Android malware spreads via Facebook app
Summary: Facebook app used to circumvent Google's 'Bouncer' Android Market scanner.
Updated 2/27/12: It seems it didn't take the bad guys long to find a way around Google's 'Bouncer' security scanner for the Android Market. Rather than uploading malware to the Android Market, security firm Sophos has discovered new malware that spreads via the Facebook app.
Security researcher Vanja Svajcer explains how it works:
A few days ago I received a Facebook friend request and, as is usual, used my Android smartphone to check out the details of the person before I decided whether I wanted to become "friends" or not.
As the following video demonstrates, a link on the user's Facebook profile redirected my browser to a webpage that downloaded malware automatically onto my Android phone.
The malware package is called any_name.apk and is yet another dialer that calls premium rate numbers without the handset owner's consent. This is a popular trick used by those writing malware for mobile devices because it's an easy way to siphon money from the victim to the bad guys.
Image credit: Sophos
Sophos detect the rogue application as Andr/Opfake-C.
Updated editor's note: Although the download is initiated automatically, a Google spokesperson noted that the malware app will not be installed unless the user initiates that install action.
Related:
- Google's Android Market 'Bouncer' - Does it offer enough protection?
- Android malware uses server-side polymorphism to evade detection
- Android malware makes use of steganography
- Millions caught up in Android botnet
- How ads undermine Android security
- Six Android issues that Google doesn’t want to address
- Android bloatware results in serious security flaws
- Are security firms that warn of Android malware ‘charlatans and scammers’?
- Android Trojan records conversations, can send them to bad guys
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
OMG
This is a typical ZDNet dramatization of how "dangerous" Android is. There are several factors that would have to line up for this scenario to play out properly...
1. The user would have to click on a link from someone they don't know
2. The user would then have to manually click on the downloaded apk to initiate the install
3. In order for #2 to happen, the user would have to manually enable apps from unknown sources in the system settings if they hadn't already
4. Only then would this app be able to do anything
By the time someone got to step 4, they'd have to be a severely oblivious user to get that far.
Facbebook is not to blame here as the headline suggests... it just happened to be the source of the link that started this bogus nonsense.
On top of this...
Now, amazon is the cog here, if you want their app store and all of the free apps, you have to enable unknown sources.
Even still, the fact that the user has to load this and it doesn't really infect Android on its own, tells me this has very little to do with Google or Android.
"... use common sense!"
common sense...
Afterclicking on the user's profile, you get redirected to a site and it begins downloading the app automatically; YOU still need to give the app permission to install. If you were merely going to check someone's profile on facebook, why would you need to install an app - common sense would say you wouldn't. Click no to the install, and magically the threat has been averted. Amazing!
Average users...
Sophos conveniently glossed over a couple points
First, lets clarify that the file is downloaded - NOT installed. Until installed, the file does nothing. By default, Android phones are set to not install applications downloaded from anywhere other than the market. So, to install the download, the user would have needed to previously checked "allow installation of non-market applications".
Next, to install the Android system presents you with a list of permissions that the application requires and asks for the user if the accept and if it's okay to install.
So yes, the link does download malware by just clicking the link. But, the malware is not installed and ran without user interaction. But, pointing out those pesky little facts doesn't drive clicks to Sophos and ZDnet ... best to imply that just clicking a link is a threat on Android in order to drive page views.
I see your point
Re..
If you accept a 'side-load' of any App, 'Go with God'
What is with you lately?
Will you please put forth the effort to research a story fairly?
Instead, you shoot from the hip.
Larry Dignan
Fire AKH
Hire Me
Why?
I'VE GOT IT! Instead of firing AKH fire SJVN and hire YOU to replace SJVN!
Keep SJVN, fire AKH, Hire DTS?
A Guinness for athynz. :/
Nah
I just thought of something funny
because android is opensource
That really makes a difference ,so android devices are more vulnerable to security threats.I hope google looks into this,and probably find out some way to prevent it as it has long way to go.
r tripathi
www.MobiTily.com
Same reason Android is not allowed in our Corporate Setting
re..
re: because android is opensource
The big difference between iOS and Android is that Apple's App Store is closed while Android is, or can be, more open. Malware-laden apps still get placed into Google's Android Market and users can modify Android's default setting, allowing them to install apps from anywhere. And even with Apple's App Store being closed, the iOS app developers have been able to snatch contact information from their users. Isn't an app that steals one's contact information without permission malware?
Oh, and social engineering is OS independent too.