Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Android
Showing posts in English
Candid Wueest | 27 Jun 2014 16:07:09 GMT

android_tablet_security.png

 

At this year’s Google I/O developer conference, the technology giant shared its vision of a connected world where smart watches, smartphones, cars, laptops, televisions, and thermostats all interact seamlessly with one another. Of course, central to this vision was one of the conference’s main themes, the idea of Android everywhere and on every device. However, while all this is very exciting and filled with possibility, this new wave of devices and capabilities will spur on a race to develop more contextually aware and voice-enabled apps on the Android operating system (OS) – which, as a platform, has been a popular target for attackers. 

 

Android L
Google’s next version of Android to be released, referred to as Android L, comes with many new features and capabilities. There are also a few...

Joji Hamada | 09 Jun 2014 17:07:32 GMT

Just around this time last year, Symantec came across a fake security app called Android Defender (Android.Fakedefender) that held mobile devices hostage until a ransom was paid up. This particular malware locked up the device, making it useless, in order to coerce the user into paying for the app. Now, a year later, a batch of malicious apps that take files stored on mobile devices hostage by encrypting them have been discovered in the wild by security researchers. These variants, which Symantec detects as Android.Simplocker, pretend to be legitimate apps and appear to be hosted on fake Google Play sites aimed at Russian-speaking Android device owners. An example of one of these fake sites can be seen in Figure...

Symantec Security Response | 20 May 2014 15:58:24 GMT

3509155_-_mobile_device_iBanking.png

Powerful Russian cybercrime gangs have begun to use premium Android malware to broaden their attacks on financial institutions. The tool, known as iBanking, is one of the most expensive pieces of malware Symantec has seen on the underground market and its creator has a polished, Software-as-a-Service business model. 

Operating under the handle GFF, its owner sells subscriptions to the software, complete with updates and technical support for up to US$5,000. For attackers unable to raise the subscription fee, GFF is also prepared to strike a deal, offering leases in exchange for a share of the profits. 

iBanking often masquerades as legitimate social networking, banking or security applications and is mainly being used to defeat out-of-band security measures employed by banks, intercepting one-time passwords sent...

Peter Coogan | 05 Mar 2014 14:24:53 GMT

Darwinism is partly based on the ability for change that increases an individual’s ability to compete and survive. Malware authors are not much different and need to adapt to survive in changing technological landscapes and marketplaces. In a previous blog, we highlighted a free Android remote administration tool (RAT) known as AndroRAT (Android.Dandro) and what was believed to be the first ever malware APK binder. Since then, we have seen imitations and evolutions of such threats in the threat landscape. One such threat that is making waves in underground forums is called Dendroid (Android.Dendoroid), which is also a word meaning something is tree-like or has a branching structure.

...

Dick O'Brien | 26 Feb 2014 09:57:19 GMT
3442719_-_mobile_device_grayware_concept.png
One of the most problematic areas in mobile security today is “grayware.” The dividing line between legitimate software and malware is not clearly drawn and grayware often occupies this murky middle ground. Grayware is applications that may not have any recognizable malware concealed within them but can nevertheless be in some way harmful or annoying to the user. For example, it might track their location, Web browsing habits or serve up unwanted ads. In many cases, grayware authors often maintain a veneer of legitimacy by outlining the application’s capabilities in the small print of the software license agreement. 
 
Grayware is not a new phenomenon and it first began to attract attention well over a decade ago when unwanted extras, such as spyware, were often packaged with free...
Candid Wueest | 25 Feb 2014 09:57:34 GMT
mwc_10years_tube_map_infographic.png
Figure. A brief history of mobile malware
 
2014 marks the tenth anniversary of mobile malware. It all began in 2004, when the first variant of SymbOS.Cabir was submitted to security researchers. The analysis revealed that this worm targeted Symbian OS, which was a very popular mobile operating system at the time. Infected phones would search for nearby Bluetooth devices that had activated discovery mode and then the worm would try to push itself onto them. The user had to manually accept the file transfer and also had to agree to the worm’s installation before the malware could infect the device. This limited the spread of the worm, as the victim had to be in close proximity to...
Flora Liu | 23 Jan 2014 07:14:03 GMT

We’ve seen Android malware that attempts to infect Windows systems before. Android.Claco, for instance, downloads a malicious PE file along with an autorun.inf file and places them in the root directory of the SD card. When the compromised mobile device is connected to a computer in USB mode, and if the AutoRun feature is enabled on the computer, Windows will automatically execute the malicious PE file.

Interestingly, we recently came across something that works the other way round: a Windows threat that attempts to infect Android devices.

The infection starts with a Trojan named Trojan.Droidpak. It drops a malicious DLL (also detected as Trojan.Droidpak) and registers it as a system service. This DLL then downloads a configuration file from the following remote server:

  • ...
Satnam Narang | 20 Dec 2013 23:12:35 GMT

Recently we have observed a series of mobile ads intended to scare users into believing that their device is infected with a threat called “Trojan: MobileOS/Tapsnake”.
 

image1_20.png

Figure 1. Fake Tapsnake infection warnings
 

The malware alert is fake. Tapsnake is an older Android threat (we blogged about it in 2010 and detect it as Android.Tapsnake) that just happens to be mentioned in these ads to make them appear more authentic. We visited a site serving these ads using a brand new Android device with a fresh install and nothing on it and still received this alert. Users of Apple's iPhone...

Satnam Narang | 03 Dec 2013 16:49:11 GMT
Over the past week, users of the photo messaging application Snapchat have seen an increase in the number of spam snaps (Snapchat pictures). The service is now being infiltrated by a myriad of fake accounts sending spam snaps of topless women.
 
figure1_4.png
Figure 1. Spam accounts on Snapchat
 
Snapchat users are currently receiving requests from accounts named similarly, using the following format: “[GIRL'S NAME]snap_####”. Each request features a pending snap from these spam accounts. Despite the app offering privacy settings to only allow snaps from friends, users can still receive add requests from unknown users. Some Snapchat users we spoke to have noticed an increase in these requests over the last week.
...
Symantec Security Response | 29 Oct 2013 13:03:25 GMT

Today, we are publishing a report on the security risks present on Android app markets in the first half of this year. The report presents trends in malware and madware, the latter referring to apps that use aggressive ad libraries. Ad libraries have the ability to collect information about the app’s user in order to serve targeted advertisements. However, some of these libraries can leak personal information or exhibit annoying behaviors such as displaying ads in the notification bar, creating ad icons or changing Web browser bookmarks. We refer to these libraries as aggressive ad libraries.   

In the middle of this year, 65 ad libraries were known and over 50 percent of them were classified as aggressive. The percentage of apps that use aggressive ad libraries has been on the rise since 2010, increasing every year, and reached 23 percent in the first half of 2013. According to our report, users can expect the most madware when downloading apps from the...