Feeds

back to article SMSZombie wraps self in nudie pics, slips into 500,000 Android devices

A strain of resilient Android Trojan has infected 500,000 devices, mainly in China. SMSZombie is designed to exploit security shortcomings in the mobile payment system used by China Mobile to generate unauthorised payments. The malware also steals bank card numbers and money transfer receipt information, mobile security firm …

COMMENTS

This topic is closed for new posts.
Silver badge

Common sense be damned

Live wallpaper should not need to ask for permission to send or receive SMS messages or administrative privileges. Any that do may as well feature the word SCAM bouncing around in the background.

The article does not say what appstore users got the app from. I assume most reputable ones would have the means to remote kill a malicious app and would pay particular care to certain categories of apps such as live wallpapers featuring pictures of semi nude women to prevent these apps from gaining a foothold in the first place.

2
1
Silver badge

Re: Common sense be damned

Does anyone actually look at what permissions an App requires before installing? It's about redundant as User Account Control in Vista.

4
4
Anonymous Coward

Re: Common sense be damned

The biggest problem seems to be this:

"Once installed, the virus then tries to obtain administrator privileges on the user’s device. This step cannot be canceled by the user, as the “Cancel” button only reloads the dialog box until the user eventually is forced to select “Activate” to stop the dialog box. "

Sounds like a nasty exploit vector that shouldn't be allowed by the system.

2
1
Silver badge

Re: Common sense be damned

"The article does not say what appstore users got the app from."

Except it does: "SMSZombie has been found on China’s largest mobile app marketplace, GFan"

1
0
AF
FAIL

re: Looking at app permissions before installing

I do now, after seeing that the "Weather Channel" app wanted this permission:

DIRECTLY CALL PHONE NUMBERS

Allows the app to call phone numbers without your intervention. Malicious apps may cause unexpected calls on your phone bill. Note that this doesn't allow the app to call emergency numbers.

Why on earth does a weather app need the ability to call phone numbers without me knowing about it? Hells to the no.

4
0
Anonymous Coward

Re: Common sense be damned

Demonstrably, many idiots don't check the permissions.

0
0
Bronze badge

Re: Common sense be damned

"It's about redundant as User Account Control in Vista."

So not redundant at all then since those of us who understand computers understand UAC.

1
1
Silver badge
Mushroom

Re: Common sense be damned

If I were to ever be trapped in that loop I'd be thankful that my phone lets me yank the battery. Better to recover from a bad shutdown than let who knows what on board.

1
0
Silver badge
Meh

ANOTHER WEEK ANOTHER OPERATING SYSTEM FLAW

These flaws are dropping out of the sky like birds*it.

It's the ones that haven't been found yet that are dangerous.

1
0
Anonymous Coward

Dodgy pics

Dodgy code

What else would you expect?

0
0
Silver badge

Re: Dodgy pics

Many of them are artistic and tastefully posed. You just need to spend time looking for them.

And they're free! :)

0
0
Anonymous Coward

Re: Dodgy pics

Erm.. the Internet?

0
0
Silver badge
Facepalm

Re: Re: Dodgy pics

"Erm.. the Internet?" I would refer you back to the original post - dodgy pics, dodgy content. I would strongly suggest you do not browse "free" pr0n on the same system you make online purchases with, whether it is a Windows, Linux or Apple device, and always have an up-to-date AV package ready to scan before, during and after any such "artistic appraisals". And by online purchases I mean a device that has any ability to buy stuff, such as Steam, iTunes, etc.

If you want to take the tinfoil condom approach, keep a completely separate device outside your firewall on a DMZ and NEVER connected to anything shared with any other device (exernal USB devices, printers, network shares - all verboten), used only for your "artistic appreciations", using a memory filesystem and booting from a non-writeable CD-ROM. Once it has been built and put to use it must NEVER be allowed to cross the "airspace" and possibly infect your proper systems.

Not that I've put much thought into the matter, honest.

0
0
Anonymous Coward

"Security Week adds that the malware has already infected 500,000 smartphones and other devices running Android."

Implies it's self-replicating - that would be massive news, but I guess that should read: 500,000 users have already infected their smartphones.

"Disinfecting devices is a tricky process because the malware disables users' ability to simply delete it, TrustGo warns."

That means this application is modifying the OS - presumably on un-rooted devices. The linked article suggests the device administration API is being used for this - however I see nowhere[1] that says this API can affect the package manager. This needs clarifying I think.

TrustGo's article also states the device administration request cannot be cancelled as pressing the cancel button re-launches the dialog. The home key is hard-coded to show the launcher, so I question why this is not suggested in their article as a means to escape the dialog:

"This step cannot be canceled by the user, as the “Cancel” button only reloads the dialog box until the

user eventually is forced to select “Activate” to stop the dialog box."

[1] http://developer.android.com/guide/topics/admin/device-admin.html#policies

1
3
Anonymous Coward

The answer to your first question is right on the page you linked to:

"To uninstall an existing device admin application, users need to first unregister the application as an administrator.".

The "tricky" part is that users need to go deregister the application as admin first, which is not entirely obvious.

0
2
Bronze badge
Mushroom

Why would that be massive news? Android's awful security is well known, and let us not forget that the first and worst ever worm infection on the internet which took out much of it for 2-3 days was entirely on UNIX based systems....

0
5
Silver badge

Morris worm

The Morris worm dates from 1988, and back then there probably wasn't a single Mac or Windows computer connected to the Internet. No matter how many security holes either would have had back then, without being on the Internet, worm propagation would be rather difficult...

The problem with Android security is that it relies on the app to only ask for the permissions it needs, and the user to know/care about what the various permissions mean instead of just blindly approving them. Anything that relies on the end user may be safe in the hands of the technically inclined, but that's only a single digit percentage of the population, leaving many many people for the bad guys to prey upon.

2
0
Childcatcher

Security vs Freedom

It's a very old choice.

You can pick the closely curated/censored and restrictive way, like WP and iOS. They are safe(r), but you are not allowed to stray from the usage scenario, get treated like a toddler.

You can also choose the looser model, like Android. It requires you to know a little bit about what you are doing, but you can do more. If you are ignorant/very careless, you can suffer more too.

Both have its ups and downs. It's the choice thing, really.

--------------

But Android *should* have better safeguards built in. You know - for the kids :)

0
0
This topic is closed for new posts.