Forgot your password?
typodupeerror
Security Android

New Tool Makes Android Malware Easier To Create 42

Posted by samzenpus
from the a-b-c-1-2-3 dept.
itwbennett writes "A new commercial tool designed to allow cybercriminals to easily transform legitimate Android applications into malicious software has hit the underground market, paving the way for cheap and easy development of sophisticated Android malware. Security researchers from Symantec said Wednesday in a blog post that the tool, called Dendroid, is marketed by its creators as an Android remote administration tool (RAT) and is being sold for $300."
This discussion has been archived. No new comments can be posted.

New Tool Makes Android Malware Easier To Create

Comments Filter:
  • by rsilvergun (571051) on Thursday March 06, 2014 @07:33PM (#46424653)
    For what it's woth, these are the kind of tools you need to see Android in the enterprise.
  • Not that I want to make malicious apps running on Android. I only want to see how that thing function.

  • So does this mean we can sue this vendor for damage their tool causes? Hope so.

    You knew it was coming (if not already here); Android virus infections, or more likely malware is the thing. But now that they have Android locked down pretty well, shouldn't be a huge issue. These days, just rooting your Android device is not as simple as running some root kit. You have to actually flash new firmware on my 2 year old phone to root it now.

    But, really, what's the big deal? Just installing apps is a crap shoo

    • by nurb432 (527695)

      hese days, just rooting your Android device is not as simple as running some root kit.

      Depends on your phone on how difficult it is. Depending on where you buy it it comes pre-rooted even.

      • by noh8rz10 (2716597)

        it's one thing for your phone to get pwned. what scares me is when automakers start rolling out vehicles with android integration. what will the firewalls be? will haxors be able to pwn your car?

        the benefit of ios integration is it is super limited in scope. basically your iphone is displayed on the car in dash screen, and dash button commands are routed back to the iphone. The iphone can't talk to the car computer systems at all. this is how I want it!

        • Re: (Score:2, Informative)

          by Anonymous Coward

          iOS has yet to have a single piece of malware in the wild for it. By keeping the dolts from hosing their own systems, Apple has kept effectively 100% security on their devices going on almost a decade without a single malware occurrence in the wild (other than JBs.)

          Can this be said about any other widespread ecosystem in the computing arena? No malware whatsoever in the wild for that long is a pretty top tier achievement.

          • iOS has yet to have a single piece of malware in the wild for it.

            You mean like this one? [forbes.com]

            Can this be said about any other widespread ecosystem in the computing arena?

            OpenBSD? ;)

            • by noh8rz10 (2716597)

              as the article says, the malware is a trojan that the user downloads and it scrapes the address book. it never breaks out of its sandbox into neighboring systems. it doesn't pwn your phone. hate to move the goalposts on you, but show me something that's not a single-user trojan.

        • by mlts (1038732)

          If there is an Android based audio head that has the same functionality as CarPlay, it almost definitely will not be vulnerable to this type of malware (although I'm sure malware can be injected somehow):

          1: The functionality to add apps will be a lot more restricted than a phone the typical and app store. I doubt that there will be the option for sideloading, much less ADB access. Slam this door shut, and this effectively gets rid of malware. Reducing the install points of all software and being an acti

          • by swb (14022)

            It looks to me like CarPlay exploits the iPhone (and iPad, AFAIK) ability to use an HDMI display as a second monitor rather than an in-dash computing device on its own. When plugged into the CarPlay interface, the home screen gets output to the in-dash display and switches to a dumbed-down, big-icon interface that only displays apps with CarPlay approved display/interfaces.

            CarPlay hardware is probably just a custom Lightning HDMI dongle (more or less) that handles video and touch input, meaning that it pr

    • I just bought a new phone. There's instructions on the manufactures website for unlocking the bootloader https://motorola-global-portal... [custhelp.com]
      From there all you need is the included usb cable and Superboot.

      No new firmware is flashed in the process, just a couple of files copied.

      • by bobbied (2522392)

        Manufacturer can do that if they want. Apparently LG and ATT elected not to do so on my phone. I'm personally OK with it locked down as there is really very little I want that requires root. (Only one thing comes to mind and it was decidedly optional). I just want the phone to work, and so far it serves me well without root.

        But that is me. Your mileage and desire for root may be different.

  • Why isn't there an open source version of the tool?

    No, wait...

  • by turkeydance (1266624) on Thursday March 06, 2014 @07:53PM (#46424757)
    XP lives! well, for a few more days, after which it lives forever.
  • ... the tool, called Dendroid, is marketed by its creators as an Android remote administration tool (RAT) and is being sold for $300.

    Or, you get it for get it for FREE with a two-year contract.

  • Less Intelligent? (Score:3, Insightful)

    by jawnah (1022209) on Thursday March 06, 2014 @08:49PM (#46425097)
    This would appear to be a solution marketed to the less intelligent software developers and schemers. The tool's "dashboard" is hosted by the tool creators. Let me help you out: You do all the work of baking our toolkit into your stuff and, at some random point in the future, we'll take the client off your hands at no charge.
    • Such tools have been around for a long time in the Windows world. The reason is division of labour. One of the dirty secrets about malware that lots of people hate to hear is that vast quantities of it get in through people pirating software and movies (which demand special "codecs"). After all why bother finding zero day exploits when you can just bind your malware to a Photoshop crack and watch hundreds of thousands of people come to you?

      The opportunity is so vast that the black market divided into differ

  • by THE_WELL_HUNG_OYSTER (2473494) on Thursday March 06, 2014 @09:03PM (#46425169)
    See! See why we're important! You need to buy our software, and quickly!
  • by Anonymous Coward

    Looks like Dendroid takes advantage of the broken app signing bug present in 99% of current Android devices that has existed for 4 years and that for most a-devices will never be patched.
    Definition of "open"!

  • If we would have an Android service that would allow only downloads but not uploads, users would not accept so easily apps with Full Network Access Permissions. Coincendantly I am working at a sollution. Please excuse the shameless ad here: https://www.kickstarter.com/pr... [kickstarter.com]
  • by steveha (103154) on Friday March 07, 2014 @12:22AM (#46425807) Homepage

    The biggest part of this story is that it is now easier to make a trojanized version of a legit app. But it has been possible from day one.

    Android apps are written in Java, and Java bytecodes can be decompiled into something remarkably similar to the original source code. Then the source code can be edited and complied back to an app. Hey presto, you have a hacked up version of the app.

    http://stackoverflow.com/questions/12370326/decompile-an-apk-modify-it-and-then-recompile-it [stackoverflow.com]

    But -- and this is important -- the person using this attack has no way to sign the malware with the same signing key as the upstream source of the original, legit app. This means that it is much harder to trick someone into running the malware.

    So, if you get an app from the Google Play store, and later someone tries to overwrite your app with a new build that is malware-infected, Android will refuse to install the new app, because the signing key isn't identical.

    http://developer.android.com/tools/publishing/app-signing.html [android.com]

    So, if a user gets an email with an attached "free" version of an app that normally costs money, and that user has not previously installed the legit version of the app, and that user sideloads the malware version, then that user will have malware on his/her Android device.

    So, as usual, it's easy to protect yourself: get apps from the Google Play store, and don't sideload apps unless you are certain they are clean.

    For that matter, if you are browsing the Google Play store and you see an app that has only been up for a day, and claims to be a miraculously free version of a payware app... just say no.

  • and get to 100% of all malware FTW.

  • "A new commercial tool designed to allow cybercriminals to easily transform legitimate Android applications into malicious software has hit the underground market .. Symantec said Wednesday in a blog post"

As the trials of life continue to take their toll, remember that there is always a future in Computer Maintenance. -- National Lampoon, "Deteriorata"

Working...