RedDrop nasty infects Androids via adult links, records sound, and fires off premium-rate texts A newly discovered strain of Android malware makes live recordings of ambient audio around an infected device. The RedDrop nasty also harvests and uploads files, photos, contacts, application data, config files and Wi-Fi information from infected kit. Both Dropbox and Google Drive are being used as temporary storage by the …
"The RedDrop nasty also harvests and uploads files, photos, contacts, application data, config files and Wi-Fi information from infected kit. Both Dropbox and Google Drive are being used as temporary storage by the attackers."
That describes almost every single "Cleaner/Anti-hacking/Battery Saver" app on the Google Play store.
That infection graph seems to have at least 10 steps missing from what I can count. It's also weird all 10 are barriers that would prevent you getting this..
Go figure...
Also wondering how this breaks posting rules, unless its now forbidden to point out glaring errors that make stories appear ridiculous..
"I love the way "exfil" or "exfiltration" has become common terminology these days."
Yeah, my wife uses it ever few months when the water from the tap starts to taste funny and I have to change the filter.
The shortened version "exfil" always seems to be used American "cool kids" who don't seem to have an attention span long enough to cope with saying long words.
One of my kidiots (age 14) has somehow picked up an extraordinarily wide ranging vocabulary, primarily from playing video games and watching YouTube. At times he uses obscure words (correctly) that cause our jaws to hang open in disbelief.
Q: "Where did THAT word come from?"
A: "Video games."
"Am I missing something, is this exploiting a known vulnerability in the android OS, or is it relying on the ignrance of the user?"
I think it's a combination of all three:
The "vulnerability" is really a feature in Android, that lets you install .apk packages from 3rd party sources instead of the Google Store. This can be very useful, but also introduces the risk that said .apk packages may or may not have been tested fro malware very well or at all. It also has an additional problem in that you can either enable it or not. You can't choose to use Google Store, TrustedAppStore1 and TrustedAppStore2, and then block everything else. It's either apps from Google only or from the entire world. IMO this would somewhat heighten security for users, but is by no means a silver bullet. *
The part you're probably missing is that some people enable the above mentioned feature in order to use a different app store than the one Google provides. AFAIK this is very common practice in China, among other places.
Regdaring the user's ignorance, you have a point here. It's my impression that many people don't really know that doing this puts their phone at risk, perhaps they just inherently trust the app store they're using. But if the app store doesn't screen the submitted apps for malware before making them available, then there's really no security at all.
* (I realize the piece of malware in qustion came from the Baidu store, and my propoed approach would do nothing to stop it in this case).
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
