Pre-installed malware found on new Android phones
Fake version of Netflix that steals personal data and sends it to Russia has been found on several phone models
IDG News Service - David Jevans, CTO and founder of Marble Security, recently received some bad feedback from a potential customer testing his company's product, which helps organizations manage and secure their mobile devices.
"They basically said 'Your stuff doesn't work'," Jevans said. "It thinks Netflix is malicious."
Marble Security performs static code analysis of Android and iOS applications, which shows what the code is supposed to do. Apps are also run through an emulator with instrumentation that allows analysts to get a larger view of how an application performs. They also check an app's network traffic to see if it is communicating with known malicious servers.
After taking a close look at the suspicious application, Jevans said they found it wasn't the real Netflix app.
"We're like, yeah, this isn't the real Netflix," Jevans said "You've got one that has been tampered with and is sending passwords and credit card information to Russia."
Security experts have long warned that downloading applications from third-party marketplaces for the Android platform is risky since the applications have often not undergone a security review. Google patrols Android apps in its Play store, but malicious ones occasionally sneak in. Apple's App Store is less affected due to the company's strict reviews.
With the fake Netflix application, the organization told Marble Security the app was pre-installed when it bought the device. Marble Security then looked at devices from its other customers and found the problem was widespread. They found a fake version of Netflix on phones and tablets from at least four different manufacturers, Jevans said.
"We suspect for most of them, it is preinstalled," Jevans said.
Marc Rogers, principal security researcher with Lookout Mobile Security, said his company has seen instances of malware show up on new phones. Lookout found a variant of a family of Chinese malware on new devices imported on the gray market from China.
"We can say that we've seen malware authors target device supply chains as a way to install malware in a device before it ends up in the hands of a customer," Rogers said via email.
It is possible that somewhere in the supply chain, a bundle of applications that were not vetted well were installed on hundreds of thousands of devices, Jevans said.
The applications in those bundles "are rarely run through anti-malware or privacy leak detection software," he said.
Another possibility is that companies are buying refurbished phones, which may have taken a loop through another supply chain with loose security controls.
Marble Security found the fake Netflix app on six devices from Samsung Electronics: the GT-N8013 Galaxy Note tablet, the SGH-1727 Galaxy S III phone, the SCH-1605 Galaxy Note 2 phone, the SGH-1337 Galaxy S4 phone, the SGH-1747 Galaxy S III phone and the SCH-1545 Galaxy S4 phone.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!