Peterborough Linux User Group (Canada) Forum

Linux & Android => Security and Privacy => Topic started by: ssfc72 on February 15, 2018, 06:17:23 AM

Title: Android cellphone malware - 2 new threats
Post by: ssfc72 on February 15, 2018, 06:17:23 AM
2 articles on some new Android threats.  For me, the articles don't seem to explain the threats in enough detail.  It is unclear to me, how a person actually falls victim to the malware.
I believe there is a mention that most of these threats are picked up through Android apps, that are not in the Google Play Store and the apps are usually game apps, screensaver apps, etc.

1. AndroRat only affects Android phones with older versions of Android. The problem is most older phones are not supported by their manufacturers, with updated security patches.
http://www.zdnet.com/article/androrat-new-android-malware-strain-can-hijack-older-phones/

2. Malwarebytes is reporting malware that redirects Android phones that redirect a phone browser to cryptomining sites, that max out the phones cpu.
http://bgr.com/2018/02/13/android-malware-mining-cryptocurrency-monero-xmr/
Title: Re: Android cellphone malware - 2 new threats
Post by: Jason on February 15, 2018, 10:25:27 AM
It mentions in the article that they think it's through ads appearing in legit Android apps and spear phishing attacks through email to get people to install them. That seems like some good guesses. I think nowadays every Android user should use a anti-virus/anti-malware app, just in case.
Title: Re: Android cellphone malware - 2 new threats
Post by: cod3poet on February 15, 2018, 10:32:58 AM
Then we all fall victim to the same scourge of the late 2000's being the fake AV software that is near impossible to remove. And the fact that AV "software" needs all the permissions under the sun to perform these scans on your phone.

Just like any system connected to the great wide internet caution care and research will keep a phone clean and running optimally.

Granted I take advantage of the knowledge of how to root and install custom ROMS on my phones to be sure that I have full control and do not have to rely on the carrier for security updates but then again the data that passes through my device would make any paranoid user quiver.
Title: Re: Android cellphone malware - 2 new threats
Post by: Jason on February 15, 2018, 10:42:32 AM
Quote from: cod3poet on February 15, 2018, 10:32:58 AM
Then we all fall victim to the same scourge of the late 2000's being the fake AV software that is near impossible to remove. And the fact that AV "software" needs all the permissions under the sun to perform these scans on your phone.

Well, obviously, you don't install just any antivirus, you find one you trust. I have no problem with giving legitimate apps the permissions they need to their jobs. The major antivirus vendors for the desktop all have android equivalents. Granted it's not as big a problem as with Windows but unfortunately most of the control malware was meant to attack Java exploits, same as Android apps are written in, so it's child's play for black hats to attack systems. That, and there have been a disturbing number of malware apps found in Google Play.


QuoteJust like any system connected to the great wide internet caution care and research will keep a phone clean and running optimally.

Most users do neither. For most of us, maybe that's an acceptable recommendation, but even then it's possible for one of us to tap (even accidentally) on the wrong ad and then shit hits the fan.
Title: Re: Android cellphone malware - 2 new threats
Post by: ssfc72 on February 16, 2018, 08:39:54 AM
Here is an article that points out, that if you are careful about how you use your Android phone, then getting malware on your phone, is not very likely.
www.extremetech.com/mobile/263944-android-security-scares
Title: Re: Android cellphone malware - 2 new threats
Post by: Jason on February 16, 2018, 11:36:57 AM
Yeah, it's not likely if you're really careful. But as I said, most people aren't careful. I don't mean us LUG guys - we're pretty careful.

An AV is just that extra level of protection although I wasn't aware of Play Protect and how it works. That may be enough. Still, I use AVG Antivirus on my phone. Call me super paranoid :-) I just have the free version though and so far I haven't noticed it consuming very many resources. Maybe it doesn't actually do anything :D Just kidding. It does have a some cool features if you have the Pro version like taking the picture of the first person to try to access your phone and fail and tracking when it's stolen and some cleanup utilities. Your mileage may vary.

But as the article says, there's no reason to panic every time we hear about new malware apps.