Security researchers from Russian firm Doctor Web have come across a new Android Trojan they call Android.DDoS.1.origin. The piece of malware can be used for various malicious tasks, including to launch distributed denial-of-service (DDOS) attacks and to send SMS messages.

For the time being, it’s uncertain how the Trojan is distributed, but experts believe the cybercriminals might be disguising it as a legitimate Android application.

Once it’s installed on a smartphone, the malware creates a fake Google Play icon on the desktop. When executed, this shortcut opens the real Google Play in order to avoid raising any suspicion.

After being executed, the Trojan connects to a remote server, sends it the victim’s phone number, and waits for further SMS commands.

The masterminds of Android.DDoS.1.origin can send various SMS commands. One of them orders the infected device to start sending out packets to a certain server, basically launching a DDOS attack against it.

While this only affects the phone’s performance, there are other activities that can be done by this threat. For instance, the cybercriminals can order the device to start sending out SMS messages to certain numbers.

These SMSs can be used to sign up the victim for premium mobile services or they can be utilized to send out spam.

Messages can also be sent to premium rate numbers, inflating the victim’s phone bill and implicitly filling the fraudsters’ pockets.

“Activities of the Trojan can lower performance of the infected handset and affect the well-being of its owner, as access to the Internet and SMS are chargeable services. Should the device send messages to premium numbers, malicious activities will cost the user even more,” experts noted.

Doctor Web has updated its products to ensure that its customers are protected against this threat.

Summary: Malware makers are turning to quite sophisticated tricks to disguise the true purpose of rogue applications.

Security firm F-Secure have released details on how Android malware makes use of steganography to hide the control parameters for rogue code.

First, what is steganography? It’s the technique of hiding messages within something else, in this case, an icon file.

F-Secure first suspected that Android malware was making use of steganography when researchers came across this line of code:


Further digging revealed more code, and it soon became clear that the image file being referenced here was the icon file bundled with the rogue application:


So what’s this hidden information used for? It’s used to control how and when premium rate SMS messages are sent from the victim’s handset, which, as far as the bad guys are concerned, is the primary purpose of the rogue application.

You’ve got to admit, that’s a pretty clever use of steganography.

It's been more than a month since researchers reported two serious security vulnerabilities in Android, but so far there's no indication when they will be purged from the Google-spawned operating system that's the world's most popular smartphone platform.

The first flaw allows apps to be installed without prompting users for permission. The permission-escalation vulnerability permits attackers to surreptitiously install malware in much the way a proof-of-concept exploit researcher Jon Oberheide published last year did. In that case, an app he planted in the Android Market and disguised as an expansion pack for the Angry Birds game secretly installed three additional apps that without warning monitored a phone's contacts, location information and text messages so data could transmitted to a remote server.

“The Android Market ecosystem continues to be a ripe area for bugs,” Oberheide wrote in an email. “There are some complex interactions between the device and Google's Market servers which has only been made more complex and dangerous by the Android Web Market.”

The second bug resides in the Linux kernel where Android originates and makes it possible for installed apps with limited privileges to gain full control over the device. The vulnerability is contained in code device manufacturer have put into some of Android's most popular handsets, including the Nexus S. The bug undermines the security model Google developers created to contain the damage any one application can do to the overall phone.

Oberheide and fellow researcher Zach Lanier plan to speak more about the vulnerabilities at a two-day training course at the SOURCE conference in Barcelona in November. In the meantime, they put together a brief video showing their exploits in action.



One of the hopes for Android a few years back was that it would be a viable alternative to Apple's iOS, both in terms of features and security. With the passage of time, the error of that view is becoming harder to ignore. And if i'm not wrong, Google developers have updated Android just 16 times since the OS debuted in September 2008. The number of iOS updates over the same period is 29.

It's a far cry from the approach Google takes with its Chrome browser, which is updated frequently, and has been known to release fixes for the Flash Player before they're even released by Adobe.

Even more telling, when a new version of iOS is released, it's available almost immediately to any iPhone user with the hardware to support the upgrade. Android users, by contrast, often wait years for their phone carriers to supply updates that fix code execution vulnerabilities and other serious flaws.

Owners of the Motorola Droid, for instance, are stuck running Android 2.2.2 even though that version was released in May 2010 and contains a variety of known bugs that allow attackers to steal confidential data and remotely execute code on handsets the run the outdated version.

Oberheide has more here.