Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Android
Showing posts in English
Joji Hamada | 12 Jan 2012 22:10:29 GMT

During the summer of 2011, one-click fraud targeting smartphones was discovered. One-click fraud has now become so common that doing a quick search for certain keywords on the Internet using a smartphone leads to a high possibility of coming across one of the scam sites. The typical attack simply attempts to trick users into registering for a paid service. Details of the users and their phones are displayed on the page in an attempt to convince them that the site owners may take legal actions if the user does not pay them a certain amount of money.  There were no malicious files involved. More details are available in this blog.

Now, in 2012, one-click fraud for smartphones has evolved  and begun to use applications.  File usage for the fraud is common on the Windows platform and has been used for years.  When users attempt to view a video on a computer, they...

Irfan Asrar | 10 Jan 2012 16:13:58 GMT

2011 has seen some dramatic changes in the mobile landscape, with the ever-increasing growth rates in consumer adoption of smart phones. This has not gone on without getting the attention of the criminal fraternity, which has turned its attention to mobile malware. But what remains to be seen is if this trend moves beyond the stage of testing the waters to actually making a significant impact, reaching the scales we associate with threats for Windows. If the activities of the past week are any indicator, then 2012 is off to an interesting start. Another scam has come to our attention, this time targeting Android users in France, attempting to exploit the frenzy surrounding Carrier IQ.

From our analysis, Android.Qicsomos is a modified version of an open source project meant to detect Carrier IQ on a device, with additional code to dial a premium SMS number. On installation,...

Peter Coogan | 09 Jan 2012 14:59:33 GMT

Contributors: Conor Murray, Paul Mangan.

Fraudulent apps appearing on the official Android marketplace is an ongoing issue and one that we have blogged about in the past.  Today we received reports of yet more fraudulent apps capitalizing on popular game titles and masquerading as these games. In this case, the apps are published under the name "Stevens Creek Software".

During installation of the fraudulent app, only one permission request is made for full Internet access. In the past, we have seen fraudulent apps looking for numerous unnecessary permissions during installation that may alert the user of the risks involved in installing the app. With just one permission request required by this fraudware during installation, it may seem less of a risk to potential victims. Once installed on the...

Irfan Asrar | 19 Dec 2011 18:30:30 GMT

Hacktisivm, or as one blogger put it “Revolution 2.0”, is something I would describe as an activist agenda where there may be no visible monetary gain by the instigator. Instead the overall goal is to send a message or get a point across. Even though, on occasion, the message may be something many will sympathize with, this doesn’t mean it’s a victimless crime. In many cases, the cost of getting an agenda across may involve using resources (even people without consent).  An example of this emerged over the past weekend. For many across the Arab world, December 18, 2010, marked the birth of what is now come to be commonly known as “The Arab Spring”. Among the many online tools that are being used to coordinate, inform, and get the word out about protests, Symantec has discovered a Trojan mass-mailer/downloader embedded in an Android App.

The Trojan was...

Symantec Security Response | 13 Dec 2011 13:07:51 GMT

Thanks to Masaki Suenaga and Andy Xies for their analysis.

Following the tweet from our @threatintel Twitter account last night about malicious applications targeting users in European countries, Symantec Security Response has identified another group of fraudulent apps on the Android market, but this time under a different publisher ID. From our analysis the 11 newly discovered apps are published under the name “Miriada Production” and are identical to the apps published under the name “Logastrod”. These apps are capitalizing on popular game titles, and masquerade as these games, but in fact they just sends two texts to premium-rate, local SMS numbers in the country where the SIM card is registered. The app also prevents notifications from being displayed if the incoming text is from certain numbers.

Once notified of these apps by Symantec, Google...

Irfan Asrar | 12 Oct 2011 09:22:13 GMT

Contributors: Shunichi Imano

October 2011 marks the eighth annual “National Cyber Security Awareness Month” to be held in the United States. One highly visible concern that makes this year different from previous years is the triple-digit growth rates that are being reported across the board by every antivirus vendor when it comes to threats discovered that target mobile devices. Although the main points made in these reports remain largely the same, it is clear that mobile malware has not only come of age, but that the growth rate has been unprecedented. An underlying message comes across loud and clear: indisputably, everyone agrees that criminals targeting mobile devices have become a force that is here to stay, becoming as ubiquitous as the devices/platforms themselves.

But just when you think you have seen it all, along comes another twist, demonstrating that there is no shortage of ideas when it comes to social engineering. Because of the so...

Irfan Asrar | 15 Aug 2011 20:33:04 GMT

After a public outcry and a write-in campaign failed to convince the creators of ‘Dog Wars’ to discontinue work on their app, it appears that protester(s) have now taken to targeting the users of the app directly in order to get their message across. Symantec has discovered that a Trojan code was planted into an older version of ‘Dog Wars’ (Beta 0.981) that can still be found circulating on warez sites. This version has not been found on the official Android Market.

Agreement by the user to grant the permissions requested by the app (which will include SMS permission) will allow for the the app to be installed. Upon installation, the display icon of the legitimate app looks almost identical to that of the app that has been bundled with the Trojan (on devices with a screen size of 3 – 3.5 inches). In fact, they looked so similar, we almost failed to spot this...

Irfan Asrar | 03 Aug 2011 15:58:24 GMT

Threats making or transmitting unauthorized audio recordings are not a new concept, though they have largely been limited to proof-of-concept demonstrations and final-year university projects. This is a vector that generates a lot of intrigue from researchers, as it pertains to many facets in security, such as data loss prevention and mobile threats, not to mention the changing face of the threat landscape. It is also something we have blogged about previously. Thus, when we received several inquiries about an Android threat we discovered over a week ago, and its ability to upload recorded voice conversations to a remote sever, I decided to take a second look at the threat Android.Nickispy.

This app was available on...

Mario Ballano | 29 Jun 2011 19:35:24 GMT

We have been taking a close look at Android threats since they first appeared, looking for ways to analyze and classify them, as well as looking at possible attack vectors they may use in the near future. Some of our research has uncovered how Android applications could potentially exploit other installed applications to steal their private information or execute malicious code. In particular, we came across something that resembles Windows DLL Hijacking. Bear in mind that we are not talking about Android vulnerabilities per se, but application-specific issues. We found a few applications in the Google Android Marketplace that were susceptible to this attack and have notified the application developers accordingly.

Android provides APIs that allow an application to dynamically load code to be executed. For example, an application may support plug-ins that are downloaded and then loaded at a later time...

Carey Nachenberg | 27 Jun 2011 21:08:09 GMT

The mass adoption of both consumer and managed mobile devices in the enterprise has increased employee productivity, but has also exposed the enterprise to new security risks. Our latest research is a deep dive into the current state of mobile device security. You can read the whitepaper in its entirety here.

More than anything else, the analysis shows that while the most popular mobile platforms in use today were designed with security in mind—and certainly raise the bar compared to traditional PC-based computing platforms—they may still be insufficient for protecting the enterprise assets that regularly find their way onto these devices.

Today’s mobile devices also connect to an entire ecosystem of supporting cloud and desktop-based services. The typical smartphone synchronizes with at least one public cloud-based service that is outside enterprise control. At the same time, many users also...