New SMS Trojan “zsone” covertly sends premium SMS from Android phones to China

Taiwanese security firm, AegisLab has found that Android apps published by “zsone” were embedded with malicious code segments. The apps, which include iBook, iCartoon, iGuide, iCalendar, LoveBaby and Sea Ball, are embedded with malicious code that covertly sends text messages to three different premium-rate numbers without their knowledge or approval.

At least 11 Android apps contain malware that is rigged to automatically send text messages from your Google Android smartphone to phone numbers in China.

Currently the malicious behavior observed by Aegis only works in China, therefore if your location is in China, it is advisable to check your system and see if any zsone’s apps appear on your device.

Below is the list Aegis found that are published by zsone and are suspicious (iSMS/iLife are not included,  still investigating):

iBook

iCartoon

LoveBaby

3D Cube horror terrible

Sea Ball

iCalendar

iMatch 对对碰

Shake Break

ShakeBanger

iMine

iGuide

Recently Juniper Networks released a report that indicated Android based malware are on a sprawl with a 400% increase in just 6 months.  While Google controls the ‘kill switch’ to remotely wipe any malicious apps that are found on Android phones, it still doesn’t have a mechanism like Apple’s Appstore to scrutinize them for malicious code before they land on the Android Marketplace. In order to restrict the sprawl of such malicious apps, Google needs to take measure to prevent them from being published on the Android Marketplace instead of using the kill switch every time a problem is identified.

Android malware grow 400% in six months

Android OS has shaken up the mobile market in many ways. The Google’s ‘open source’ platform has already overtaken Apple in terms of both mobile market share and in terms of the number of apps in their appstore. However, all is not well with Android. With growing popularity, Android is also becoming a target for malware writers and cyber criminals. According to Juniper Networks’ latest released, samples of malware strains targeting devices running the Android operating system increased 400% between June of 2010 and January of 2011.

“These findings reflect a perfect storm of users who are either uneducated on or disinterested in security, downloading readily available applications from unknown and unvetted sources in the complete absence of mobile device security solutions,” said Dan Hoffman, chief mobile security evangelist at Juniper Networks.

“Mobile malware attacks and other exploits are no longer just theoretical occurrences discussed by security researchers and vendors keen on cashing in on a projected market. The threats to mobile devices are real — and reach far beyond simple viruses to include malware, loss and theft, data communication interception, exploitation and misconduct, and direct attacks. This report details specific attack vectors on mobile devices over the past year, defines new and emerging mobile threats expected in 2011, and gives mobile users practical advice to protect themselves from malicious attacks,” the report abstract states.

The report notes that there needs to be an increase in diligence by those who approve applications for distribution in the marketplace, as well as more proactive security efforts on the part of consumers.

Other key findings in the Juniper report include:

App store anxiety: The single greatest distribution point for mobile malware is application download, yet the vast majority of smartphone users are not employing an antivirus solution on their mobile device to scan for malware.

Wi-Fi worries: Mobile devices are increasingly susceptible to Wi-Fi attacks, including applications that enable an attacker to easily log into victim email and social networking applications.

The text threat: 17 percent of all reported infections were due to SMS trojans that sent SMS messages to premium rate numbers, often at irretrievable cost to the user or enterprise.

Device loss and theft: 1 in 20 Juniper customer devices were lost or stolen, requiring locate, lock or wipe commands to be issued.

Risky teen behavior: 20 percent of all teens admit sending inappropriate or explicit material from a mobile device.

“Droid Distress”: The number of Android malware attacks increased 400 percent since Summer 2010.

“App store processes of reactively removing applications identified as malicious after they have been installed by thousands of users is insufficient as a means to control malware proliferation. There are specifics steps users must take to mitigate mobile attacks. Both enterprises and consumers alike need to be aware of the growing risks associated with the convenience of having the Internet in the palm of your hand,” Hoffman added.

New software creates privacy mode for Android phones

Researchers at North Carolina State University have developed software that helps Android smartphone users prevent their personal information from being stolen by hackers.

“There are a lot of concerns about potential leaks of personal information from smartphones,” says Dr. Xuxian Jiang, an assistant professor of computer science at NC State and co-author of a paper describing the research. “We have developed software that creates a privacy mode for Android systems, giving users flexible control over what personal information is available to various applications.” The privacy software is called Taming Information-Stealing Smartphone Applications (TISSA).

TISSA works by creating a privacy setting manager that allows users to customize the level of information each smartphone application can access. Those settings can be adjusted any time that the relevant applications are being run – not just when the applications are installed.

The TISSA prototype includes four possible privacy settings for each application. These settings are Trusted, Anonymized, Bogus and Empty. If an application is listed as Trusted, TISSA does not impose additional information access restrictions. If the user selects Anonymized, TISSA provides the application with generalized information that allows the application to run, without providing access to detailed personal information. The Bogus setting provides an application with fake results when it requests personal information. The Empty setting responds to information requests by saying the relevant information does not exist or is unavailable.

Jiang says TISSA could be easily modified to incorporate additional settings that would allow more fine-grained control of access to personal information. “These settings may be further specialized for different types of information, such as your contact list or your location,” Jiang says. “The settings can also be specialized for different applications.”

For example, a user may install a weather application that requires location data in order to provide the user with the local weather forecast. Rather than telling the application exactly where the user is, TISSA could be programmed to give the application generalized location data – such as a random location within a 10-mile radius of the user. This would allow the weather application to provide the local weather forecast information, but would ensure that the application couldn’t be used to track the user’s movements.

The researchers are currently exploring how to make this software available to Android users. “The software modification is relatively minor,” Jiang says, “and could be incorporated through an over-the-air update.”

The paper, “Taming Information-Stealing Smartphone Applications (on Android),” was co-authored by Jiang; Yajin Zhou, a Ph.D. student at NC State; Dr. Vincent Freeh, an associate professor of computer science at NC State; and Dr. Xinwen Zhang of Huawei America Research Center. The paper will be presented in June at the 4th International Conference on Trust and Trustworthy Computing, in Pittsburgh, Pa. The research was supported by the National Science Foundation and NC State’s Secure Open Systems Initiative, which receives funding from the U.S. Army Research Office.

Android, Anonymous Hacktivist Group Feature in the Most Serious Issues of Q1 2011

>

According to a PandaLabs Quarterly Report of 2011, the first three months of 2011 witnessed some particularly intense virus activity and there have been three serious incidents during this period: the largest single attack against Android cell phones, intensive use of Facebook to distribute malware, and an attack by the Anonymous hacktivist group against the HBGary Federal security firm.

At the beginning of March, the report cited, the largest ever attack on Android to date. This assault was launched from malicious applications on Android Market, the official app store for the operating system. In just four days these applications, which installed a Trojan, had racked up over 50,000 downloads. The Trojan in this case was highly sophisticated, not only stealing personal information from cell phones, but also downloading and installing other apps without the user’s knowledge. Google managed to rid its store of all malicious apps, and some days later removed them from users’ phones.

Turning to Facebook, George S. Bronk, a 23-year-old from California, pleaded guilty to hacking email accounts and blackmail, and now faces up to six years in prison. Using information available on Facebook, he managed to gain access to victims’ email accounts. Having hijacked the account, he would search for personal information he could then use to blackmail the victim. It would seem that anyone could become a victim of these types of attacks, as even Mark Zuckerberg, creator of Facebook– had his Facebook fan page hacked, displaying a message that began “Let the hacking begin”.

Meanwhile, the Anonymous cyber-activist group responsible for launching an attack in 2010 against SGAE (the Spanish copyright protection agency), among other targets, is still making the headlines. The latest incident was triggered when the CEO of US security firm HBGary Federal, Aaron Barr, claimed to have details of the Anonymous ringleaders. The group took umbrage and decided to hack the company’s Web page and Twitter account, stealing thousands of emails which were then distributed on The Pirate Bay.
As if that were not enough, the content of some of these mails has been highly embarrassing for the company, bringing to light certain unethical practices (such as the proposal to develop a rootkit) and forcing Aaron Barr to stand down as CEO.

So far in 2011, there has been a new surge in the number of IT threats in circulation: in the first three months of the year, there was a daily average of 73,000 new samples of malware, the majority of which were Trojans. This means that hackers have created 26 percent more new threats in the first months of 2011 than in the corresponding period of the previous year.

Once again, over this quarter Trojans have accounted for most new threats, some 70 percent of all new malware created. Yet there is a logic to this, as these types of threats are favoured by organized criminals for stealing bank details with which to perpetrate fraud or steal directly from victims’ accounts.

In the ranking of the countries with most infections, drawn up from data generated by the Panda ActiveScan online antivirus, China, Thailand and Taiwan continue to occupy the first three places, with infection ratios of almost 70 percent. The last three places in the Top 20 ranking are occupied by Ireland, Peru and Ecuador.