back to article Ad-slinging rootkit nasty permanently drills into Android mobes, tabs

Security researchers have uncovered malware that infects deep inside Android devices, spams screens with pop-up adverts, and obeys commands from its masters across the internet. The software nasty, likely crafted by Chinese crims, has already spread to over 20 countries across all continents, security firm FireEye warns. The …

  1. Your alien overlord - fear me

    Wow, FireEye are upto date - Nexus 7 running 4.3 and *they* say *you* should always run the most upto date version of Android. Humour or irony ?

    1. MrT


      ... on that basis my old SGS3 is running the latest version ;-)

  2. Kraggy

    "and keep up-to-date with the latest version of Android, if possible. "

    Good luck with that given the utter indifference to their users' problems shown by nearly ALL Android phone manufacturers in their lack of any urgency to supply Android updates, if they ever do at all .. and Google is as bad in that they refuse to provide updates to older models.

    Android is a great idea, hobbled to virtual uselessness by those providing phones using it.

    1. Trixr

      I have to agree. I still really like my HK-sourced LG G3, but have I received one OTA update since I've owned the thing? No.

      I would stick something like Cyanogen on it, but the process looks more convoluted than usual for this model.

  3. asdf


    >To avoid an infection, don't download software from unofficial app stores,

    Compared to the F-Droid unofficial app store (be smart, get from official site only, check md5 etc) the official Google Play is a den of thieves. Many of which Google even consider legitimate (as opposed to the thousands that aren't but they don't kick out) but if anyone looked at their source code (which you can do on with all F-Droid apps) they would probably strongly disagree.

    1. Doctor_Wibble

      Re: wrong

      And this is on the assumption that a dodgy app from an unofficial place is somehow worse than a dodgy app from an official place, because obviously the official place has never ever served up dodgy apps. I think you get the same level of apology too.

      p.s. good summary, full writeup definitely worth a visit.

      1. asdf

        Re: wrong

        >And this is on the assumption that a dodgy app from an unofficial place is somehow worse than a dodgy app from an official place

        I think their assumption is you are still less likely to get dodgy apps from Google play (who do some checking) than the Chinese app store specials. The thing is like I say as far as I know F-Droid has never served up straight up malware (unlike Google) and with all app source available and neck beards who use it if they did it would only live for a few hours more than likely. Now the one type of semi dodgy app on F-Droid is apps like Newsblur whose client is open source but who knows (can check privacy statement but those change) what they do with the server side information they collect on you (stories you read, how long, when, etc).

    2. petur

      Re: wrong

      I currently tend to check if a given app on the official app store is also on F-Droid, and if it is, I'll fetch it from there... Feels much more at home for somebody installing his apps from repositories only :)

  4. Andy Non Silver badge

    Another day, and more Android malware...

    with no chance of the hardware suppliers offering any updates or patches. This is making me paranoid. I only have a (no brand) android tablet and only use it for Kindle and playing music MP3s and a few games but it will remain in flight mode until I need to download another book; then back into flight mode again.

    Android is getting like my old XP computer, it still works and it is great to use, but I don't dare go anywhere near the internet with it! Kinda sucks if you are using an Android phone though!

    1. asdf

      Re: Another day, and more Android malware...

      Honestly its not the malware you have to install that scares me as much as blatant platform weaknesses like a baddy being able to get root on your phone by sending a simple MMS requiring no user intervention (actually requires nerd intervention to prevent by default). But I will agree Android does seem a lot more vulnerable to drive by stuff than it should be so airplane mode only might have merit.

      1. Anonymous Coward
        Big Brother

        Re: Another day, and more Android malware...

        "...platform weaknesses like a baddy being able to get root on your phone by sending a simple MMS requiring no user intervention..."

        That's not a bug it's a feature!

        No, really.

    2. Anonymous Coward
      Anonymous Coward

      Re: Another day, and more Android malware...

      It's not msjware that scares me, its idiots that can't see when you are being played.

      This "news" turns out to be nonsense when you drill into the finer details. A device deliberatly held back from getting the latest OS, and then deliberately had its device security mechanisms disabled to allow visiting dodgy app stores, and then deliberately infected with a specific app...

      Ever get the feeling you are bring cheated???

      I culd infect a 3 year old apple device running the oringally shipping OS also, but where are the security "experts " with this "news". It's as if apple are somhow funding these research reports with their billions of cash reserves....

  5. Steve Davies 3 Silver badge

    Yet still you can buy a 'new' phone

    running 4.0 let alone 5.0 and anything newer.

    I feel a bit sorry for unsuspecting users (viz the majority) who get their new toy and it is vunerably to all sorts of nasties as soon as they take it out of the box and get it going.

    I'd like to do thie (see Icon) to the manufacturers and retailers of this clearly shoddy kit.

  6. James 47

    Time to bring back Symbian

  7. cyrus

    Any dolt

    That thinks their mobile is safe gets what they deserve. I think we can all agree that it really does not matter what platform you use. iPhone or Android (or one of you 5 kids with Windows Phones) are all vulnerable. Never mind vulnerable to what. It is vulnerable to something and that's food for thought.

    Mine's the one with tin foil body condom in the waist pocket.

    1. Mike Bell

      Re: Any dolt

      There's vulnerable. And there's reckless.

      Deploying software that gets security updates rarely (or never) is asking for trouble. Android has a pretty good foothold now. That being the case, it's about time Google updated their terms and conditions to insist on security updates being made available in a reasonable time, for a number of years.

      1. Anonymous Coward
        Anonymous Coward

        Re: Any dolt

        And if the phone makers see that as turning Android turning into a money sink and threaten to walk out and concede the market to Apple?

  8. url


    android has gone to oshit, apple vulns are weekly

    time to go to windows phone perhaps?

    1. Tomato42

      Re: so...

      Windows vulns are not as common as nobody cares about it

    2. asdf

      Re: so...

      Windows phone, security by obscurity (though I guess they did ok from an engineering standpoint too) plus with the joke that is their app store you are less likely to install malware (or anything).

    3. Captain DaFt

      Re: so...

      "time to go to windows phone perhaps?"

      Unfortunately, with 10, Windows has copied Google's "All your data are belong to us" style of customer "enhanced experience".

    4. Planty Bronze badge

      Re: so...


      You have walked into the idiot trap. Microsoft and Apple are pouring vast sums of money into these security researcher reports, so you are made to think Android has loads of security issues.

      Step back from the internet a minute and take a look in the REAL world. have you EVER seen any evidence of this? Nope....

      Nuff said.

  9. G R Goslin

    What to do

    Once again, we have a flood of verbiage about the latest peril. And as usual, it's the same sort of advice as how not to catch pneumonia (Wrap up warm and do. Surely the abnormal IO should paint a picture?n't go out in the cold). Why do we not have information regarding the carriers of the malware, specific occasions and places where it may be picked up, and information as to how to spot it. Yes, I have anti-virus, but that is about as opaque as the articles. How about some "do not use" lists, symptom lists. If you are part of a bot-net, why is there nothing that indicates that you have unusual traffic?

    1. DropBear

      Re: What to do

      "why is there nothing that indicates that you have unusual traffic?"

      ...perhaps because AFWall+ isn't installed (in which case: why not?!?)...?

      1. Charles 9 Silver badge

        Re: What to do

        You gotta root the phone first and rooting can break stuff like your warranty and Android Pay.

  10. Kevin McMurtrie Silver badge

    Google Play Store is a malware wasteland

    I consider it great luck when I find something in Google's Play Store that isn't malware. Google doesn't take abuse reports seriously, if at all, and they still require G+ signup to rate apps. The author of the software might have good intentions but it's hooked up to an ad service that hijacks the app. First launch shows "This application needs an update for media library v2" or "This application is no longer supported. Please use the current version." then starts installing more crap if you don't decline or uninstall. That's followed by endless half-assed phishing ads like "This iPhone is infected. Click here to repair."

    1. Tech Hippy

      Re: Google Play Store is a malware wasteland

      I'm curious as to what apps you are installing to find so much malware?

      I've been using Android since it was first released and have never yet had a problem - I install apps only from the Google Play Store and pay attention to the publishers, the permissions and the reviews.

      I realise that as a platform it has issues (some of which will probably never be addressed by manufacturer updates), but I've yet to encounter an issue.

  11. JLV


    Now, the full-on malware phase I get, but I've never quite understood what massive ad injections are supposed to achieve in cases like this.

    What kinda muppet is gonna be like:

    "Oh, sweet, lots of popup ads all of a sudden"

    "I know let's click on one of, they must be reputable"

    The mark's already infected, so there is no use for javascript drive-by pownage. Are these guys really hoping for a sell???

  12. Charles 9 Silver badge

    Just curious. What kind of measures does this malware take to prevent itself being removed?

    Does it usurp any su programs and apps?

    Does it break the recovery partition to prevent restoring a nandroid?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021