Sign up for a new account or log in here:
Two newly-discovered Android apps found on Google Play were designed to spy on their users, claim security experts at Kaspersky. The apps, SuperClean and DroidCleaner, posed as innocuous Android clean-up utilities; however, each app could quietly copy photos, contacts and other information to a remote server.
If that weren't enough though, security analysts also found that malware authors were grabbing microphone recordings from Windows PCs paired with infected Android devices. What authors intended to do with the snagged recordings is a mystery, but the effort remains unsettling, nonetheless.
To record and steal audio from a microphone on a Windows PC, unscrupulous app writers had to first devise a method for infecting Windows PCs from Android. The programmers chose to exploit Windows' AutoRun feature, designing their apps to quietly plant a malicious Windows executable and AutoRun config file onto any SD-Card inserted into the infected Android device. When the device was connected to any AutoRun-enabled Windows PC, Windows would automatically run the malicious code, allowing virus unfettered access to the user's computer.
AutoRun has been long been an easily exploitable attack vector for Windows machines -- particularly in office, enterprise and educational settings where users frequently swap PCs and flash drives. This security realization prompted Microsoft to disable AutoRun entirely on PCs running Windows XP, Vista and 7 via a security fix eventually pushed out through Windows Update. With approximately 10 percent of Windows users opting out of Automatic Updates though, a large swath of users is likely to be at risk for such attacks.
Some of the malware's capabilities are highlighted here:
- Sending SMS messages
- Enabling Wi-Fi
- Gathering information about the device
- Opening arbitrary links in a browser
- Uploading the SD card’s entire contents
- Uploading an arbitrary file (or folder) to the master’s server
- Uploading all SMS messages
- Deleting all SMS messages
- Uploading all the contacts/photos/coordinates from the device to the master
"This is the first time we have seen such an extensive feature set in one mobile application." noted Kaspersky Labs expert Victor Chebyshev.
The malicious apps have since been removed from the Google Play market.
Related Products from Product Finder
Google Nexus 4
The Google Nexus 4 features a 1.5GHz quad-core Snapdragon S4 processor, a 4.7-inch 1280 x 768 IPS display, 2GB of RAM, dual cameras (1.3MP front, 8.0MP back), and either 8GB or 16GB of internal storage. Google also baked in NFC support and a wireless charging feature that lets you power the phone by setting it down on an inductive “Charging Orb”.
Google Nexus 10
The Google Nexus 10 features Android 4.2 with a dual-core ARM Cortex-A15 chip paired with 2GB of RAM, as well as a 10-inch screen at 2560 x 1600 resolution, clocking in at 300ppi. There’s also a 5MP camera on the back, a 1.9MP camera on the front, and a battery that Google says runs for 9 hours. Other features include microUSB, Micro HDMI and not one but two NFC chips.
26 Reviews
Price: $499.99
Samsung Galaxy Note II
The Samsung Galaxy Note II is actually slimmer and thinner than its predecessor. The Galaxy Note II has a 1.6 GHz quad-core processor, 2GB of RAM, and 16 to 64GB of internal storage to handle your daily activities. A microSD slot adds even more memory by providing the option of supporting an additional 64GB of storage.
56 Reviews
Price: $148.00
HTC Droid DNA
The HTC Droid DNA features a 5" SLCD3 screen with 1920 x 1080 resolution(440 PPI). The DNA runs on a 1.5GHz quad-core Snapdragon S4 Pro chip with integrated LTE connectivity and paired with 2GB of RAM. It packs an 8 MP camera. 16GB of built-in storage, Beats Audio, and NFC. The DNA is also among the first phone to support the Qi wireless charging standard.
8 Reviews
Price: $49.99
User Comments: 2
Got something to say? Post a comment-
Correct me if I am wrong, but dont the develpoers have to register some form of DBA or personal information when a App is submitted to Android for concideration on the Google market? If so it seems Google needs to go after the creaters of the malware. Moble devices are more and more intergrated into our fast paced lives. Even more so then the personal computer. These types of Apps are going to cause a lot of ppl problems and Google will be at the heart of the problem. Perhaps They need better screening practices for their own apps.
-
HiDDeNMisT said:
I completely agree. Its googles fault for not looking into the apps that they are letting there customers purchase and download. I pretty sure google has the source code and they have to look at it before anything, and if they do, THEN WTF GOOGLE.
Most Popular
| Trending | Featured |
Subscribe to TechSpot
Get free exclusive content, learn about new features and breaking tech news.