Sign Up to FindR service
A brand new Vodafone HTC Magic with Google’s Android OS was shipped preloaded with the Mariposa bot client and Conficker virus. This incident is not about Android malware, but rather about Windows malware on a USB device (a phone) that attacks a Windows PC. The malware when connected to a computer, attempts to send personal information back to the malware creator. Vodafone acknowledged the problem , which it is investigating, as isolated local incident. read more.
Over 8,000 iPhones and Android smartphones downloaded and used the fake WeatherFist, this incident highlights the spreading potential of malicious applications on these devices. The multi platform mobile phone application gathers information on the users who downloaded it, including their GPS coordinates and phone numbers. the creators of WeatherFist targeted the jailbroken iPhone market, SlideME, ModMyI, and many android app sites. It also wrote a malicious version of WeatherFist, called WeatherFistBadMonkey, able to execute bot code and can grab contact information, cookies, physical addresses, and can be used to send spam. the malicious app could steal or modify a user's contacts, read his files, and access his Facebook and Twitter accounts, as well as email account and passwords or disable system services. read more.
Mobistealth is a an oldschool spyware product
The information available on the net on the three versions of this software tell the user of the harm it can cause, but does not mentions the ways that the spyware employs. When installed,
mobistealth products pose as legitimate parts of the Android OS, and hijacks the phone communication.
Pretending to be the a fake 'googleVoice' app is very dangerous behavior and can cause
a multitude of problems when using the handheld device. We recommend to remove this program from your Phone as soon as possible
read more.
The Aptoide "BlapkMarket" client is an Android application that allows to install software that comes from multiple sources,distributed over different locations.
Even stealing apps is bad, the problem with pirated app to provide apps that normally cost money for a total of zero dollars, can used as a back door for bad applications and malware from untrusted sources. We consider those applications to be malicious
The vulnerability that allow installing apps from SDcard can bypass security test and effect the device.
read more.
It has just been reported that a major security flaw has been found in the Android 2.0.1 code within the Motorola DROID.
The problem happens when the DROID is locked and ringing. A user can simply press the 'back' key, which will then take hacker back to the home screen, leading to the obvious security threat.
the security issue will let a user bypass the much touted lock screen on Motorola DROID, putting personal files at risk,
read more.
Couple of weeks after its launch, the Android-based Nook e-reader , from Barnes & Noble's has been hacked and allow full system access.
the Nook uses a 1.5 customised version of the Android operating system ,supports WiFi and 3G cellular, and have connectivity with all manner of systems via the Internet.
the attacker need to open the device and access a system microSD card , mount this card on a computer and changing the init.rc file .
the rooting process is not a bad thing by it self, but the dangers of rooting Android device isnt only concern the user but can be exploited by remote attackers or malware software.
E-book readers (or E-readers) are typically just DRM-infected devices, which are doing little more than display of text.
They are not Internet Web surfing gadgets.
the the bad guys and crackers are likely to continue modifying relatively low-cost specific-application devices, such as e-readers, allow them to become a computer running a full Android operating system, with a built-in, free cellular connection to the internet. It also has a battery that lasts days.
the use of portable device as a launch point for an attack on the corporate and home wireless networks:
The attack vectors that these mobile devices can utilize are many, and include - viruses that can infect workstations, worms, and with the new Linux based devices the device itself could be used as a base of an all scale attack on the Organization network.
an Attack scenario may include connecting to the Organization wireless network, sniff for passwords and information on the wifi network, and send the discovered data to an internet site via the Cellular network.
then the device can search for normal workstations and infect them with virus or more malware.
read more , and more.
In the first and second weeks of December 2009 a developer (09Droid) using the Android platform deployed suspicious mobile banking applications in an attempt to fraudulently gain access to sensitive personal financial information. This phishing attack was launched from the Android Marketplace.
Your mobile device may be at risk if you downloaded an application provided by 09Droid from the Android Marketplace,
applications from 09Droid are NOT an authorized or legitimate downloadable application for Unity One Credit Union Mobile Banking,First Republic Bank,Abbey Bank, US Bank ,Bank of Queensland,Bank Atlantic,Barclays Bank, or any other bank.
This downloadable hacking/phishing effort by 90Droid represents an attempt to gain access to credit cards and account numbers through the emerging Android platform.
read more
First malware / spyware applicaton launched for android , called 'Mobile Spy' , sold for 99$, which snoop all user's calls and SMSes.
What it does is to log GPS locations, calls, visited URLs, SMS messages and deliver them to the attacker.
The attacker needs to first have physical access to the device.
The spyware focus on android OS version 2.0 phones like Morotola Droid.
It its current form, Mobile Spy acts and hides like a malware would, and it officially join the mobile malware market segment.
Retina-X Studios,a well known commercial provider of spyware applications for numerous mobile platforms, has recently ported its Mobile Spy app to the Android mobile OS.
The spyware hosted on a site belong to:Retina Software which based in jaipur,rajasthan,India.
read more .
Security researchers have disclosed two new vulnerabilities in Google's Android mobile platform which could lead to denial-of-service attacks.
oCert advisory warned of two flaws in version 1.5 of the increasingly popular platform, both of which have been patched by Google in version 1.6.
The first involves Android's handling of SMS messages (malformed SMS DoS), found by Charlie Miller and Collin Mulliner:
A specific malformed SMS message can be crafted to trigger a condition that disconnects the mobile phone from the cellular network,the malformed SMS message consists of a badly formatted WAP Push message which causes an Java ArrayIndexOutOfBoundsException in the phone application (android.com.phone).
The phone application then silently reboots, leading to temporary loss of connectivity and dropped calls.
If the phone's SIM is protected by a PIN, users will be required to re-enter this, causing more delays and inconvenience, and if the bug is triggered repeatedly it could lead to DoS.
The second flaw is a DoS vulnerability in Android's Dalvik API found by the team from KPMG London ,A specific malicious application can be crafted so that if it is downloaded and executed by the user, it would trigger the vulnerable API function and restart the system process, The same condition could occur if a developer unintentionally places the vulnerable function in a place where the execution path leads to that function call. Triggering this bug is considered a DoS condition.
read more
The InstantRoot exploits a security flaw in the bluetooth of the android os to give android root access.
Users can break there phone with root, with applications that use security flaws
read more about the dangers of rooting your Android phone
We discover 3 different variants of android applications that exploit bug in windows and allowing Blue screen crash to vista users via latest SBM bug
in Windows Vista, Windows Server 2008, and Windows 7 and run offending code.
We consider those applications to be malicious
The vulnerability works because when the windows SMB2 driver receives a malformed negotiate protocol request it is unable to recover.
read more
a company called "Perfect Acumen" started to spam the android market, under the name "Sapphire Apps".
we decided to mark this developer as suspicious based on users feedback and volume of applications
spamming the Market with $5 apps that violate copyright and don't do much other then this , most of them are one star rated with less then 50 downloads.
From the Android Market Content Policy for Developers:
Developers should not upload or otherwise make available applications or any other materials that create a spammy user experience, whether by posting repetitive content or misleading information about an application's purpose
in the past Apple Bans Khalid Shaikh's Perfect Acumen Company From App Store after posted 943 applications (5 apps a day, every day, for 250 days) to app store , and over 170 android applications and still counting.
The Khalid Shaikh's team declare it self as "iPhone Developers, 30+ employees, 1400 iPhone Apps Released - Perfect Acumen, Inc Consultant, United States" ,but his 30+ employee team based in Pakistan were delivering Mobile applications at a fast pace.
applications name are Top Sexy Ladies Bar Refaeli, Sexy Ladies-Britney Spears and similar
list of all Sapphire team applications can be found here
read more
The application use a dangerous bug in Linux kernel. Although the exploit itself can be used to execute anything as root, the prepackaged APK is designed to flash an Android recovery image with an update that allows installing modified updates signed with a publicly available key. The exploit should work for limited time only. We expected this bug to be patched very soon. read more
a huge Android SMS flaw that could leave G1 phones running Android operating system inoperable.
Dr. Charlie Miller, a security expert who found it quote : "The bug kills the telephony process (com.android.phone) and thus kicks the Android device from the mobile phone network,the bug will permanently kick the target device off the network if the SIM card residing in the phone has a PIN set."
Google spokesperson Jay Nancarrow : "I can confirm that the SMS bug affecting Android has been fixed" . read more
T-Mobile pushes out Android update, The update is listed as CRC1 and aside from mentioning it fixes some type of security issue, no other details are known and chances are no extra features are added.(We suspect it is Silent fix SMS attack exploit) Some users claim that after updating G1 to CRC1, the Google Voice app for Android fails to fetch user Inbox. It either sits at 'Downloading' indefinitely, or shows 'Network error' after a second or two. read more
cupcake (ver 1.5) fix security exploit
Android improperly checks developer certificates when installing packages that request the shared user identifier (uid) permission.
Normally, Android applications will be allowed to share a uid if the packages are all signed by the same developer certificate and request permission to do so at install-time. This allows for packages from the same author to share data. Without enforcement of that behavior, it is possible for any application to be installed in such a manner that it gains access to another (existing) application's data.
A patch has been made available by Android.Credit: Panasonic , read more
android widgets support poses security risk
Open Home is a home replacement application that gives Android users a whole new series of themes. The problem is to do with permissions, and what Open Home can access. Android's home screen has open permission, giving the program access to contacts and short cuts to apps.
This means someone could develop an app to be used in conjunction with Open Home which replaces the home screen that could maliciously access the phone's contacts and pass them onto a third party , read more
Because the home screen has permission to app short cuts, a program could be developed simply to reroute users to a fake program that could steal username and password info
owners warned not to uses phone's web browser
Security researcher Charlie Miller presented a new vulnerability in Google's mobile OS Android which allows hackers to remotely take control of the phone's web browser and related processes, at the last Schmoocon hacker conference in Washington D.C. MP3 decoding flaw could allow hackers to remotely take control of the Android web browser and steal data.
According to oCERT, the code in the Android web browser multimedia subsystem, which was written by PacketVideo, does insufficient boundary checking during MP3 decoding, causing an integer underflow. read more
This might lead to arbitrary code execution on the heap
users claims market application destroying phone data
Android users claims that an application called "MemoryUp" destroys memory on the android G1 phone. the application was remove from the andoid market shorty after reports published customers also blame MemoryUp for spamming their e-mail accounts,read more
antivirus protect G1 users from this thread!
anyone can get root on G1 android
Android OS Bug interprets all text entries as System commands. a Shell process (/system/bin/sh) running in the background with/dev/console mapped to stdin.
That has the effect that everything you type on your keyboard is actually being executed as root in the background even though you don't see the output read more
It is possible to run commands on G1, read more
Wanna test it ? just type reboot and hit Enter