New Android Malware Robs Bandwidth For Fake Searches

adeelarshad82 writes "We've been hearing about various Android malware spreading through the Chinese markets. Well, here's another one to look out for: meet ADRD (aka Trojan:Android/Adrd.A) which is expert in sucking your bandwidth. The malware downloads a list of search URLs and then performs those searches at random in the background, which as the screen shots [in the linked article] show leads to excessive data charges. Similar to other Android malware this too is distributed through wallpapers which are infected repackaged versions of legit wallpapers." Adds reader Trailrunner7: "Lookout, a mobile security vendor, said it has identified 14 instances of the malware repackaging itself in various wallpaper apps and specifically in the popular game RoboDefense, made available in alternative application markets. The trojan works by duping an infected app into sending encrypted data containing the device’s IMEI and IMSI to a remote host. HongTouTou then receives a set of search engine target URIs and search keywords to send as queries. It then uses these keywords to emulate search processes, creating searches in the search engine yielding the top results for those keywords and clicking on specific results. To the search engine, the searches appear to be coming from a mobile user using a mobile web browser with User-Agent corresponding to the UCWeb browser."

Re:So remind me again...

[clang_jangle]

If you're a registered iOS dev you have a CC on file with Apple. Doesn't make it impossible for malware authors, but it appears to raise the bar enough. No-one wants to pay Apple just to end up banned for shenanigans.
I still feel my Blackberry is the best device for security, but then we're pretty much all forced to use relatively insecure networks so maybe it's not the biggest deal.

Re:So remind me again...

[willy_me]

The other alternative would be if the OS asked for user permission before an application could access the internet (just one time, not every time).

Not very effective because almost all applications use the internet - at least a little. What would be good is if the application made a request to use the internet and provided an estimated maximum amount used in the dialog. For example, screensaver X requests to use the internet and estimates that it will use under 2MB per month. Now the user knows more about what is happening and the OS can ensure the app does not break it's promise. Advanced settings might even allow the user to restrict the application to specific domains.

While this does not offer a complete solution, it would help prevent apps from running up usage charges.

Amen!

[Weezul]

It's all downhill for iOS from here on. Jobs will kick the bucket ending both the reality distortion field and Apple's market responsiveness.

Android will gradually take most developers and users by virtue of being "just open enough", much like Windows. We've even got Blackberry going for Android apps, ala Dr. DOS. A behemoth spewing a billion dollars on marketing and payola pushing their unwanted child called WP7 (OS2). And we'll all end up running MeeGo (Linux) on phones originally designed to run Android.

Imho, we should continue pushing for MeeGo on the phone because the whole Android plus Debian on a dual core phone sounds silly & slow, well plus Maemo has a better user interface and better phone functionality than Android. (gsm, sip, and skype calls are integrated)

ROMs are a bigger threat

[bobbutts]

Just a note is that a large percent of the geek population is trusting ROMs with full root access. Just internet access for some sandbox app is small potatoes. Here's an example of a "good" developer making a simple mistake with their ROM http://www.droidforums.net/forum/liberty-rom-d2/125447-so-who-just-had-their-phone-taken-control-liberty-1-5-a.html [droidforums.net] Imagine what a malicious developer could accomplish.

FOSS

[Anonymous Coward]

This is where you dumb fuck fosstards get what's coming to you.