1. Jazmac's Avatar
    Kaspersky Researchers Discover Most Advanced Android Malware Yet

    "Android HIV" isn't any official name but this points to a newly published story on Android Police. New malware that Kaspersky says cannot be removed even if you wipe the phone. Backdoor.AndroidOS.Obad.a as its called resists attempts to remove it and looks for vulnerabilities in the device where it can attach itself and control access. Among the most worrisome include the ability to intercept your account balance via USSD and behave a proxy. Not to mention the ability to send phone data to bluetooth devices it detects; setting up the scenario where pictures, email and text stored on your phone could literately be sucked off the device while you shop. Yeah, right!

    I've seen anti-virus companies publish wild claims like this back in the early Michelangelo virus days. Even when android was just a cupcake, there were plenty of warnings of bad times to come and they were best suited to protect you. Pretty freaky stuff.

    That said, I have not read how this malware gets on your device unless you purposely install it. Most won't install malware if they know its malware right? No one just clicks through an install without reading the agreements anyway. No one.
    06-08-2013 04:41 PM
  2. jmshub's Avatar
    That said, I have not read how this malware gets on your device unless you purposely install it. Most won't install malware if they know its malware right? No one just clicks through an install without reading the agreements anyway. No one.
    Not sure if serious. I don't think anyone reads agreements or eulas. Everyone blindly clicks agree or accept as fast as they can to get to their app or game.

    Moreso, I'm not 100%, but I believe there are known code execution methods without using the app store in android.
    06-08-2013 10:12 PM
  3. Jazmac's Avatar
    Not sure if serious. I don't think anyone reads agreements or eulas. Everyone blindly clicks agree or accept as fast as they can to get to their app or game.

    Moreso, I'm not 100%, but I believe there are known code execution methods without using the app store in android.
    No, that was me playing the devils advocate. In the comments someone mentioned how difficult it is to actually get something like this on your phone. And you picked it up like I did, no one reads that stuff. Its a click through and almost everyone does it.
    06-09-2013 08:07 AM
  4. bawboh86's Avatar
    It's only an issue if you have "Unknown Sources" checked. This allows it to install itself onto your phone without needing the play store's or user's permission.
    06-09-2013 09:49 AM
  5. a5cent's Avatar
    Completely correct title OP. It certainly is in Kasperky's best interest to over hype the threat potential, unclear is only the degree by which they are doing so. However, unless they are outright spreading lies (i.e. McAfee has been found guilty of such) it still needs to be taken seriously.

    One way of guaging threat is by determining if they are reporting only the discovery of new malware (potentially harmless if it fails to effficiently infect devices), or the number of succesfull attacks. If they are reporting a lot of the later, then it's serious.

    I haven't really looked into this particular piece of malware yet, but a quick first glance suggests they aren't reporting successfull attacks. Ary they?
    06-09-2013 11:07 AM
  6. Ian Too's Avatar
    I'm not proficient to assess any risk, but I'd think being caught scaremongering could damage Kaspersky's credibility.

    This is perhaps the most powerful reason why I would never carry an Android device.

    While I accept that an experienced user of a high end device would be able to use judgement enough to guard against infection; Android is sold to millions of people, most of whom do not have enough knowledge and are open to identity theft and more. It's no good saying that they should have known better, because no one is warning people of the risks. In my opinion, everyone in the chain from Google to the people in the phone shops are being grossly irresponsible pushing Android at all.

    The average person is far better off in walled enclosures like iOS and Windows Phone where the risk can be mitigated, if not eliminated. We however, live in a world full of people putting their personal information in leaky vessels with little or no protection.

    If a little scaremongering can make Android users aware of the risks and run proper mal-ware protection, then perhaps a little scaremongering is justified.
    06-09-2013 12:40 PM
  7. a5cent's Avatar
    I'm not proficient to assess any risk, but I'd think being caught scaremongering could damage Kaspersky's credibility
    A short extract from this this post:

    Security companies are almost forced into a bit of scaremongering. It's almost the only way they can get anybody's attention these days. If they were to approach this entirely rationally, calmly and by the numbers, nobody would give a damn or even listen until half the U.S. population's bank accounts were emptied. Of course, society would then blame the IT security industry for not having warned anyone adequately. That's just human nature.

    Otherwise I completely agree with you. Blaming user's ignorance for security breaches on Android may be 100% correct, but that won't change the fact that average smartphones users will never be able to handle that kind of responsibility. They simply lack the technical proficiency and awareness to do so, and 20 years of experience with Windows makes it clear that isn't about to change. If user's can't/won't educate themselves to the degree necessary, then the OS needs to take that into account. That is exactly what WP8 has done. Android hasn't, and just as with Windows, that is really hard to change after the fact... at least it isn't easy to do without seriously compromising compatibility.
    Ian Too likes this.
    06-09-2013 06:02 PM

Similar Threads

  1. Replies: 20
    Last Post: 11-26-2012, 06:39 PM
  2. Replies: 3
    Last Post: 11-20-2012, 11:30 AM
  3. Do you think Microsoft is trying to kill other WP8 makers?
    By badMojo69 in forum Windows Phone 8
    Replies: 2
    Last Post: 11-18-2012, 10:45 AM
  4. Replies: 93
    Last Post: 10-11-2012, 03:14 AM
LINK TO POST COPIED TO CLIPBOARD