Tag Archives: Android

This Hack Lets You Run Any Android App on Your Chromebook

image

Using a small JavaScript script, the hack, which is detailed in full on GitHub, allows any regular Android APK to be packaged up and, for want of a better term, side-loaded onto a Chromebook. It can then be run under the Android App Runtime in the same way as the ‘official’ Vine, Dulingo and Evernote. 

Restrictions mean that only one Android app can be run at a time.

To watch a Youtube video demonstration and the full original story follow this link to OMG Chrome.

Try It Out

If the thought of waiting for Google to partner up with the maker of your favourite app, game or utility is too much to bear, you could don your hard hat and try it out for yourself.

But be warned: it’s not a guide for the fainthearted or the technically averse. The developer behind the hack,
Vladikoff, cautions that his tool is for ‘proof of concept’ and is provided without any kind of warrant or assurance. The hack is also not endorsed by Google, Chromium or Android.

To follow along you’ll need a Chromebook with the Android Runtime plugin installed, the Android Vine app (which will be replaced during the course of the guide) and an OS X or Linux desktop from which to ‘package’ your app.

Applications tested and said to be working include Twitter, both tablet and mobile modes, and Flipboard (which was demoed running on a Chromebook at Google I/O).

Other apps tested but that crash include Google Chrome for Android (!), Spotify, SoundCloud and Swing Copters.

You can find more details and a download for the script on the project’s GitHub page, linked below.

‘Run Android APKs on Chromebooks’ Guide

Advertisements

Android adware can install itself even when users explicitly reject it

image

A while back, Ars reported on newly discovered Android adware that is virtually impossible to uninstall. Now, researchers have uncovered malicious apps that can get installed even when a user has expressly tapped a button rejecting the app.

The hijacking happens after a user has installed a trojanized app that masquerades as an official app available in Google Play and then is made available in third-party markets. During the installation, apps from an adware family known as Shedun try to trick people into granting the app control over the Android Accessibility Service, which is designed to provide vision-impaired users alternative ways to interact with their mobile devices. Ironically enough, Shedun apps try to gain such control by displaying dialogs such as this one, which promises to help weed out intrusive advertisements.

From that point on, the app has the ability to display popup ads that install highly intrusive adware. Even in cases where a user rejects the invitation to install the adware or takes no action at all, the Shedun-spawned app uses its control over the accessibility service to install the adware anyway.

“Shedun does not exploit a vulnerability in the service,” researchers from mobile security provider Lookout wrote in a blog post published Thursday morning. “Instead it takes advantage of the service’s legitimate features. By gaining the permission to use the accessibility service, Shedun is able to read the text that appears on screen, determine if an application installation prompt is shown, scroll through the permission list, and finally, press the install button without any physical interaction from the user.”

For a video demonstration and the original story follow this link to Ars Technica.

As previously reported, Shedun is one of several families of adware that can’t easily be uninstalled. That’s because the apps root the device and then embed themselves into the system partition to ensure they persist even after factory reset. Lookout refers to them as “trojanized adware” because the end goal of this malware is to install secondary applications and serve aggressive advertising.

The ability to use social engineering to hijack the Android Accessibility Service is yet another sign of the creativity and ingenuity put into this new breed of apps. As always, readers are reminded to carefully weigh the risks and benefits of using third-party app markets. They should also remain highly suspicious of any app that asks for control of the Android Accessibility Service.

Yes, Google can remotely reset Android passcodes, but there’s a catch

image

Newer Android phone and tablet owners aren’t affected, but it does say something about Android’s fragmentation of device security.

The one-sided encryption debate continues. Now, it’s being used as a tool to spread what’s commonly known as “fear, uncertainty, and doubt.”

If you ventured to Reddit, you might have read a startling claim by the Manhattan district attorney’s office, who last week released a report into smartphone encryption and public safety.

It reads [PDF]:

“Google can reset the passcodes when served with a search warrant and an order instructing them to assist law enforcement to extract data from the device. This process can be done by Google remotely and allows forensic examiners to view the contents of a device.”

But there’s a problem: that’s only half of the story. And while it’s true, it requires a great deal more context.

The next few lines read:

“For Android devices running operating systems Lollipop 5.0 and above, however, Google plans to use default [device] encryption, like that being used by Apple, that will make it impossible for Google to comply with search warrants and orders instructing them to assist with device data extraction.”

If you thought you heard that before, that’s because you have.

Google, which develops Android, said in its “Lollipop” 5.0 upgrade two years ago it would enable device encryption by default, which forces law enforcement, federal agents, and intelligence agencies to go to the device owner themselves rather than Google.

This so-called “zero knowledge” encryption — because the phone makers have zero knowledge of your encryption keys — also led Apple to do a similar thing with iOS 8 and later. Apple now has 91 percent of its devices using device encryption.

However, there was some flip-flopping on Google’s part because there were reports of poor device performance. Eventually, the company said it would bring device encryption by default to its own brand of Nexus devices. Then, it said that its newest “Marshmallow” 6.0 upgrade will enable device encryption by default.

It took a year, but Google got there in the end

The US government, and its law enforcement and prosecutors were concerned. They have argued that they need access to device data, but now they have to go to the very people they are investigating or prosecuting.

Only a fraction of Android devices, however, are protected.

According to latest figures, only 0.3 percent of all Android devices are running “Marshmallow” 6.0, which comes with device encryption by default. And while “Lollipop” 5.0 is used on more than one-quarter of all Android devices, the vast majority of those who have device encryption enabled by default are Nexus owners.

To read more and the original story follow this link to ZD Net.

Chinese Marketing Firm Spreads Adware to Promote Its App Portfolio

image

A Chinese company that markets itself as a mobile app promoter has been cheating its clients by deploying adware to install their apps on unsuspecting victims.

The company, named NGE Mobi/Xinyinhe, activating in China and Singapore, has been using popular apps, repackaged with the malicious adware code, which it distributes through unofficial Android app stores.

When users install these apps on their smartphones, the adware comes to life, collects information about the device, sends it to a C&C server, and then waits for new commands.

The adware can gain root access and boot persistence

When the server answers, the app moves to install a root backdoor and a series of system daemons that allow it to survive system reboots.

Here is where the fun begins, because once the adware is firmly implanted on the victim’s phone, it starts serving apps and ads, all from NGE Mobi/Xinyinhe’s portfolio.

As FireEye found out in their research, most of the times pornographic apps and ad interstitials are displayed on the user’s home screen, all harmless but very annoying.

Currently, the adware has been found on Android versions ranging from 2.3.4 to 5.1.1. with the most infected users in countries like Russia, China, Brazil, Argentina, Egypt, Spain, France, Germany, Sweden, Norway, Saudi Arabia, Indonesia, India, the UK, and the US.

The NGE adware campaign was first observed in August and has grown at a constant pace ever since.

image

The adware can be hijacked to deliver more dangerous malware

What’s even worse, as FireEye researchers point out, is that the adware’s creators were extremely careless when they put together the malicious code.

Because the C&C server communications are carried out via blind HTTP channels, a second attacker could easily intercept these transmissions.

Since the adware gains root privileges and boot persistence over all infected devices, another attacker could use this to serve much more dangerous apps compared to silly adult apps and ads.

The first example that comes to mind is when the second attacker adds infected phones to a botnet and uses them to carry out DDOS attacks. Worse scenarios are when attackers decide to go snooping through your private pictures or install ransomware on your phone.

For more information and more photos follow this link to Softpedia

New Android Malware Sprouting Like Weeds

image

Information stored on an Android smartphone or tablet is vulnerable to almost 4,900 new malware files each day, according to a report G Data SecurityLabs released Wednesday.

Cybercriminals’ interest in the Android operating system has grown, the firm’s Q1 2015 Mobile Malware Report revealed.

“The report suggests that Android devices are becoming a bigger target for the bad guys and more profitable than in previous years,” said Andy Hayter, security evangelist for G Data.

The number of new malware samples in the first quarter increased 6.4 percent (440,267) from the fourth quarter of last year (413,871). The number of malware strains rose by 21 percent compared with the first quarter of 2014 (316,153).

More than 2 million new Android malware strains are likely to surface this year, G Data security predicted.

Just the Start

The 2 million figure is very realistic, due to the increasing use of Android devices for banking and shopping online, G Data suggested.

“The report shows that the OS has a bigger market share than the others, and thus is more interesting to security researchers and malware authors alike. Also, a lot of vendors offer Android devices varying in quality standards, but that is not a problem of the OS itself, but rather of the vendor in question,” Hayter told LinuxInsider.

Google introduced premium SMS Checks last year. After that, the malware models started to spread out, he noted.

“Before that time there were a few very active malware families, such as SMS FakeInstaller,” Hayter said. “Since then there are lots of small families.”

Financially Motivated

At least 41 percent of consumers in Europe and 50 percent in the U.S. use a smartphone or tablet for their banking transactions. Plus, 78 percent of Internet users make purchases online.

The new malware files have a financial foundation, according to the G Data report. At least half of all Android malware now in circulation includes banking Trojans, SMS Trojans and similar malware components.

The actual percentage of malware-infected Android apps easily could be higher, the researchers warned. They only studied malware with a direct financial purpose — many other types of cases might exist.

For example, a malware program might install apps or steal credit card data as an additional process after a payment is made. Because that type of malware would not seem to be financially motivated, it would not have been included in the report’s statistics.

Thin Dividing Line

Free Android apps offer particularly attractive attack vectors to cybercriminals. Many apps, especially free apps, rely on advertising to fund their development.

Bad apps can hide themselves in the background or conceal functions from users. Bad apps also can send legitimate apps’ data to additional advertising networks.

Apps that do such things — like programs running on PC OSes — are called “Potentially Unwanted Programs,” or PUPs. The report categorizes such apps as adware, noting that they often hide in manipulated or fake apps that are installed from sources other than the Google Play Store.

Malware Magnet

Android is a derivative of Linux, an operating system generally considered less likely to be targeted by viruses and malware. However, Android is less rigorous and less secure than other mobile platforms, said Rob Enderle, principal analyst at the Enderle Group.

“There is much more sideloading, which means there is a far easier path to getting viruses on Android devices than any other mobile platform,” he told LinuxInsider.

Google historically has been less focused on security and customer satisfaction than firms that are more closely tied to user revenue, Enderle said. Another reason for Android’s vulnerability is that mobile platforms generally don’t run security software.

Historically, they have been somewhat protected because of their tight ties to curated stores, “but now that smartphones have PC-like performance, they are becoming a magnet for malware,” noted Enderle.

“Google’s lack of focus on this problem, reminiscent of Microsoft’s similar mistake in the late 1990s — which resulted in their having to rethink their OS and create Windows XP — has created a massive exposure for Android users,” he said.

To read more follow this link to Linux Insider.

Vsenn is a modular smartphone with triple layer encryption

image
Image via TechSpot

Google’s Project Ara hopes to free users from the yearly upgrade cycle that exists in the smartphone world. With the ability to swap out or upgrade various components of your smartphone, the goal is to reduce waste while also reducing the cost of always having the latest mobile hardware in your pocket. Now, Ara has some competition in the form of security conscious Vsenn, which wants to do something similar along with three layers of encryption.

Engadget points to the Vsenn website, which states that the company was co-founded by an unnamed former Nokia Android X program manager. The site promises modular hardware when it comes to your phone’s camera, battery, processor, and RAM as well as guaranteed Android updates for four years and customization via swappable back covers. The real clincher is that all of your data is protected with triple layer encryption and users have free access to a VPN network and secure cloud service.

For a lot of people, their smartphone is a key to their digital life. With access to everything from email and banking information to hundreds or thousands of photos, the prospect of losing that device or it falling into the wrong hands can be a scary thought. That’s why devices like Vsenn or the BlackPhone (which was shown off at MWC earlier this year and encrypts calls, emails texts, and browsing) garner so much attention.

No word on when consumers can get their hands on a Vsenn phone, but the company has already confirmed that the first of its devices will have a 4.7-inch 468.7 PPI display and will measure 124 x 63 x 8.9 mm. So just a little shorter and narrower and slimmer than the 2013 Moto G.

For more information and the original story follow the source link below.

Source: mobilesyrup

Android SMS worm Selfmite returns, more aggressive than ever

image

A new version of an Android worm called Selfmite has the potential to ramp up huge SMS charges for victims in its attempt to spread to as many devices as possible.

The first version of Selfmite was discovered in June, but its distribution was quickly disrupted by security researchers. The worm—a rare type of malware in the Android ecosystem—spread by sending text messages with links to a malicious APK (Android Package) to the first 20 entries in the address book of every victim.

The new version, found recently and dubbed Selfmite.b, has a similar, but much more aggressive spreading system, according to researchers from security firm AdaptiveMobile. It sends text messages with rogue links to all contacts in a victim’s address book, and does this in a loop.

“According to our data, Selfmite.b is responsible for sending over 150k messages during the past 10 days from a bit more than 100 infected devices,” Denis Maslennikov, a security analyst at AdaptiveMobile said in a blog post Wednesday. “To put this into perspective that is over a hundred times more traffic generated by Selfmite.b compared to Selfmite.a.”

At an average of 1,500 text messages sent per infected device, Selfmite.b can be very costly for users whose mobile plans don’t include unlimited SMS messages. Some mobile carriers might detect the abuse and block it, but this might leave the victim unable to send legitimate text messages.

Unlike Selfmite.a, which was found mainly on devices in North America, Selfmite.b has hit victims throughout at least 16 different countries: Canada, China, Costa Rica, Ghana, India, Iraq, Jamaica, Mexico, Morocco, Puerto Rico, Russia, Sudan, Syria, USA, Venezuela and Vietnam.

The first version of the worm used goo.gl shortened URLs in spam messages that pointed to an APK installer for the malware. Those URLs were hardcoded in the app’s code, so once they were disabled by Google, the operator of the goo.gl URL shortening service, Selfmite.a’s distribution stopped.

The worm’s authors took a different approach with the new version. They still use shortened URLs in text messages—this time generated with Go Daddy’s x.co service—but the URLs are specified in a configuration file that the worm downloads periodically from a third-party server.

“We notified Go Daddy about the malicious x.co URLs and at the moment both shortened URLs have been deactivated,” Maslennikov said. “But the fact that the author(s) of the worm can change it remotely using a configuration file makes it harder to stop the whole infection process.”

The goal of Selfmite is to generate money for its creators through pay-per-install schemes by promoting various apps and services. The old version distributed Mobogenie, a legitimate application that allows users to synchronize their Android devices with their PCs and to download Android apps from an alternative app store.

Selfmite.b creates two icons on the device’s home screen, one to Mobogenie and one to an app called Mobo Market. However, they act as Web links and clicking on them can lead to different apps and online offers depending on the victim’s IP (Internet Protocol) address location.

Fortunately, the worm’s distribution system does not use exploits and relies only on social engineering—users would have to click on the spammed links and then manually install the downloaded APK in order for their devices to be infected. Furthermore, their devices would need to be configured to allow the installation of apps from unknown sources—anything other than Google Play—which is not the default setting in Android. This further limits the attack’s success rate.

Source: Network World

Android Browser flaw a “privacy disaster” for half of Android users

image

Bug enables malicious sites to grab cookies, passwords from other sites.

A bug quietly reported on September 1 appears to have grave implications for Android users. Android Browser, the open source, WebKit-based browser that used to be part of the Android Open Source Platform (AOSP), has a flaw that enables malicious sites to inject JavaScript into other sites. Those malicious JavaScripts can in turn read cookies and password fields, submit forms, grab keyboard input, or do practically anything else.

Browsers are generally designed to prevent a script from one site from being able to access content from another site. They do this by enforcing what is called the Same Origin Policy (SOP): scripts can only read or modify resources (such as the elements of a webpage) that come from the same origin as the script, where the origin is determined by the combination of scheme (which is to say, protocol, typically HTTP or HTTPS), domain, and port number.

The SOP should then prevent a script loaded from http://malware.bad/ from being able to access content at https://paypal.com/.

The Android Browser bug breaks the browser’s handling of the SOP. As Rafay Baloch, the researcher who discovered the problem found, JavaScript constructed in a particular way could ignore the SOP and freely meddle with other sites’ content without restriction.

This means that potentially any site visited in the browser could be stealing sensitive data. It’s a bug that needs fixing, and fast.

As part of its attempts to gain more control over Android, Google has discontinued the AOSP Browser. Android Browser used to be the default browser on Google, but this changed in Android 4.2, when Google switched to Chrome. The core parts of Android Browser were still used to power embedded Web view controls within applications, but even this changed in Android 4.4, when it switched to a Chromium-based browser engine.

But just as Microsoft’s end-of-life for Windows XP didn’t make that operating system magically disappear from the Web, Google’s discontinuation of the open source Browser app hasn’t made it disappear from the Web either. As our monthly look at Web browser usage shows, Android Browser has a little more real-world usage than Chrome for Android, with something like 40-50 percent of Android users using the flawed browser.

The Android Browser is likely to be embedded in third-party products, too, and some Android users have even installed it on their Android 4.4 phones because for one reason or another they prefer it to Chrome.

Google’s own numbers paint an even worse picture. According to the online advertising giant, only 24.5 percent of Android users are using version 4.4. The majority of Android users are using versions that include the broken component, and many of these users are using 4.1.x or below, so they’re not even using versions of Android that use Chrome as the default browser.

Baloch initially reported the bug to Google, but the company told him that it couldn’t reproduce the problem and closed his report. Since he wrote his blog post, a Metasploit module has been developed to enable the popular security testing framework to detect the problem, and Metasploit developers have branded the problem a “privacy disaster.” Baloch says that Google has subsequently changed its response, agreeing that it can reproduce the problem and saying that it is working on a suitable fix.

Just how this fix will be made useful is unclear. While Chrome is updated through the Play Store, the AOSP Browser is generally updated only through operating system updates. Timely availability of Android updates remains a sticking point for the operating system, so even if Google develops a fix, it may well be unavailable to those who actually need it.

Users of Android 4.0 and up can avoid much of the exposure by switching to Chrome, Firefox, or Opera, none of which should use the broken code. Other third-party browsers for Android may embed the broken AOSP code, and unfortunately for end users, there’s no good way to know if this is the case or not.

Update: Google has offered the following statement:

We have reviewed this report and Android users running Chrome as their browser, or those who are on Android 4.4+ are not affected. For earlier versions of Android, we have already released patches (1, 2) to AOSP.

Source: Ars Technica

These paintings require a smartphone to be viewed properly

image

Too many people seem to think they can’t see an artwork properly unless it’s viewed through a smartphone lens. The formerly contemplative, tech-free spaces of art galleries and museums have become hubs of annoying photo-snapping and Instagramming adults.

Brooklyn-based conceptual artist J. Robert Feld finds this alarming. “People rush through a museum, like a scavenger hunt, capturing images in their devices, as if that’s an appropriate substitute for pausing and contemplating the work,” he tells Co.Design.

To explore our phone-induced disconnection, Feld created a painting series that requires that you view it through a smartphone camera–in order to see it properly. In Mondrian Inverted: The Viewer Is Not Present, Feld faithfully reproduced Dutch painter Piet Mondrian’s abstract geometric compositions–but inverted their color schemes. White stripes turn black; red becomes teal; deep blues become ochre. The inverted paintings look oddly familiar but somehow off. But when you look at them through the inverted color function on your iPhone or Android phone, the colors flip back, and the composition appears as Mondrian originally painted it.

image

“The paintings themselves aren’t the work: The act of looking through the phone and seeing the painting appear more real and recognizable on the screen than on the wall in front of you is the concept of the series,” Feld says. This sense of hyperreality, something we’ve all experienced when staring at screens, is what Feld intentionally incorporates into painting. He’s making a point, of course, about our disconcertingly slight and double-time way of seeing. “The experience of looking through the smartphone is more pleasurable than simply looking at the painting directly,” Feld says. The concept might seem gimmicky at first, but it’s a wry comment on the device addiction that we all to some extent suffer from.

But why Mondrian? Feld chose Mondrian because of its universal appeal and familiarity. And although Mondrian died virtually unknown and penniless, his style–characterized by primary colors wedged in by black lines on an X and Y-axis–is universally recognizable to the art-touring masses. “It’s the Helvetica of modern art,” Feld says. “You don’t need an MFA to understand what I’m conveying; you just need a smartphone.”

Here’s how to invert the paintings in the slide show above:

To invert on iOS: Settings > General > Accessibility > Accessibility Shortcut > Invert Colors.

To invert on a Mac: System Preferences > Accessibility >Display > Invert Colors.

For more photos follow the source link below.

Source: Fast Company

Android malware tool iBanking commands $5000 price for attackers

image

Evolving malicious tool adopts service model, grows increasingly complex

The market for malware tools is expanding, including the purchase of pre-made tools for a hefty fee from underground developers. One such tool aimed at Android, iBanking, promises to conduct a number of malicious actions including intercepting text messages, stealing phone information, pulling geolocation data and constructing botnets with infected devices. All it would cost to obtain the program is $5000, even after its source code leaked earlier in the year.

The iBanking malware has evolved from simply being able to steal SMS information, but has grown to be a much larger Trojan tool for would be data thieves. Applications injected with the iBanking code have hit the marketplace costumed as legitimate banking and social media apps as a way for users to be convinced to use them.

The apps often appear to users who have already been infected on desktop machines, prompting them to fill in personal information which then leads to an SMS message with a download link. Once the app is downloaded and installed, it begins feeding information to the attacker.

According to Symantec the tool is “one of the most expensive pieces of malware” the company has seen, especially for one with that sets up a service business. Other malware applications have paved the way for things like customer support and HTML control panels, but not at such a high price.

Part of the larger problem with iBanking is that it resists most attempts to reverse engineer the software, giving it a better strength against those trying to craft similar tools says an article from Ars Technica. iBanking uses encryption and code obfuscation to hide the commands and actions it carries out. This prevents researchers from breaking down the process of the malware, as well as keeping others from using the code to clone more software.

Source: Electronista