Out of all the advantages of having an open-source platform, an obvious caveat is the increased threat to security which can arise.
Although the number of Android users affected by malware has been relatively low, the platform has taken a bit of a hiding in the blogosphere, and if today’s findings are anything to go by, the trend shows little sign of petering out.
Another Security firm has found fresh new Android malware in the wild, this time controlled via SMS. The unscrupulous individuals behind the malware have explored many avenues in order to compromise the security measures and infiltrate users’ devices – even going via Facebook – and this is one of the first we’ve seen to spread via text messages. It’s been reported that this latest malware can perform numerous tasks once inside a device, such as recording calls and surrounding noise.
It’s called TigerBot, and has only very recently been discovered whilst circulating through unofficial Android channels. NQ Mobile, the security firm taking center stage, has, along with researchers based at the North Carolina State University carried out in-depth studies into the code, and reckons TigerBot can quite easily record noise in the areas around where the device is situated, as well as sensitive calls.
Additionally – and perhaps more worryingly – it can also alter network settings, record GPS coordinates, capture images (and upload them to a remote server) kill processes, and reboot the device.
Once inside the device, it hides itself behind an apparently legitimate icon on the device’s home screen. Once it is installed and becomes active, it simply registers a receiver with a high priority to listen to “android.provider.Telephony.SMS_RECEIVED.”
The findings are quite frightening indeed. Privacy is one of the pivotal concerns of consumers, and the thought of a device being so deeply compromised will send a chill down the spine of many an Android user.
At this point in time, there is little cause for panic – this malware is not spreading like wildfire. However, it does exist, and if it were to begin spreading, there would be huge concern.
The best way to avoid running into TigerBot – or indeed any other form of malware – to use common sense; i.e stay away from application requests from unknown sources, and stick to legitimate sources when downloading apps.
(via SecurityWeek)
You may also like to check out:
You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the web.
