Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Android
Showing posts in English
Symantec Security Response | 26 Jun 2013 23:05:46 GMT

Today we released a new version of Norton Mobile Security for Android devices that contains our new Norton Mobile Insight technology. Mobile Insight has analyzed over 4 million Android applications and processes tens of thousands of new applications every day. Through automatic and proprietary static and dynamic analysis techniques, Mobile Insight is able to automatically discover malicious applications, privacy risks, and potentially intrusive behavior. Further, Mobile Insight will tell you exactly what risky behavior an application will perform and give you specific, relevant, and actionable information.

The ability of Mobile Insight to automatically provide granular information on the behavior of any Android application even surprised us when we reviewed the most popular applications exhibiting privacy leaks. 

Of particular note, Mobile Insight automatically flagged the...

Joji Hamada | 21 Jun 2013 14:30:20 GMT

FakeAV software is a type of scam using malware that intentionally misrepresents the security status of a computer and attempts to convince the user to purchase a full version of the software in order to remediate non-existing infections. Messages continue to pop up on the desktop until the payment is made or until the malware is removed. This type of fraud, which typically targets computers, began several years ago and has now become a household name. The scam has evolved over time and we are now seeing FakeAV threats making their way onto Android devices. One interesting variant we have come across, detected by Symantec as Android.Fakedefender, locks up the device just like Ransomware. Ransomware is another well-known type of malware that takes a computer hostage, by denying the user access to their files for example, until a payment/ransom is handed over.

...

Joji Hamada | 13 Jun 2013 21:47:18 GMT

Japanese one-click fraud apps on Google Play made their debut at the beginning of the year and have now become a regular on the market as new variants appear on an almost daily basis. I was curious to see whether the scammers had attempted to target other mobile platforms, so I did some investigative work. The result of which was I didn’t find any one-click fraud on other platforms, but I did came across a dodgy app in the Apple App Store that uses a strategy that is similar to one-click fraud apps.

Once opened, the app accesses certain URLs and displays content from them within the app. The app itself pretty much acts as a frame for the fraudulent site. The particular app leads to fake dating services, called “sakura” sites in Japan, rather than one-click fraud apps that attempt to fool users into paying for an adult video service.

The app was introduced on the App Store as a game and certainly does not look like it is related to a dating service on...

Symantec Security Response | 11 Jun 2013 18:44:55 GMT

Malware authors are notorious for quickly leveraging new exploits in the public domain for nefarious purposes. The recent discovery of a Linux Kernel CVE-2013-2094 Local Privilege Escalation Vulnerability (CVE-2013-2094) in the Performance Counters for Linux (PCL)—currently being exploited on various platforms—has now been modified to work on the Android operating system.  

For anyone unfamiliar with the Android operating system, it is based off the open source Linux operating system. This means that many of the discovered Linux kernel based vulnerabilities have the possibility of being exploited in Android devices. However, with different Android devices using different versions of the Linux kernel, only certain devices...

John-Paul Power | 29 May 2013 23:42:56 GMT

We’ve all heard a really annoying song on the radio on the way to the supermarket and then are shocked and ashamed to find ourselves humming the tune while perusing the frozen foods isle. All it takes then is for a fellow shopper to overhear your rendition of that eighties rock classic and before you know it the tune has infected their brain, and so on and so on. All this sounds very much like a virus, spreading from one computer/human to another leaving infection as it travels, if only Symantec did an anti-Irritating eighties rock product!

All joking aside, malware that can spread or receive commands through sound seems like something out of a far-fetched sci-fi movie right? Not according to researchers at the University of Alabama at Birmingham (UAB) who have recently released a paper entitled Sensing-Enabled Channels for Hard-to-Detect Command and Control of Mobile Devices...

Joji Hamada | 16 May 2013 10:07:30 GMT

Since the beginning of the year, a Japanese one-click fraud campaign has continued to wreak havoc on Google Play. The scammers have published approximately 700 apps in total since the end of January. The apps are published on a daily basis and the scammers have invested around US$4,000 in order to pay the US$25 developer fee to publish apps on Google Play.

fig1.png

Figure 1. Total number of developers and apps developed

Dealing with the fraudulent apps has really become a game of cat and mouse. Once the apps are removed from Google Play, the scammers simply publish more under new developer accounts. These are again removed shortly afterwards, but the scammers simply continue to publish more. Most of the apps are removed on the date of publication,...

Joji Hamada | 18 Mar 2013 16:45:32 GMT

Earlier today, we blogged about Android.Uracto, a malicious app that sends spam SMS messages in an attempt to infect others or scam users into paying a fee for a non-existing service. We continued doing further investigation on the attack and this has led us to discover more apps prepared by the same group of scammers. So far we have been able to find a total of 10 apps hosted on a few dedicated domains believed to be maintained by the group. The servers hosting the domains appear to be located in Singapore and in Georgia in the United States. They are currently still live at the time of this writing.
 

Figure 1....

Joji Hamada | 18 Mar 2013 10:59:34 GMT

SMS messages attempting to lure Android device owners to download an app that supposedly allows the camera on the device to see through clothes are circulating in Japan. This type of spam is usually sent by the malware authors themselves, but in this case the authors have developed an app to send the spam messages by SMS to phone numbers stored in the device’s Contacts. This allows the recipients of the spam to be tricked easier because the invitation to download the app is coming from someone they know rather than from an unknown sender. If a friend is recommending an app, why would you not at least try it out, right?

Figure 1. SMS message sent from a person whose device is compromised

The site where the link takes the user to introduces an app called Infrared X-Ray that supposedly allows the user to see through clothes when viewed through the...

Joji Hamada | 10 Dec 2012 18:56:23 GMT

Recently, I wrote a blog describing the current status of Android malware thriving in Japan and much of the focus was on one particular family: Android.Enesoluty. I don’t know whether the authors of Android.Enesoluty read the blog or came across a news article discussing the content of it, but a few days later the app sites distributing the malware contained a user agreement. This was most likely done in an attempt to make the apps legal and ultimately avoid an arrest and prosecution as the Japanese authorities increase their pursuit of Android malware creators.

Until recently, the app pages hosting Android.Enesoluty only contained false descriptions of the apps, fake download counts, fake reviews, and links that download the apps. They did not have anything with regard to a user...

Mario Ballano | 05 Nov 2012 19:52:59 GMT

A few days ago, researchers from North Carolina State University published a video demonstrating how an app can simulate the reception of a text message from a spoofed source. SMS spoofing can be used for a number of malicious intentions, including SMS phishing attacks (SMSishing), which could trick someone into providing banking credentials or subscribing to paid services.

The code to perform this action has been publicly documented and in use since August, 2010. However, we have not yet found any instances that use the code for an SMSishing attack. Instead, the vast majority of apps use the code to deliver advertisements, including a couple hundred applications hosted on Google Play.

To send a spoofed SMS message there is no need to send a text message over the air. In fact, a...