Welcome to Android Advice and Tutorials.
Yesterday Kaspersky Lab reported a new Android Trojan called Zeus that disquises itself as an Android security app called “Android Security Suite Premium”. This new Android malware first appeared in early June but has had updates since making it that much harder to avoid.
What the new Zeus malware does is steal incoming text messages and send them to a command-and-control server owned and operated by the attackers. With this they can access sensitive data such as password reset links and account information based on other apps you have installed on your device.
“It is also important to mention that these malicious apps are able to receive commands for uninstalling themselves, stealing system information and enabling/disabling the malicious applications,” Denis Maslennikov, a Kaspersky security researcher said in a blog post.
You can see that the malware is installed on your Android device by its blue shield icon that will show a fake activation code when accessed.
You can dramatically decrease your chances of getting malware like Zeus by installing an app like Lookout Mobile Security and not running or installing apps that you aren’t sure of or don’t remember downloading.
There is a trojan called TapLogger that logs and steals phone numbers, social security ID’s, and personal identification numbers by monitoring keystrokes based on tap location. By monitoring the device based on the integrated motion sensors TapLogger can track just about anything you do on your device. This trojan was created by computer scientists as a proof-of-concept app for phones running Android and hides itself as a game that challenges users to identify identical icons from similar looking images.
The trojan runs in the background and monitors readings returned by the phones accelerometer, gyro, and orientation sensors to collect anything entered into the device via a touch action. The information is then logged and uploaded to a remote machine under the attackers control for their own malicious uses.
“The fundamental problem here is that sensing is unmanaged on existing smartphone platforms,” Zhi Xu, a PhD candidate in the Pennsylvania State University’s Department of Computer Science and Engineering, wrote in an email to Ars. “TapLogger shows that those unmanaged ‘insensitive sensors’ can really be used to infer very sensitive user information (e.g. passwords and PIN numbers). Inspired by TapLogger, we believe that more and more sensor-based attackers will be introduced in the near future.”
TapLogger based on keystrokes on the device can figure out the taps of a given Android model and make very good guesses as to the buttons pushed. While the trojan cannot tell the attacker the exact sequence pressed it allows them to figure it out very easily.
“To prevent such types of attacks, we see an urgent need for sensing management systems on the existing commodity smartphone platforms,” they wrote. “Sensors, such as accelerometer and orientation sensors, should all be considered as sensitive to user’s privacy and need gaining security permissions to access.”
This is currently an Android built trojan although can easily infect iOS devices that have been jailbroken. Stock iOS devices are currently immune to the malicious threats although with these types of attacks growing rapidly we will likely see improved versions over time.
Dr. Xuxian Jiang at North Carolina State University along with the NQ Mobile Security Research Center have began alerting Android users of the newest threat called UpdtBot. The new android malware passes itself off as a system update and spreads via SMS messages linking to the malware. Once UpdtBot is installed it registers a remote C&C (Command and Control) server. This C&C server will infect the Android device and start sending out SMS messages, make phone calls and download and install applications on your device.
From what NQ Mobile has estimated there are around 160,000 Android users already infected with this malicious software. If you want to be sure you don’t have it install some anti-virus software on your device and scan now. We recommend Lookout Mobile Security although there are many out there that will do the job.
If you are just against adding anti-virus apps to your Android device then at least be sure to only install apps from trusted sources like Google Play, Amazon App Store and GetJar. Also you can see permissions of apps when they are installing don’t just skip over them this can help you maintain a clean device.
APK: cn.smstelphoneapp Version: 1.0
Discovered: April 16, 2012
Updated: April 16, 2012 2:23:58 PM
Infection Length: 23,536 bytes
Android.Updtbot is a Trojan horse for Android devices that may arrive through SMS messages. It may then open a back door on the compromised device.
ZDnet says they have found an Android Trojan that will not only get into and steal your call logs but also records your conversations. This is another reason why all Android users should have some sort of malware detection on their device at all times. Generally you can avoid these easily by leaving “unknown sources” turned off on your device.
How to help Avoid Trojans and other Malware:
To Not allow installation of apps from unknown sources go to Settings -> Applications and uncheck “Unknown Sources”. Of course you can always turn it on when needed to install anything outside of the Android Market although leaving it off if you are inexperienced with the platform is good practice.
What this Trojan does to your device:
When the trojan is downloaded to your device it asks for permissions such as hardware controls, phone calls and system tools. What the trojan will do if you accidentally accept it is access the .AMR files stored in the MicroSD card where the phone stores conversations. These conversations can then be accessed remotely by people that you don’t want to have them for purposes unknown (we are sure not good).
Always look at what your phone is asking before installing anything especially if you didn’t know you were installing something.Android