Malware Found Preinstalled On 38 Android Phones Used By 2 Companies (arstechnica.com) 54
An anonymous reader quotes a report from Ars Technica: An assortment of malware was found on 38 Android devices belonging to two unidentified companies. This is according to a blog post published Friday by Check Point Software Technologies, maker of a mobile threat prevention app. The malicious apps weren't part of the official ROM firmware supplied by the phone manufacturers but were added later somewhere along the supply chain. In six of the cases, the malware was installed to the ROM using system privileges, a technique that requires the firmware to be completely reinstalled for the phone to be disinfected. Most of the malicious apps were info stealers and programs that displayed ads on the phones. One malicious ad-display app, dubbed "Loki," gains powerful system privileges on the devices it infects. Another app was a mobile ransomware title known as "Slocker," which uses Tor to conceal the identity of its operators. Check Point didn't disclose the names of the companies that owned the infected phones. Padon said it's not clear if the two companies were specifically targeted or if the infections were part of a broader, more opportunistic campaign. The presence of ransomware and other easy-to-detect malware seems to suggest the latter. Check Point also doesn't know where the infected phones were obtained. One of the affected parties was a "large telecommunications company" and the other was a "multinational technology company."
Re: LineageOS (Score:1)
I like the idea of CyanogenMod and LineageOS but let's be serious; you have no idea what's contained in those distros. Malicious software could easily hide in source code and get built every night.
Re: (Score:2)
It has been very clear for years that mobile phone operating systems are completely compromised. Either the company that sold them to you is in charge of monetizing your every breath or state security services are watching your every move (and not necessarily your own state either). A well set up PC connected to the internet is slightly better but basically anything connected to the internet is owned by a corporation or several nation states. It does not matter for most of us in our day to day lives but for
homebrew PBX or Wifi hub (Score:1)
just watching the data gping through the Wifi router suggests how bad a Android is and something has been crashing my Noroot Firewall apk that I wonder what goes through.
It has been suggested that CIA installs backdoors it plausibly denies as owning simply because they lease backdoors just like how computer owners lease Microsoft Windows.
A prior article about CIA installing backdoors into OpenBSD also had a reference to a security firm Kryptos Logic that sells exploits worldwide to anyone with money.
Re: (Score:1)
Trump isn't deranged. Why would you name a syndrome after him?
Re: (Score:1)
Reading comprehension failure. Parent said the psychopaths along for the ride could kill everyone, not that Trump would kill everyone. There's a massive difference between thinking the various Nazi, Fascist and KKK Trump supporters empowered by his ascent are dangerous and that Trump is personally is going to commit genocide. Maybe you're just really into strawmen, though.
Re: (Score:2)
You sound unhinged. His control is very limited. This is why we have 3 branches of government you know, there's no such thing as a dictator. You sound as crazy as the far right nuts that ranted that Obama was going to declare the election void and stay in office. Or the far left nut jobs begging him to do just that. Why don't you go see a doctor and get some Xanax? Chill out.
Re: (Score:2)
Not everyone. I took some for a while but eventually I figured out the problem was me. The pills just made me live in a kind of fog. I decided I'd rather just quit worrying about shit I can't control. Not that I've entirely gotten over it, but I can get by now.
Re: (Score:2, Interesting)
Perhaps Breitbart will pretend it's the CIA? I'm reminded of the recent Breitbart news , "CIA uses stolen malware to attribute cyber attacks to nations like Russia"...
Although Occams Razor suggests this is more to do with the investigation of Roger Stone of Breitbart, who apparently was coordinating propaganda with Russian government hacker Guccifer 2.0 during the election.
Watch him on RT, Russian propaganda TV. Party before country. Traitors who'd sell out America for power.
https://www.youtube.com/watch?v=
Re: (Score:2, Insightful)
Ahh, I missed that he was a Trump advisor AT THE TIME he was doing his little co-ordinating with Guccifer. No wonder he's on RT attacking the CIA.
Interesting, Carter Page was also on RT, in December 2016... from his Moscow visit, he went to Moscow for a week to meet 'business leaders and thought leaders', announced it, met a bunch of Russians, and went on RT:
https://youtu.be/4ePHA4f7MNg?t=55s
Or his July visit which including meetings with Russian intelligence:
http://www.usatoday.com/story/news/2017/03/07/ca
Re: (Score:1)
Wrong. Per TFA title, "phones", and "devices" in the lead sentence, not "models". It does list 23 different models that presumably cover those "devices" (which include several Galaxy Tab models, so not all phones). And those models range over 8 brands from the last several years, such as Samsung's Notes 2/3/4/5 (even a "Note 8", but guessing that must have been a Tab since no Samsung phones at version "8" are available just yet ...). That seems to be way too much variety for any organization with any "r
If they have no details (Score:2, Insightful)
Then most likely it's yet another case of three-letter agencies doing it. They're not exactly fond of things that remove their rootkits after all.
Meanwhile two articles down... (Score:1)
I realize the extra physical exertion of a "swipe" versus a "tap" is just too much work for some, but at least I know my credit card doesn't come with malware preinstalled.
Re: (Score:3)
RFID chip might qualify. I'm not sure how much truth is in the claim they can be read by simply walking past you, but /me thinks they aren't totally secure.
Strange (Score:2, Funny)
I thought all Android phones had spyware pre-installed by Google.
[yawn] This is old hat. (Score:5, Interesting)
Re: (Score:2, Interesting)
Re: (Score:2)
My favorite is "I hope your asshole grows shut."
Re: (Score:2)
So true. It took me over two decades to figure it out. I had a breakdown and was basically out of it for 6 months and I finally learned to let things go. I still occasionally get a burst of rage but now I know what it is and kind of reset myself before it gets bad.
This is an advertisement. (Score:2, Insightful)
"We won't name the companies or devices"... because this is a FUD driven ad campaign for our services.
So obvious.
Lookout (Score:4, Informative)
Is there a SINGLE phone out there without backdoor (Score:1)
???
This is getting old.
I don't care if it's old, I just want want something that handle simple daily tasks and doesn't have 500 backdoors and 5000 agencies/hackers spying on it.
What companies? (Score:2)
I'd think it'd be nice to know what companies and models it pertains to. A lot of people trust their phones for things like banking. I don't but I'm a little paranoid about money.
Re: (Score:2)
Never mind, I should have read the damn article. Headline is a little misleading.
Ulefone had malware in the official rom (Score:1)
Ulefones was found to have malware in the official stock rom in 9/2016, including the official downloadeble updates, and "only" took them 2 months to remove it. :/
But for sub $100 phones with all these feature where can you expect they are cutting corners.