Android malware can make calls even after switching your phone off

A recent warning has come out from AVG has come out that some 3rd party App stores have Apps which bring in a Android Trojan which pretends to shut off your phone when you press the power button.

 The Hacker News has a nice article about it Android Malware Can Spy On You Even When Your Mobile Is Off  or you can read the original AVG post Malware Is Still Spying On You Even When Your Mobile Is Off
As the AVG blog explains:

The malware affects versions of Android older than v.5 (Lollipop) and requires root permission to hijack the shut down process.
After pressing the power button, the phone displays an authentic shutdown animation, and the phone appears off. Although the screen is black, it is still on.
While the phone is in this state, the malware can make outgoing calls, take pictures and perform many other tasks without notifying you.

But beyond the obvious problems with a malware spying on you, recording you, and sending your data to Chinese servers, it can be making Premium Rate SMS or calls without your knowing it.

The Hacker news article points this out:

PowerOffHijack malware has ability to silently send lots of premium-rate text messages, make calls to expensive overseas numbers, take photos and perform many other tasks even if the phone is supposedly switched off.

The article also has good options for removing PowerOffHijack and preventing it from getting on your phone

Holiday Hacks are upon us again

Today I found a very nice article on the CSO Security News site called The 12 Cons of Christmas by Joan Goodchild (CSO (US)).

In this article she points out that this is the time of the year when the fraudsters and phishers are out in force.  Or as Joan put it:

While the risk of being hacked, conned or having sensitive information stolen is possible all through the year, most security experts agree that the holiday season brings a spike in fraudulent activity, both online and off.

Hot Holiday items are lures

With the increased use of Facebook and Twitter they can get more information about what you want and can use that to better target you. To make it worse, the scammers have learned not to be so obvious, and "the signs that made scams so obvious before are no longer always present as more sophisticated techniques employed by criminals on Twitter and Facebook make it harder than ever to know what's legit."

Take a look at the article for some good hints on how to detect these scams and protect yourself.  
Full article: http://www.cso.com.au/article/440664/12_cons_christmas/

Term Tuesdays - Telecom Fraud Explained: Known Fraudulent Numbers

Term Tuesdays - Telecom Fraud Explained

Today’s term is actually a type of Telecom Fraud, in this case it is when your PBX makes calls to Known Fraudulent Numbers or Destinations.

Calls to Known Fraudulent Numbers or Destinations

Telecom fraud is a well-known problem, and like the “Nigerian Bank Scam,” there are blacklists of phone numbers, area codes etc. that can be blocked or monitored if the right tools are at hand. To protect yourself you need to use various types of blacklists to prevent inappropriate calls being made. 

Humbug supports several types of Blacklists:

• Community Blacklist - Protect your PBX from over 70,000 industry-confirmed blacklisted numbers
• Number Blacklist - Setup your own list of blacklisted numbers
• Country Blacklist - Receive alerts when traffic to/from specific countries you select are detected

Like PC based antivirus or malware protectors Telecom Fraud prevention needs to be regularly updated as new sources, destinations, and types are tried by the fraudsters.

It is a moving target and thus you need to be vigilant and use a solution that is constantly updated with these new attacks.

Time to start protecting yourselves

Time to start protecting yourselves:
Android devices see staggering surge in viruses - Juniper Networks
Article at: http://www.totaltele.com/view.aspx?ID=469338&mail=645&C=0

McAfee Warns Consumers of the Twelve Scams of Christmas

Just in time for the holiday season Gary Davis at McAfee has put up a blog post that Warns Consumers of the Twelve Scams of Christmas.

Now most of these are not Telecom Related there are a few I would like to point out 3 of them as being Telecom Fraud related:

1. Mobile Malware:

Malware is not new, it has been around in the PC world for a long time, but now that there are enough smartphones around to make it worthwhile financially to attack them.

That said, be aware that Gary mentions that a new cell phone specific attack has started:

New malware has recently been found that targets QR codes, a digital barcode that consumers might scan with their smartphone to find good deals on Black Friday and Cyber Monday, or just to learn about products they want to buy.

2. Malicious Mobile Applications:

I have written about this before when Symantec broke the story about the phony Netflix Android apps.  Just to show this is not a problem for Android alone, recently there was a story about someone who created InstaStock, a Stock Ticker app, for the iPhone that was designed to  

A researcher with the security firm Accuvant, Miller had rigged the app to connect to a server in his St. Louis home and to receive commands to perform a number of devious tasks, including reading an iPhone's files, making a phone vibrate and remotely downloading the pictures and contacts stored on the device of a person running the app.

           

7. Holiday Phishing Scams

Again Phishing is not new, and I have written about it in the past, but Gary has pointed out 3 specific ones related to the holidays you should watch out for:

• A common holiday phishing scam is a phony notice from UPS, saying you have a package and need to fill out an attached form to get it delivered. The form may ask for personal or financial details that will go straight into the hands of the cyberscammer.

• Banking phishing scams continue to be popular and the holiday season means consumers will be spending more money—and checking bank balances more often. From July to September of this year, McAfee Labs identified approximately 2,700 phishing URLs per day.

• Smishing –SMS phishing—(in the US it is Text Phishing) remains a concern. Scammers send their fake messages via a text alert to a phone, notifying an unsuspecting consumer that his bank account has been compromised. The cybercriminals then direct the consumer to call a phone number to get it re-activated—and collects the user’s personal information including Social Security number, address, and account details.

Again none of these are new, and there have been email variants of them all. All 2 have the intention of tricking you out of information that can be used to access your bank account, but the SMS one has an additional cost in that it asks you to call a phone number which in and of itself can cost you significant money.

The phone number that they have you call can be a premium or other high cost number that can charge you at least $1 per minute. So pay attention to the number to make sure it is not one you want to avoid (examples are 809, 900, etc.).

I recommend you read his article if only for the refresher of all the hazards out there at the holiday season and how to protect yourself from the ones I have not mentioned.

New Phishing Technique - Mobile Apps

Symantec has a nice blog post about a new type of phishing scam that has emerged in the mobile world.

Apparently the fragmentation of the Android operating system has enabled a window of opportunity for people who wish Phish mobile users. As the Symantec blog explains:

The official app, which was initially released in the early part of the year, was only recently published to the Android Market with support for multiple devices. A gap in availability, combined with the large interest of users attempting to get the popular service running on their Android device, created the perfect cover for Android.Fakeneflic to exploit.

In the images below you can see the subtle differences between the real and fake versions.

Once a user has clicked on the “Sign in” button, they are presented with a screen indicating incompatibility with the current hardware and a recommendation to install another version of the app in order to resolve the issue. There is no attempt to automatically download the recommended solution. Upon hitting the “Cancel” button, the app attempts to uninstall itself. Any attempt to prevent the uninstall process results in the user being returned to the previous screen with the incompatibility message.

In spite of the list of permissions that is requested, it is unclear what  Android.Fakeneflic will collect from your phone or what it can do. But if past experience with PC based malware is any indication then it could be used to capture your passwords or credit card information, and could even be used to hijack your voice or data connection to enable them to use them for fraudulent calls from your phone. Calls for which you would be required to pay.

To protect yourself make sure you have a proper mobile security management product installed. There are several out there: Symantec,  Mcafee, Lookout , and Webroot all offer good products. In fact PC Magazine recently named Webroot Editor's Choice.

Do your research and protect yourself::

• AV-Comparatives weblog Mobile Security Review 2011
• Top Ten Reviews Mobile Security Software Review  (nice comparison table and ranking)