Forgot your password?
typodupeerror
Security Android

Android Malware Intercepts Text Messages, Forwards To Criminals 137

Posted by samzenpus
from the stealing-the-grocery-list dept.
An anonymous reader writes "A new piece of Android malware has been discovered that can intercept your incoming text messages and forward them on to criminals. Once installed, the trojan can be used to steal sensitive messages for blackmailing purposes or more directly, codes which are used to confirm online banking transactions. The malware in question, detected as "Android.Pincer.2.origin" by Russian security firm Doctor Web, is the second iteration of the Android.Pincer family according to the company. Both threats spread as security certificates, meaning they must be deliberately installed onto an Android device by a careless user."
This discussion has been archived. No new comments can be posted.

Android Malware Intercepts Text Messages, Forwards To Criminals

Comments Filter:
  • Is this really news? (Score:5, Interesting)

    by Rick Zeman (15628) on Thursday May 23, 2013 @08:46PM (#43808469)

    This'd only be newsworthy if it's installed via Google Play or another mainstream source. Otherwise, it's just stupid people paying the price for their ignorance.

    • by peragrin (659227) on Thursday May 23, 2013 @08:54PM (#43808507)

      Since the one of the main talking point about android is the ability to side install apps.

      Of course how can you be sure any app you install is genuine? Unless you write, compile and install it yourself and even that isn't 100% trustworthy.

      So define ignorance when the professional have a hard time and the average person isn't smart enough to know what compiling is let alone do it.

      • by donaldm (919619)

        Since the one of the main talking point about android is the ability to side install apps

        That is always a problem with any OS which includes Microsoft Windows although most malware and viruses target that OS. Still to be fair in the majority of cases it is the unaware user that is at fault. Of course the unaware user is going to be the one to complain when in reality it really is their fault for not even taking the time to read up on basic computer etiquette and security awareness.

        Of course how can you be sure any app you install is genuine? Unless you write, compile and install it yourself and even that isn't 100% trustworthy

        You are dead right if the developer (private or commercial) is not very good at programming then the application th

        • by clonehappy (655530) on Thursday May 23, 2013 @09:39PM (#43808699)

          Well it's not difficult to type "make" as a normal user then test and when fully satisfied that the application works properly type "make install" as the system admin. But this means using the "command line" or a developer GUI which basically allows the developer to develop and maintain the application. However the average person does not know what the "command line" or even what a development GUI is or if they do think their brains will explode if they attempt it :)

          I don't know why people seem to think typing "make" and/or "make install" somehow protects them from malware. Unless you've examined the code, line by line, and actually have the skills to understand it, you're just as vulnerable as someone running a random binary on a Windows machine.

          • I don't know why people seem to think typing "make" and/or "make install" somehow protects them from malware. Unless you've examined the code, line by line, and actually have the skills to understand it, you're just as vulnerable as someone running a random binary on a Windows machine.

            While that's very true in essence, and I myself am no programmer, so 99% of code is indecipherable gibberish to me (unless you count basic HTML, hah), the thing is that I figure the odds are very high that someone -if not multiple people- out there with the ability has examined the source, and if it had been found to have had malware, an alarm would've been sounded throughout the community.
            Granted, that's no guarantee of safety, and I realize that, but it's a lot better odds than installing something pr

        • by Smauler (915644)

          Well it's not difficult to type "make" as a normal user then test and when fully satisfied that the application works properly type "make install" as the system admin. But this means using the "command line" or a developer GUI which basically allows the developer to develop and maintain the application. However the average person does not know what the "command line" or even what a development GUI is or if they do think their brains will explode if they attempt it :)

          You're missing the point. Even if user

      • by Microlith (54737)

        Since the one of the main talking point about android is the ability to side install apps.

        It's a talking point because on Apple devices it isn't even an option at all. I'm highly doubtful that malware could spread effectively via sideloading.

      • by symbolset (646467) *

        Anybody who wants to have a meaningful discussion on this subject needs to read Ken Thompson's 1984 ACM article "On Trusting Trust [bell-labs.com]". In it he describes inserting rogue code into the compiler that recognizes when it's compiling a compiler and replicates into the executable of the compiled compiler - and so becoming persistent across a platform migration. This is just the transport mechanism. The payload is code that recognizes the Unix Login and subverts its security. Obviously, once the first compiler is

        • Well, that seems to require that the compiler could anticipate future languages and compiler architectures. Not completely unfeasible, but it would probably need some massive AI capable of reverse-engineering from a limited set of code.

    • by ozmanjusri (601766) <(aussie_bob) (at) (hotmail.com)> on Thursday May 23, 2013 @08:54PM (#43808511) Journal

      Yep, it's another AV vendor beat-up.

      "The Australian Communications and Media Authority has published detailed statistics of malware infections identified by their online security team (AISI). The team scans and identifies and compromised computers on Australian IP addresses and reports daily to around 130 participating ISPs.

      Their breakdown shows about infected 16,500 devices are online at any one time. The malware type for all infections is available on the site."

      http://www.acma.gov.au/WEB/STANDARD..PC/pc=PC_600121 [acma.gov.au]

      If you look at the breakdown of malware infected IPs, there are around 16,500 active infections at any one time. Around 20 Windows viruses make up more than 99% of all infections. In the "Other" section, there are around 100 active IPs with rarer Windows viruses, and Mac, iOS, Linux and Android infections.

      In other words, the total of all Android malware is competing with space in the fraction of 1% of malware instances that aren't on Windows.

    • by tlhIngan (30335)

      This'd only be newsworthy if it's installed via Google Play or another mainstream source. Otherwise, it's just stupid people paying the price for their ignorance.

      Unlike iOS, Android is sold in far more countries than the store supports (Apple obviously only sells iOS devices in places where they have an iTunes store - which is why some countries only have the App Store and no music, movies nor books).

      One of these countries is... China. Which is a huge population and stuff is shared rather promiscuously, plu

  • by thammoud (193905) on Thursday May 23, 2013 @08:58PM (#43808527)

    From TFA,

    Although Doctor Web doesnâ(TM)t say so, the good news here is that Pincer2 is not likely to be very prevalent. It has not been found on Google Play, where most Android users should be getting their apps, and appears to be meant for precise attacks, as opposed to being aimed at as many users as possible.

    In short, this malware threat isnâ(TM)t one that you will likely be hit with, but it is an interesting example of how Android malware is evolving.

    • by girlintraining (1395911) on Thursday May 23, 2013 @09:32PM (#43808657)

      In short, this malware threat isnÃ(TM)t one that you will likely be hit with, but it is an interesting example of how Android malware is evolving.

      For suitably uninteresting values of 'you', perhaps. But standing at a bus stop and spotting someone sharply-dressed, I could ask to use their phone to make a quick call for [insert excuse here], and in a few seconds, install similar malware.

      A few weeks later, all your bank accounts zero. Do you remember me?

      • But standing at a bus stop and spotting someone sharply-dressed, I could ask to use their phone

        You just had to get close enough to have it automatically installed over NFC. No need to have your face ever seen.

        Or just install it under a bench at the bus station and have it email you the targets acquired remotely along with images and recordings of whatever conversations they might have had there.

        • by Microlith (54737)

          I see we're going to get all secret agent style here. Except that people spreading malware are low-impact criminals, so I don't see this happening either.

        • You just had to get close enough to have it automatically installed over NFC. No need to have your face ever seen.

          And does anyone actually trust NFC enough to leave it enabled? Not me, anyway. Same applies to bluetooth.

          • Lots of people leave Bluetooth enabled because they use it pretty often - car audio, headsets /speakerphones.

            NFC I would think you'd leave enabled if you really used it for payments, otherwise it would be almost as slow as a normal credit card.

      • by Microlith (54737)

        But standing at a bus stop and spotting someone sharply-dressed, I could ask to use their phone to make a quick call for [insert excuse here], and in a few seconds, install similar malware.

        You could? Don't you think they'd notice when you're opening the browser and typing URLs rather than making a phone call?

    • by fermion (181285)
      Exactly. As long as you stay in the walled garden you are safe. But if the advantage of Android is to venture out, then what is the purpose of staying in?

      The answer is of course that it is easier to build certain apps on Android, so even if you stay in the walled garden, you end up with more stuff because it is not as well guarded. Which leads to the occasional pest. It is a trade off.

      What I don't understand is how this poses a security risk. Sure your personal discussion and naked photos will be i

    • by Anonymous Coward

      Anyone who uses the term "FUD" is an ignorant twat. Google Play isn't available on Android phones sold in China and many other countries, moron.

  • careless user (Score:4, Insightful)

    by EmperorOfCanada (1332175) on Thursday May 23, 2013 @09:00PM (#43808541)
    I thought the word careless was assumed to proceed user. I think that basically every slashdotter has been called to help some "careless" user who has 3 toolbars, 2 AV bloatwares, and countless other bits of crap that came along with all their downloads. Yet they will swear on a stack of bibles that "they never installed nothin' "

    So any malware that depends on users being careless will be a huge success. The other key will be ease of use.

    That being said, I generally stick with my brother's rule: "I wouldn't transmit it electronically if I wouldn't want it on the front page of a national newspaper." My niece texted me her password the other day; I pointed out the error of her ways.

    I did just come up with an app for Google glasses. You send someone encrypted messages that are displayed on their screen as a QR code. Their glasses decrypt it temporarily while it is in view. The phone can't decrypt, the glasses don't store. Glasses can still get hacked though but at least you do not have a plaintext message store.
  • by Nethemas the Great (909900) on Thursday May 23, 2013 @09:45PM (#43808725)
    A stupid user is a stupid user. Everyone is so quick to rush to the soapbox and preach how wonderful their platform of choice is and how awful the others are. I say rush to the box and preach how stupid people are. I say rush to the box and demand that basic computing security be taught to everyone just as proper hygiene and safe sex are. We do not need big brothers, we don't need walled gardens, we need people to know what the hell it is that they're doing with their electronics. Teach people to wash their damn hands, avoid disenfranchised Nigerians, stop opening random email attachments, and stop bloody installing apps that require access to your sensitive data.
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      The install-type permissions model for Android has some serious flaws and even though I don't like Apple's strict requirements for getting into the app store, I think the iOS security sandbox is much better.

      For example, I occasionally use Skype on my iPhone for video calls with my folks, but I don't want Skype(MS) to have access to all of my contacts either. On Android, I have no choice but to hand it over because the app requested access to my contacts in its permissions list. On the iPhone, the only way

      • Exactly! (Score:3, Interesting)

        by SuperKendall (25149)

        What people miss is that iOS is MORE customizable for users by default in the ways that matter most. As you say, Skype having my contact list? Hell no!

        Or Google Maps app having my location or contacts or anything whatsoever? Don't think so! All I have to do is say no, but I'm still using the app.

        • by scot4875 (542869)

          in the ways that matter most.

          To you, perhaps. What was it you were saying about batteries? Most users don't want to change them? Well most users don't give a shit about Skype seeing their contacts, either. They just want it to work. In fact, Skype having automatic access to their contacts is a beneficial feature to the non-paranoid, because it's very convenient.

          Also, I wonder how long you'll keep this double-think talking point. "Slavery is freedom!"

          And EVERY JAILBREAKABLE iPHONE is vulnerable to malware that can completely bypas

    • Everyone is so quick to rush to the soapbox and preach how wonderful their platform of choice is and how awful the others are

      Not true. Load of folks on this thread are preaching about how stupid users are. I don't care if my computer is part of a botnet, as long as the thing is still working .. it's not my problem. Want my computer / telephone / answering system / car ECU not to be infected by the random waste of the internet? Make a computer which doesn't get infected by the random waste of the internet.

      You can put in all the effort you want to educate me about your problems, they're still your problems.

  • Since most of my texts are intended for criminals anyway, this doesn't seem to be that big of a deal to me.

  • Maybe now they will stop thinking of Cell Phones as a "trusted" device. It's not really. Very easy to lose, very easy to steal, and it's supposed to be a trusted source for two factor authorization?

  • I would like to know why Google keeps this forward-to-criminals API in their SDK?? I hope they are responsible enough to pull this API and keep only forward-to-police one.

    I don't feel well when my device can communicate with criminals in any way, and I believe Google will address this!

    TIA Google!

  • I have my mobile service provider block 5 digit codes. Security for android needs to be beefed up.

"Neighbors!! We got neighbors! We ain't supposed to have any neighbors, and I just had to shoot one." -- Post Bros. Comics

Working...