Android Ransomware Threatens To Share Your Browsing History With Your Friends (symantec.com) 160
An anonymous reader writes: The newly discovered Lockdroid ransomware is unique in two ways. First it uses perfectly overlaid popups to trick users into giving it admin privileges. This trick works on devices running Android versions prior to 5.0 (Lollipop), which means 67% of all Android smartphones. Secondly, after it encrypts files and asks for a ransom, it also steals the user's browsing history and contacts list, and blackmails the user to pay the ransom, or his browsing history will be forwarded to his contacts.
Flogging | tar & feathers (Score:1)
Bring it back.
Re: (Score:1)
Flogging | tar & feathers
What? Are you admitting to your choice of porn up front?
Re: (Score:1)
For the people who download and install random shady shit? Seriously, malware only affects idiots. This shit would never get anywhere near my gear.
Hahahahahaha!
Good one!
Re: (Score:2)
I've been using and working with computers since before you were born
Unlikely at best and laughable at worst. I have been programming longer than most people whose names aren't Kernighan or Ritchie.
and have never had a single one get infected with a virus or malware of any kind.
The plural of anecdote is not data. Your one experience means less than nothing. The simple fact is that people continue to be infected by malware of all types on all platforms. This is not a debatable point.
It boggles the mind how anyone could have that happen unless they went out of their way to make it happen and/or they are a complete moron.
Right. Now you're just being stupid.
A good thing? (Score:5, Interesting)
Re: (Score:1)
Re: (Score:2)
No, but you could buy a new phone already. That thing has got to be like 4 years old already.
Re: (Score:2)
Droid MAXX is only 2 years, 5 months, 7 days old
The phone I use on a daily basis is a 2 year, 4 month, 29 day old stupid phone and verizon last pushed a software update to it just 2 weeks ago
The MAXX was $699 when it was first released.
My Samsung Convoy 3 was $199 when it was released.
They were released just 9 days apart. If I had paid $699 for a phone and it wasn't being kept as up to date as a $199 flip phone I think I would be pretty pissed too.
Re: (Score:2)
Something that does still irk me is that I happen to have a LG tv made in 2012 model 55LM6700 msrp $2,299.99 and it has no netflix profiles support. Yet my 2006 model RVL-001 msrp $249.99 nintendo Wii does WTH?
Re: (Score:2)
Re: (Score:2)
iPhone 4s - introduced 9/2011 -- still running the latest OS probably until 9/2016.
I'm just saying.....
Re: (Score:2, Informative)
Apple is guilty of the same thing. In this case, it isn't Google doing anything of the kind, it is usually the carrier as they feel they HAVE to load their crapware on every phone.
Apple and Google have pretty much the same support time frame.
When iOS 8 shipped, the iPhone 4 was not supported anymore. That is 4 years.
Google supports their Nexus line for 3 years.
Most phone batteries frankly don't last past 2 years anyways, and as they aren't replaceable on most phones anymore, the phone lasts only as long a
Re: (Score:2)
Nexus is Google's flagship phone, and since Google is directly involved, they want the crapware free experience, and relatively long support period.
The moment you start looking at OEMs, it goes downhill.
Take the Samsung SIII. It was Samsungs flagship phone at one point, and sold in high numbers.
Released May 29, 2012, in most markets the last official version is 4.3 JellyBean, with limited markets / unofficial support for 4.4.4 Kitkat.
Kitkat was released October 31, 2013, and Lollipop November 12, 2014. So y
Re: (Score:2)
the Nexus uses some of Motorola's patents they sold to Google in 2012...
Re: (Score:2)
my phone is just over twelve years old. The battery is still good for nine days standby. It gets daily use. I won't even consider another phone.
MotorRAZR V3 for the win.
Re: (Score:1)
Re: (Score:2)
Do you not speak English? You are arguing things I didn't say.
Google updates the only phones they can update, which is the Nexus phones. All the other phones are the carriers holding them up, not Google. Apple stops supporting phones too, despite your venom.
Re: (Score:2)
Apple doesn't allow the carrier to load crapware.
I can buy a PC from any manufacturer running Windows and get security updates from Microsoft. Why can't I do the same with third party Android phones?
And what about third party
Re: (Score:2)
I can buy a PC from any manufacturer running Windows and get security updates from Microsoft. Why can't I do the same with third party Android phones?
Talk to the carriers about that. This is not something you can pin on Google, it is carrier greed and need for control that you are seeing.
And what about third party phones running Google licensed versions of Android? Microsoft doesn't just provide updates for Surface computers.
Many of them can be updated to whatever you like, it just might not work properly because of Qualcomm's control issues.
It's "cute" and all but why if MS makes it their responsibility to support their licensed OS on third party hardware then why doesn't Google do the same?
I am sure Google would love to control updates on their phones, but the Carriers and Manufacturers, and Qualcomm won't let them.
Re: (Score:2)
Apple forbids any carrier from adding anything to their phones. Why couldn't other manufacturers?
Why not all of them? I was able to install Windows 7 on an old 2006 Core Duo Mac Mini. This was out any support from Apple (no I didn't have to use BootCamp
Re: (Score:2)
why if MS makes it their responsibility to support their licensed OS on third party hardware then why doesn't Google do the same?
Because Microsoft charges a hefty license for every copy of their OS sold, google doesn't get a cent for android licenses (they profit through other means).
Re: A good thing? (Score:2)
Google charges license fees for Google Play Services like Maps, the Play Store, etc.
Re: (Score:2)
are you sure about that?
these were even posted to slashdot. and i am sure this isn't all of them.
225000 accounts comporised via ios malware [slashdot.org]
Apple xcodeghost malware more malicious than originally reported [slashdot.org]
Advertising malware affects non-jailbroken ios devices [slashdot.org]
apple cleaning up app store after is first major attack [slashdot.org]
Re: (Score:2)
well if you are going that route then it should also be pointed out that this android malware also only comes from non-approved channels
from the article:
The malware is disguised as a porn app called Porn ‘O’ Mania. The malicious app is not found on Google Play and may be downloaded from third-party app stores, forums, or torrent sites. Users who have Google Play installed are protected from this app by Verify Apps even when downloading it outside of Google Play.
sounds like the infection vector for the examples i linked above for apple are quite similar to the one for android in this article.
i don't hate apple by any means, i just don't like it when people seems to think apple is immune just because it is apple. Both this and the articles above prove that if something stupid you are going to get malware.
Re: (Score:2)
You pointed out that all the apple articles were only from non-approved sources, so i was just pointing out that the malware from this article is also installed from non-approved sources. i didn't mention anything saying android hadn't had any other malware infections.
you want only app store apps for apple? how about this one [arstechnica.com]
and here is a proof of concept showing that apple isn't immune. [networkworld.com]
BTW, that took exactly ONE SECOND of Google-ing.
Research, THEN Post. Otherwise prepare to be outed as the pompous ass you
Re: (Score:1)
You pointed out that all the apple articles were only from non-approved sources, so i was just pointing out that the malware from this article is also installed from non-approved sources. i didn't mention anything saying android hadn't had any other malware infections.
you want only app store apps for apple? how about this one [arstechnica.com]
and here is a proof of concept showing that apple isn't immune. [networkworld.com]
BTW, that took exactly ONE SECOND of Google-ing.
Research, THEN Post. Otherwise prepare to be outed as the pompous ass you are.
1. I didn't say the Articles were from "non-approved sources". Rather that the Software-containing-Malware was from sources other than the iOS App Store.
2. Actually, you DID state quite clearly that "it should also be pointed out that this android malware also only comes from non-approved channels". So I'm not sure what you are talking about with "i didn't mention anything saying android hadn't had any other malware infections." Is English a second-language for you; or are you just illiterate?
3. The "Fi
Re: (Score:3)
I was about to post a snarky comment on how some Slashdotter will defend this in some backhanded manner.
Guess I was too slow.
Re: (Score:2, Interesting)
Force vendors ...? It should force Google to design an OS that doesn't require vendor approval to get an update. Even Windows manages to do that!
Re: (Score:2)
Android supports monthly updates; it's the carriers that don't give a crap. The Google Nexus devices get monthly Android security updates pushed over the air, so it's possible. However, carriers want a few months to "certify" the devices to run on their own networks, i.e., cram that shit full of their "value-added" software. If you give a shit, buy a Google Nexus device.
Re: (Score:2)
Anything to force vendors to, you know, provide up-to-date software. Unfortunately, this probably won't have much of an effect...
Even the most up-to-date software allows a user to be an idiot and install untrusted software and give it permission to take his phone ransom. It is not abusing a software vulnerablity, but an idiot user vulnerablity, and those are not easily fixed without taking away user freedom.
Re: (Score:2)
No need. I mean, you have to go find an alternative download site for the "Porn 'o' Mania" app, enable unknown sources, click through the warning about enabling unknown sources, then click through the warning about installing apps from untrusted locations. Then it fails to install anyway because by default the Play Store app scans even sideloaded apps for malware.
The combination of extreme stupidity, enough intelligence to sideload apps, and the short window of vulnerability before Google kills it means tha
Re: (Score:2)
Buy Google Nexus devices. Monthly security updates pushed out over the air. Developers also flock to these devices so you will always have great ROMs. Also, Google supports those devices for a long time. The 2012 Google Nexus 7 Wi-Fi tablet was updated to Android 5.1.1.
Re: (Score:3)
>> Friends vs contacts? Why put up such a stupidly worded title?
The article assumes that you are acting as a consumer on a personal PC, that many of your contacts are friends (as opposed to work colleagues), and that your personal browser history contains a lot of naughty stuff. Unfortunately, it also assumes that any of your contacts would do more than delete a lengthy message like this on sight; you probably don't have hundreds of "friends" who care THAT much about you. (e.g., Even if Hillary Clin
Context (Score:2)
It really, really matters with search history.
Example: Lot of people probably searched for 'ashley madison' when it was in the news. Now, to a spouse without the context of the time that would look really bad. And that's a tame example. Imagine the search queries you may use to look up a recent horrific crime in the news, you would probably use just keywords and the locale. Without context it would make you look pretty bad.
Joke's on them (Score:1)
I don't have any friends and my contact list is empty.
Re: (Score:1)
I don't have any friends and my contact list is empty.
If you're installing an app called "Porn 'O' Mania" I'd say that's probably true.....
Re: (Score:1)
I don't have any friends and my contact list is empty.
Coincidentally you hate anything Social Media related with a passion.
Sideloaded (Score:2)
"Once the malicious app (a fake porn-viewing app in this case) is installed and run by the user"- exactly. Also, the user would have had to enabled side loading ignoring all of the various warnings.
Re:Sideloaded (Score:5, Insightful)
that's fine, but the point is that if you backdoor install shady apps, c'est la vie. the good: you are passing around pirated apps that you don't have to pay for, and your phone was cheaper because it doesn't license google play services. the bad: malware.
Re: (Score:2)
So... any app not sanctioned enough by Google to appear on their Play Store is automatically shady and pirated huh?
What an amazing world view you must have. I hope you never install software on your PC that is not first approved by Microsoft Corporation, or eat food that doesn't come from the local supermarket.
Re: (Score:2)
So... any app not sanctioned enough by Google to appear on their Play Store is automatically shady and pirated huh?
no, but some are. evidence? THE ARTICLE YOU ARE READING.
not that i ever said that in the first place of course.
Re: (Score:2)
This is true, but not particularly helpful.
The problem is not that apps can be installed outside of a walled garden, which is a normal part of operating an Android device; the problem is that malicious software exists, and has done so for as long as long as computers have been affordable.
Some of the comments here suggest an attitude that wants to marginalise side-loading, as if it were the software equivalent of walking down a dark alley and accepting sweeties from a man in a trenchcoat lurking in the shad
Re: (Score:2)
Some of the comments here suggest an attitude that wants to marginalise side-loading
this is just like when someone says "muslim terrorist" and we hear "not all muslims are terrorists!". of course not. i thought that was a big fat DUH but i guess not.
side loading is by far the biggest attack vector for android malware. that's a fact. it doesn't mean all side loaded software is malware. it doesn't mean all side loaded software is pirated. it doesn't mean side loading is bad, or should be disallowed.
If people want that sort of nonsense they may as well give up and buy an iPhone.
or you should stick with your android device and not enable side loading. there are lots of ch
Re: (Score:2)
How you go from equivocating "shady apps" and "pirated" (via parallelism as your grammatical tool to make it indirect) I have no idea.
that's good, because i didn't.
There are quite a few apps neither shady nor pirated when you install them via sideload.
yes, because after all, i did state that all sideloaded apps are pirated.
Newsflash
newflash: you missed your dose of lithium this morning.
Stupid traps for stupid people (Score:5, Insightful)
Kudos to the app author, though. The technique is pretty interesting.
Re:Stupid traps for stupid people (Score:5, Insightful)
New report shows that toasters are extremely deadly!
.
Researchers have found that the common household toaster is an exceptionally dangerous product. Users who intentionally went out of their way to remove key safety features of the appliance and then connect an extension cord to the device so that they can submerge in a tub full of water while standing in that tub were found to suffer grievous bodily harm.
. .
I can understand that is generates clicks, but we'd be better of spending time writing about why you shouldn't visit dodgy sites and install third party applications unless you know what you're doing and provide some examples of what these malicious programs might look like or how they might try to trick you. That would be far more useful to the average consumer.
Re: (Score:2)
So, instead of having an OS with security built into it, we get an OS with a weak security model, but it's okay because if you let Google control everything you see/get a cut they'll keep you safe?
There's no real reason the Google store is any safer than any sideloaded app. All google does is runs some automated detection software, and that could be run clientside.
Re: (Score:2)
You can't report bogus apps on sketchy sites to have them pulled.
I much prefer the lax security on Android - Google trusts that I know what I'm doing and allows me freedom over my device, whereas Apple assumes we are all morons and keeps us in a padded circle room and only lets us play with Idiot-approved applications.
Re: (Score:2)
"Eventually get pulled" is a kludge for no real security.
I agree, i want to be trusted. But there should be a big difference between "I sideloaded an app" and "I ran an app in admin mode". there doesn't seem to be, security-wise.
Needs rooted phone (Score:2)
Of course, users can't grant root access to anything, on a stock phone regardless of version. Only rooted phones would be potentially vulnerable, and all others wouldn't show an admin-access dialog at all.
This is on top of requiring the user to actually want to sideload an app called Porn'o'Rama in the first place, if that's what it was really called.
Re: (Score:1)
>This is on top of requiring the user to actually want to sideload an app called Porn'o'Rama in the first place
Do you have the link? It sounds great. Where is the side port on my phone to load it?
Re: (Score:2)
The permissions it needs are access to modify/erase files and the ability to lock the screen, both of which can be granted on non-root phones if the user confirms. This app uses a trick (that really shouldn't have been there in the first place... who thought that letting anything have higher window layering than the privilege window was a good idea?) to get users to agree to the privilege escalation without realizing it.
The main weakness of this app (apart from its ahem rather specific market) is that it r
Re: (Score:2)
If that's so, then I guess that limits the damage that can be done to /mnt/sdcard (which could still be enough). I'm surprised that unknown code can be downloaded and executed before the install privileges dialog has completed, though. Or am I missing something else?
At least it's a minor threat to mainstream markets, but I imagine it's aimed more at the vast and growing Chinese base, where sideloading and unvetted stores are the norm.
Re: (Score:2)
A description is in the article. The program uses a clickthrough overlay so that the user thinks that they're confirming something else when in reality they're confirming the permission escalation. They see the overlay, but it doesn't take clicks; they fall through to the hidden window underneath, the permissions dialog. After the user has unwittingly confirmed privilege escalation, then the encryption and locking begins.
Re: (Score:2)
Yeah I got that part, but I was presuming the standard Android permissions dialog was shown before install, and was just curious as to how the program managed to raise a custom overlay so early. If it's talking about a later-stage specific permission escalation (e.g. SuperSU or as introduced in Marshmallow) while the app is already running, I can see how that works.
Only affects users who sideload (Score:5, Informative)
If you stick with Google Play, you're safe from this.
It is only a problem if you side load apps from untrusted sources.
Re: (Score:1)
I thought Google Play *WAS* an untrusted source...
Re: (Score:2)
Seriously, who downloads and installs an app called "Porn âOâ(TM) Mania" on his device?
I would say it's natural selection, unfortunately the offenders don't die.
Re: (Score:2)
Fucks sake. Will Slashdot, the self-styled site for GEEKS ever update to UTF? Drag your ass out of the stone age and get with the times man.
Re: (Score:2)
Seriously... it's so annoying I even set it to my sig. :P
Re: (Score:2)
Will Slashdot, the self-styled site for GEEKS ever update to UTF?
No. The last time Slashdot tried Unicode, it led to moderation score spoofing [slashdot.org]. SoylentNews supports it though.
Re: (Score:1)
Re: (Score:2)
Some of us prefer to use FOSS repositories such as F-Droid [f-droid.org].
Re: (Score:2)
If you stick with Google Play, you're safe from this.
It is only a problem if you side load apps from untrusted sources.
There is a trusted source for apps?! Where??
I do not agree. (Score:2)
What is to stop an application from opening a socket to a trojan server, downloading a binary, writing it, chmod 700, then executing it?
Google might not recognize that malware for what it is until far, far too late.
And since the majority of Android devices are vulnerable to towelroot, that binary owns the phone.
A mass install of a popular app with such stealth malware could see thousands upon thousands of phones suddenly compromised, and there is nothing that Google can do.
Dear friends and family... (Score:5, Insightful)
Blackmail me now, suckah!
Re: (Score:2)
Oddly enough, I don't think I've ever looked at pr0n on my phone. Now if they hacked my PC, that would be different.
Re: (Score:1)
Oddly enough, I don't think I've ever looked at pr0n on my phone. Now if they hacked my PC, that would be different.
Get married. Then your phone will be your only porn outlet.
Re: (Score:1)
Re:Dear friends and family... (Score:5, Funny)
Bet your boyfriend does... check your email
Re: (Score:2, Informative)
After getting caught in one such incident a wise young man taught me the only infallible way to never get caught - don't do it in the first place.
I've tried to live by this ever since, and as best I can recall, I've not done anything in the past 15 years where I'd be worried if anyone found out. Sure there are some things I wont volunteer, but if word got out I'd still stand
Re: (Score:2)
Stupid people. (Score:4, Insightful)
And bore my family and friends? (Score:2)
Re: (Score:3)
If malware forwards me my friend's history... (Score:2)
If malware forwards me my friend's browsing history, I would totally believe he went to all those sites, because there's no way a malware could possibly lie, or that a compromised machine could have been used as a proxy for some other agent. /s.
Be safe, follow my example. (Score:2)
I don't have any friends.
My boss once got a virus that emailed porn links (Score:5, Interesting)
Get a cheap chinese smartphone as a canary (Score:2)
Given how cheap you can get smartphones from China these days, get one of those, and try stuff out on that, rather than your main phone.
Re: (Score:2)
MGLP! (Score:3)
Oh Ghod, this is terribly! Just imagine what would happen to my nerd-creds if it was widely known that I don't watch any porn to speak of, that I sometimes approve of government control, when I feel it makes sense, and I'm not all that keen on having the latest, bleeding edge gadgets?
How is this a threat? (Score:2)
By that, I mean, what's the difference between asking for money in order to not send your actual browsing history to your friends, or asking for money in order to not send a made up (and far more incriminating) browsing history to friends?
Seems like the writers could have skipped that step and still done just fine.
Loading Your Community Experience (Score:2)
All I get in Firefox is a black screen with light gray text saying "Symantec Connect Loading Your Community Experience". Checking the error console reveals a JavaScript error [angularjs.org] that "occurs when $compile attempts to fetch a template from some URL, and the request fails." If Symantec's web site is fragile enough to completely break when a JavaScript file fails to load, why should I trust Symantec with anything?
ransomware is the answer (Score:1)
Now, I see ransomware is the answer. Politicians wouldn't want their porn history exposed.
Re: (Score:3)
Says the Apple fan-boy acting like Apple has never had a single exploit.
Re: (Score:2)
Re: (Score:2)
Entirely unrelatedly, the Kinkymidget Ball Stompers would make a great punk band name.