08-10-2010, 09:07 AM

MacDailyNews

Quote:

"The Trojan virus, named Trojan-SMS.AndroidOS.FakePlayer.a, is distributed through a message sent to users prompting them to install a 13 kilobyte (KB) 'harmless' media player application," Hutchinson reports.

"Once installed, the Trojan virus sends SMS messages to premium rate numbers without notifying the user," Hutchinson reports.

08-10-2010, 01:29 PM

Haha, now we're finally starting to see viruses on phones. Man how far technology has come. I guess I should watch out for this since I have an Android phone. However, I'm not an idiot and don't install stuff that I don't research first.

08-10-2010, 01:35 PM

Not the first, just the most publicized to date. There have been a number of trojan-style apps on Android now. I don't see that trend abating anytime soon.

08-10-2010, 01:37 PM

True, this one sounds like it would be a pain though. Think if you didn't notice all these SMS messages being sent out until your bill comes. Wow would that suck.

08-10-2010, 02:33 PM

Trojan infects Android smartphones; iPhone unaffected
MacDailyNews - Trojan infects Android smartphones; iPhone unaffected

And here is a nice comment on the page that sums it up quite well. Is full of sarcasm though.

Quote:

I see you're using Microsoft Logic(TM).



iOS has a PDF exploit, yet nobody has succeeding in doing anything malicious with it. Right now, it's only got the theoretical potential to be dangerous. It's also going to be patched soon, likely nipping the problem in the bud.



Android has a trojan that will ****ing steal your money. Not in theory. For real. It doesn't just have the protential to be dangerous, it IS dangerous. For real. It's out there doing actual damage to actual people as we speak.



The loser in this equation?



iOS. Why? 



Because the hypothetical possibility that malware might appear sometime in the future if certain condition are met is always waaaaaaaaaaaay worse than having actual malware infecting devices right now in the present. That's why Android somehow wins the security contest even though it's the one under attack by cyber-thieves and iOS isn't.



So you see, the platform with real malware infecting it is always safer than the platform that could maybe theoretically be infected by malware if if the planets lined up right, someday. Now stay in your pen, sheep... Stick with Windows! Err... I mean, stick with Android!



Incidentally, amusing headline on the MacWorld UK sidebar. 

"South Korean police raid Google's office over Street View"

I'm alittle confused though, because Google "does no evil"... Hah hah, it must be some kind of funny mistake! Those Koreans are so wacky.

08-10-2010, 02:44 PM

Move this here please.

http://www.mac-forums.com/forums/any...dailynews.html

08-10-2010, 07:32 PM

I guess that open source that Android is always bragging about is totally open to all the vermin out there.

08-10-2010, 07:36 PM

Quote:

Originally Posted by osxx

I guess that open source that Android is always bragging about is totally open to all the vermin out there.

It's definitely a major failing for the Google App Market. As much as I like the idea of the marketplace being wide-open, I do wish it were screened (at least a little bit). Additionally, I don't understand why the OS isn't throwing up red flags when an app tries to use services "that cost you money" (as they put it in their warnings during install).

Right now, your only protection is to trust the reviews in the App Market. If the OS could act as a security gatekeeper to some extent, it would certainly help.

08-10-2010, 08:19 PM

Quote:

"Once installed, the Trojan virus sends SMS messages to premium rate numbers without notifying the user," Hutchinson reports.

So ummm im wondering, if this was written by a lets say for instance sake, a AT&T employer ??? Or just some random nobody that wants his 15 mins???

AT&T i could understand as that will be there way of getting more $ from there customers, but if its a nobody wanting to be somebody, what on earth is he/she getting out of it.
Hmmmm needs a hacker radar enhanced Smart Bomb

08-11-2010, 05:18 AM

Quote:

Originally Posted by TattooedMac

So ummm im wondering, if this was written by a lets say for instance sake, a AT&T employer ??? Or just some random nobody that wants his 15 mins???

AT&T i could understand as that will be there way of getting more $ from there customers, but if its a nobody wanting to be somebody, what on earth is he/she getting out of it.
Hmmmm needs a hacker radar enhanced Smart Bomb

AT&T locks down their android phones so that you can't install non-marketplace apps. And since this little app isn't from the marketplace you can't install it (unless you root the phone and edit the settings manually to allow it-- similar to an iPhone jailbreak). Anyone installing some random, non-signed app that just showed up in an sms message from someone that they don't know is pretty much a tool anyways. Having a choice means you can choose to be an idiot I guess.

08-11-2010, 05:24 AM

Quote:

Originally Posted by cwa107

It's definitely a major failing for the Google App Market. As much as I like the idea of the marketplace being wide-open, I do wish it were screened (at least a little bit). Additionally, I don't understand why the OS isn't throwing up red flags when an app tries to use services "that cost you money" (as they put it in their warnings during install).

Right now, your only protection is to trust the reviews in the App Market. If the OS could act as a security gatekeeper to some extent, it would certainly help.

It's not a marketplace app. Also, when you install a program in android, it tells you what permissions the app is requesting and you have to ok it. So basically, to get this in your phone you have to choose to install a random app that just showed up in a SMS, and then grant it permission to send text messages when you install it. Iow, you have to be a dumbass.

08-11-2010, 07:21 AM

There are some out there. My wife did something similar from SMS on her iPhone a couple of months ago. She didn't even know she did it. But, she had signed up for about 6 recurring charge web sites. One of them was $19.95 a week for ring tones. When I called AT&T, found out some of these can start auto charging your account simply by making any response to the SMS instead of deleting it.

My question to AT&T, was don't they vet these companies before they let them start charging people throgh their phone bill?

08-11-2010, 08:30 AM

@bobtomay:
You are speaking of something totally different.
This is a trojan. Your wife just encountered some retarded companys sms that earns their money with illegal stuff that is still a grey zone in law on the whole world.

08-11-2010, 10:43 AM

Quote:

Originally Posted by dan828

It's not a marketplace app. Also, when you install a program in android, it tells you what permissions the app is requesting and you have to ok it. So basically, to get this in your phone you have to choose to install a random app that just showed up in a SMS, and then grant it permission to send text messages when you install it. Iow, you have to be a dumbass.

You got to remember the vast majority of people out there have no understanding of how things are implemented they see next or hit ok and proceed true ignorance is no excuse but they don't look at these things as seriously as most of us forum members if they did Apple's sales would increase
even more.

08-11-2010, 10:54 AM

Quote:

Originally Posted by osxx

You got to remember the vast majority of people out there have no understanding of how things are implemented they see next or hit ok and proceed true ignorance is no excuse but they don't look at these things as seriously as most of us forum members if they did Apple's sales would increase
even more.

The problem is that the dialog that appears usually has a laundry list of functions that the app can perform. Some of which are vague - or may be perfectly legitimate depending on the function of the app. For the average user, this is difficult to discern and can result in habitual dismissal of the dialog (much like Vista's UAC).

What I'm suggesting is that Google puts a hook into the OS that proactively blocks these kinds of transactions until the user has confirmed (perhaps by an authentication mechanism) that it's OK to perform this function at the time the function is being performed, as opposed to when the app is being installed.

It's just a thought. And as much as we like to dismiss this sort of thing with a "stupid is as stupid does" mentality, in reality software designers can make smart choices in design that make the experience much more intuitive. You don't have to have a walled garden approach in order to be secure. If you want evidence of this, look at Mac OS X.