Android Hackers Honing Skills In Russia 98
MikeatWired writes "The malware business growing around Google Android — now the leading smartphone operating system — is still in its infancy. Today, many of the apps built to steal money from Android users originate from Russia and China, so criminal gangs there have become cyber-trailblazers. Sophos and Symantec on Wednesday released their latest Android malware discoveries written in Russian. While the language narrows the number of potential victims, the social-engineering tactics used to get Android users to install the malware is universal. The gang tracked by Sophos is using fake antivirus scanners, while Symantec is tracking cybercriminals using mobile websites to offer bogus versions of popular games. Sophos says the criminals are like other entrepreneurs launching startups. They're starting in Russia, but have far greater ambitions. 'I don't think we can say that they're necessarily using it as a testing ground — think of it more as a local business that as it grows may gain multinational ambitions,' Graham Cluley, senior technology consultant at Sophos, said in an email interview on Wednesday. The cyber scam tracked by Sophos was reported this week by GFI Lab, which discovered links to the bogus antivirus software on Twitter. Sophos dug deeper and found that the .ru domains pointed to the same Internet protocol address hosted in Ukraine."
Re:Android is virus laden (Score:5, Informative)
Your desktop likely has the same malware problems any android phone will have. Why? It's not a walled garden. Well, android is in a sense more of a walled garden than your desktop, however not nearly as much of one as iOS/WP. Android virus infections are the result of a pebkac, and nothing more. In other news, I was originally going to make a soviet Russia joke.
Re: (Score:3, Insightful)
Re: (Score:1)
Touch screen keyboards totally count. Either way, you're correct, if you choose to live walled in, you're more than welcome to. If you don't, you'd best be smart about it.
Re: (Score:1, Insightful)
Most people buy android phones, not because they care about walled gardens vs open systems. Most people buy android phones because they are cheaper. Such people don't read slashdot or geek news sites. They don't even know they got anything to be smart about. Add to that that people are not used to worry about such things when their phone is considered (unlike the PC, where everyone knows that you should have some kind of anti-virus software installed) and what you get is a great environment for malware to s
Re: (Score:1)
Re: (Score:2, Insightful)
Android's biggest malware problem is users who intentionally went in and set WALLED_GARDEN=OFF so they could install warez.
Yes, Google's app store has some crappy policies which let malware slip through, but most of it is users bringing it on themselves.
Re: (Score:1)
That's pretty much what I was getting at. Stupid Anonymous Coward, you'll never get modded up like this! D=
Re: (Score:3, Informative)
Alright, but you see, you can turn that off on any system. See, people jailbreak their iPhones too. I have no experience with WP but there must be a way. My point is, the malware problem actually goes deeper than these shallow observations.
Companies, like Apple, Google, Microsoft have their spyware already in place, and most of the people don't bother at all. So what difference does it make, if you let other people spy on you?
It is about the mindset of the user. Walled garden is the worst solution to this p
Re: (Score:2)
Apple is unlikely to root your bank account without your permission.
Re: (Score:2)
In my case, it was the opposite - they gave me someone else's credit card details. I logged into my iTunes account once and discovered a credit card listed there, despite never having entered any details. Card number, cardholder's name, expiry and CCV, all there for me to read and, if I was morally bankrupt, exploit.
If it was a Union Official, I'd have to have ordered a few hookers with his card. >:)
Re: (Score:1)
Re: (Score:2)
Don't some big party apps from Amazon require this setting to be turned off?
Re:Android is virus laden (Score:5, Insightful)
Problem is, people want phones - something they can pick up and play with immediately. Not think about it nor have antivirus/antispyware software installed and running as well like their PCs.
Plus, with all the coolness surrounding apps, you have the Dancing Pigs [wikipedia.org] problem - people just want to go to the app store or market, click download and get going on that cool app. It's why sites all have direct links to the stores, or QR codes to scan - to get that app in the user's hands ASAP. As a result, they're not going to look at stuff like permission lists and such because that's just getting in the way of running the app.
Hell, ICS made it even easier to install apps without seeing the permission list - tap install and it takes you to the permission screen, but the install button is near the top and the permissions at the bottom. Users are more likely to just tap "download" rather than pull their eyes down and over the permission list.
Of course, the other thing is, Android makes it easy to sideload apps, so people love searching Bittorrent for new apps...
Re: (Score:1)
Re: (Score:1)
I link it here as I did not know what it was. It refers to the problem existing between keyboard and chair.
So true.
Re: (Score:1)
Re: (Score:1)
lol
Re: (Score:2, Insightful)
Re: (Score:1)
Re: (Score:2, Insightful)
Re:Android is virus laden (Score:4, Interesting)
I agree. Human behavior is a valid engineering problem, and reducing certain functionality to get around it for certain situations is a valid engineering tradeoff. A problem is a problem, keyboard and chair are irrelevant. Apple would rather deal with angry geeks who scream about freedom and openness and who like most geeks have no functional concept of engineering tradeoffs than have dimitri and olga kill somebody because they intentionally (or even worse, accidentally) disabled 911 access when they tried to pwn someone's Android device through the pirated copy of Hot Nude Bolshevik Solitaire the user downloaded from Leonid's Spice Dicey Back Alley Appstore.
Re: (Score:2)
Re: (Score:2)
Uh...okay, I'll go first. Who is going to pay for these repositories and why should they do that? Who is going to vet the apps on them? Who is going to do system maintenance to preserve their virginal bunny world? Who is going to clean them up when something naughty gets loose? Who is going to receive a sueball when an app turns out to be Satan's New and Improved Bank Crank? Who is going to pay the lawyers to handle the sueball?
Are you really from this planet?
Re: (Score:2)
After seeing all these virus and malware problems with Android, who wants to use it anymore? You cannot even download from their app store without getting infected! Just get an iPhone or Windows Phone 7 and be done with it. At least Apple and Microsoft knows something about security.
I'd mod you down if I could. IOS and OSX have malware, too.
Re: (Score:2)
Re: (Score:3)
This is possible on Android because you can install software from anywhere, including Google's Play marketplace, Amazon and other places, or just side-loading apk files. Google's market is affectively malware-free, although the occasional software may pop up again in the future there because they don't have an extremely intrusive evaluation process. Maybe they, or someone else should create one. This is the price you pay for freedom ... you're not trading for security. This is not an anti-Google story.
That
Re: (Score:2)
Google's market is affectively malware-free, although the occasional software may pop up again in the future there because they don't have an extremely intrusive evaluation process. Maybe they, or someone else should create one.
Something like "Google Bouncer" ?
http://googlemobile.blogspot.com/2012/02/android-and-security.html [blogspot.com]
Its been around since early 2011.
Of course, it only scans Google's own store. I'm still surprised at the number of people who aren't aware of it. I can understand why Google may not want to advertise it too much (such a system can never be perfect), but at the same time it is hurting them not to.
Re: (Score:2)
Google's market is affectively malware-free, although the occasional software may pop up again in the future there because they don't have an extremely intrusive evaluation process.
I guess that depends on your definition of malware. There have been plenty of obvious malware detected so far. There's plenty of crap on the Google Market with excessive permissions that happily invades your privacy by doing things like uploading your contacts to a foreign website, or tracking your calling, texts, location and surfing habits.
A major problem is users not understanding how permissions work and clicking to install anyway. Adding to this is the inability to selectively deny or alter those pe
Re: (Score:3)
The issue is Android's permission system is all technical wonkery and doesn't map well onto actual human use cases.
For example, you could have a perfectly legit app which needs Internet access (why not?), and address book access (for sharing functions), but you still have no idea if they could/would sell upload your contacts and sell them to spammers. Not to mention all Android apps ask you for these permissions, even Google's apps.
Android permissions is what you get when you ask computer scientists to solv
Re: (Score:2)
Yes and no. I think you are quite right in that they have a bit too much engineering in the solutions and not enough "human." But they do think through some of it quite a bit more than one might guess from a glance. For example, the INTERNET permission is something that was made intentionally broad in scope. Additionally any app can send an HTTP get or post request via the browser (no permission needed). These two things were done intentionally to not cripple apps right out of the gate. If they had made
Re: (Score:2)
I agree.
The one permission that most people misunderstand is READ_PHONE_STATE, which is usually explained as the app wants to know if the phone is off-hook. It also happens to give the app the ability to see the phone numbers you're talking to, the IMEI unique identifier, etc. If your friend, who loves Chia-Pets calls you, your ads might suddenly start showing Chia-Pets.
This is a tough one, because you still have to trust the app, and if the app is targeted for Android 1.5 it will always request these per
Re: (Score:3)
Why bother (Score:5, Funny)
Reaction (Score:5, Funny)
With android isn't it just easier to write a legitimate app and just rake in the cash?
HA HA HA HO HE HA HA HA HA.
Re: (Score:1)
I've made over $5K off a single live wallpaper. How much have you made on iOS?
More Thanks (Score:3)
I've made over $5K off a single live wallpaper.
That's nice.
How much have you made on iOS?
More, but it's really crude to bring up specifics.
As a consultant you can do pretty well in either space, but if you are trying to sell an app for money you are going to do better (much better) on iOS still. That's regardless of genre...
But my reaction was really platform neutral. You cannot simply "whip something up" as the OP seemed to imply, and get rich the way the guys with the exploits are getting rich off burg
Re: (Score:2)
meh, I dont know how to program in objective C (i've had a look at it). I can use C/C++, java, python, perl, and have used forms of BASIC in the past too.
I could possibly make more money on iOS, however I'm not really interested. It could just as easily be a huge waste of my time, due to the size of the market now.
So yeah, in the context of commercial development I would have to say you're right, but there is still A market on Android, even if it isn't as lucrative as the others.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
If iOS ever supports live wallpapers, I guess I'll find out won't I?
Re: (Score:1)
Re: (Score:2)
With android isn't it just easier to write a legitimate app and just rake in the cash? I don't see the reasoning behind going through all the extra effort, the money laundering, etc.
Oh dear god that's a good joke. Every single developer is saying that Android makes them the least amount of income. Even Windows Phone 7 is better. iPhone is on top.
Re: (Score:2)
I guess you bet him at his own game. Windows Phone 7 apps do better than android? Do you also see pigs flying around?
Re: (Score:3)
You might actually do better on Windows Phone 7 than Android if Microsoft is throwing $$$$$ at you to write apps for their struggling platform.
http://techland.time.com/2012/04/06/microsoft-wants-developers-to-create-windows-phones-apps-so-bad-its-paying-them/ [time.com]
Re: (Score:2)
It is paying developers of Top Android & iPhone apps to develop Windows Phone 7 equivalents. I would infact be surprised if Microsoft did not.
Never had a problem (Score:1)
Long, long time Android user and never had a problem. Then again, I don't download fart apps or pretty women wallpapers.
In my day... (Score:1, Funny)
Nothing unexpected (Score:1)
Re: (Score:2)
I have found it very easy to avoid malware on my android phone. Most apps that seem fishy are pretty obvious, and I pay attention to what the app wants to be able to do as for as permissions go. If an app needs more permissions than I'm willing to give, then I generally don't bother. I have a few free apps that are ad supported... and I generally don't go trolling for sex and fart apps (as has been mentioned elsewhere in this discussion...)
Yes, openness has its drawbacks. But like Jefferson said... (paraphr
Re: (Score:1)
you obviously haven't been round here for long enough.... long running /. meme
In soviet russia.... (Score:3)
android hacks YOU
Linux the major desktop operating system? (Score:1)
There is nothing else to do. (Score:1)
A start up is to pay up to 135 types of taxes. Regulations change almost daily. One needs an army of accountants and lawyers just to think of starting operations.