Lookout Mobile Security on Tuesday published a report stating that a known malicious Android program has been updated with the ability to harm a device without depending on a user’s interaction. The new version of the “Legacy Native” (LeNa) app utilizes an exploit called GingerBreak to gain root permission on Android phones. The new variant of LeNa hides its payload just past the End of Image marker of an otherwise fully-functional JPEG. The malware is then able to communicate with a command and control server to install and launch packages unbeknown to the phone’s user. According to the report, this new version of LeNa is currently being distributed in a fake version of Angry Birds Space, but the malicious program is not believed to have made its way into the Google Play marketplace at this time. More →
A few days ago Google was made aware that there were over 20 apps in the Android Market that were up to no good. These malicious apps gained system-level access to your handset when downloaded and would intercept and covertly transmit private data to 3rd party servers. Some of these apps have been downloaded more than 50,000 times. To try and fix the problem, Google has started using a remote kill switch feature in Android to wirelessly nuke those installed apps on user’s handsets. That’s not the entire story, though, as Google is actually installing new code in the process. The new code undoes the exploit and prevents your data from being shared, and it’s kind of creepy to plainly see how much control Google has over your Android phone from afar. Affected users have started receiving emails that the process has been completed. More →
While investigating several Android Market applications that appeared to be duplicates, Reddit user lompolo discovered several apps that provide an extra, and definitely unwanted, service. The applications in question contain an exploit that, when downloaded, automatically root the Android handset. Not only that, the apps — 21 in total — also contain an embedded .apk file that can accept remote code and upload device information (like your IMEI) to a server in California. The malicious bundles were published by user Myournet and some of the individual applications have been downloaded over 50,000 times each. Once alerted of the potential malware, Google investigated and removed the code from the Market and users handsets. Unfortunately, that doesn’t have any effect on data already compromised by downloaders of the rogue applications. Google has yet to publicly comment on the incident.
UPDATE: More information about the exploit and affected applications can be found here. More →
If you haven’t heard by now, you probably don’t have an iPhone, but you can unlock your iDevice by visting http://www.jailbreakme.com. However, the exploit used to jailbreak iPhone, iPod and iPad devices is reportedly about to be turned against the hacking community, we’ve been told. Once the exploitation method is disclosed to the public, black hat hackers would be able to take advantage of it by setting up their own websites that could load malicious code onto your device. This is done through the jailbreakme PDF exploit. Under this method, it would be possible to steal your address book, text message database, or much worse. There is going to be a security solution soon though, as BGR has been informed that a plugin named PDF Loading Warner” has been created to combat this potential security risk. It works by hooking into the device system and will display a warning before a PDF can be displayed. If you install this plugin and navigate to a website that should not be showing a PDF and get this warning, you are able to click “Cancel”, blocking the PDF from loading and subsequently stealing your data. It should be available from Cydia in the next day or two we hear, but more experienced users can grab the .deb file from the link below here and install it manually via SSH or iFile if they wish.
Note: This does not patch the exploit, but it will at least give you a bit of control.
Read [Direct Link]
Ruh roh, as Scooby would say. Once relatively untouchable, security experts have now found what they claim to be two new pieces of malware specifically targeting OS X. The first, ‘OSX.RSPlug.D’, is a Trojan capable of rerouting internet traffic to a malicious DNS server which will draw users to phishing sites and ads. So far the only reported sources of the Trojan are porn sites where it sits masked as a codec needed to display certain videos. The second piece of malware, ‘OSX.Lamzev.A’, is much less of a threat. While is is surely capable of doing some serious damage by letting hackers install backdoors in an affected user’s system, a hacker would need physical access to the user’s computer in order to place it. This news might not be terribly huge for most users right now, odds are it is indeed a sign of things to come as Apple computers grow more popular thus drawing the attention and resources of malicious hackers. No need to panic for the time being however, just watch where you go for, err, entertainment.