Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Tool Makes Android Malware Easier To Create

samzenpus posted about 5 months ago | from the a-b-c-1-2-3 dept.

Security 42

itwbennett writes "A new commercial tool designed to allow cybercriminals to easily transform legitimate Android applications into malicious software has hit the underground market, paving the way for cheap and easy development of sophisticated Android malware. Security researchers from Symantec said Wednesday in a blog post that the tool, called Dendroid, is marketed by its creators as an Android remote administration tool (RAT) and is being sold for $300."

cancel ×

42 comments

LOL (-1)

Anonymous Coward | about 5 months ago | (#46424633)

Do you hate beta? Do you hate Dice.com? Do you hate the technically-ignorant newfags that are infesting Slashdot? Do you hate niggers, jews and fags? Well don't fret! Join SoylentNews! A site by straight, white nerds for straight, white nerds!

Re:LOL (1)

davidhoude (1868300) | about 5 months ago | (#46426771)

From: http://wiki.soylentnews.org/wi... [soylentnews.org]

NCommander (Michael Casadevall) - A straight white nerd who hates niggers, jews and fags.

I am sure the people at Canonical are going to be happy to hear that one of their employees is running a news aggregation site aimed with such a strong moral compass.

Be nice to see something like this legit (2)

rsilvergun (571051) | about 5 months ago | (#46424653)

For what it's woth, these are the kind of tools you need to see Android in the enterprise.

Where to get that tool ? (1)

Taco Cowboy (5327) | about 5 months ago | (#46424655)

Not that I want to make malicious apps running on Android. I only want to see how that thing function.

Where can I buy this newfangled tool? (0)

Anonymous Coward | about 5 months ago | (#46424659)

And do you get the source code with it? If not I'm not interested. Do you think just because this tool is useful for malicious purposes don't think your going to get away with skipping on the source.

Oh great idea guys. A Virus SDK for Android (0)

bobbied (2522392) | about 5 months ago | (#46424679)

So does this mean we can sue this vendor for damage their tool causes? Hope so.

You knew it was coming (if not already here); Android virus infections, or more likely malware is the thing. But now that they have Android locked down pretty well, shouldn't be a huge issue. These days, just rooting your Android device is not as simple as running some root kit. You have to actually flash new firmware on my 2 year old phone to root it now.

But, really, what's the big deal? Just installing apps is a crap shoot already. Most do things with your personal information that would have desktop users up in arms if it got out. On smartphones they just put it in the EULA and it's a free for all. You READ those things right? Yea, me too.

Re:Oh great idea guys. A Virus SDK for Android (1)

nurb432 (527695) | about 5 months ago | (#46424723)

hese days, just rooting your Android device is not as simple as running some root kit.

Depends on your phone on how difficult it is. Depending on where you buy it it comes pre-rooted even.

Re:Oh great idea guys. A Virus SDK for Android (1)

noh8rz10 (2716597) | about 5 months ago | (#46424763)

it's one thing for your phone to get pwned. what scares me is when automakers start rolling out vehicles with android integration. what will the firewalls be? will haxors be able to pwn your car?

the benefit of ios integration is it is super limited in scope. basically your iphone is displayed on the car in dash screen, and dash button commands are routed back to the iphone. The iphone can't talk to the car computer systems at all. this is how I want it!

Re:Oh great idea guys. A Virus SDK for Android (2, Informative)

Anonymous Coward | about 5 months ago | (#46424867)

iOS has yet to have a single piece of malware in the wild for it. By keeping the dolts from hosing their own systems, Apple has kept effectively 100% security on their devices going on almost a decade without a single malware occurrence in the wild (other than JBs.)

Can this be said about any other widespread ecosystem in the computing arena? No malware whatsoever in the wild for that long is a pretty top tier achievement.

Re:Oh great idea guys. A Virus SDK for Android (1)

The Grim Reefer (1162755) | about 5 months ago | (#46425627)

iOS has yet to have a single piece of malware in the wild for it.

You mean like this one? [forbes.com]

Can this be said about any other widespread ecosystem in the computing arena?

OpenBSD? ;)

Re:Oh great idea guys. A Virus SDK for Android (2)

noh8rz10 (2716597) | about 5 months ago | (#46426215)

as the article says, the malware is a trojan that the user downloads and it scrapes the address book. it never breaks out of its sandbox into neighboring systems. it doesn't pwn your phone. hate to move the goalposts on you, but show me something that's not a single-user trojan.

Re:Oh great idea guys. A Virus SDK for Android (0)

Anonymous Coward | about 5 months ago | (#46427157)

Apple has kept effectively 100% security on their devices going on almost a decade without a single malware

100% security does not exist, and just because they prevent a lot of the malware from entering their market place does not mean it doesn't exist somewhere. Also, malware is not the only threat to security. Apple has it's own fair share of security flaws within their own operating systems and applications.

Re:Oh great idea guys. A Virus SDK for Android (2)

mlts (1038732) | about 5 months ago | (#46424975)

If there is an Android based audio head that has the same functionality as CarPlay, it almost definitely will not be vulnerable to this type of malware (although I'm sure malware can be injected somehow):

1: The functionality to add apps will be a lot more restricted than a phone the typical and app store. I doubt that there will be the option for sideloading, much less ADB access. Slam this door shut, and this effectively gets rid of malware. Reducing the install points of all software and being an active, brutal guardian is one of the reasons iOS has had a good reputation for security over time.

2: Android can be made pretty secure, especially with SELinux set to enforcing in Android 4.4 as opposed to permissive. Even if something gets root, the OS is still pretty well locked down.

3: Most device makers have solid ways to turn filesystems read-only, even to root, so even if malware got its way unfettered by SELinux, it might be able to hose a partition or two, but couldn't attach somewhere so it could be started on the next device reboot. Again, not 100%, but an effective measure.

4: Android's existing app permission model will be good enough for a car audio head, since in general, one wouldn't be adding apps to it, apps would be on the smartphone or tablet.

iOS integration is nice, but it means only three phones (the iPhone 5, the iPhone 5c, and iPhone 5s) will work with CarPlay. That isn't that many devices, and I'm sure the people running Android will be demanding a decent audio/map experience as well.

I would guess carmakers will solve this by including CarPlay and an Android based analog that provides similar functionality.

Re: Oh great idea guys. A Virus SDK for Android (0, Redundant)

Anonymous Coward | about 5 months ago | (#46425365)

Apple sold hundreds of millions of the iPhone 5x series. "Not that many" - lol.

Re:Oh great idea guys. A Virus SDK for Android (1)

swb (14022) | about 5 months ago | (#46425447)

It looks to me like CarPlay exploits the iPhone (and iPad, AFAIK) ability to use an HDMI display as a second monitor rather than an in-dash computing device on its own. When plugged into the CarPlay interface, the home screen gets output to the in-dash display and switches to a dumbed-down, big-icon interface that only displays apps with CarPlay approved display/interfaces.

CarPlay hardware is probably just a custom Lightning HDMI dongle (more or less) that handles video and touch input, meaning that it probably will have an Android analog that somehow works with Android HDMI output. I'm not enough of an Android user to know if Android HDMI output works similarly as a "second" display the way iOS does or not or if Android has an external touch capability the way CarPlay apparently does.

I could be totally wrong about all this, but I can't see carmakers buying into iOS and Apple's control enough to actually let them own the infotainment system down to hardware & software or it being at all practical to actually have iOS run in the dash.

Re:Oh great idea guys. A Virus SDK for Android (2)

viperidaenz (2515578) | about 5 months ago | (#46424767)

I just bought a new phone. There's instructions on the manufactures website for unlocking the bootloader https://motorola-global-portal... [custhelp.com]
From there all you need is the included usb cable and Superboot.

No new firmware is flashed in the process, just a couple of files copied.

Re:Oh great idea guys. A Virus SDK for Android (1)

bobbied (2522392) | about 5 months ago | (#46427975)

Manufacturer can do that if they want. Apparently LG and ATT elected not to do so on my phone. I'm personally OK with it locked down as there is really very little I want that requires root. (Only one thing comes to mind and it was decidedly optional). I just want the phone to work, and so far it serves me well without root.

But that is me. Your mileage and desire for root may be different.

Re:Oh great idea guys. A Virus SDK for Android (0)

Anonymous Coward | about 5 months ago | (#46425619)

"So does this mean we can sue this vendor for damage their tool causes? Hope so. "

No, there were similiar virus/worm creation kits available for DOS back in the 80s and 90s (some were automated, others came as code you added your payload to or otherwise customised, that didnt change anything, why should this?

As always, trust the source of your code (either by reading the actual source, or trust the ones who write/distribute it) this have not changed one iota (but people still download indiscriminantly from the new-age versions of softpedia, full of untrustworthy backdoored crap.)

What I'd like to know is... (1)

roc97007 (608802) | about 5 months ago | (#46424727)

Why isn't there an open source version of the tool?

No, wait...

doesn't effect XP (2)

turkeydance (1266624) | about 5 months ago | (#46424757)

XP lives! well, for a few more days, after which it lives forever.

Re:doesn't effect XP (0)

Anonymous Coward | about 5 months ago | (#46425473)

affect

Re:doesn't -e-f-f-e-c-t- affect XP (0)

Anonymous Coward | about 5 months ago | (#46425593)

What worries me about all this Andriod malware, is that Andriod is a Linux that has been zombified. And if the crooks can open up Andriod easier than unwrapping a snadwich .. we who use Linux ever so smugly should watch out!
Can anyone add insight on how to really secure your Linux box, and check that it is still Ok on a regular basis? Names of utils, tools - please.

Fond memories of XP! (0)

Anonymous Coward | about 5 months ago | (#46424875)

Ah nostalgia!

Whadda deal! (2)

Marginal Coward (3557951) | about 5 months ago | (#46424927)

... the tool, called Dendroid, is marketed by its creators as an Android remote administration tool (RAT) and is being sold for $300.

Or, you get it for get it for FREE with a two-year contract.

As always... (0)

Anonymous Coward | about 5 months ago | (#46425075)

Innovation on Android first. How long until Apple has a Shake & Bake malware kit? Two years? Three? Never?

Less Intelligent? (3, Insightful)

jawnah (1022209) | about 5 months ago | (#46425097)

This would appear to be a solution marketed to the less intelligent software developers and schemers. The tool's "dashboard" is hosted by the tool creators. Let me help you out: You do all the work of baking our toolkit into your stuff and, at some random point in the future, we'll take the client off your hands at no charge.

Re:Less Intelligent? (2)

IamTheRealMike (537420) | about 5 months ago | (#46426749)

Such tools have been around for a long time in the Windows world. The reason is division of labour. One of the dirty secrets about malware that lots of people hate to hear is that vast quantities of it get in through people pirating software and movies (which demand special "codecs"). After all why bother finding zero day exploits when you can just bind your malware to a Photoshop crack and watch hundreds of thousands of people come to you?

The opportunity is so vast that the black market divided into different job categories. There were the spammers who would buy bots from bot bot herders. The herders would buy "installs" of their bots from installers. The installers would buy binders from binder developers, obtain cracked versions of popular programs, use the binders to join the bots with the apps and then upload them to torrent sites. The installers weren't programmers so binders needed point and click GUIs, but that's OK, the value add they provided was knowing how to get around the blocks the torrent sites tried (uselessly) to put in place to stop this, along with simple brute force of numbers.

Often binders would also be combined with tools called crypters, which do what you'd expect, they just polymorphically encrypt the newly bound crack+app. Crypter developers competed based on how "FUD" their product was (fully undetectable). When AV companies learned to spot their decryption stubs, they'd modify it a bit and release a new version.

I watched this market for a little while a few years ago which is how I know all this lingo. It appeared to be a large and thriving industry. All driven by the greed of pirates.

So buy our anti-virus software! (4, Insightful)

THE_WELL_HUNG_OYSTER (2473494) | about 5 months ago | (#46425169)

See! See why we're important! You need to buy our software, and quickly!

App signing hack? (1)

Anonymous Coward | about 5 months ago | (#46425277)

Looks like Dendroid takes advantage of the broken app signing bug present in 99% of current Android devices that has existed for 4 years and that for most a-devices will never be patched.
Definition of "open"!

That is why we need One Way Internet Communication (2)

0PII (3566429) | about 5 months ago | (#46425439)

If we would have an Android service that would allow only downloads but not uploads, users would not accept so easily apps with Full Network Access Permissions. Coincendantly I am working at a sollution. Please excuse the shameless ad here: https://www.kickstarter.com/pr... [kickstarter.com]

Re:That is why we need One Way Internet Communicat (1)

Parker Lewis (999165) | about 5 months ago | (#46426759)

But how about the selfies? :P

Re:That is why we need One Way Internet Communicat (0)

Anonymous Coward | about 5 months ago | (#46427677)

Technically though, you "upload" your request to the internet.
typing in google.com uploads a request packet through you>ISP>...>google server

Without the ability to upload, there is no way to know that you are requesting to view a page/download an app.

Computers make our lives easier (0)

Anonymous Coward | about 5 months ago | (#46425465)

This is so nice that someone would go through the trouble of making the lives of malware creators so much easier.

We truly live in a wondrous time.

When I was a kid, people used to create malware BY HAND! It used to take days or weeks to make one.

Not really big news (2)

steveha (103154) | about 5 months ago | (#46425807)

The biggest part of this story is that it is now easier to make a trojanized version of a legit app. But it has been possible from day one.

Android apps are written in Java, and Java bytecodes can be decompiled into something remarkably similar to the original source code. Then the source code can be edited and complied back to an app. Hey presto, you have a hacked up version of the app.

http://stackoverflow.com/questions/12370326/decompile-an-apk-modify-it-and-then-recompile-it [stackoverflow.com]

But -- and this is important -- the person using this attack has no way to sign the malware with the same signing key as the upstream source of the original, legit app. This means that it is much harder to trick someone into running the malware.

So, if you get an app from the Google Play store, and later someone tries to overwrite your app with a new build that is malware-infected, Android will refuse to install the new app, because the signing key isn't identical.

http://developer.android.com/tools/publishing/app-signing.html [android.com]

So, if a user gets an email with an attached "free" version of an app that normally costs money, and that user has not previously installed the legit version of the app, and that user sideloads the malware version, then that user will have malware on his/her Android device.

So, as usual, it's easy to protect yourself: get apps from the Google Play store, and don't sideload apps unless you are certain they are clean.

For that matter, if you are browsing the Google Play store and you see an app that has only been up for a day, and claims to be a miraculously free version of a payware app... just say no.

Terminal infection... (-1)

Anonymous Coward | about 5 months ago | (#46425817)

Android is a infested cesspool of an operating system. Every single copy has serious malware and thousands of new threats are made everyday... Hopeless.

Re:Terminal infection... (1)

mlw4428 (1029576) | about 5 months ago | (#46427147)

Every copy has malware? Do you have any sort of way of confirming that every single Android device ever made has malware on it? I don't think you understand security and likely you don't understand much at all, but such is the mark of the AC.

Now Android can get that last 1% of all malware... (1)

gig (78408) | about 5 months ago | (#46426779)

and get to 100% of all malware FTW.

Am I the only one? (0)

Anonymous Coward | about 5 months ago | (#46426899)

Is anyone else hoping these malware kits are double agents? That is, that the malware writing utility actually produces malware that doesn't work quite right, is easy to defeat, and quietly phones home to identify the miscreant who purchased the software, and then screws up his or her machine... maybe comes with a KP payload and then phones the FBI with the machine's information, IP address, MAC address, any personal information on the machine, etc. etc. etc.

Oh, in a perfect world... :-)

Unless of course this is just a scare tactic... which it could easily be. Follow the money.

Insert free advert for Symantec (1)

DTentilhao (3484023) | about 5 months ago | (#46426917)

"A new commercial tool designed to allow cybercriminals to easily transform legitimate Android applications into malicious software has hit the underground market .. Symantec said Wednesday in a blog post"

Android is #1! (0)

Anonymous Coward | about 5 months ago | (#46427359)

WhooHoo!

Not New (1)

bmxer4130 (2921457) | about 5 months ago | (#46430729)

This isn't new at all and can easily be found on GitHub.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...