Apps that are infected by the Android.Counterclank trojan

• Counter Elite Force
• Counter Strike Ground Force
• CounterStrike Hit Enemy
• Heart Live Wallpaper
• Hit Counter Terrorist
• Stripper Touch girl
• Balloon Game
• Deal & Be Millionaire
• Wild Man
• Pretty women lingerie puzzle
• Sexy Girls Photo Game
• Sexy Girls Puzzle
• Sexy Women Puzzle

Some of this apps are already in the Market for months and only this time the infection has been discovered. So if you have some of this apps installed on your device, uninstall it!

Source: Symantic via Android Community

For more Philippine Android News just stay tuned here at pinoydroid.net or join our Forum
Subscribe to our mailing list Feeds or follow us on Facebook, Twitter and Google+

Much has been made in the news recently about malware threat to Android phones. First, it was reported that the Android operating system can be vulnerable to malware threats, largely due to the open nature of its application store. More recently, a study by McAfee Security noted that 2011 will end up being the biggest year ever for malware, with 75 million unique samples, and this is largely due to substantial jumps in programs targeted towards Android phones. It doesn’t take an extensive search of a mobile news site like phonebulletin.com to realize that security should be a concern for any smartphone user.

To be sure, the rise in Android malware is largely a reflection of the operating system’s recent successes: market share, sales of Android phones, and total revenues for manufacturers have grown tremendously in the past year, quickly eating away at Apple’s once-unshakable control of the industry. But, at the same time, the rise in malware is nothing for the Android owner to take lightly. After all, malware has grown increasingly sophisticated; spammers now use advanced technologies and targeted knowledge of a given demographic or location to more effectively fool a technology user. Consequently, although spam currently sits at its lowest level since 2007, successful attacks now comprise a larger percentage of the total.

With this in mind, the obvious and most effective way to reduce potential malware is by not downloading any malicious applications. This can best be done by doing a brief amount of background research before downloading any app. Check out reviews for the app, look to see if its description contains any suspicious wording, and – when in doubt – simply type the app’s information into a Google search. If the software is malicious it probably isn’t too difficult to figure that out. Furthermore, there are usually certain types of apps that are best to avoid. One of the most popular malicious apps currently out there is one that promises to put a free anti-virus program on your phone. Such programs, therefore, should be approached with considerable suspicion.

It is also smart to take concerted steps to insure that, if your phone’s security is compromised, an attacker can’t steal too much personal information. This usually comes into play with malware that infiltrates your phone but doesn’t cause a traditional – and immediately apparent – electronic virus to corrupt your device. Instead, this kind of malware lurks undetected in your phone and then sends information back to the attacker. Since the information is usually gleaned from SMS messages or from phone calls, it’s best to stay to stay wary when it comes to these two communication modes. Credit card numbers, PINs, and passwords should never be discussed by phone or by text.

Malware is an unfortunate component of our tech-reliant society. While we can’t ever insure that our smartphones are completely protected, we can certainly take steps to drastically lower our risk of a security breach.

I also need to correct my self because there are only three compromised app namely Google Calendar, Contacts and Picasa. Facebook and other social networking app is not included.

The attack is done through unsecured rogue WiFi hotspots via ‘Client Log in’ exploit. Google only authenticate your Calendar, Contacts and Picasa once every 14 days and after that Tokens will be use for validation. This tokens are unencrypted and can be easily captured by malicious WiFi owners compromising your personal informations.

Google is currently fixing the issues in the server-side, meaning the fix is done in their servers and handset patch is not yet available. Although the Android 2.3.4 Gingerbread is not vulnerable to this attack however the 99% of Android devices is prone to this attacks. Both Calendar and Contact is fixed and Google engineers are still working on the Picasa Web Album issue. I guess Picasa does not post a serious threat unlike exposed Contacts which is scary.

Google’s official statement on the security issue:

Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days.

Like in computer wireless security Android and other devices such as Blackberries and iOS devices has some soft spots too. So how this vulnerability works?

Prior to Android 2.3.4, the ‘Client Log in‘ authentication is vulnerable to attacks. Google servers authenticate your log in username and password once, after that it will use token. The Token used is not encrypted and details are in plain and attacker can capture the tokens.

What is needed in this hack?
The attacker needs to set up a WiFi hotspot and the best way to do this to set up near public places such as coffee shop and copy the SSID of the hotspot, e.g ‘Starbucks Free WiFi 2′. People will access your hotspots since the original needs authentication. Then the hacker will capture those tokens.

How to stay secure in Public Hotspots:
Use your 3G or 4G connection for better security instead of using unsecured wireless network.

If you really need to access a public hotspot just make sure that the hotspot is legit. If you are in a hotel or in a coffee shop ask them the SSID and better ask connection with encryption.

There are SSH Tunneling for mobile devices but you need a server to setup and not so practical for ordinary use. Eventually there will be apps like Hotspot shield for PC and VPN connections.

But the best tool of all time is common-sense. Don’t just connect to hotspots that you don’t know who owns it and if you are in doubt ask the authorized personal if that SSID is indeed belongs to them.

I know some tools that can spoof and can be used as a rogue access point but I have not tried it in a mobile device but it is beyond the scope of this article.

Safe surfing and stay secure!

via: Lifehacker

When DroidDream attempts to infect a device, it uses two known exploits, exploid and rageagainstthecage, to break out of the Android security container. Both of the vulnerabilities being exploited were patched by Android 2.3 (Gingerbread). If exploid fails to root the device, the malware will attempt to use rageagainstthecage. Once the phone is rooted, DroidDream is configured to searched for a specific package named com.android.providers.downloadsmanager. If the malware does not find this package on the device, it will silently install a second malicious application without the user’s knowledge.  If DroidDream does find the downloadsmanager package, it will not continue infecting the device with the second malicious application.

How to Secure Android:

LookOut is a free security tool that can detect DroidDream and other malware on Android. It can find your phone if it is lost or stolen, and back-up and restore contacts. The premium version cost around $2.99/month for more features.

Norton Mobile Security – offers 101-day free service, functions includes scanning incoming app to your phone.

Android is getting popular as Windows in PC and they are becoming the perfect target for malicious coders. Protect your Droid and your personal data.

If DroidDream infected app is installed it effectively “rooted” users’ phones and captured personal information.

How come this malware was able to infect apps in the official android market?
Reddit member lompolo explained – The writer of the malware downloaded legitimate apps then edit it, put his malicious code, rename the app, and published again to the Android Market. The shocking part is that more than 50K – 200K already downloaded the infected apps.
Actually the Android infected apps is not new at all, many of this can be found in alternative download site and unofficial download sites. If you happen to download some apps this past days, try to check those.

Android Police posted the list of the infected apps and Android Market already removed the publisher and infected apps from their site.

The offending apps from publisher Myournet:

• Falling Down
• Super Guitar Solo
• Super History Eraser
• Photo Editor
• Super Ringtone Maker
• Super Sex Positions
• Hot Sexy Videos
• Chess
• 下坠滚球_Falldown
• Hilton Sex Sound
• Screaming Sexy Japanese Girls
• Falling Ball Dodge
• Scientific Calculator
• Dice Roller
• 躲避弹球
• Advanced Currency Converter
• App Uninstaller
• 几何战机_PewPew
• Funny Paint
• Spider Man
• 蜘蛛侠

Over 30 more have been found by Lookout:

• Bowling Time
• Advanced Barcode Scanner
• Supre Bluetooth Transfer
• Task Killer Pro
• Music Box
• Sexy Girls: Japanese
• Sexy Legs
• Advanced File Manager
• Magic Strobe Light
• 致命绝色美腿
• 墨水坦克Panzer Panic
• 裸奔先生Mr. Runner
• 软件强力卸载
• Advanced App to SD
• Super Stopwatch & Timer
• Advanced Compass Leveler
• Best password safe
• 掷骰子
• 多彩绘画
• Finger Race
• Piano
• Bubble Shoot
• Advanced Sound Manager
• Magic Hypnotic Spiral
• Funny Face
• Color Blindness Test
• Tie a Tie
• Quick Notes
• Basketball Shot Now
• Quick Delete Contacts
• Omok Five in a Row
• Super Sexy Ringtones
• 大家来找茬
• 桌上曲棍球
• 投篮高手

Fill free to discuss this at PinoyDROID Forum.

Source:
AndroidPolice.com
Lifehacker.com