back to article SMSZombie wraps self in nudie pics, slips into 500,000 Android devices

A strain of resilient Android Trojan has infected 500,000 devices, mainly in China. SMSZombie is designed to exploit security shortcomings in the mobile payment system used by China Mobile to generate unauthorised payments. The malware also steals bank card numbers and money transfer receipt information, mobile security firm …

COMMENTS

This topic is closed for new posts.
  1. DrXym Silver badge

    Common sense be damned

    Live wallpaper should not need to ask for permission to send or receive SMS messages or administrative privileges. Any that do may as well feature the word SCAM bouncing around in the background.

    The article does not say what appstore users got the app from. I assume most reputable ones would have the means to remote kill a malicious app and would pay particular care to certain categories of apps such as live wallpapers featuring pictures of semi nude women to prevent these apps from gaining a foothold in the first place.

    1. Anonymous Coward 101

      Re: Common sense be damned

      Does anyone actually look at what permissions an App requires before installing? It's about redundant as User Account Control in Vista.

      1. AF
        FAIL

        re: Looking at app permissions before installing

        I do now, after seeing that the "Weather Channel" app wanted this permission:

        DIRECTLY CALL PHONE NUMBERS

        Allows the app to call phone numbers without your intervention. Malicious apps may cause unexpected calls on your phone bill. Note that this doesn't allow the app to call emergency numbers.

        Why on earth does a weather app need the ability to call phone numbers without me knowing about it? Hells to the no.

      2. Anonymous Coward
        Anonymous Coward

        Re: Common sense be damned

        Demonstrably, many idiots don't check the permissions.

      3. Lusty

        Re: Common sense be damned

        "It's about redundant as User Account Control in Vista."

        So not redundant at all then since those of us who understand computers understand UAC.

    2. Anonymous Coward
      Anonymous Coward

      Re: Common sense be damned

      The biggest problem seems to be this:

      "Once installed, the virus then tries to obtain administrator privileges on the user’s device. This step cannot be canceled by the user, as the “Cancel” button only reloads the dialog box until the user eventually is forced to select “Activate” to stop the dialog box. "

      Sounds like a nasty exploit vector that shouldn't be allowed by the system.

      1. auburnman
        Mushroom

        Re: Common sense be damned

        If I were to ever be trapped in that loop I'd be thankful that my phone lets me yank the battery. Better to recover from a bad shutdown than let who knows what on board.

    3. Irongut

      Re: Common sense be damned

      "The article does not say what appstore users got the app from."

      Except it does: "SMSZombie has been found on China’s largest mobile app marketplace, GFan"

    4. LarsG
      Meh

      ANOTHER WEEK ANOTHER OPERATING SYSTEM FLAW

      These flaws are dropping out of the sky like birds*it.

      It's the ones that haven't been found yet that are dangerous.

  2. Anonymous Coward
    Anonymous Coward

    Dodgy pics

    Dodgy code

    What else would you expect?

    1. frank ly

      Re: Dodgy pics

      Many of them are artistic and tastefully posed. You just need to spend time looking for them.

      And they're free! :)

    2. Anonymous Coward
      Anonymous Coward

      Re: Dodgy pics

      Erm.. the Internet?

      1. Matt Bryant Silver badge
        Facepalm

        Re: Re: Dodgy pics

        "Erm.. the Internet?" I would refer you back to the original post - dodgy pics, dodgy content. I would strongly suggest you do not browse "free" pr0n on the same system you make online purchases with, whether it is a Windows, Linux or Apple device, and always have an up-to-date AV package ready to scan before, during and after any such "artistic appraisals". And by online purchases I mean a device that has any ability to buy stuff, such as Steam, iTunes, etc.

        If you want to take the tinfoil condom approach, keep a completely separate device outside your firewall on a DMZ and NEVER connected to anything shared with any other device (exernal USB devices, printers, network shares - all verboten), used only for your "artistic appreciations", using a memory filesystem and booting from a non-writeable CD-ROM. Once it has been built and put to use it must NEVER be allowed to cross the "airspace" and possibly infect your proper systems.

        Not that I've put much thought into the matter, honest.

  3. Anonymous Coward
    Anonymous Coward

    "Security Week adds that the malware has already infected 500,000 smartphones and other devices running Android."

    Implies it's self-replicating - that would be massive news, but I guess that should read: 500,000 users have already infected their smartphones.

    "Disinfecting devices is a tricky process because the malware disables users' ability to simply delete it, TrustGo warns."

    That means this application is modifying the OS - presumably on un-rooted devices. The linked article suggests the device administration API is being used for this - however I see nowhere[1] that says this API can affect the package manager. This needs clarifying I think.

    TrustGo's article also states the device administration request cannot be cancelled as pressing the cancel button re-launches the dialog. The home key is hard-coded to show the launcher, so I question why this is not suggested in their article as a means to escape the dialog:

    "This step cannot be canceled by the user, as the “Cancel” button only reloads the dialog box until the

    user eventually is forced to select “Activate” to stop the dialog box."

    [1] http://developer.android.com/guide/topics/admin/device-admin.html#policies

    1. Anonymous Coward
      Anonymous Coward

      The answer to your first question is right on the page you linked to:

      "To uninstall an existing device admin application, users need to first unregister the application as an administrator.".

      The "tricky" part is that users need to go deregister the application as admin first, which is not entirely obvious.

    2. RICHTO Silver badge
      Mushroom

      Why would that be massive news? Android's awful security is well known, and let us not forget that the first and worst ever worm infection on the internet which took out much of it for 2-3 days was entirely on UNIX based systems....

      1. DougS Silver badge

        Morris worm

        The Morris worm dates from 1988, and back then there probably wasn't a single Mac or Windows computer connected to the Internet. No matter how many security holes either would have had back then, without being on the Internet, worm propagation would be rather difficult...

        The problem with Android security is that it relies on the app to only ask for the permissions it needs, and the user to know/care about what the various permissions mean instead of just blindly approving them. Anything that relies on the end user may be safe in the hands of the technically inclined, but that's only a single digit percentage of the population, leaving many many people for the bad guys to prey upon.

  4. Nick De Plume
    Childcatcher

    Security vs Freedom

    It's a very old choice.

    You can pick the closely curated/censored and restrictive way, like WP and iOS. They are safe(r), but you are not allowed to stray from the usage scenario, get treated like a toddler.

    You can also choose the looser model, like Android. It requires you to know a little bit about what you are doing, but you can do more. If you are ignorant/very careless, you can suffer more too.

    Both have its ups and downs. It's the choice thing, really.

    --------------

    But Android *should* have better safeguards built in. You know - for the kids :)

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019