An SMS-sending piece of malware has hit Android phones, according to a Tuesday note from antivirus vendor Kaspersky Labs.
The so-called "Trojan-SMS.AndroidOS.FakePlayer.a" appears as a "normal media player application," according to Kaspersky, but can send SMS text messages to premium numbers without the user's consent. It is the first such piece of malware to target Android devices, and it is already in the wild.
Kaspersky, however, did not name the innocuous media player application, although the firm did say that it is about 13 Kbytes in size.
Not surprisingly, Kaspersky has added it to its antivirus database, although the company does not currently offer an antivirus solution for the Android OS, just versions of Windows Mobile and the Symbian operating system. An Android version is on the way, however.
"The IT market research and analysis organization IDC has noted that those selling devices running Android are experiencing the highest growth in sales among smartphone manufacturers," said Denis Maslennikov, mobile research group manager at Kaspersky Lab, in a statement. "As a result, we can expect to see a corresponding rise in the amount of malware targeting that platform. Kaspersky Lab is actively developing technologies and solutions to protect this operating system and plans to release Kaspersky Mobile Security for Android in early 2011."
Maslennikov said that users should keep a close eye on what services an app says it will request before they install it, which implies that it will not spread without a user's permission
It should also be noted that it is received as an SMS requesting the user to install a small update (.apk). Therefore, in order to contract the virus, the user must open and install the apk. Just receiving the SMS will not infect your phone. Also updates are not sent via SMS. They are via the Market Place app.
It's like the email phishing schemes that provide a weblink to update some personal information on your Payal account for example. Never click on a link from an email involving personal info or logins, and never open an app or .exe from an SMS or email either.
Not really a new concept when you put it into perspective.
Sent from my PC36100 using XDA App
Related
Hi all,
Is it possile to send (via MMS, WAP,...) some application on the device
and run it absolutely silently for the user?
Preconditions: we know only device type (Windows Mobile based device)
and phone #. No additional software is preinstalled on the device.
Thanks!
-Andrew
if it was simple then i suspect we would see lots more virus's and malware on our devices
would say it would require a replacement of the sms recieve part of the device
You right. But may me if application is signed with (M2M) certificate, for example...
Doesn't matter.
There is no preexisting infrastructure for this kind of thing in WM OS.
Like Rudegar said that would be the best loophole for viruses. In fact I can't think of any other apllication for such feature. Even desktop windows doesn't update itself without warning.
Keep in mind that the user would have to pay for the data traffic, so if this is for a legitimite software, it would be one many people wouldn't by (unless you don't tell them what it does).
I'd like some guidance on ways to verify cab or exe files posted here and elsewhere for security purposes. Are they somehow verified by senior members here to ensure they are not malicious?
For example, the Facebook app being developed here obviously requires a username and password. So what is to stop the developer from redirecting that secure information elsewhere to be used for, say, distributing that Facebook virus or other mischief?
The question doesn't just apply to that one app so I'm not singling cornelha out. What is to stop someone from distributing a cab that provides some necessary or useful function, but also has a small hidden exe buried inside it that can intercept text messages or e-mails or record keystrokes in a browser? Does Windows Mobile itself guard against such behavior?
I'm not asking about viruses...I know the virus threat on Windows Mobile is nil. And I know each device owner has to exercise caution when installing anything and should only use trusted sources. I'm just wondering if there is any security beyond that? Thanks.
Any developer that follows up on his app is unlikely to be a fraudster. Having been a member for a while I can now recognise peoples names and I can see that there is a lot of trust in each other, that is what makes this a great and strong community.
Here's a neat app to add into your cell, this I've just begun testing and may stay with it for awhile.
The idea of a security app for Windows Mobile was not a very convincing one in the past but when we hear about new security vulnerability on Windows Mobile devices, we have to give more priority for security related apps for Windows Mobile. Flexilis is one of our favorite in this category. They have responded to the new vulnerability very quickly, the latest version will detect and delete the ” Phone Creeper ” app which gave us Windows Mobile users a security. ( a fix for version 0.6 will be rolled out soon ).
Along with the Anti-Virus and Firewall app, Flexilis also provides a module for Backup , this module will let you back up your contacts and photos. You can also transfer your data to a new phone.
The Anti-Theft Module in Flexilis enables you to respond when your device is lost or stolen. Locate your device, sound an alarm, wipe your personal information, remotely from the web.
The best part of this is all of this is for FREE and if you find a new security flaw with your device you can also let the Flexilis team know about it.
Visit m.flexilis.com on your
mobile browser or https://beta.flexilis.com/ from your PC to create account
Hey guys, just wondering if any skilled devs could think about this
What is iMessage?: iMessage is a great product that Apple uses to bring to and keep people on the iOS platform. But what if we could bridge it to android?
Situation: Many people have old iPhones (or can buy cheap on Swappa) I have a jailbroken iPhone 5. I also have an LG Nexus 5X. What if we could bridge the two and bring iMessage to Android?
Is it possible?: A while ago, some "enterprising developer" found a way to let android users communicate with iMessage. But all of the traffic was being pushed through a server in China. It was shady as shady gets. An APK teardown revealed some unwanted code abilities. But the point is that someone did it and that it is possible. Here at XDA, we can open source the code. We can create a clean, safe version for daily use. Just a little more DIY action.
The Idea: Use an iPhone/iOS Device as the host for iMessage. (The Android will handle SMS, but the iPhone will have no SIM and only send/receive iMessage messages) (P.S: Keep phone number attached to iMessage) The iOS device will most likely need jailbreak to execute the actions as it is far more locked down than Android. So the iOS device will likely sit on a charger, connected to wifi 24/7, acting as the messenger between your device and iMessage. Think of it as a translator.
You will also have an Android device with the appropriate software to connect to the iOS device over the web and send/receive your iMessage texts over the internet. The android app will either be the primary messaging app or a background app. Maybe it will even need root. I don't know. But if it's the main messaging app, it would be a fork of the default messaging app in Android and have the mods needed to connect to the iOS device running iDroidChat. If it's a background app, it will work with any messenger app and will simply act as another source of messages. Like a second SMS server/SIM. It may need root for this functionality.
The Bridge - A connection made over the internet between the iOS device and the Android device. The 2 apps will be encrypted with manual username and password entries. Both of which are entered into each app. The iOS device will host the connection (secured, of course) and the Android device will connect to it using the app. Once the iOS server is running, it will display it's IP, Username, and Password. Just enter these 3 strings on the android app to connect to the iOS server.
Future Plans:
1) An HTML implementation where you can type the iOS device IP into a web browser and it will have a UI for iMessage.
2) Pushbullet integration for mixed SMS and iMessage.
Execution: I'm going to say it up front. I don't know much about coding. That's why I am actively learning Java. But for this project to be possible, I need the XDA community. I will not accept any cash or profits whatsoever from this. I simply want to support the community.
My Role: I will keep the project in shape and help out devs as much as I can. Let's do this. Project Manager. yay.
Check out amphora Messenger on Twitter. So far it seems possible however developer is extremely busy currently. Pie message is also a working solution however needs a dedicated Mac computer, I phones are not possible
Hi, I'm new to XDA. I'm an android developer, but this is a bit outside my wheelhouse. My company is providing no-cost phones to low-income disadvantaged families for health care and health monitoring purposes in conjunction with a local hospital and local health departments. We developed the app in conjunction with local health departments, and we are procuring the devices ( LG G2 (VS980) ) from a wholeseller of refurb phones. We would like to "lock down" the device to prevent abuse and eliminate company liability. The devices remain company property and will (hopefully) be recovered and re-used for other patients when a patient leaves the program. These devices are solely for the purposes of the program and general purpose smartphone functions are only permitted when not affecting the data/voice/sms service plan. (i.e. Calculator)
While I am capable of using Google, I keep finding information about parental locks. I am looking for information specific to:
1. Restricted dialing to a few numbers that we specify (We might have to provide a custom dialer, 911 service ok)
2. In-bound only SMS, No outbound SMS AT ALL (We might have to provide a one-way only SMS app, replacing the default - How to remove the default app?)
3. No ability to install other apps, no google play
4. Auto-update of our app with no google play account needed
5. Restricted web browsing to servers we list (i.e. only patient web portal)
Many thanks in advance.