620,000 Android Phones in China hit by Most Costly Malware in History

Flag of the People's Republic of China

China may be the source for a lot of international cyber attacks and malware, but they get hit by it too. 620,000 Android phones in China were infected with a nasty virus that takes over the phone, collects personal information from it and begins to send costly  text messages to benefit the malware maker.

Yesterday, security research company NQ Mobile created a press release about the discovery of the Android malware they dubbed “Bill Shocker”. Based on their findings they claim, “Bill Shocker is an SDK designed by malware developers that infects several of the most popular apps in China, including Tencent QQ Messenger and Sohu News.”

Bill Shocker then downloads itself in the background and takes over control of the phone, including dialing and texting features. And “Once the malware has turned the phone into a “zombie,” the infection uses the device to send text message to the profit of advertisers. In many cases, the threat will overrun the user’s bundling quota, which subjects the user to additional charges,” the report says.

The malware could affect phones outside China and has the potential to be the most costly malware in history, according to NQ.

So what can you do to keep your phone safe? NQ offers several tips to avoid infection including:

  • Only download apps from trusted sources
  • Never accept application requests from unknown sources
  • Closely monitor permissions requested by any application
  • And be alert for abnormal behavior from your smart device

NQ Mobile also offers a mobile device security solution that is already protects against threats like Bill Shocker.

With mobile malware becoming more prevalent, Bring Your Own Device (BYOD) is really starting to increase the attack surface of corporate networks. Companies really need to take a good look at their Mobile user security policy if they haven’t done so already.

Advertisements

Android 4.0.4 Zero-Day Found, Galaxy S3 Pwned at Pwn2Own

Today at the EUSecWest conference “PWN2OWN” contest in Amsterdam, MWR labs used a zero-day exploit to pwn an Android based Galaxy S3. MWR Labs used Mercury (their custom made framework to find vulnerabilities) to grab text messages, contacts, pictures and more from the phone:

“MWR showed an exploit against a previously undiscovered vulnerability on a Samsung Galaxy S3 phone running Android 4.0.4. Through NFC it was possible to upload a malicious file to the device, which allowed us to gain code execution on the device and subsequently get full control over the device using a second vulnerability for privilege escalation.

The same vulnerability could also be exploited through other attack vectors, such as malicious websites or e-mail attachments.”

Check out their website for more information.

Android Phone “Face Unlock” Feature Fooled by Picture

Looks like the Face Unlock feature on the new Galaxy Nexus is more of a novelty item than a security feature. In the video above you can see the phone being unlocked by a picture from another cell phone.

According to PacketStorm Security this could be a security risk, “With your face literally all over the internet (think Facebook, Twitter, LinkedIn, etc.), this could be a potentially serious flaw in Android 4.0, codenamed Ice Cream Sandwich and unveiled last month in Hong Kong.”

Though facial recognition is cool, with smart phones already being touch sensitive, it would seem like finger print recognition (Like on the Motorola Atrix) would be a much better bet.