Massive Android Mobile Botnet Hijacking SMS Data 117
wiredmikey writes "A mobile botnet called MisoSMS is wreaking havoc on the Android platform, stealing personal SMS messages and exfiltrating them to attackers in China. Researchers at FireEye lifted the curtain off the threat on Monday, describing MisoSMS as 'one of the largest advanced mobile botnets to date' and warning that it is being used in more than 60 spyware campaigns. FireEye tracked the infections to Android devices in Korea and noted that the attackers are logging into command-and-controls in from Korea and mainland China, among other locations, to periodically read the stolen SMS messages. FireEye's research team discovered a total of 64 mobile botnet campaigns in the MisoSMS malware family and a command-and-control that comprises more than 450 unique malicious e-mail accounts."
Re:MisoSMS (Score:4, Informative)
A million times this. Android's permission model is deeply flawed. You have to either accept or deny *all* that an app requests in its manifest, or you can't install.
So as a developer, sure you could add a setting to your app's config pages to, say, turn of location services -- but the app still has that privilege. nothing for it but uninstalling.
Re:MisoSMS (Score:5, Informative)
Re:Was it on the Play Store? (Score:0, Informative)
The Google Play Store isn't available in China. My phone, an LG P-765, came preloaded with AnZhi [anzhi.com], a Chinese app store. I've seen more than a few suspicious apps on there. I actually download most of my apps from 3rd party APK download sites, like APKTop [papktop.com].
Re:Mf-droidisoSMS (Score:5, Informative)
> No kidding. I had to look through dozens of "flashlight" apps
> to find one that didn't want my calendar, SMS, internet access,
> and GPS.
F-Droid [f-droid.org] is your friend.
As always, FOSS means you don't have to put up with the bullshit.
F-Droid build all apps they ship from source, including some sort
of grep filter on permissions to catch (and then remove) any code
which is not in the user's best interest, or at minimum flag and
explain the issue in detail to let you decide for yourself.
Otherwise-good apps with flagrant ad-ware or cripple-ware in it
simply gets patched.