• Welcome to Peterborough Linux User Group (Canada) Forum.
 

Android cellphone malware - 2 new threats

Started by ssfc72, February 15, 2018, 06:17:23 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

ssfc72

2 articles on some new Android threats.  For me, the articles don't seem to explain the threats in enough detail.  It is unclear to me, how a person actually falls victim to the malware.
I believe there is a mention that most of these threats are picked up through Android apps, that are not in the Google Play Store and the apps are usually game apps, screensaver apps, etc.

1. AndroRat only affects Android phones with older versions of Android. The problem is most older phones are not supported by their manufacturers, with updated security patches.
http://www.zdnet.com/article/androrat-new-android-malware-strain-can-hijack-older-phones/

2. Malwarebytes is reporting malware that redirects Android phones that redirect a phone browser to cryptomining sites, that max out the phones cpu.
http://bgr.com/2018/02/13/android-malware-mining-cryptocurrency-monero-xmr/
Mint 20.3 on a Dell 14" Inspiron notebook, HP Pavilion X360, 11" k120ca notebook (Linux Lubuntu), Dell 13" XPS notebook computer (MXLinux)
Cellphone Samsung A50, Koodo pre paid service

Jason

It mentions in the article that they think it's through ads appearing in legit Android apps and spear phishing attacks through email to get people to install them. That seems like some good guesses. I think nowadays every Android user should use a anti-virus/anti-malware app, just in case.
* Zorin OS 17.1 Core and Windows 11 Pro on a Dell Precision 3630 Tower with an
i5-8600 3.1 GHz 6-core processor, dual 22" displays, 16 GB of RAM, 512 GB Nvme and a Geforce 1060 6 GB card
* Motorola Edge (2022) phone with Android 13

cod3poet

Then we all fall victim to the same scourge of the late 2000's being the fake AV software that is near impossible to remove. And the fact that AV "software" needs all the permissions under the sun to perform these scans on your phone.

Just like any system connected to the great wide internet caution care and research will keep a phone clean and running optimally.

Granted I take advantage of the knowledge of how to root and install custom ROMS on my phones to be sure that I have full control and do not have to rely on the carrier for security updates but then again the data that passes through my device would make any paranoid user quiver.
Arch, Windows, Ubuntu, MacOS. In that order. (Definitely 04/2023)
Ryzen9 5950x/128gb/2tbNVME/8TB(Current)Win11
8th gen i7/32gb/1tbNVME(Current)Arch
Macbook Pro 16/2021 m1/32gb(Current)Work
Comptia CNSP / Azure Devops Eng Expert / VMware Certified/ Sec Automation Engineer / Senior SRE

Jason

Quote from: cod3poet on February 15, 2018, 10:32:58 AM
Then we all fall victim to the same scourge of the late 2000's being the fake AV software that is near impossible to remove. And the fact that AV "software" needs all the permissions under the sun to perform these scans on your phone.

Well, obviously, you don't install just any antivirus, you find one you trust. I have no problem with giving legitimate apps the permissions they need to their jobs. The major antivirus vendors for the desktop all have android equivalents. Granted it's not as big a problem as with Windows but unfortunately most of the control malware was meant to attack Java exploits, same as Android apps are written in, so it's child's play for black hats to attack systems. That, and there have been a disturbing number of malware apps found in Google Play.


QuoteJust like any system connected to the great wide internet caution care and research will keep a phone clean and running optimally.

Most users do neither. For most of us, maybe that's an acceptable recommendation, but even then it's possible for one of us to tap (even accidentally) on the wrong ad and then shit hits the fan.
* Zorin OS 17.1 Core and Windows 11 Pro on a Dell Precision 3630 Tower with an
i5-8600 3.1 GHz 6-core processor, dual 22" displays, 16 GB of RAM, 512 GB Nvme and a Geforce 1060 6 GB card
* Motorola Edge (2022) phone with Android 13

ssfc72

Here is an article that points out, that if you are careful about how you use your Android phone, then getting malware on your phone, is not very likely.
www.extremetech.com/mobile/263944-android-security-scares
Mint 20.3 on a Dell 14" Inspiron notebook, HP Pavilion X360, 11" k120ca notebook (Linux Lubuntu), Dell 13" XPS notebook computer (MXLinux)
Cellphone Samsung A50, Koodo pre paid service

Jason

Yeah, it's not likely if you're really careful. But as I said, most people aren't careful. I don't mean us LUG guys - we're pretty careful.

An AV is just that extra level of protection although I wasn't aware of Play Protect and how it works. That may be enough. Still, I use AVG Antivirus on my phone. Call me super paranoid :-) I just have the free version though and so far I haven't noticed it consuming very many resources. Maybe it doesn't actually do anything :D Just kidding. It does have a some cool features if you have the Pro version like taking the picture of the first person to try to access your phone and fail and tracking when it's stolen and some cleanup utilities. Your mileage may vary.

But as the article says, there's no reason to panic every time we hear about new malware apps.
* Zorin OS 17.1 Core and Windows 11 Pro on a Dell Precision 3630 Tower with an
i5-8600 3.1 GHz 6-core processor, dual 22" displays, 16 GB of RAM, 512 GB Nvme and a Geforce 1060 6 GB card
* Motorola Edge (2022) phone with Android 13