Fast-spreading CopyCat Android malware nicks pennies via pop-up ads A powerful and fast-spreading Android malware strain dubbed CopyCat has infected 14 million Android devices. CopyCat is primarily designed to generate and steal ad revenues. It does this by rooting compromised devices and establishing persistence. Injecting code into Zygote – a daemon responsible for launching apps in the …
Perhaps you should ask Google that question. After all, they are responsible for the software especially any mods made to the Kernel that may (or may not have) contributed to this and other vunerabilities.
Android versions prior to Nougat also run older versions of the Linux kernel.
"Android versions prior to Nougat also run older versions of the Linux kernel."
It's worse than that. If you (*) upgrade an older version to Nougat, you are probably still running the older kernel. In fact, you are probably stuck with whatever kernel version was current when the original device manufacturer first released the device.
(* Yes, I mean you, with something like CyanogenLineage. Obviously the OEM has other options. However, I don't know if they actually take advantage of them. Anyone out there with a phone running the vendor's stock image that has been upgraded? Was the kernel upgraded at the same time?)
I'd be more interested in someone explaining how in this day and age it's still possible to trivially root an OS based on oh-so-secure Linux.
Easy: just ask the user to do it. Some way to escalate permissions is always required to install software. But sideloading is disabled by default on Android and users are warned every time of the risks when they change the setting.
Elsewhere, in OS theory land, it turns out to be pretty to difficult to completely secure an OS when direct access to the hardware is required and systems like "trusted computing" have their own problems, like preventing users from using devices as they would like. But unix was never developed as a secure OS as anyone who's entered single user mode would attest to.
" But unix was never developed as a secure OS as anyone who's entered single user mode would attest to."
Quite. One security advantage of Windows is that you can get full constrained delegation of rights. In *Nix world a lot of stuff has to be done as root. In Windows you can easily delegate just the rights needed for specific admin tasks without using an admin / system level account. This is especially handy with say scripts (via JEA) - see: https://msdn.microsoft.com/en-us/library/dn896648.aspx
Linux and other Unixes have had extensions for many many to provide fine grained admin access, e.g. to provide the ability to change network adapter settings without being able to perform other "root" level actions. From the earliest days of Unix, setuid provided a way (albeit with its own problems) to execute tasks requiring administrative privileges without using an admin/system level account.
Despite your false claim that Windows has an advantage in this regard, it hasn't proven to be very secure, which shows how little privilege separation and delegation matters. It mostly eliminates one type of attack, but there are so many other methodologies available to malware authors it hasn't been nearly as effective as security researchers claimed it would be back in the 90s when Windows and Unix first acquired these capabilities but they weren't widely used.
Most privilege escalation attacks rely on attacking a process or subsystem that already has elevated privileges as part of its design/requirement.
"Linux and other Unixes have had extensions"
That's part of the problem - fine grained security control is an after-thought - not built into everything from the ground up like in Windows.
"From the earliest days of Unix, setuid provided a way (albeit with its own problems) to execute tasks requiring administrative privileges without using an admin/system level account."
Not the same thing at all. For instance how would you control rights to different functions within the same executable?
"Despite your false claim that Windows has an advantage in this regard"
But it is massively superior in this regard - see the above.
"Despite your false claim that Windows has an advantage in this regard, it hasn't proven to be very secure, which shows how little privilege separation and delegation matters. "
More accurately, Windows NT inherited the multifaceted finegrained controls from the VMS OS it was based on, and promptly threw them out. Getting them reinstated has taken a very long time because many software authors refuse to play nice on secured systems, including many big-name providers of expensive packages who really should know better.
Re: "I'd be more interested in someone explaining how in this day and age it's still possible to trivially root an OS"
Whilst I agree with the sentiment - namely Android is nearly 10 years old, we shouldn't forget about the lessons of Windows...
What struck me was the statement: "The mobile malware successfully rooted over 54 per cent of the devices it infected", which would seem to imply that the received wisdom of 'locking' phones (ie. denying end user root access) is not a particularly effective security measure.
How is anyone supposed to tell the legitimate vs illegitimate payments made to a bank account in China that receives both? When someone finds out about it they probably shut down payments to that account, along with barring the referrer ID these guys were using. No problem, they have other bank accounts and other referrer IDs, which future exploits will use (probably already are using) so trying to stop them is like playing whack a mole.
If we can't stop terrorist funding despite essentially unlimited budgets being thrown at the problem of terrorism, how do you expect to stop small time criminals like these from getting paid?
My guess is that the scumbags get they money by getting innocent people to unwittingly accept money to their bank accounts. China has a lot of people who live on a few dollars per day so if you offer them to open bank accounts with the promise that they can keep even just 1% of the money deposited in there you will probably get a lot of people willing to sign up.
Heck this even happens over in the west. If you look on some of the classified ads websites that are not moderated you will see people advertising 'jobs' to "sell items on ebay and get paid £50 per item" Anyone who takes these offers up is likely to get a knock on the door from the police in a month or two down the line when all the customers who bought stuff complain they didn't receive their items and ebay have frozen the accounts.
The reason why sideloading (installing from sources other than Playstore) is so popular, is Google itself, because it refuses to host a number of popular apps.
And even for Apps that are distributed by Google Play, Google conspires with App developers to selectively discriminate against certain devices. Just last week I heard about a particular new app, and was able to install it on my Samsung SmartPhone through Google Play. Then I tried to do the same on Samsung Tablet -- but Google Play refuses to even admit that this App exists when running Google Play Store on my tablet. So I copied the APK from my phone onto my tablet and installed it locally. Works just fine on the Tab, exactly as it works on the Phone. So there is deliberate malfesance on the part of Goolge involved that forces end users to do side loading and get their desired Apps.
The only App store I use other than Google Play is Amazon's. And that's only for the Amazon Prime Video app that isn't on Google Play. I always leave sideloading off unless I'm installing or updating that app.
I wonder how many people sideload an app, and then not reset the device to no sideloading?
"I wonder how many people sideload an app, and then not reset the device to no sideloading?"
Marshmallow allows sideloading to be enabled on a per-apk basis (ie, "allow installation of this file only")
If you don't have some kind of scanner checking files (even off the google store) before installation then you're taking a risk. Malware has pigyybacked on all app stores at times, even on Slurp Play.
The google play store is the worst. It's utterly impossible to find anything. Can't sort by anything, not price, not name, not rating, not downloads. Can't filter by anything, not by price range, not rating.....
can't search by permissions or lack there of....
I FRICKING HATE THE GOOGLE PLAY STORE.....WORST APP STORE EVER....
So there is deliberate malfesance on the part of Goolge involved that forces end users to do side loading and get their desired Apps.
I believe it's the app developer -- not Google -- who specifies the Android version and device compatibility for an app.
Google conspires with App developers to selectively discriminate against certain devices.
It doesn't you know. App developers (and copyright owners) get to choose. In addition there may be API / hardware restrictions. Google is happy enough collecting payment data, and selling ads.
However, it would be nice to be able to legitimise alternative stores. Wonder if the EU investigation of Android will lead to such a recommendation.
The key here is that there is POTENTIAL for this to happen, which is very different to ACTUALLY happening,
I have still to meet a single Android owner that has ever had any virus or malware issue with their device. Weird given the amount of coverage.
The devil is in detail (as always), numbers are hypothetical, extrapolated from the following caveats.
Only unpatched android 4.4 and earlier.
Only devices setup to sideload apps from outside google play
Only devices with Google Play Protect disabled (which despite the name, monitors content from anywhere).
The term "fast spreading" is also deceiving, there is no auto replicating of this. A fail all round essentially.
"Only devices setup to sideload apps from outside google play
Only devices with Google Play Protect disabled (which despite the name, monitors content from anywhere)."
In other words, if you play safely, there's a much reduced risk of malware infection. It's the same old PEBKAS phenomenon again - person between keyboard and seat.
"In other words, if you play safely, there's a much reduced risk of malware infection.!
No, the opposite. IF you go out of your way to deliberately find a vulnerable, IF you deliberately disable all the protection mechanisms, IF you then deliberately download an infected file, and then IF you deliberately install it. You will get infected.
However back in the real world, this is of course total BS, that's a huge number of IFs...
"User installs malware from dodgy app store / spam email"
I'm not sure it counts as particularly powerful or fast-spreading if it relies on asking users nicely to install it. The spread of such malware says an awful lot about the general competence of users, but really very little about the malware itself.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
