Godless Android Malware - Secretly Roots Phone, Installs Programs

Android users beware: a new type of malware has been found in legitimate-looking apps that can “root” your phone and secretly install unwanted programs.

The malware, dubbed Godless, has been found lurking on app stores including Google Play, and it targets devices running Android 5.1 (Lollipop) and earlier, which accounts for more than 90 percent of Android devices, Trend Micro said Tuesday in a blog post.

Godless hides inside an app and uses exploits to try to root the OS on your phone. This basically creates admin access to a device, allowing unauthorized apps to be installed.

Godless contains various exploits to ensure it can root a device, and it can even install spyware, Trend Micro said...

Trend recommends you buy some mobile security software. more

My solution. ~Kevin

Number of Phones Infected by Dendroid Spying App Remains Unknown

An American student who hoped to sell enough malicious software to infect 450,000 Google Android smartphones pleaded guilty to a law meant to prevent hacking of phones and computers...

Infected phones could be remotely controlled by others and used to spy and secretly take pictures without the phone owner's knowledge, as well as to record calls, intercept text messages and otherwise steal information the owners downloaded on the devices...

Morgan Culbertson expected each person who bought Dendroid would be able to infect about 1500 phones with it, or 300,000 and 450,000 phones total. more

Does Android Factory Reset Protect Your Information

If you sell or gift your old Android phone to someone, is it enough to do a factory reset to wipe all your sensitive data? And if your Android gets stolen, how sure are you that your anti-theft solution will do a good job wiping it and/or locking the device?

Consumers generally have no insight in how well these features work. Their only option is to trust the manufacturers' and developers' assurances, and wait for security researchers to test the solutions.

Now, two researchers from the Security Group at the University of Cambridge Computer Laboratory have published two papers that answer those questions.

The first one details the results of a security analysis of Android's Factory Reset option, tested on 21 second-hand Android smartphones from 5 vendors running Android versions v2.3.x to v4.3.

In the second paper, they revealed the results of their testing of the top 10 mobile anti-virus apps' anti-theft functions (“remote wipe” and “remote lock”). Again, the results are bad: they found flaws that undermine MAV security claims and highlight the fragility of third-party security apps. more

Spyware Makes Android Phones Play Possum

A particularly devious new Android malware can make calls or take photos even if you shut the device down, according to security research firm AVG.

To achieve this, the malware hijacks the shutting down process — making it appear as though your Android device is shutting down. You see the animation, the screen goes black, but the phone is actually still on.

In this state, the malware can use the phone to send your messages to a third party, record a call or take a photo, essentially turning your phone into a device that spies on you.

AVG, which posted code excerpts showing some of the malware's functionality, names this threat Android/PowerOffHijack.A. According to the company, it infects devices running Android versions below 5.0 and requires root permissions in order to act.

The company spokesperson told us some 10,000 devices were infected so far, mostly in China where the malware was first introduced and offered through the local, official app stores.
(more)

Spywarn™ can detect this.

Study - 16 Million Smartphones Infected with Spyware / Malware

About 16 million mobile devices are infected by malicious software that is secretly spying on users, stealing confidential information and pilfering data plans.

That’s the word from Alcatel-Lucent’s Motive Security Labs, which in a study found that malware infections in mobile devices rose a full 25% in 2014, compared to a 20% increase in 2013. In fact, the uptick is so spectacular that Android devices have now caught up with Windows laptops, which had been the primary workhorse of cybercrime, with infection rates between Android and Windows devices split an even 50/50 in 2014.

“With one billion Android devices shipped in 2014, the platform is a favorite target of cybercriminals who can have lots of infection success without a lot of work,” said Kevin McNamee, director of Motive, in a blog. “Android is more exposed than rivals because of its open platform and by allowing users to download apps from third-party stores where apps are not always well-vetted.”

The mobile infection rate in 2014 was 0.68%. Fewer than 1% of infections come from iPhone and Blackberry smartphones.
(more)

75% of Android Phones Vulnerable to Web Page Spy Bug

A Metasploit module has been developed to easily exploit a dangerous flaw in 75 percent of Android devices that allows attackers to hijack a users' open websites...
Tod Beardsley, a developer for the Metasploit security toolkit dubbed the "major" flaw a "privacy disaster".

"What this means is any arbitrary website - say, one controlled by a spammer or a spy - can peek into the contents of any other web page," Beardsley said.

"[If] you went to an attackers site while you had your web mail open in another window, the attacker could scrape your email data and see what your browser sees.

"Worse, he could snag a copy of your session cookie and hijack your session completely, and read and write web mail on your behalf." (more)

Solution: Use a Firefox or Chrome browser.

Android Warning - Don't Click SMS Links Without Thinking First

A virus known as 'Andr/SlfMite-A' has been recently discovered that is spreading throughout the Android world through text messages (SMS)...
 
Andr/SlfMite-A virus sends SMSs, which includes a malicious link. If you unknowingly click on the embedded link within the SMS, then the virus easily get installed on your phone. Once the virus is downloaded onto your phone, it secretly sends text messages with malicious link to the first 20 contacts from your contact list. 

These self-replicating 'worms' send SMSs to your contact list, thus playing with the trust that the receiver has in you. Just because the person from your contact thinks that the message is from you and hence is a genuine text message, they might just get tricked into clicking the link and unknowingly allow the virus to get installed onto their phone. (more)

SpyWarn™ 2.0 Anti-spyware App for Smartphones

According to The New York Times, anti-spyware apps don't work very well.

The reason...
Most "spyware detection" apps only scan for known spyware. New and well hidden spyware goes unnoticed, and detecting baseband eavesdropping (very serious) isn't even considered. 

SPYWARN™ IS DIFFERENT
(patent pending)
SpyWarn™ 2.0 is a new and unique forensic methodology. It provides the functionality to detect all active spyware by monitoring what the infection is doing, and... ALL spyware is doing something.  

Plus, SpyWarn™ 2.0 detects both spyware and baseband eavesdropping in real-time.

Not just spyware detection... 
This forensic app also contains an eBook version of, "Is My Cell Phone Bugged?" at no extra charge. This informative eBook is about regaining your overall communications privacy, and keeping snoops out of your life.

A forensic examination by a specialist generally costs between $200.00 - $300.00 per inspection, and the end result is not as informative as SpyWarn™.

SpyWarn™ 2.0 is priced to help everyone, only $2.99. 

Don't wait until you have a spyware problem. Get SpyWarn™ on your phone now. Start conducting benchmark tests and saving them to SpyWarn's History file. When you do get a spyware infection it will be very apparent.

Privacy Policy - We are serious about privacy. Only you get to see the data SpyWarn™ collects; it never leaves your phone.

100% Satisfaction Guarantee
Try SpyWarn™ for 7 days. If you are not satisfied with its performance, tell me why so I can improve it, and I will refund the full purchase price to you. You keep the app and eBook.

If SpyWarn™ helps you, help others regain their privacy by writing a positive review on Google Play.

Thank you,
Kevin D. Murray CPP, CISM, CFE, MPSC
and The SpyWarn™ Team

App Scam: Top Ranked Anti-Spyware App Removed from Google Play

Until Sunday night, the top new paid app on the Google Play store was a complete scam. Google Inc. quickly removed “Virus Shield” from the Google Play store, but not before thousands of people downloaded the fake anti-malware app, exposing a major flaw in the open strategy Google has taken with its mobile app marketplace.

"Virus Shield" claimed that it protected Android smartphone users from viruses, malware and spyware, and that it even improved the speed of phones. It touted its minimal impact on battery life and its additional functionality as an ad blocker. At only $3.99, "Virus Shield" sounded like a pretty good deal to the tens of thousands of people who downloaded it in less than two weeks. 

 
Virus Shield downloads Google Play Store (screenshot by Android Police)

Those 10,000 people even seemed to enjoy "Virus Shield," as the app maintained a 4.7-star rating from about 1,700 users. Another 2,607 users recommended it on the Google Play store, helping “Virus Shield” get ranked as the No. 1 new paid app and third overall top paid app. (more)

Coming soon to Google Play, something that really works.

Over 50% of Android Users Don't Use Passwords, Pins or Meaningful Swipes

An ad hoc survey conducted by Google's anti-abuse research lead Elie Bursztein has shown that over half of Android users don't lock their phones in any meaningful way. 

Click to enlarge.

After polling 1,500 users, he discovered that 52 percent of those users "open" their device with a simple slide or gesture, 25.5 percent have opted to locking their phones with drawing a pattern on a grid, and 15.1 percent are using a PIN.

Only 3.3 percent have opted for using a password, 2.3 percent for the option where the phone can recognize their face, and 1.8 percent are using other, 3rd party forms of authentication...
 
...no security is perfect. Both lock patterns and PIN codes can be vulnerable to smudge attacks, as a 2010 Usenix paper illustrates. So whether you use a PIN or a pattern you should change it from time to time. You might also want to go to your phone’s options screen and disable the display of the pattern so people can’t “shouldersurf” it. (more)

Windows Spy Tool Also Monitors Android Devices

Researchers have discovered that a commercial Windows-based spy program now comes equipped with capabilities for spying on Android devices as well... 

“The Android tool has multiple components allowing the victim’s device to be controlled by another mobile device remotely over SMS messages or alternatively through a Windows-based controller,” said researchers at security company FireEye who discovered GimmeRAT...

Remote access Trojans for Android are nothing new; Dendroid and AndroRAT are two that have been in circulation for some time. But this is the first time that a multiplatform Windows RAT featuring Android capabilities has been discovered. (more)

Just Change 'Baby Monitor' to 'Bug' for High Tech Eavesdropping

Smart Baby Monitor (Bug) in your pocket!
The baby monitor (bug) for the smartphone age. Includes all standard features of a hardware baby monitor (bug) and some surprising extras.

Works at any distance. Dormi can use any available route to connect parent and child units (WiFi, mobile data), and can work even when Internet is not available (WiFi Direct, HotSpot / AP)

Ultimate feature? 
You can connect MULTIPLE devices in parent mode to a single child device simultaneously.

Intelligent audio
You don't need to configure microphone sensitivity - Dormi adjusts to noise levels automatically. Leave the device several meters away from the sleeping baby (target) and it will still be able to detect when it cries (or plans a corporate takeover) and amplify the sound for the parent device as if it were placed right next to the baby (target).

Press and hold the Listen button to hear sound from the child device even while the baby (target) is not crying (or selling stocks). Equally, use the Talk button to talk back to soothe or calm the baby (or spook the hell out of your target).

Convenient info-center
With Dormi you always know what's going on. All important information about the child device is always available while monitoring. If connection with the child device is lost, the parent device will notify you.

Dormi will even notify you about missed calls and new text messages received on the child device, so you will not miss something important while not having direct access to the device.

If the baby (target) starts crying (or talking with the General Counsel) while you are on the phone, you will be notified with vibrations and a gentle beep to your ear - without abruptly disturbing the phone call, yet letting you know.

Of course, Dormi works in the background, even when the device screen is off. Great care has been taken to limit battery usage - you can monitor for many hours on one charge.

Have you got an old Android device sitting in the drawer that you have no use for? Not anymore - try using it as the child device with Dormi. We have made the effort to ensure it runs from Android 2.3 onwards.

Start right away...
All you have to do after install is pair two devices together (our autodiscovery feature makes this a breeze) and start monitoring right away.

Although unlimited monitoring is paid, you will get 4 hours of monitoring for free every month.

If you do decide to make a purchase, you only have to do so on one of the devices participating in the monitoring. (more)

Why do I mention it?
So you will know what you are up against.

New SpyCam App for Android Phones and Tablets

via droidforums.net...
The new spycam app by "dooblou", SECuRET SpyCam, makes you an instant gum shoe! 

There are maybe some not so ethical uses for this, but then again this app would make it easy to see who is stealing your juice out of the office cooler, or what exactly the babysitter is doing with your kid. 

The app turns any Android phone or tablet camera as well as a remote camera into your very own motion triggered spycam. With this app your device will capture stills or video when activated by any motion within its field of view and then either save or email the photo or video. 


 
This app has apparently already caught several criminals in the act of stealing cars, and breaking into homes. 

You don't have to use your phone you can use this app to control a laptops webcam or another device camera with the use of livestream. 

The app includes disguise mode and touch screen locking so your phone won't be detected, advanced settings to tweak performance and timings, ability to choose between the front and back cameras, choice of video and photo resolutions including resolutions photos and high def videos, quick start mode and more. 

Pro version is $4.49, and there is a Demo version so you can see how it works before buying. (more) 

Why do I mention it?
So you will know what you're up against.

Two New Android Spyware Issues

Hop, Skip and a Bank Bug...
Malware capable of infecting Android handsets using Windows PCs and laptops has been uncovered targeting developers.

Security response manager at Symantec Alan Neville told V3 the malware is atypical as it uses a two-stage attack process to jump from Windows PCs to Android handsets.

"It starts with a Trojan that when executed creates a new service on a Windows machine," he said. "It then targets Android devices that connect on USB. It uses the Android debugging bridge to deliver the Fakebank Trojan." Fakebank is a notorious Trojan designed to take victims' financial data. (more)

Fake Security App Intercepts Calls and Texts...
Researchers have discovered a new Android malware family that disguises itself as a security app, and intercepts the incoming texts and calls of victims.

According to Hitesh Dharmdasani, a malware researcher... six variants of the Android malware, dubbed “HeHe,” have been detected by the firm.

On Wednesday, Dharmdasani told SCMagazine.com that the free app is most likely infecting users via third party app marketplaces or through SMS spam. (more)

Your Automobile is Very Likely Spying on You

...but Republicans and Democrats in the U.S. Senate are uniting to put a stop to unfettered snooping via the "black boxes," or "event data recorders," placed in your car by automakers. 

Is your car spying on you? If the vehicle is a fairly new model it probably is, thanks to a "black box" that collects data about what’s going on in your car. And there’s no off switch or way to opt out. By September all new cars sold in the United States will be required to have black boxes, or as they’re more formally called, "event data recorders."

"The amount of data that they record is vast. And it's not capped," said Nate Cardozo, a staff attorney with the Electronic Frontier Foundation (EFF).

That’s just one way new technology installed in automobiles is invading our privacy. At the 2014 Consumer Electronics Show (CES) last week, Google and a handful of automobile manufacturers, including Audi, GM, Honda and Hyundai, announced a partnership designed to bring the Android mobile platform to vehicles. Those devices are capable of broadcasting your location, Web pages you may have looked at, stores you shopped in and much much more. Chevrolet, for example, showed off a camera mounted on the windshield that records the driver’s point of view and a microphone in the cabin records any noises made in the car.
 
...Consider what Ford’s top sales guy James Farley said at a CES event: "We know everyone who breaks the law. We know when you’re doing it. We have GPS in your car, so we know what you’re doing." Farley quickly retracted his impolitic remarks, but they give you insight into how seriously some automakers take your privacy. (more)

Is your car bugged?
See if you are on the list.
If so, read this. 
~Kevin

NSA Can Now Bug iPhones (yawn)

Reports have surfaced that the US National Security Agency can now turn iPhones into eavesdropping tools.

That’s the word from security expert Jacob Appelbaum, who told a hacker conference in Germany that the NSA can plant iPhone malware called Dropout Jeep, which gives American intelligence agents the ability to turn the gadget into a listening post using the iPhone camera and microphone. Also, it has a spyware function that can retrieve contact information, read through text messages and emails, and listen to voicemails. (more)

(Yawn.) Spyware for smartphones has been around for years. You can purchase it with a few keystrokes. 

Don't worry about the NSA. They could probably care less about you. Worry about your employer, disgruntled employee, or significant other. 

Then, if the question, "Is my cell phone bugged?" pops into your mind, buy a good book, or app, and find out what to do about it.

A Flashlight that Follows Your Path... in addition to lighting it.

The Android flashlight app, Brightest Flashlight!

GoldenShores Technologies, LLC, is using the onboard GPS to make money on a free app by selling the anonymized user data it collects. And, the amount is not trivial; over one million people have downloaded the flashlight app.

The reason this information finally surfaced was because the Federal Trade Commission (FTC) became involved, eventually issuing an official complaint against Goldenshores Technologies (PDF)... (more)

New Android threats could turn some phones into remote bugging devices...

Researchers have recently uncovered two unrelated threats that have the potential to turn some Android devices into remotely controlled bugging and spying devices.

The first risk, according to researchers at antivirus provider Bitdefender, comes in the form of a software framework dubbed Widdit, which developers for more than 1,000 Android apps have used to build revenue-generating advertising capabilities into their wares...

What's more, Widdit uses an unencrypted HTTP channel to download application updates, a design decision that allows attackers on unsecured Wi-Fi networks to replace legitimate updates with malicious files. (more)

Three Tips to Keep Your Mobile Data Safe

Keeping your mobile gear secure while you’re zipping across the grid is tricky business. Laptops and tablets—veritable gold mines of personal information—are popular targets for thieves. Law enforcement officials, meanwhile, could confiscate your smartphone and then examine the data—merely as a result of a routine traffic stop.

If you’re packing an Android device, it gets even trickier, because with such a device, you stand a better chance of falling prey to the booming mobile malware market. Independent malware testing lab AV-Test had less than 10,000 Android malware samples in its database by late 2011. Now, two years later, that number has blossomed to around 1.3 million.

Step One:
Encrypt everything

One of the easiest things you can do to protect an Android or iOS device is to take advantage of built-in hardware encryption. This feature will turn the data on your phone into nearly unreadable junk—unless it's properly unlocked with your password.

Let's start with the easy one: iOS. Owners of iPhones or iPads can rest easy knowing the data is already encrypted, provided you create a passcode from the lock screen.

Step Two:
Keep malware at bay

Android users are particularly vulnerable to malware. Google, unlike Apple, doesn’t vet applications before they go live on Google Play. This has proven an easy way for malware creators to sneak malicious apps onto Google’s app store. Malware-laden apps range from those offering free device wallpaper to games, and even to impostors that try to look like popular apps.

That’s why security vendors such as Avast, Kaspersky, and Lookout offer antivirus and security apps for Android to help keep you secure online. But how good are these apps, really? Back in late 2011, results from the AV-Test lab found that the free solutions were nearly useless.

Step Three:
Go Covert

You can protect your data from being nabbed by a Customs agent and downloaded into some massive data silo in the Utah desert. The Electronic Frontier Foundation suggests an interesting option: Leave the hard drive at home and boot your laptop from an SD card.

(Full instructions on how to create a Ubuntu boot disk or USB boot drive in Ubuntu guide for displaced Windows users.) ...Even if you don’t have any sensitive data to protect, this is such a great, secret-agent-style use for your laptop that you might want to try it simply for the cool factor. (more)

One Way Your Android Phone Can Get a Virus

Kevin McNamee stands in front of his laptop on a low stage, a phone in his hand as he scrolls through a program showing his phone’s screen, magnified on a projector screen beside him.

Bits of code start flashing up the screen as he injects command-and-control malware into the command window of the app for Rovio Entertainment Ltd.’s trademark game, Angry Birds – transforming the app into a new version he’s dubbed “Very Angry Birds.”

“And here we go,” he says, frowning down at the screen as he begins to run the new app.

McNamee was presenting at Sector 2013, a conference on all things IT security held in Toronto from Oct. 7 to 9. The director of Kindsight Security Labs at Alcatel-Lucent Canada Inc. in Ottawa, McNamee wanted to show how simple it is to use an Android software development kit to add in malware.

When a user downloads a malware-infested version of the app, he or she is asked to sign off on all kinds of permissions, like access to contact lists, the camera, and so on. If a user carelessly checks off ‘yes’ on all the options, the app is activated with a piece of malware called “Droid Whisper,” and the hacker who wrote it now has access to the phone owner’s contact lists, location, messages, camera, and microphone. That means someone can remotely listen in and record phone conversations, send messages to the phone owner’s contacts, and even take pictures from that phone.

This process can work by injecting malware into basically any Android app by using its application package tool, and it just runs as a service in the background, McNamee said. (more) (presentation)