Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Android Security

Android Ransomware Threatens To Share Your Browsing History With Your Friends (symantec.com) 160

An anonymous reader writes: The newly discovered Lockdroid ransomware is unique in two ways. First it uses perfectly overlaid popups to trick users into giving it admin privileges. This trick works on devices running Android versions prior to 5.0 (Lollipop), which means 67% of all Android smartphones. Secondly, after it encrypts files and asks for a ransom, it also steals the user's browsing history and contacts list, and blackmails the user to pay the ransom, or his browsing history will be forwarded to his contacts.
This discussion has been archived. No new comments can be posted.

Android Ransomware Threatens To Share Your Browsing History With Your Friends

Comments Filter:
    • by Anonymous Coward

      Flogging | tar & feathers

      What? Are you admitting to your choice of porn up front?

  • A good thing? (Score:5, Interesting)

    by by (1706743) ( 1706744 ) on Wednesday January 27, 2016 @03:32PM (#51384195)
    Anything to force vendors to, you know, provide up-to-date software. Unfortunately, this probably won't have much of an effect...
    • Does that mean I can finally hang Verizon on the hook for failing to update my Droid Maxx in a timely manner?
      • No, but you could buy a new phone already. That thing has got to be like 4 years old already.

        • by sims 2 ( 994794 )

          Droid MAXX is only 2 years, 5 months, 7 days old

          The phone I use on a daily basis is a 2 year, 4 month, 29 day old stupid phone and verizon last pushed a software update to it just 2 weeks ago

          The MAXX was $699 when it was first released.
          My Samsung Convoy 3 was $199 when it was released.
          They were released just 9 days apart. If I had paid $699 for a phone and it wasn't being kept as up to date as a $199 flip phone I think I would be pretty pissed too.

          • by sims 2 ( 994794 )

            Something that does still irk me is that I happen to have a LG tv made in 2012 model 55LM6700 msrp $2,299.99 and it has no netflix profiles support. Yet my 2006 model RVL-001 msrp $249.99 nintendo Wii does WTH?

          • My phone got an OTA update about 4 months ago. It's a T-Mobile Samsung Galaxy S 2, which was released about 4 1/2 years ago.
        • by Karlt1 ( 231423 )

          iPhone 4s - introduced 9/2011 -- still running the latest OS probably until 9/2016.

          I'm just saying.....

    • by sycodon ( 149926 )

      I was about to post a snarky comment on how some Slashdotter will defend this in some backhanded manner.

      Guess I was too slow.

    • Re: (Score:2, Interesting)

      Force vendors ...? It should force Google to design an OS that doesn't require vendor approval to get an update. Even Windows manages to do that!

      • Android supports monthly updates; it's the carriers that don't give a crap. The Google Nexus devices get monthly Android security updates pushed over the air, so it's possible. However, carriers want a few months to "certify" the devices to run on their own networks, i.e., cram that shit full of their "value-added" software. If you give a shit, buy a Google Nexus device.

    • Anything to force vendors to, you know, provide up-to-date software. Unfortunately, this probably won't have much of an effect...

      Even the most up-to-date software allows a user to be an idiot and install untrusted software and give it permission to take his phone ransom. It is not abusing a software vulnerablity, but an idiot user vulnerablity, and those are not easily fixed without taking away user freedom.

    • by AmiMoJo ( 196126 )

      No need. I mean, you have to go find an alternative download site for the "Porn 'o' Mania" app, enable unknown sources, click through the warning about enabling unknown sources, then click through the warning about installing apps from untrusted locations. Then it fails to install anyway because by default the Play Store app scans even sideloaded apps for malware.

      The combination of extreme stupidity, enough intelligence to sideload apps, and the short window of vulnerability before Google kills it means tha

    • Buy Google Nexus devices. Monthly security updates pushed out over the air. Developers also flock to these devices so you will always have great ROMs. Also, Google supports those devices for a long time. The 2012 Google Nexus 7 Wi-Fi tablet was updated to Android 5.1.1.

  • by Anonymous Coward

    I don't have any friends and my contact list is empty.

    • by Anonymous Coward

      I don't have any friends and my contact list is empty.

      If you're installing an app called "Porn 'O' Mania" I'd say that's probably true.....

    • I don't have any friends and my contact list is empty.

      Coincidentally you hate anything Social Media related with a passion.

  • "Once the malicious app (a fake porn-viewing app in this case) is installed and run by the user"- exactly. Also, the user would have had to enabled side loading ignoring all of the various warnings.

  • by wardrich86 ( 4092007 ) on Wednesday January 27, 2016 @03:45PM (#51384297)
    You still have to accept and side-load an application off of a sketchy site. Will people ever learn?

    Kudos to the app author, though. The technique is pretty interesting.
    • by alvinrod ( 889928 ) on Wednesday January 27, 2016 @04:50PM (#51384801)
      Can you imagine of other news stories were written using the same type of alarmist approach that we see with technology?

      New report shows that toasters are extremely deadly!

      Researchers have found that the common household toaster is an exceptionally dangerous product. Users who intentionally went out of their way to remove key safety features of the appliance and then connect an extension cord to the device so that they can submerge in a tub full of water while standing in that tub were found to suffer grievous bodily harm.

      . . .

      I can understand that is generates clicks, but we'd be better of spending time writing about why you shouldn't visit dodgy sites and install third party applications unless you know what you're doing and provide some examples of what these malicious programs might look like or how they might try to trick you. That would be far more useful to the average consumer.

    • So, instead of having an OS with security built into it, we get an OS with a weak security model, but it's okay because if you let Google control everything you see/get a cut they'll keep you safe?

      There's no real reason the Google store is any safer than any sideloaded app. All google does is runs some automated detection software, and that could be run clientside.

      • You can report bogus apps and they will eventually be pulled.

        You can't report bogus apps on sketchy sites to have them pulled.


        I much prefer the lax security on Android - Google trusts that I know what I'm doing and allows me freedom over my device, whereas Apple assumes we are all morons and keeps us in a padded circle room and only lets us play with Idiot-approved applications.
        • "Eventually get pulled" is a kludge for no real security.

          I agree, i want to be trusted. But there should be a big difference between "I sideloaded an app" and "I ran an app in admin mode". there doesn't seem to be, security-wise.

  • Of course, users can't grant root access to anything, on a stock phone regardless of version. Only rooted phones would be potentially vulnerable, and all others wouldn't show an admin-access dialog at all.

    This is on top of requiring the user to actually want to sideload an app called Porn'o'Rama in the first place, if that's what it was really called.

    • by Anonymous Coward

      >This is on top of requiring the user to actually want to sideload an app called Porn'o'Rama in the first place

      Do you have the link? It sounds great. Where is the side port on my phone to load it?

    • by Rei ( 128717 )

      The permissions it needs are access to modify/erase files and the ability to lock the screen, both of which can be granted on non-root phones if the user confirms. This app uses a trick (that really shouldn't have been there in the first place... who thought that letting anything have higher window layering than the privilege window was a good idea?) to get users to agree to the privilege escalation without realizing it.

      The main weakness of this app (apart from its ahem rather specific market) is that it r

      • If that's so, then I guess that limits the damage that can be done to /mnt/sdcard (which could still be enough). I'm surprised that unknown code can be downloaded and executed before the install privileges dialog has completed, though. Or am I missing something else?

        At least it's a minor threat to mainstream markets, but I imagine it's aimed more at the vast and growing Chinese base, where sideloading and unvetted stores are the norm.

        • by Rei ( 128717 )

          A description is in the article. The program uses a clickthrough overlay so that the user thinks that they're confirming something else when in reality they're confirming the permission escalation. They see the overlay, but it doesn't take clicks; they fall through to the hidden window underneath, the permissions dialog. After the user has unwittingly confirmed privilege escalation, then the encryption and locking begins.

          • Yeah I got that part, but I was presuming the standard Android permissions dialog was shown before install, and was just curious as to how the program managed to raise a custom overlay so early. If it's talking about a later-stage specific permission escalation (e.g. SuperSU or as introduced in Marshmallow) while the app is already running, I can see how that works.

  • by tlhIngan ( 30335 ) <slashdot&worf,net> on Wednesday January 27, 2016 @03:45PM (#51384303)

    If you stick with Google Play, you're safe from this.

    It is only a problem if you side load apps from untrusted sources.

    • by Anonymous Coward

      I thought Google Play *WAS* an untrusted source...

    • Seriously, who downloads and installs an app called "Porn âOâ(TM) Mania" on his device?

      I would say it's natural selection, unfortunately the offenders don't die.

    • by Trogre ( 513942 )

      Some of us prefer to use FOSS repositories such as F-Droid [f-droid.org].

    • If you stick with Google Play, you're safe from this.

      It is only a problem if you side load apps from untrusted sources.

      There is a trusted source for apps?! Where??

    • What is to stop an application from opening a socket to a trojan server, downloading a binary, writing it, chmod 700, then executing it?

      Google might not recognize that malware for what it is until far, far too late.

      And since the majority of Android devices are vulnerable to towelroot, that binary owns the phone.

      A mass install of a popular app with such stealth malware could see thousands upon thousands of phones suddenly compromised, and there is nothing that Google can do.

  • by pla ( 258480 ) on Wednesday January 27, 2016 @03:46PM (#51384315) Journal
    Dear friends and family... I look at porn. So do you. Deal with it.

    Blackmail me now, suckah!
    • Oddly enough, I don't think I've ever looked at pr0n on my phone. Now if they hacked my PC, that would be different.

      • by Anonymous Coward

        Oddly enough, I don't think I've ever looked at pr0n on my phone. Now if they hacked my PC, that would be different.

        Get married. Then your phone will be your only porn outlet.

    • Re: (Score:2, Informative)

      by mlheur ( 212082 )
      When I was young I used to do a lot of stupid things that I didn't want to get caught at, which usually involved a lot of lying.

      After getting caught in one such incident a wise young man taught me the only infallible way to never get caught - don't do it in the first place.

      I've tried to live by this ever since, and as best I can recall, I've not done anything in the past 15 years where I'd be worried if anyone found out. Sure there are some things I wont volunteer, but if word got out I'd still stand
    • Comment removed based on user account deletion
  • Stupid people. (Score:4, Insightful)

    by truck_soccer ( 4286027 ) on Wednesday January 27, 2016 @03:48PM (#51384339)
    Stupid people make stupid choices and get pwned. Details at 11.
  • If malware forwards me my friend's browsing history, I would totally believe he went to all those sites, because there's no way a malware could possibly lie, or that a compromised machine could have been used as a proxy for some other agent. /s.

  • I don't have any friends.

  • by Tandava Nadesan ( 3623123 ) on Wednesday January 27, 2016 @06:05PM (#51385201)
    My boss once got a virus that emailed porn links to ask his contacts. When he realised what had happened he sent out an aplology, but said he was surprised at how many responseshe got before that said "thanks", " that's s good one", or returned the favour by sending porn links of their own.
  • Given how cheap you can get smartphones from China these days, get one of those, and try stuff out on that, rather than your main phone.

  • Comment removed based on user account deletion
  • by jandersen ( 462034 ) on Thursday January 28, 2016 @04:20AM (#51386971)

    Oh Ghod, this is terribly! Just imagine what would happen to my nerd-creds if it was widely known that I don't watch any porn to speak of, that I sometimes approve of government control, when I feel it makes sense, and I'm not all that keen on having the latest, bleeding edge gadgets?

  • By that, I mean, what's the difference between asking for money in order to not send your actual browsing history to your friends, or asking for money in order to not send a made up (and far more incriminating) browsing history to friends?

    Seems like the writers could have skipped that step and still done just fine.

  • All I get in Firefox is a black screen with light gray text saying "Symantec Connect Loading Your Community Experience". Checking the error console reveals a JavaScript error [angularjs.org] that "occurs when $compile attempts to fetch a template from some URL, and the request fails." If Symantec's web site is fragile enough to completely break when a JavaScript file fails to load, why should I trust Symantec with anything?

  • In the news stories I've seen, when people hack into politician's accounts, they don't do anything creative with them. They simply expose the fact that the account was compromised, and maybe the hacker's funny screenname gets credit. The result is the politician gets accused of being sloppy and unsafe.

    Now, I see ransomware is the answer. Politicians wouldn't want their porn history exposed.

Every program is a part of some other program, and rarely fits.

Working...