back to article Fake mobile base stations spreading malware in China

Chinese phishing scum are deploying fake mobile base stations to spread malware in text messages that might otherwise get caught by carriers. The Android scumware being spread isn’t new to China: known as the “Swearing Trojan” because of profanities in code comments, its authors are already under arrest. But the fake base …

  1. Anonymous Coward
    Anonymous Coward

    In China

    All your base are belong to us

  2. Nick Kew Bronze badge

    What could possibly go wrong?

    Are you saying this wheeze installs software:

    - without verifying a cryptographic signature?

    - without warning the user (loudly) that the source is unknown/untrusted and that by contrast you'd expect a core app from your provider to be verified.

    Hmmm. PGP dates back to 1991. You'd think a platform like Android might have caught up with that. Almost like the Glory Days of Windoze all over again.

    1. Anonymous Coward
      Anonymous Coward

      Re: What could possibly go wrong?

      Where have you been for the last 10 years.

      Take windows. Download an xls. Warning from browser....this could be dangerous...are you sure. YES

      A/V. Flags up...this could be a Virus, so we have quarantined it. MARK AS SAFE

      Open in Excel. This is from an unknown source and has opened in read only mode. Are you sure you wish to edit as it may be dangerous...YES

      This contains Macros are you REALLY, REALLY sure you want to do this as it may completely fuck up your machine...YES.

      Hello IT, I'm getting loads of pop ups on my pc saying I need to pay 10 bitcoins to unlock my files.

      1. phuzz Silver badge

        Re: What could possibly go wrong?

        You don't deserve those downvotes. Just look at the number of sites that still tell people to disable UAC in Windows (basically the equivalent of running everything as root because you can't be bothered with sudo).

      2. VanguardG

        Re: What could possibly go wrong?

        10 Bitcoins? You lot have ambitious Ransomware writers. I've seen a few of them in the past 18 months and they've all be settling for about 1.

    2. Anonymous Coward
      Anonymous Coward

      Re: What could possibly go wrong?

      The Chinese market is different - no Google Play, for starters. So there are plenty of competing app stores with more or less shady stuff hosted on them, and phones are routinely configured to allow 3rd party software installation. The typical user's habits are also vastly different. Eg, and somewhat worryingly considering the above, phones are also now a major, if not the major, payment system, with more acceptance than western schemes like Visa.

      So all in all, it's really a local issue, and likely not one Google can help fix.

  3. Pen-y-gors Silver badge

    These guys are smart

    Serious-grade scum of course, but they are seriously ingenious. Makes you wonder how rich they'd be by now if they decided to use their brains for something vaguely legit.

  4. Version 1.0 Silver badge
    Big Brother

    Probably already in use in the US

    If you were a large government body without a name, you could just push out a security update or app update to the phone via the base station.

    1. Anonymous Coward
      Anonymous Coward

      Re: Probably already in use in the US

      What's that overhead?! Is it a bird? Is it Superman?

      NO! It's a unmarked private aircraft with a Stingray fake cell system being driven around our cities looking for; "Terrorists," bears, tigers, lions, and whatever else they can scoop up, all in the name of, wait for it, "National Security™!" "God" be praised! We're saved! Thank you FBI in the Sky! :P

      Actually, with a bit of knowledge and a SDR, it should be trivial to spot a "moving cell tower." Don't say you heard it from me, kids.

  5. Anonymous Coward
    Anonymous Coward

    I thought they told us all this digital 4G-SM phone malarky thing was secure?

    Maybe phone providers around the world could maybe think about finally enabling all the security and cryptographic features so their SIMed devices only talk to their legitimate towers and encrypt all data going out over the wire and air?

    As an aside, my phone won't support dropping 2g, unless you also want to drop 3g which isn't practical in many countries due to poor LTE coverage.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020