If you've rooted your phone, chances are you've got a 3rd party app which uninstalls system apps anyway (gets rid of bloatware from phone manufacturers/telcos).
Pop-up Android adware uses social engineering to resist deletion
A malicious Android app that downloads itself from advertisements posted on forums strongly resists removal, security firm Zscaler warns. The dodgy Android utility poses as "Ks Clean", an Android cleaner app. Once installed, the app displays a fake system update message in which the only option presented to the user is to …
COMMENTS
-
-
Wednesday 7th June 2017 15:15 GMT John Riddoch
Re: No other options but to press "OK"
Depends how it's coded, it could handle that as a "no action". You'd probably have to open up a task list and kill it off manually.
In any case, that is horrifically bad English, so it's pretty obvious the author is not a native speaker. It would be interesting to see what a linguistic analysis of it could reveal about the author.
-
Wednesday 7th June 2017 15:58 GMT Prosthetic Conscience
Re: No other options but to press "OK"
that is horrifically bad English, so it's pretty obvious the author is not a native speaker
One does not imply the other, but the latter definitely should ring alarm bells. I've seen some horrific English from my British colleagues, from customers as well, makes me cringe every time.
-
-
-
Wednesday 7th June 2017 17:06 GMT Anonymous Coward
Re: No other options but to press "OK"
There's a special kind of horrific English that spammers and malware authors use that's distinct from the horrific English that some native English speakers use. It is impossible to confuse the two.
If they'd just advertise on Craigslist in the US or UK for someone with an English degree to correct their spelling and syntax, they'd probably have a lot higher success rate in getting past what little skepticism the typical user has (yes, I know that misspellings in spam are deliberate to avoid filters)
I wonder if they have better results for infecting their countrymen (Chinese or Russian, most likely)
-
Thursday 8th June 2017 01:51 GMT Allan George Dyer
Re: No other options but to press "OK"
@DougS - "correct their spelling and syntax, they'd probably have a lot higher success rate in getting past what little skepticism"
One possibility is that the intention of the bad spelling and syntax is to filter out targets with even a little skepticism. They only want the most gullible victims for stage 2.
-
-
Thursday 8th June 2017 14:55 GMT Bucky 2
Re: No other options but to press "OK"
One possibility is that the intention of the bad spelling and syntax is to filter out targets with even a little skepticism.
It sounds logical. But writing malware, to me, would be a lot of stress. What if you get caught? What if you extort money from someone who can't really afford it, like someone's grandmother or something?
No. You write malware because you don't have the option of making a decent living doing normal programming, and then going home, and sleeping peacefully through the night.
The best reason I can think of for the lack of options, is that your salable skills are iffy.
-
-
-
-
-
Wednesday 7th June 2017 15:34 GMT Planty
bzzzttt wrong...
"A malicious Android app that downloads itself from advertisements posted on forums "
Try again. I does nothing of the sort. even withstanding you need to have turned off only allowing browsing in the Google Store, after ignoring the warnings of doing so, AND you oped out of the app scanning, even then, it doesn't "download itself". It's a message dialog generated by the BROWSER that is trying to fool you into downloading and installing an APK.
If you can't understand these basics, should you really be writing about security?? Just sayin'
-
Wednesday 7th June 2017 15:40 GMT Anonymous Coward
Re: bzzzttt wrong...
This sort of thing succeds because.. there are so many reasons why including user stupidity. I wish that Google would copy apple when it comes to app security. For some reason they have a lot less problems like this.
There are times (like this) that the Apple walled garden seems rather attractive.
-
Wednesday 7th June 2017 17:14 GMT Anonymous Coward
Re: bzzzttt wrong...
Problem is of course, Jailbroken Apple devices have EXACTLY the same attack vector. Windows devices have had that same attack vector (without needing to root, or change anything).
If you are jailbroken (which in the Apple world, is essentially the same as ticking the "allow installation of apps from untrusted sources" checkbox on Android), then guess what? Yep, a webpage can show a system dialog (as Safari also uses system dialogs in the browser), that makes it look like you need to download a file to install. If you install that file, you have become infected.
-
-
Wednesday 7th June 2017 16:03 GMT Chunes
Re: bzzzttt wrong...
"Try again. I does nothing of the sort. even withstanding you need to have turned off only allowing browsing in the Google Store, after ignoring the warnings of doing so, AND you oped out of the app scanning, even then, it doesn't "download itself"."
No offense, but if you don't understand grammar should you really be writing?
-
-
-
Thursday 8th June 2017 13:06 GMT Anonymous Coward
Horray for Clever Google! Releasing patches they know won't be applied and shipping an OS without an OTA update mechanism! Boo to the evil OEMs, taking that free software because it's free and putting the bare minimum effort into getting it to run.
You are right about one thing, once you press pay you're no longer a customer, but you're not an unnecessary cost either, you're a google ad trackee and revenue stream, with all your keyboard activity (by default on marshmallow) punted to Google for "analysis".....
-