Sign in / up

back to article Facebook: A new command and control HQ for mobile malware

Researchers have shown off a new way to evade the security mechanisms in Android and iOS – by using social networks as command and control servers. The team, from Israeli security firm Skycure, said Google and Apple have made great strides in keeping malware out of their official software stores by scanning submitted code for …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Mark 85

    Just one more reason to stay away from Farcebook then. Crikey.....

    1 1 Reply
    1. Crazy Operations Guy
      Reply Icon

      Not having a Facebook account would do exactly jack and shit to stop these attacks, and jack just left town.

      The malware is only getting its command and control data from Facebook profiles under the botnet master's control. That profile would be made public so that any device with an internet connection can go grab the data, no need for a Facebook login.

      The point of the attack is that Google/Apple block apps that communicate with suspicious domains, but ignore requests to Facebook as that domain is assumed safe.

      8 0 Reply
      1. e^iπ+1=0
        Reply Icon

        Hosts

        "Not having a Facebook account would do exactly jack and shit to stop these attacks, and jack just left town."

        Something like

        127.0.0.1 facebook.com

        in the hosts file might help.

        Maybe something like adaway should have social media blocking as an option.

        1 1 Reply
    2. werdsmith Silver badge
      Reply Icon

      The Faecebook app IS malware.

      2 0 Reply
    3. VinceH
      Reply Icon

      "Just one more reason to stay away from block Farcebook at the router then."

      FTFY

      3 1 Reply
  2. Crazy Operations Guy

    There is only one app that should be talking to Facebook

    And that would be the Facebook app itself. I have never seen an app that actually needs to communicate with Facebook, most of the ones that do only do so to post a user's scores and achievements (Which no one gives a rat's nuts about)

    Apps should be set to communicate through a proxy run by the company hosting the app store. Users should be protected from malicious and exploited apps during the entire lifecycle of the app, not just at install. This could also be used to protect users from over-zealous apps grabbing too much data about the user.

    1 1 Reply
    1. Brewster's Angle Grinder Silver badge
      Reply Icon
      Trollface

      Re: There is only one app that should be talking to Facebook

      "Apps should be set to communicate through a proxy run by the company hosting the app store."

      You mean you want Google to spy on all the content you browse? Including bank statements?

      0 0 Reply
    2. e^iπ+1=0
      Reply Icon

      Re: There is only one app that should be talking to Facebook

      "And that would be the Facebook app itself. I have never seen an app that actually needs to communicate with Facebook"

      What about a web browser? I can't see the point of a bazillion apps instead of just using the browser.

      Case in point, I visited tripadvisor.com on my mobile browser today and was repeatedly prompted to install the app when I clicked on a link, with the option to 'continue with mobile site' tucked away out of sight beneath. It didn't remember my previous choice just a couple of click later. Bleagh.

      1 0 Reply
  3. DCLXV

    "There have been examples of "time bomb" apps that include unactivated malicious code hiding from scanning engines in kosher-looking software; this bad code will unpack and run once the app has been used for a set period of time. The Skycure team said that this could also be activated by a target's location, or if they'd reached a certain point in a game."

    Sounds like something Sony could have cooked up...

    1 0 Reply
  4. Anonymous Coward
    Anonymous Coward

    IRC

    Same as always - malware command and control pulled from a common channel. It used to be IRC (Internet Relay Chat) - now it's Farcebook. Same approach, different site.

    0 0 Reply
  5. Buzzword

    Unsigned code?

    I thought iPhones could only run code that had been signed by Apple after submitting to the AppStore. So downloading new (and presumably unsigned) code from Facebook wouldn't get around that.

    0 2 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like