Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Android Security

New Android Malware Records Smartphones via VNC To Steal Passwords (therecord.media) 15

Security researchers have discovered a novel piece of Android malware that uses the VNC technology to record and broadcast a victim's smartphone activity, allowing threat actors to collect keyboard presses and app passwords. From a report: First spotted in March 2021 by Dutch security firm ThreatFabric, this new piece of malware, named Vultur, is a departure from other Android malware strains that usually rely on fake login screens floating on top of legitimate apps to collect a victim's credentials. Instead, Vultur opens a VNC server on the infected phone, and broadcasts screen captures to an attacker command and control server, where the Vultur operator extracts passwords for desired apps.
This discussion has been archived. No new comments can be posted.

New Android Malware Records Smartphones via VNC To Steal Passwords

Comments Filter:
  • by Junta ( 36770 ) on Thursday July 29, 2021 @11:21AM (#61634579)

    The fact that the user must grant a whole lot of suspicious permissions, that even once granted the phone will activate a notification that something fishy is going on..

    Sure, there may be improvements to make, but the security model seems to be working pretty well as the malware has to beg the user to let the infection happen with clear warnings and indicates the extra suspicious activity, and ultimately, even if someone did go all in, can be removed like any other application.

    • Any security model is bound to fail when the target audience is mostly computer-illiterate. This piss-poor malware wouldn't pass muster for anybody even vaguely suspicious. But it's convincing enough for the Facebook / selfie / dumb Karen crowd.

      Also, malware makers usually go for the lowest hanging fruit and actively seek the most gullible users on purpose [josephsteinberg.com]. I wouldn't be surprise if this particular malware was designed to be very easy to spot: those who can't are great targets almost by definition.

    • The fact that the user must grant a whole lot of suspicious permissions, ....

      Few users understand the questions that are asked, all that they know is that unless they click yes they will not be able to use whatever they are installing. Clicking yes is what they do on other computers - so they believe that it must be the right thing here as well. Maybe they should know better - but they do not.

      This is the sort of reason why I only do the basics with my smartphone: 'phone calls, SMS, pictures and modem. If I want to do other things I do it on my Debian machine.

  • The article seems to mention that the malware was available on the official Android App Store at least for a moment. I wonder how Google detects and removes malware from its app store? User complaints? Internal review? Due to the sheer volume of apps on the store, I really wonder how they do...

  • iSheep (Score:2, Funny)

    by riis138 ( 3020505 )
    So glad I have an iPhone, everyone knows theres no viruses on Mac ! /s
  • Applications should not normally have permissions to record the screen, or take screenshots outside of their own sandbox.

    First, JVM/Dalvik/ART/etc should have been enough from the beginning to isolate various applications from each other. We know in hindsight that it didn't work, but we never looked seriously at why Google and the industry around Android failed so badly. Secondly, it's the Linux kernel. It supports cgroups and namespaces to provide some pretty serious isolation between user processes (think

    • Re:Lame & for shame (Score:5, Interesting)

      by Junta ( 36770 ) on Thursday July 29, 2021 @11:34AM (#61634637)

      The thing is, everything is doing its job, at least in this case. There are permissions to block everything that this thing does and 'infection' requires the user to accept a litany of highly suspect permissions, and to ignore the 'something is potentially fishy' indicator.

      We still don't have a scenario where an unrooted device is afflicted in most of the traditional malware expectations (e.g. nstalling without user knowledge, doing things surreptitiously without any warning that it might be happening, difficult to uninstall when desired, and ability to self-propogate).

      It's an app that describes pretty much exactly what its going to do to a user and a user says 'well ok then'. At some point there's a limit for what a platform can do to protect its userbase when faced with users that just accept everything.

    • by narcc ( 412956 )

      Android has always a mess that seemed like it was barely holding together. I'm impatiently waiting for a real alternative.

    • by vux984 ( 928602 ) on Thursday July 29, 2021 @01:12PM (#61635079)

      "Applications should not normally have permissions to record the screen, or take screenshots outside of their own sandbox."

      They DON'T have permission, and you have to manually give it to them, and I'd be surprised if its even just a click through. Normally for stuff like screen recording from other apps you have to manually enable it for the app through the accessibility settings.

      This is the process to install a VNC server on android (which is what the malware is leveraging).

      https://www.smarthomebeginner.... [smarthomebeginner.com]

      It's not exactly 'click ok' and your pwnd.

  • I wish there was a way to install a vnc server on an iphone. Looks like there is a legitimate vnc server for android though.

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...