Android continues to prove irresistible to the hacker community, which seems intent on finding ever newer, more innovative ways to exploit security holes in the open source mobile platform.
Now a new threat to Android may be on the horizon: A pair of security researchers are planning to make public next month a modular, open source framework called AFE (Android Framework for Exploitation) that bad guys can use to build and tailor Android malware to suit their tastes...
With AFE, according to the duo's description, a hacker can quickly cobble together malware capable of at least 20 different feats, including retrieving a user's call logs, contact information, and the content of his or her mailbox; swiping SD card contents; sending text messages; viewing browsing habits; recording phone conversations; capturing images with the affected device's camera; running root exploits; accessing the device's GPS location; and remotely dialing any number from the hijacked device.
In addition, the duo have created templates to mask the malware as legitimate apps such as File Explorer, Tic Tac Toe, and a jokes app. Users of the framework can add their own.
"For a basic effort at writing malware, that's not even really trying hard, you can make $10,000 a month," Gupta told SC Magazine. (more)
...and for the price of a book it can all be thwarted.