While Google Play “Android market” has certainly become more accurate in weeding out malware apps, the Android platform as a whole is still quite plagued by these attacks.  The newest malware nuisance comes to us as a fake version of “Instagram”. Recently the real version hit the market, to much anticipation, and shortly after this fake version showed up to seize the opportunity.

At first glance, it looks like the real version for Android, but in all reality it just reads your SMS messages and has the potential to collect personal data and install additional malware onto your phone.

Many reports say that it doesn’t really work as well as Instagram should, so if you find that your copy is acting weird, might not be a bad idea to uninstall it and make sure you get it from Google Play. Basically, the best protection here is to avoid using 3^rd party app marketplaces that serve you the apk files directly, unless you highly trust them or are willing to take the risk of malware issues.
[ source ]

The post Malware Alert: Fake Instragram App On Android appeared first on Mobile Magazine.

Once installed it gives a remote Command and Control server the ability to send SMS messages, make calls, and download new apps that might cause further damage to your phone (or tablet). According to NQ, there is likely already up to 160,000 devices affected by the malware. The direct reason for the existence of UpdtBot is unknown, but you can pretty much bet that making money is at the root of whatever is behind it.

While Android does have its major security flaws that are exclusive to Google’s platform (many more than Windows Phone or iOS), let’s be fair. These kinds of text/email viruses and malware have been around for other platforms, such as Windows, for well over a decade and honestly could probably happen just as easily with other mobile operating systems. The frustrating part is that a little common sense is generally all that is needed to avoid these kinds of scams, regardless the platform. Think about it, is it really still 2001? What kind of modern phone OS uses text messages like this for legitimate updates? None that I know of, but I could be wrong.

Never download anything from SMS, never from email, and always check the permissions that are being used by an app. A little research before downloading anything can save you time, frustration and even money.

[ source ]

The post New SMS Malware Arrives On Android Disguised As A System Update appeared first on Mobile Magazine.

That’s why Google has come forward to announce a new service called “Bouncer” just days after Symantec’s announcement of a major malware infection found in some Android apps.  Yeah, Android Market is the hippest night club in town and it’s not going to put up with belligerant drunks and would-be thieves. Get out, buddy. You don’t have to go home, but you can’t stay here.

In a nutshell, Bouncer will scan developer accounts automatically and look for “potentially malicious software without disrupting the user experience.” It also “looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags.” If it finds some bad stuff, it gives that app (and presumably the developer) the boot out of the door, thereby protecting us Android users from the bad guys.

Let’s just hope that Google’s Bouncer isn’t like its Goliath-sized non-digital counterparts where you can just slip them some green to get in the club.

[ source ]

The post Google Ups Security with Bouncer for Android Market appeared first on Mobile Magazine.

We know Apple has a strangle hold on which apps make it to the App Store. That’s why Google is preferred by many developers since their apps have more of chance to see the light of day on Android Market. But this freedom appears to have helped malware makers as well. According to Symantec, millions of Android devices have been infected by malicious chunks of code called Android.Counterclank.

Calling it the largest Android malware infection ever, Security software vendor Symantec has discovered 13 apps from three developers (iApps7, Ogre Games and redmicapps) which are carrying the Android.Counterclank spyware which is technically a trojan and is a minor modification of Android.Tonclank. Some of these apps have been available on Android Market for at least a month.

The malware is capable of receiving remote commands without your knowledge and can steal information from your device. According to Symantec, it has infected between 1 million and 5 million Android devices so far.

The list of apps (posted below) which carry the bug includes games such as Counter Elite Force and CounterStrike Hit Enemy, and naughty titles such as Pretty women lingerie puzzle.

If you have a doubt whether an application, which is not in the above list, is infected with the trojan, you can check by seeing whether a service with the same name is running at once when you open the app. It can also be detected by looking for an added Search icon above your home screen. According to one user who installed Deal & Be Millionaire, “the game is decent … but every time you run this game, a search icon gets added randomly to one of your screens. I keep deleting the icon, but it always reappears. If you tap the icon you get a page that looks suspiciously like the Google search page“.

If there is an infected app on your device, we encourage you to uninstall it and/or reboot your device entirely back to stock.

Some of the malicious apps have already been removed from the Android Market but we are waiting for an official comment from Google.  In the meantime, we have contacted the developers for a response.

The post Biggest Android Malware Infection Ever, Says Symantec appeared first on Mobile Magazine.

Within all the barcode readers, music players and games on the market for Android software, beware, there may be apps that steal your online banking credentials and infect your phone.

Last year Google had to remove about 1 percent of the apps posted to the Android Market, according to a 2009 filing Google made to the FTC.

Granted that most of the apps were removed due to complaints about adult content or from copyright violations, it was those two apps that attempted to gain access to users’ financial information that we were alarmed about.

Just the idea of having malicious apps in the Android Market has some developers wondering if the marketplace better needs better ‘policing’.

October of 2008 Google launched the free, open source Android OS with the T-Mobile G1 phone.  Where Apple, uses tight controls in the submission and review process for its App Store, Google takes a more relaxed, open approach with the Android Market.   Google and Android creators are counting on users flagging suspicious or malicious apps, and deal with it when an occurrence arises.

It was just last month where two credit unions were warning customers about a rogue app that uses phishing techniques to access the user’s banking information. It was only once Google was notified did it remove the app plus another 50 or so others that were written by the same hacker.

Google needs to implement a better monitoring and review system to show the people that the Android Market can be clean and free of fears. If the app users get too worried then there will be fewer app downloads.

The post Malware invades Android, Google working to tighten things up appeared first on Mobile Magazine.