware scan. Its main purpose was to get around the single-file limitation for those who have a need to scan several files at once, but there’s many more things it can do. Read the rest of this entry »

    Jan
    01
    2011

    New virus threatens Android devices

    A new virus, apparently originating from China, has recently been discovered in the wild, and can allow a hacker to gain access to personal data and force the details to be saved to remote servers. But this virus doesn’t affect Windows, Mac OS, or any similar operating system. Instead, this is a virus that targets Google Android platforms!

    A report this week from Lookout Mobile Security said the new Trojan affecting Android devices has been dubbed “Geinimi” and “can compromise a significant amount of personal data on a user’s phone and send it to remote servers.” The firm Read the rest of this entry »

    Digiprove sealThis informative article has been Digiproved © 2011