Android malware can make calls even after switching your phone off

A recent warning has come out from AVG has come out that some 3rd party App stores have Apps which bring in a Android Trojan which pretends to shut off your phone when you press the power button.

 The Hacker News has a nice article about it Android Malware Can Spy On You Even When Your Mobile Is Off  or you can read the original AVG post Malware Is Still Spying On You Even When Your Mobile Is Off
As the AVG blog explains:

The malware affects versions of Android older than v.5 (Lollipop) and requires root permission to hijack the shut down process.
After pressing the power button, the phone displays an authentic shutdown animation, and the phone appears off. Although the screen is black, it is still on.
While the phone is in this state, the malware can make outgoing calls, take pictures and perform many other tasks without notifying you.

But beyond the obvious problems with a malware spying on you, recording you, and sending your data to Chinese servers, it can be making Premium Rate SMS or calls without your knowing it.

The Hacker news article points this out:

PowerOffHijack malware has ability to silently send lots of premium-rate text messages, make calls to expensive overseas numbers, take photos and perform many other tasks even if the phone is supposedly switched off.

The article also has good options for removing PowerOffHijack and preventing it from getting on your phone

Bit9: The Dirty Dozen of security-vulnerable smartphones

Android has brought a variety of phones, with different hardware and software features to the market. This has enabled more people to get the phone that they want. Bit9 says that unfortunately this has led to “an estimated 56% of Android phones in the marketplace today are running out-of-date and insecure versions of the Android.”

It seems that when phones are released they can be running versions of Android that can be up to 18 months out of date, and thus lacking all the latest security updates.

"All operating systems have vulnerabilities," Harry Svedlove, Bit9's chief technology officer, points out, but it's how quickly and effectively software gets fixed that matters. Bit9's analysis of the most vulnerable smartphones is based on criteria that includes looking at smartphones with the highest market share that were running out-of-date and insecure software and had the slowest update cycles.

The Bit9 "Dirty Dozen" not-so-smart smartphone list includes:

1. Samsung Galaxy Mini

2. 2 HTC Desire

3. Sony Ericsson Xperia X10

Time to start protecting yourselves

Time to start protecting yourselves:
Android devices see staggering surge in viruses - Juniper Networks
Article at: http://www.totaltele.com/view.aspx?ID=469338&mail=645&C=0

Telecom Fraud from Smartphone malware apps

About 2 weeks ago I wrote about a phony NetFlicks app for the Android, today the BBC has an article titled Smartphone scams: Owners warned over malware apps which talks about how these apps are made and how they can be used to commit phone fraud.

Criminals are typically creating Trojan copies of reputable apps and tricking users into installing them.
Once on the phone, the app can secretly generate cash for criminals through premium rate text messages. 

Get Safe Online, a joint initiative between the government, police and industry, said it was concerned that users of smartphones, such as Android devices, were not taking steps to protect their devices.
Get Safe Online said fraudsters are designing apps which generate cash secretly in the background without the owner realising until their monthly bill.A typical scam involves an app designed to send texts to premium rate services without the user knowing. 

As with all telecom fraud the solution is a combination of setting the right controls and proactive monitoring.

To prevent a large, unexpected phone bill you should:

• Confirm that the app you are installing is certified and is from the company that it claims to be from.
• Install a malware protection app just like you have anti-virus on your laptop - and make sure it updates regularly. I wrote about some of these in the Netflix post.  
• Pay attention to performance. If your  battery seem to be running out too fast, if apps (and games)are running slowly, if calls or web sites take longer to connect you could have a malware app running on your system. If you do not have any protection install one and run a full system check.
• Occasionally look at your call and SMS (Text) logs to see if you have items that you did not make.
• Actually review your phone bill, you usually only have a month to challenge mistakes or fraud so this is your last line of defense.

New Phishing Technique - Mobile Apps

Symantec has a nice blog post about a new type of phishing scam that has emerged in the mobile world.

Apparently the fragmentation of the Android operating system has enabled a window of opportunity for people who wish Phish mobile users. As the Symantec blog explains:

The official app, which was initially released in the early part of the year, was only recently published to the Android Market with support for multiple devices. A gap in availability, combined with the large interest of users attempting to get the popular service running on their Android device, created the perfect cover for Android.Fakeneflic to exploit.

In the images below you can see the subtle differences between the real and fake versions.

Once a user has clicked on the “Sign in” button, they are presented with a screen indicating incompatibility with the current hardware and a recommendation to install another version of the app in order to resolve the issue. There is no attempt to automatically download the recommended solution. Upon hitting the “Cancel” button, the app attempts to uninstall itself. Any attempt to prevent the uninstall process results in the user being returned to the previous screen with the incompatibility message.

In spite of the list of permissions that is requested, it is unclear what  Android.Fakeneflic will collect from your phone or what it can do. But if past experience with PC based malware is any indication then it could be used to capture your passwords or credit card information, and could even be used to hijack your voice or data connection to enable them to use them for fraudulent calls from your phone. Calls for which you would be required to pay.

To protect yourself make sure you have a proper mobile security management product installed. There are several out there: Symantec,  Mcafee, Lookout , and Webroot all offer good products. In fact PC Magazine recently named Webroot Editor's Choice.

Do your research and protect yourself::

• AV-Comparatives weblog Mobile Security Review 2011
• Top Ten Reviews Mobile Security Software Review  (nice comparison table and ranking)