Android malware focuses on custom ROMs
It looks like the attackers have been having fun focusing on Android in recent months by releasing various pieces of malware posing as innocent looking software on the various Android marketplaces. This has brought up concerns about “fragmentation” of the Android platform as a whole.
Today, the bad guys have decided to attack custom ROMs and Lookout Mobile Security has released the details of the attack. The company makes it clear that this attack targets only people with custom ROMs, a small minority of the actual Android user base. In addition, users of the Lookout Free and Lookout Premium ROMs are immune from the attack due to the way they handle the public key cryptography.
Apparently, the attack is currently targeting Chinese Android users based on where the malware is located on the internet. When installing an infected app, a piece of malware named jSMSHider attempts to silently install its payload on the device. If it fails, it will then ask the user for permission to install itself. Once installed, the malware has the ability to send/receive SMS messages, install other apps transparently to the user, communicate with command and conquer servers, and more. It also appears that if the main payload is not successfully installed, the tool can still send SMS messages and silently open URLs.
Should all of these recent vulnerabilities scare users away from the Android platform? Or is this simply the price you pay for having an open, customizable platform? It should be emphasized that in the case of this attack, normal stock users have nothing to worry about, although safe computing habits should always be followed.
It looks like the attackers have been having fun focusing on Android in recent months by releasing various pieces of malware posing as innocent looking software on the various Android marketplaces. This has brought up concerns about “fragmentation” of the Android platform as a whole.
Today, the bad guys have decided to attack custom ROMs and Lookout Mobile Security has released the details of the attack. The company makes it clear that this attack targets only people with custom ROMs, a small minority of the actual Android user base. In addition, users of the Lookout Free and Lookout Premium ROMs are immune from the attack due to the way they handle the public key cryptography.
Apparently, the attack is currently targeting Chinese Android users based on where the malware is located on the internet. When installing an infected app, a piece of malware named jSMSHider attempts to silently install its payload on the device. If it fails, it will then ask the user for permission to install itself. Once installed, the malware has the ability to send/receive SMS messages, install other apps transparently to the user, communicate with command and conquer servers, and more. It also appears that if the main payload is not successfully installed, the tool can still send SMS messages and silently open URLs.
Should all of these recent vulnerabilities scare users away from the Android platform? Or is this simply the price you pay for having an open, customizable platform? It should be emphasized that in the case of this attack, normal stock users have nothing to worry about, although safe computing habits should always be followed.
