New Android Malware Disguised as Security AppAdded 6th Nov 2012
Google's Android mobile platform is the target of a new variant of a widely used malware capable of stealing personal information.
The latest Zeus malware masquerades as a premium security app to lure people into downloading the Trojan, Kaspersky Lab reported Monday. The fake security app, called the Android Security Suite Premium, first appeared in early June with newer versions released since then. (Learn about real, user-reviewed security apps for Android and iPhone.)
Such malware presents a threat to consumers, as well as businesses that allow employees to use their personal devices on the corporate network. A Dimensional Research survey of IT professionals found that more than 70 percent said mobile devices contributed to increased security risks and that Android introduced the greatest risk. Issued in January, the report was sponsored by firewall vendor Check Point Software Technologies.
The new Zeus malware steals incoming text messages and sends them to command-and-control servers operated by the attackers. Depending on the apps installed on the Android device, the text could include sensitive data, such as password-reset links.
"It is also important to mention that these malicious apps are able to receive commands for uninstalling themselves, stealing system information and enabling/disabling the malicious applications," Denis Maslennikov, a Kaspersky security researcher said in a blog post.
The malware installs a blue shield icon on the smartphone or tablet menu and shows a fake activation code when executed, Kaspersky said. The app uses a series of six command and control servers, one of which was linked to Zeus malware found in 2011.
"The newest variant of ZitMo demonstrates the commitment to effective mobile spyware development and distribution that cybercrime has made," Kurt Baumgartner, senior security researcher at Kaspersky Lab, said by email.
Android application infections increased dramatically in the first quarter of this year, driven by a surge in attacks on personal data, according to the E-Threat Landscape Report released in April by security vendor Bitdefender. Cyber-criminals often hide the malware in apps sold in online stores.
The Dimensional survey found that 65 percent of the 768 IT pros polled allowed personal devices to connect to corporate networks. Apple's iOS, used in the iPhone and iPad, was the most common platform, with Android coming in third behind Research in Motion's BlackBerry. Android was found in companies represented by one in five of the respondents.
A factor that increases the risk of malware such as Zeus is the lack of employee awareness. More than six in 10 of the IT pros surveyed said employee ignorance had the greatest impact on mobile security.
The types of corporate information most often found on mobile devices were e-mail and contacts. Other information cited by the respondents included customer data, network login credentials and data made available through business applications.
Zeus was first discovered in 2007 as a keystroke logger and form grabber that ran in a browser. The malware is primarily downloaded through phishing schemes or by visiting malicious Web sites. The mobile version of Zeus, called ZitMo, was first discovered a couple of years ago.
In other Android security news, Tokyo police have arrested six men accused of distributing malware through an application downloaded from a porn site, the newspaper Yomiuri Shimbun reported. When launched, the Android app would demand fees and steal the victim's personal information.
The suspects are accused of swindling more than 200 people out of $265,000. Two of the suspects were executives at separate IT companies.
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.
The company also launched New Enterprise-Class FortiWeb Appliances for Protecting Critical Web Applications in Heavily Trafficked Environments
Google launched high-altitude balloons in a test to create a wireless network that could provide Internet access to remote and underserved parts of the world.
Vodafone, in partnership with researchers from the University of Southampton, have created a pair of phone-recharging pants called the Power Pocket shorts, which comes with a small patch of thermoelectric material stitched directly into a pair of denim shorts that simply converts body heat into power.
A pair of South Carolina lawmakers has introduced legislation that would pave the way for a pilot program involving electronic license plates that could be altered remotely by the state's DMV.
Google announced via blog post a new technology-driven initiative against child pornography. The company is launching a $2 million Child Protection Technology Fund "to encourage the development of ever more effective tools" to fight online child pornography.
Many eyes in the tech world will fall on Oracle later this week, when the vendor's fourth-quarter results are set for release. This is typically the biggest reporting period for Oracle each year in terms of revenue, but a number of questions loom beyond its top-line performance.
China has regained the crown for the fastest supercomputer on the planet, according to the semiannual Top500 list, which claims that the Milky Way-2 supercomputer has doubled the performance of the previous leader, the American "Titan" supercomputer, in just six months.
Much of Rambus' past is associated with lawsuits, but the company is moving forward with dispute settlements.
In 2012, Microsoft's Rick Rashid blew an Asian audience away with a live translation of his speech into Mandarin. On Monday, Bing added some of that technology to Bing Voice Search, to cut down the processing response time of voice input into Windows Phone by half, while improving accuracy at the same time.
You know what's awesome? The Internet. What's not so great: The utter pain it is to find a fast, reliable Internet connection in so many parts of the world. With its latest moonshot, Google[x] is fighting that headache with creativity.
Prime Minister David Cameron has announced a £1 million prize for anyone who can "identify and solve the biggest problem of our time".
Here comes Dreambox, a vending machine that dispenses 3D-printed creations.
Cray is bringing integrated open source Hadoop Big Data analytics software to its supercomputing platforms.
Facebook is gearing up for a product announcement on June 20, but isn't saying what it has planned.
Tweeting has become so popular that the Oxford English Dictionary broke one of its own rules to add 'tweet' to its lexicon.