Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Botnet Android Businesses Security

Android Botnet Evolves, Could Pose Threat To Corporate Networks 54

angry tapir writes An Android Trojan program that's behind one of the longest running multipurpose mobile botnets has been updated to become stealthier and more resilient. The botnet is mainly used for instant message spam and rogue ticket purchases, but it could be used to launch targeted attacks against corporate networks because the malware allows attackers to use the infected devices as proxies, according to security researchers.
This discussion has been archived. No new comments can be posted.

Android Botnet Evolves, Could Pose Threat To Corporate Networks

Comments Filter:
  • by theshowmecanuck ( 703852 ) on Thursday November 20, 2014 @12:38AM (#48423911) Journal
    Is this a good reason to root your device so you can put a decent firewall on it? At the least block its communication if it installs itself. Or is it known to change firewall settings too?
    • by Anonymous Coward

      Is this a good reason to root your device so you can put a decent firewall on it? At the least block its communication if it installs itself. Or is it known to change firewall settings too?

      FTA.

      Users would then see notifications about the finished downloads and would click on them, prompting the malicious application to install if their devices had the "unknown sources" setting enabled

      ie: Stupid is as stupid does...
      That's like lusers complaining about malware installed on the Windo$e PC being they turned off UAC.

    • What more could you want than open windows and doors to your vault of info.

    • by mlts ( 1038732 )

      It depends on how savvy the person is. If one has basic UNIX abilities, then yes. Set a firewall, set it to not allow anything out unless it is explicitly granted by you.

      Even better, using Xposed's XPrivacy is also a major security boost. If some flashlight app is demanding root, trying to get to contacts, trying to get to sites offshore, it will be obvious to the user and thus stopped.

      Of course, if the user isn't UNIX savvy, they may end up blocking some outgoing task that needs to phone home and then g

  • >> "encrypts its communications with the C&C servers, making the traffic indistinguishable from legitimate SSL, SSH or VPN traffic"

    Um...if you think simple transport encryption stops a determined analyst (who can hone in on source/destination IPs, initial traffic patterns, traffic volume, local signals or can use an attack proxy for some MITM action)...think again.

  • by Ungrounded Lightning ( 62228 ) on Thursday November 20, 2014 @01:58AM (#48424145) Journal

    I'm still waiting for a truly open-source, unlocked, user-controllable phone. Like a successor to Open Moko. (Building a closed platform on a base of open software doesn't cut it.)

    Is anything out there or in the works?

    (It's particularly acute for me just now: My decade-old feature phone started to flake out last week.)

  • key words (Score:5, Insightful)

    by Neil Boekend ( 1854906 ) on Thursday November 20, 2014 @03:15AM (#48424329)

    if their devices had the "unknown sources" setting enabled.

    That is an advanced user setting. It should not be changed unless the user is certain. It even triggers a warning if you change it.
    Only change that if you are certain you can use the device safely without it.
    If you can't, then leave it in it's factory setting.

    Stupid is as stupid does.

    • by Anonymous Coward

      It's an advanced setting with warnings that any user will be delivered to and encouraged to change if they wish to use a third party app store such as Amazon or Humble's, the fact that it's necessary to generally enable installation of software from unknown sources, rather than being able to grant a single app permission is a frustrating situation, as it leaves a phone more open than it needs to be, of course if apps in the store were able to request such permissions then they may as well not exist in the f

      • Yeah there's no UI to configure "known sources".

        It'd be nice to trust a certain repository only. For example, I replaced the old 2.3.x stock rom with CM11. Google Play is too heavy for the device but f-droid runs fine. But you need to check the unknown sources option.

        (Google have no interest in encouraging users to go outside the play store, naturally. The checkbox is mainly there so developers can load an apk via adb over USB)

        • Yeah there's no UI to configure "known sources".

          It'd be nice to trust a certain repository only. For example, I replaced the old 2.3.x stock rom with CM11. Google Play is too heavy for the device but f-droid runs fine. But you need to check the unknown sources option.

          (Google have no interest in encouraging users to go outside the play store, naturally. The checkbox is mainly there so developers can load an apk via adb over USB)

          You are absolutely correct.

          In many Linux distributions, we are allowed to import a key and to add specific trusted software sources. Android, on the other hand has a "trusted source" (i.e. the play store) and everything else is untrusted. It would make sense to update this model in the future to allow additional trusted sources (of course with warnings explaining this is not for the faint of heart). That way, one might add an f-droid repository, but forgo installing from other outside sources.

          This would

      • by mlts ( 1038732 )

        I wish Android had the ability to have a "default store", so that Google's Play Store, Amazon's store, F-Droid, or other stores/repositories could be used without having to turn on the "unknown sources" option. That way, a device could be shipped, and the user pick a store they use, or have the ability to download and install from multiple items without needing to go through the sideload mechanism.

  • by Reprint001 ( 1838702 ) on Thursday November 20, 2014 @03:42AM (#48424407)
    "could be used to launch targeted attacks against corporate networks" A corporate network operator that allows BYOD Android devices with no MDM installed, direct network access deserves an attack. And corporately owned Android devices would normally have a secure MDM installed with settings like "unknown sources" disabled and not user changeable. For this malware to get access to a corporate network it would require some really poor security practices on the part of the device owner and network owner which would probably mean the company were vulnerable to much simpler attacks.
    • "could be used to launch targeted attacks against corporate networks"

      A corporate network operator that allows BYOD Android devices with no MDM installed, direct network access deserves an attack.

      And corporately owned Android devices would normally have a secure MDM installed with settings like "unknown sources" disabled and not user changeable.

      For this malware to get access to a corporate network it would require some really poor security practices on the part of the device owner and network owner which would probably mean the company were vulnerable to much simpler attacks.

      You're assuming that the MDM increases security whereas in my current experience, in order to get my device 'compliant,' I have been forced to unroot thus losing both full backup and firewalling capabilities, lessening the security of my device.

  • It's not that there are not enough viable alternatives to Overlord Google.

  • Can we just for once stop using terms like "evolved" as if this thing has any kind of ability to mutate outside of the agency of people - intelligent designers if you will - actually making changes to the code.
  • It's my f#$@ing phone. If I want root on my own phone, I should be able to get it, just like I can get root on my home computer.

    But the only way to root, say, the Galaxy S5 is to run an older version of the kernel.. a version vulnerable to a root exploit. The exploit of course allows OTHERS to root the phone if I'm not careful, but installing ANY security updates or upgrading the OS on the phone fixes the "flaw" that gives me root.

    So the only way to get root is to leave my phone running older, insecure soft

The trouble with being punctual is that nobody's there to appreciate it. -- Franklin P. Jones

Working...