New type of auto-rooting Android adware is nearly impossible to remove

Dikutip dari Ars Technica:

The researchers have found more than 20,000 samples of trojanized apps that repackage the code or other features found in official apps available in Google Play and then are posted to third-party markets. From the end user’s perspective, the modified apps look just like the legitimate apps, and in many cases they provide the same functionality and experience. Behind the scenes, however, the apps use powerful exploits that gain root access to the Android operating system. The exploits—found in three app families known as Shedun, Shuanet, and ShiftyBug—allow the trojanized apps to install themselves as system applications, a highly privileged status that’s usually reserved only for operating system-level processes.

Ahem… “Don’t bother with anti-virus

Android ransomware

Peneliti baru saja menemukan malware yang mengunci perangkat (Android) yang terinfeksi sampai pemiliknya melakukan pembayaran (dari Ars Technica):

The malicious Android Package is automatically downloaded when people visit certain pornography sites using an Android phone. The sites then claim that the APK installs a video player used for premium access. To be infected, a user must change Android settings to allow out-of-market apps and then manually install the APK

Mengerikan. Sideloading itu mengerikan. Sekarang saya paham kenapa Apple melarang ini.

Unflod

Sebuah malware yang berwujud ekstensi MobileSubstrate diketahui telah menyerang pengguna iDevice yang telah dijailbreak. Malware yang berupa file dynamic library (.DYLIB) ini bernama Unflod.dylib akan mencuri Apple ID dan password pengguna dan mengirimnya ke alamat 23.88.10.4:

Analisis dari SektionEins:

A malware campaign targetting users of jailbroken iPhones has been discovered and discussed by reddit users. This malware appears to have Chinese origin and comes as a library called Unfold.dylib that hooks into all running processes of jailbroken iDevices and listens to outgoing SSL connections. From these connections it tries to steal the device’s Apple-ID and corresponding password and sends them in plaintext to servers with IP addresses in control of US hosting companies for apparently Chinese customers.

Kalua terinstall, Unflod.dylib ini bisa ditemukan pada direktori:

/Library/MobileSubstrate/DynamicLibraries/Unflod.dylib

Kalau file ini tidak ditemukan pada iDevice Anda, berarti Anda aman. Tapi kalau ada, nonaktifkan library ini dan ganti password SSH iDevice Anda. Dan jangan install app/tweak/repositori bajakan atau yang asalnya dari repositori tidak jelas asal usul/developernya.

Adware yang memanfaatkan Cydia Substrate

Seorang peneliti keamanan asal Cina telah menemukan sebuah file dynamic library (.DYLIB) yang dicurigai adalah sebuah malware atau adware:

This dynamic library, named “spad.dylib”, was found under the directory /Library/MobileSubstrate/DynamicLibraries/. It’s configured to be injected to all applications which use the com.apple.UIKit framework. It uses Cydia Substrate’s API to hook lots of popular advertisement SDKs’ code in all applications which use these SDK to popup advertisement or get statistics of its installation.

Continue reading “Adware yang memanfaatkan Cydia Substrate”

“Android not designed to be safe”

Mengenai malware pada Android, inilah tanggapan dari Sundar Pichai (bos Android) yang sangat jujur:

Dikutip dari 9to5 Mac:

We cannot guarantee that Android is designed to be safe, the format was designed to give more freedom. When people talk about 90% of malware for Android, they must of course take into account the fact that it is the most popular operating system in the world. If I had a company dedicated to malware, I would also be addressing my attacks on Android.

Hmm… mungkin sedikit off-topic, tapi saya tidak tahan untuk tidak menulisnya…

Siapapun yang pernah pakai GNU/Linux pasti pernah dengar tanggapan dari pengguna Windows soal virus/malware yang bunyinya kira-kira seperti ini:

“Windows lebih populer dan penggunanya lebih banyak, makanya virus lebih sedikit di Linux.”

Senada?

Thanks Gruber 😉

Virus Android di Ubuntu

Apakah virus yang ada di OS Android bisa menginfeksi OS ubuntu? Sebab kedua OS tersebut bersumber dari kernel yang sama yaitu Linux.

Chandra via detikinet

Terima kasih buat Android, pertanyaan-pertanyaan seperti ini akhirnya menjadi populer.

Selama kurang lebih 4 tahun menggunakan Linux/Ubuntu, saya sama sekali tidak pernah takut Ubuntu saya terinfeksi virus. Saya tidak pernah berusaha mencegahnya. Buang-buang waktu saja. Karena saya tahu, apa yang akan terjadi pada sebuah virus atau malware jika sampai pada lingkungan UNIX atau Linux.
Continue reading “Virus Android di Ubuntu”

Malware di Amazon Appstore

Internet Accelerator Speed Up
Seperti halnya Android yang pertumbuhannya terus meningkat, tingkat pertumbuhan malware yang ditargetkan untuk Android juga meningkat. Selain Google Play Store, toko aplikasi milik Amazon, yaitu Amazon App Store juga sudah menjadi sasaran malware.

Baru-baru ini sebuah aplikasi dari Amazon App Store telah terdeteksi sebagai malware/adware (fungsionalitas = no, iklan = yes) oleh tim Kaspersky.

Roel dari Kaspersky :

It should come as no surprise that there are malicious apps in the Amazon App Store. Amazon.com is incredibly popular and it’s a very trivial step to also upload an app into their store.

We detect these pieces of malware as HEUR:Hoax.AndroidOS.FakeBapp.a and have been in contact with Amazon.com about this. The apps were previously available in Google Play as well, but had been removed at an earlier time.

Aplikasi yang bernama Internet Accelerator Speed Up ini juga sempat muncul di Play Store namun sudah dihapus oleh Google.

“no surprise”.

Gunakan OpenDNS untuk mencegah trojan Flashback

Allison Rhodes (OpenDNS team):

OpenDNS — security and DNS provider of choice for 2% of all Internet users — is blocking the Flashback Trojan, or what’s being described as one of the single biggest Mac security incidents of all time. As OpenDNS does in cases of very large scale attacks like this, the protection is included in Premium DNS and completely free to users. People not yet using OpenDNS need only to set up the service on their wireless router, computer or device to secure their computers and devices from the attack. (OpenDNS also offers OpenDNS Enterprise, a security service for businesses that includes comprehensive malware and botnet protection.)

If you’re already using OpenDNS services, no action is required to get the protection. It was enabled for you automatically. In addition to protection from Flashback, OpenDNS will also protect you from future, widespread attacks and make your Internet both faster and more reliable.

Continue reading “Gunakan OpenDNS untuk mencegah trojan Flashback”

Android and military

Unbiased Tech:

The government chose Android for being open source, so they can modify its source in order to make it more secure and reduce some of its features that could compromise security, like the access to the Android Market.

To the military, Android is probably the best thing to happen since the M16. No licensing fees and the source code is available for free.

The largest-ever Android malware campaign may have duped as many as 5 million users into downloading infected apps from Google’s Android Market, Symantec said today.

Android.Counterclank is a Trojan horse that when installed on an Android smartphone collects a wide range of information, including copies of the bookmarks and the handset maker. It also modifies the browser’s home page.