back to article Sneaky Gugi banking trojan sidesteps Android OS security barricades

Gugi, a bank-account-raiding trojan for smartphones, has been retooled to bypass Android 6's security features designed to block phishing attempts and ransomware infections. The modified malware forces users into giving it the ability to overlay genuine apps, send and view SMSes, make calls, and more. The software nasty is …

  1. Anonymous Coward
    Anonymous Coward

    So, you ...

    1)Have to follow a link to get to a web page

    2)Another link on the web page tries to get you to open an MMS message by downloading a piece of software

    3)You have to set th epermission to install from unsafe sources to on

    4)You have to install that software an run it

    5)To have to agree that it can use additional rights to work with graphics

    6)You have to turn on th esetting in Android to allow this app ... sorry picture message to draw over other apps

    7)You then have to allow this software to become a device administrator

    8)Then allow is to send and view SMS messages

    9)Then allow it to make phone calls

    10) Then access you contacts

    11) Then access any other rights it requires and then overlay your banking app, that you happen to have installed

    Sometimes you feel that the 'victim' is just asking to be infected!

    In other news, a murderer rang up his victim and told him to take a knife out of the top drawer and then stab himself repeatedly with it.

    1. asdf

      Though I get your gist many of those steps sadly get folded into one or a few user prompts that non tech geeks tend to just click blindly. Still yes this one is pretty far from just receiving a booby trapped MMS causing your handset to be pwnd (the holy grail of mobile security fail).

      1. Anonymous Coward
        Anonymous Coward

        Not in this case (on Android 6 which this story is talking about). You really do have to go through that many steps (only the one about having to run the software I don't know for sure). The only thing it does is, once you have given it permissions to overdraw it makes it difficult to do anything with you phone other than go through each screen allowing it permissions to do each of the activities it wants to.

        1. asdf

          >You really do have to go through that many steps

          Cool thanks for clarifying. Sounds like Android security and permissions are finally getting to where they should be.

        2. Alumoi Silver badge

          ...it makes it difficult to do anything with you phone other than go through each screen allowing it permissions to do each of the activities it wants to.

          If one could reboot the phone, boot into recovery and remove the app...

          Oh, wait, you're not rooted cause it would void your warranty, nuke your children, eat your cookies or, God forbid, won't let you failbook/twatter from the phone.

          It seems we've evolved from dumb phones for smart people to smart phones for dumb people.

          1. Andrew Jones 2

            .....one could however boot Android in safe mode (no really) and remove the app that way, or... if one is running a ROM that has long press back to close they could force kill the app that way, or.... they may be able to tap the Multiscreen button and swipe the app away.......

        3. Andrew Jones 2

          Pretty sure that the part where you have to go into settings and tick the "Allow unverified sources" box or whatever it's called these days, and then accept the prompt that explains how dangerous that is - will also still be required.

          1. timrichardson

            which many people in Russia do, to access cracked apps at pirate app stores.

          2. Anonymous Coward
            Anonymous Coward

            Yes, I said that in step 3.

    2. Adam 1

      > In other news, a murderer rang up his victim and told him to take a knife out of the top drawer and then stab himself repeatedly with it.

      The bastard! I should've known it was a scam. After I stop this bleeding I'm going to

    3. Nostromov

      Meh, who reads (and understands) app permissions when installing something... Too many request too many, anyway - it's, basically, not possible to -really- have anything on the phone, if we're looking from a security standpoint (but, really :))

      Anyway, I'm GLAD that this is happening... Hopefully, maybe, there will be a realization that: 1) it's completely idiotic for the mobile service provider to distribute updates for the Android OS (should be done from trusted. open, repositories - not unlike Windows Update, but 100 times better) and 2) all systems must be "rooted", it's as simple as that - so that users could install firewalls and all kinds of security software - a "hosts" file, a whole bunch of programs which are needed.

      ^^ Yeah (I know), it's doubtful and never gonna happen, fat chance, LOL! xD

  2. Anonymous Coward
    Anonymous Coward

    Silly

    The whole point is to steal your banking data and use it without your knowledge.

    Doesnt this scream "I AM STEALING YOUR DATA!!" at you??

    It sounds like that Indian guy working the MicroSh1t tech support scam, "But you HAVE to give me remote access!!, You HAVE to!!"

  3. Christopher Reeve's Horse
    Childcatcher

    MmmmmmMS..

    Does anyone still use MMS messages?

    Did anyone ever use MMS messages?

    Do they serve any purpose other than being a endless security nightmare and unsuccessful network operator cashcow?

    Should they just be killed off, and allowed to slip quietly into the night? I think so.

    1. Anonymous Coward
      Anonymous Coward

      Re: MmmmmmMS..

      The only MMS I've ever seen were SPAM, so... there you are. [One of the more delightful things around rooting the tablet were nuking anything even vaguely related to MMS and such.]

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022