New Android Trojans, Gremlins Inside Play, iPhone’s Safe and Sound – Mobile Security Weekly
It’s mostly bad news this week for Android, with two new threats placing millions of users at risk. However, from the Apple point of view, it’s been a good week – iPhone theft is down — way down. Let’s take a closer look…
New Android Trojan Flies Under the Radar
Many Android malware strains try to obtain as many permissions as possible to get absolute power over a victim’s device. But earlier this week, a new Android Trojan that asks for few permissions to avoid discovery was discovered and assessed by researchers.
Currently named Trojan.Downloader.Agent.gp, this trojan pushes traffic to certain advertising URLs, thus creating revenue without the need for special administrative privileges. The ads served are typically “those that offer free items or service quotes and request personal data from the victim, like email, phone, and address.”
Why is this Significant?
Not all malware needs a home run to cause damage. There are plenty of ways revenue can be generated by malware, so attackers are becoming increasingly sophisticated and finding new ways to achieve this without getting caught. They’re realizing that trying to go for maximum permissions is difficult and gets them noticed more easily. However, this type of threat, which originates from malicious versions of legitimate apps, needs users to download apps from outside the official Google Play Store.
Flaws in Google Play Placing Users at Risk
A number of newly discovered vulnerabilities on Google Play are once again leaving Android users vulnerable to malware. Researchers have found that the X-Frame-Options flaw, if combined with a recent Android WebView (Jelly Bean) bug, creates a platform for attackers to install any app surreptitiously Google Play. Although there are likely few malicious apps in the store, there are various apps that are vulnerable to exploitation. The option to silently install them on a user’s device can definitely place them at risk.
Many devices running Android 4.3 (Jelly Bean) or below ship with browsers with UXSS [Universal Cross-site Scripting] exposures. There are also many vulnerable 3rd party browsers. Until the Google Play store XFO [X-Frame-Options] gap is mitigated, “…users of these web applications who habitually sign in to their Google Account will remain vulnerable.”
Why is this Significant?
This is another example of how problematic fragmentation within the Android environment is to mobile security. Although efforts are being made to move people to Android 5.0, millions of users still use previous versions that as we can see – are endangering users.
iPhone Thefts Down Dramatically
In the twelve months since Apple added the Activation Lock feature to its devices, iPhone theft has dropped 40% in San Francisco, 25% in New York and as much as 50% in London.
Available on iOS 7 or later, Activation Lock is a kill switch that gets turned on by default when you set up Find My iPhone on an iPhone, iPod touch or iPad. When enabled, this makes it much harder to use or sell a device if lost or stolen, making devices less attractive to thieves. Apple is not the only ones doing this; Google has included a similar feature in the latest release of Android, with Microsoft planning to do the same shortly.
http://www.idownloadblog.com/2015/02/11/activation-lock-drops-iphone-theft/
Why is this Significant?
This isn’t the type of story we usually cover, but this remains an interesting development. The way the world of mobile security has developed, mobile malware now poses a seriously tempting threat for several reasons: Devices are becoming harder to exploit if stolen and, in many cases, malware can prove much more profitable than the device itself