Ping to ThunderSleeps, dayglored, and Shadow Ace for their respective Ping lists.
Android Malware Alert!
Ping!
If you want on or off the Mac Ping List, Freepmail me.
Posted on 11/06/2015 9:18:05 PM PST by Swordmaker
We've seen Android malware that takes your photos and videos for ransom, and there's one that can mimic your phone's shutdown process and spy on you even though the phone appears to be off.
But a new family of malware, detailed by security firm Lookout on Wednesday, is probably the scariest we've heard of: It's so hard to remove that, in some cases, victims might be better off just buying a new device.
Lookout's researchers have found 20,000 samples of three pieces of malware, named Shedun, Shuanet, and ShiftyBug, which share a lot of the same code and use similar tactics to infect the victim's phone. Once installed — usually from a third-party app store — these apps root the victim's device, embed themselves as system-level services, and shapeshift into legitimate, popular apps, including Facebook, Candy Crush, Twitter, Snapchat, WhatsApp and others.
What makes these apps especially ominous is their relatively tame level of activity. Once they repackage a legitimate app, they leave most of its functionality intact. The idea is that, with root privileges, this malware could be used for delivering other types of adware and malware onto users' devices with root privileges, this malware could be used for delivering other types of adware and malware onto users' devices. Besides that, having a rogue piece of malware with system-level access on your phone is extremely dangerous for both your online security and privacy.
Even worse, once infected, it's very hard to remove these types of malware. "For individuals, getting infected with Shedun, Shuanet, and ShiftyBug might mean a trip to the store to buy a new phone," wrote Lookout's Michael Bentley in a blog post.
Bentley does not go into details, except to suggest that seeking out professional help to remove the malware might do the trick. In a reply to a user comment on his post, however, he does claim that a factory reset of an infected device would not remove this malware. In a discussion on Ars Technica's comment section, several users suggested one way to get rid of it would be reflashing the device's ROM chip, but most users don't have the technical prowess to do so.
Interestingly enough, even though this type of malware spreads through third-party app stores, Lookout has found the greatest number of infections in the United States and Germany (where users typically install apps from Google Play), as well as Iran, Russia, India, Jamaica, Sudan, Brazil, Mexico, and Indonesia.
If you have an Android phone, the best course of action is to avoid third-party app stores and only install apps from Google Play.
.
Ping to ThunderSleeps, dayglored, and Shadow Ace for their respective Ping lists.
If you want on or off the Mac Ping List, Freepmail me.
inside job
I like Android because the devices are so cheap... like my nice 20 dollar smart phone. (a pre-paid burner that I never registered and just use as a dirt-cheap mini tablet)
But the security is crap... Apple is far out ahead in both price and security IMO.
If you want security and can afford the $$$ then get an iPhone.
I don’t want to jinx myself but I have been using Android devices for many years and have never had a virus or malware problem. I have rooted every one of them and use apps from 3rd party developers. I generally do not use resident anti-virus software on my phones and tablets because of their limited processor power and memory. I do run scans after I update apps.
The first thing I do when I get an Android device is root it and then do a complete backup. The next thing I do is remove all of the bloatware that I do not use. I do not allow apps to auto-update and generally do not install a bunch of crapware especially from sources that I do not trust.
I also assume that personal information is fairly easy to steal from an Android device especially if the device itself is stolen. So I try not to leave confidential information and data on the devices. I have read these types of breathless warnings on many occasions and although I take them seriously... so far it has never turned out to be anything serious that has affected me in any way.
In a digital age one should never assume that their devices cannot be exploited for malevolent purposes. Those who are most vulnerable are the ones who feel like they are somehow not vulnerable. I would not be shocked if I had some type of difficulty in the future. I also would not be shocked if a foreign entity has hacked Hillary’s iPhone or iPad.
I believe it’s a good practice to ‘wipe’ your p;hone once per week. Only takes a few minutes to do mine. This may not get rid of it if it has copied itself to an SD Card, or do a full backup before the wipe.(you’d possibly just backup the malware)
Security with *most* Android devices is terrible. The code is a mess. A great piece of advice from the article is to only use Apps directly released by Google. Even then, one must carefully examine the privileges/features/areas of the phone Apps are requesting access to.
Wipe? Like with a cloth?
.....And WD-40, of course.
;^)
You can pick up a Windows Phone for just as cheap. Less apps, but a much faster (= better battery life) OS and none of these hideous security holes.
BUMP> For later more intense reading.
Thanks to Swordmaker for the ping!!
Good advice.
Totally worthless wastes of skin ruining other people’s lives.
PING!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.