Posts tagged with: malware
  • by |

    Another Def Con convention down and developers have people talking about this year's Stagefright. Security company Check Point is publicizing four major Android vulnerabilities that it is dubbing as a package, "Quadrooter," found in Qualcomm-made chipsets. Snapdragons are estimated to be on about 900 million Android handsets from the Nexus devices to Samsung, HTC to LG, BlackBerry to Blackphone. Any malware presents itself as an app that the user may install, but for the malware to target these four vulnerabilities, it does not have to request for any special permissions. Access through ...

    Share
    Read On
  • by |

    We have to ask how you'll fare this weekend, the first full weekend of availability for Niantic Labs' Pokémon Go! Prepared for long days walking from one side of the city to the other? Or are you memeing it up, pointing and laughing at the people who end up crossing town to catch that Flareon? Maybe you're just sticking your fingers in your ears at this point. Whatever the case, if you even have the slightest interest in downloading Pokémon Go, make sure you get the .APK from a safe place, especially if your country hasn't seen the release yet. Yep, we're talking about you sideloaders ...

    Share
    Read On
  • by |

    The microblogging platform is working on damage control after a massive credential leak left about 33 million Twitter accounts' user information out in the open. Michael Coates, Trust & Information Security Officer, stated in a blog post that the company is "confident the information was not obtained from a hack of Twitter's servers." Coates theorizes that the credentials could've been obtained from an amalgamation of data from past breaches of other sites and/or malware that reads browser-stored passwords. The company took action: In each of the recent password disclosures, we ...

    Share
    Read On
  • by |

    Another day, another big passwords leak. LeakedSource, a site that provides users access to possibly compromised records, has received 32,888,300 Twitter account credentials from someone going by "Tessa88@exploit.im". In a sample of 15 users, all of them affirmed that the passwords revealed related to their accounts were theirs. The crack likely didn't occur on Twitter's side, but with malware on the user side that read off passwords saved to browsers — Chrome and Firefox, mainly. Tied email accounts most affected had domains with Mail.ru, Yahoo, Hotmail, Gmail and Yandex. The most ...

    Share
    Read On
  • by |

    There's only so much you can do to help smartphone users keep their devices secure. You can tell them to keep their apps up to date, or not to download software from unknown sources. You can even teach them how to spot when someone's trying to trick them into installing they shouldn't be. But despite all those efforts, sometimes malware still manages to get a foot in the door, and that's just what's happening with a new ransomware attack. Let's get one thing out of the way early: this attack only works on Android 4.x devices, so if you're running a modern platform release, you're in good ...

    Share
    Read On
  • by |

    For many Android users, 2015 will go down in history as a sad year for the platform’s vulnerability protection, due mostly to a collection of mischievous software bugs known as Stagefright. But that’s all behind us now, and at least according to Google’s second Android security annual report, the remote code execution and privilege escalation troubles may have made the ecosystem stronger than before. Of course, there’s no mention of Stagefright in this latest “overview of new security protections introduced in 2015”, but it can’t be a coincidence the probability of an ...

    Share
    Read On
  • by |

    It gives wibbly weather reports even those at the Met Office in London would tsk at. And it bothers users every so often with battery consumption notices, just like many a Chinese Android phone. You can probably tell that we are editorially not in favor of LG's Smart Notice widget, found on its major Android flagships from the past several years. But on the LG G3, the widget was more than just unfavorable: according to two security firms, Smart Notice lacked a security check feature when passing on new contact notifications to the user. Malicious types would be able to insert code that ...

    Share
    Read On
  • by |

    Chrome is the web browser at the center of Google's empire - both on desktops as well as mobile devices. In addition to being just a standalone app (which may or may not be preloaded on your smartphone), the Chrome engine also drives the component that displays web content inside apps. As you might expect, a vulnerability in that engine could cause significant problems for the device running it. Such is the case with a particularly troublesome Android Google Chrome exploit. During the recent PacSec conference in Tokyo, Qihoo 360 developer Guang Gong showed off a vulnerability which takes ...

    Share
    Read On
  • by |

    Is 2015 destined to go down in history as the year we all started developing a healthy sense of fear about the state of smartphone security? Exploits like Stagefright have exposed an unprecedented number of handsets to possible attack, and every time the powers that be patch one vulnerability, it feels like we're hearing about a new one popping up. The latest to come to our attention threatens to compromise any Android device running recent versions of Chrome, gaining full control of the platform when the user visits a malicious website. The attack was demonstrated earlier this week at the ...

    Share
    Read On
  • by |

    We're always protecting our devices and the content inside them from the big, bad wolves. It's government, it's hackers and it's all annoying. But while the Stagefright exploits are taking the spotlight at the moment, it's important to remember that there are plenty of other worries out there, waiting to be picked up on. Lookout Security picked up on three worries within Android that have altogether affected over 20,000 applications. They are trojans that have been found in ten countries including the United States, Germany, India, Brazil and Mexico. Shuanet, Kemoge (christened ...

    Share
    Read On
  • by |

    We first heard of the XcodeGhost malware back in September as reports identified hundreds of iOS apps built with unauthorized copies of Apple’s Xcode IDE that managed to introduce some sneaky, unwanted code. Infected apps had the potential to seriously compromise system security, so Apple was understandably quick to remove offenders from the App Store. Now, over a month later, is XcodeGhost finally something Apple can put behind it? Maybe not, warn security researchers, as signs of XcodeGhost infections persist, and new iOS-9-optimized variants are uncovered. While Apple might have ...

    Share
    Read On
  • by |

    There's a short list of advice any smartphone user should heed if he or she wants to keep their device as safe as possible from nasty mobile malware, and right up there at the top is “get your apps from trustworthy sources.” While Android users have the freedom to turn to the distributor of their choice, making that decision very important, things are much more straightforward at iOS (jailbreakers notwithstanding), and for Apple users there's hardly even a question here: you get your apps from Apple's App Store. As such, users have to place a lot of faith in Apple that it's keeping the ...

    Share
    Read On
  • by |

    Phone unlocking, to be clear, is legal in the United States if the phone in question is out of a service contract. Even though some companies have a hard time of coping with this reality, it's codefied law of the land here. But what AT&T accuses three former employees, one owner of an unlocked phone resale company and 50 unnamed people of doing definitely raises some eyebrows. In the case filed in Seattle US District Court, the ex-AT&T staff allegedly installed malware onto a Seattle-area's AT&T store's computers that was able to compromise the carrier's proprietary customer ...

    Share
    Read On
  • by |

    For the past couple years now, Apple's allowed iOS and OS X devices to easily share files with other units in their proximity, thanks to the company's AirDrop protocol. Unfortunately, users who have AirDrop enabled may have inadvertently put their systems at risk, as news of a new exploit arrives – one capable of bypassing normal system protections and allowing for the installation of possibly malicious apps. The hack is triggered when an attacker sends an AirDrop payload to the target device – much like the recent Android Stagefright exploit and MMS, there's no direct user interaction ...

    Share
    Read On
  • by |

    None of us "like" out-of-date things. Updates to apps and operating systems bring us new features, improved functionality, better user interfaces, and (most importantly) bug fixes. We all hate bugs, but bugs vary in severity from mildly frustrating to zero-day security holes that can be exploited to do all kinds of nasty stuff. Depending on their type and scope, patches and updates aren't things that arrive on our smartphones and tablets all that easily. Each bringing its own set of challenges and frustrations. Apps Applications get updated with whatever frequency their developers deem ...

    Share
    Read On
  • by |

    You've read the headlines and heard the rhetoric: 97% of mobile malware is on Android, Android malware threat rears its head again, Android malware spies on you even after phone is shut down, and more. Based on those headlines, you'd think that Android is a cesspool of filth and simply having a phone powered by the OS opens you to a host of problems - problems that might be solved by switching to another platform from another company. Unfortunately, the headlines are fantastical, and the "problem" with Android malware doesn't really exist - and never has. "But Joe, Google says it just cut ...

    Share
    Read On
  • by |

    A while back, Jesper Jensen from Denmark wrote in to the Pocketnow Weekly Podcast with a question about antivirus software for Android, specifically, whether or not he needs it on his new Xperia Z3 Compact. I have just received my Sony Xperia Z3 Compact and I am infatuated with this little beauty. Coming from a Nokia Lumia 620 it is quite a leap ahead, though I do find I miss a few things about Windows phone. One of the things I didn't miss about Android is the ... more or less useful (apps that come pre-installed from Sony, such as) AVG antivirus. Under normal circumstances I would ...

    Share
    Read On
  • by |

    Malware issues and Android have been a mix of repeated controversy over the last couple of years. We do know of the existence of malware for Android, and we do know of the security risks involved, but it's hard to remember the last time we've ever heard of a virus attack that's rendered Android smartphones useless, or at risk. Malware on mobile devices is surely possible, but sadly not as popular as it was a decade ago on Windows computers, and still, new reports emerge today of a new risk to Android. A new "Fake ID" exploit reportedly allows fake applications or services to poise as ...

    Share
    Read On
  • by |

    Heartbleed may be dominating the headlines when it comes to security topics lately, and while that one does pose some specific risks for smartphone users, it's far from alone among all the vulnerabilities out there. Today we hear about Google's efforts to address one that's new to us, an oversight in how Android manages permissions that could set the stage for malicious software to orchestrate a phishing attack. The problem stems from a pair of unprotected permissions tied to the Android launcher's configuration settings. Since they're classified at the low-risk “normal” permission ...

    Share
    Read On
  • by |

    Back at the tail end of February we heard about an improvement Google was working on to the way Android helps protect users against malicious software, building off the existing Verify Apps framework that evaluated apps at the time of installation to introduce a system that continually monitored apps to check for ne'er-do-wells, even after the software was already loaded on your phone. Today Google confirms that report and announces the introduction of this newly enhanced scanning service. While this is largely a better-safe-than-sorry measure, and most users who get their apps from ...

    Share
    Read On
  • by |

    Thanks to last month's big Facebook acquisition, WhatsApp has been attracting a lot of attention lately. While that should only help grow its already impressively large 450-million-person-strong user base, that extra attention also means that more people are placing the app under a critical light. Today we learn of a potential security vulnerability in how WhatsApp saves logs of your conversations; what exactly is the problem here, and is it one you need to be concerned about? WhatsApp uses your phone's SD card for storage (whether physical or a virtual part of the internal file system), ...

    Share
    Read On
  • by |

    Malware can do a lot of scary things: your money, your documents, even your identity can be taken from you. But on Android smartphones the threat posed by malicious apps has largely seemed manageable, so long as users take certain precautions, like not sideloading apps without trusting the devs behind them, and sticking to mainstream app stores. But now we're hearing about a troubling new wrinkle in the war on malware, with reports suggesting that some phones are being sold with such nasty apps present; is there cause for concern? Here's what's going on: a security firm got some complaints ...

    Share
    Read On
  • by |

    Android malware exists – there's no sugar-coating that – but for the majority of users, it's a remote threat at best. So long as you're installing apps from trusted sources and keeping on top of any security updates that come your way, you're in great shape. But just because Android security is already decent doesn't mean it can't get even better. A new update going out in the next few weeks will help do just that, making an important change to Google's “Verify Apps” feature. Right now, Verify Apps does a quick check of apps when you install them. It scans them – even sideloaded ...

    Share
    Read On
  • by |

    Malware – whether we're talking trojans, viruses, worms, or the old logic bomb – tends to be very platform-specific. By its nature, that makes a lot of sense; the exploits that allow malware to plant its roots in a system are themselves often intimately tied to the OS, and the need for this code to run and spread virtually unassisted means it can't get too bogged down by planning to infect every possible system it comes across – it needs to do one thing, and do it well. So smartphone malware, by and large, tends to stay just on smartphones. Last year, though, there was at least one ...

    Share
    Read On
  • by |

    When a developer is writing code, the presumption is that he or she is attempting to do so while avoiding the creation of unwanted security vulnerabilities. And then we have review and testing to help catch any holes that may have slipped through. Still, it's not a perfect process, and some of those vulnerabilities make their way to released software. Eventually, the bugs might be spotted, either by white hats looking to keep things secure, or hackers looking for something new to exploit. Google isn't content to just sit back and let all that happen on its own, and has been getting ...

    Share
    Read On
Mobile Version