Have any naughty pictures on your phone? Well, teenage boys in China are looking at them right now!
A newly discovered strain of Android malware makes live recordings of ambient audio around an infected device. The RedDrop nasty also harvests and uploads files, photos, contacts, application data, config files and Wi-Fi information from infected kit. Both Dropbox and Google Drive are being used as temporary storage by the …
Friday 2nd March 2018 19:05 GMT Anonymous Coward
"The RedDrop nasty also harvests and uploads files, photos, contacts, application data, config files and Wi-Fi information from infected kit. Both Dropbox and Google Drive are being used as temporary storage by the attackers."
That describes almost every single "Cleaner/Anti-hacking/Battery Saver" app on the Google Play store.
Friday 2nd March 2018 22:35 GMT Dr Mantis Toboggan
That infection graph seems to have at least 10 steps missing from what I can count. It's also weird all 10 are barriers that would prevent you getting this..
Also wondering how this breaks posting rules, unless its now forbidden to point out glaring errors that make stories appear ridiculous..
Saturday 3rd March 2018 22:57 GMT Anonymous Coward
Sunday 4th March 2018 02:59 GMT John Brown (no body)
"I love the way "exfil" or "exfiltration" has become common terminology these days."
Yeah, my wife uses it ever few months when the water from the tap starts to taste funny and I have to change the filter.
The shortened version "exfil" always seems to be used American "cool kids" who don't seem to have an attention span long enough to cope with saying long words.
Sunday 4th March 2018 22:23 GMT JeffyPoooh
"...become common terminology these days."
One of my kidiots (age 14) has somehow picked up an extraordinarily wide ranging vocabulary, primarily from playing video games and watching YouTube. At times he uses obscure words (correctly) that cause our jaws to hang open in disbelief.
Q: "Where did THAT word come from?"
A: "Video games."
Sunday 4th March 2018 12:18 GMT FlamingDeath
Tuesday 6th March 2018 10:14 GMT Morten_T
Re: Curious as to the root to infection?
"Am I missing something, is this exploiting a known vulnerability in the android OS, or is it relying on the ignrance of the user?"
I think it's a combination of all three:
The "vulnerability" is really a feature in Android, that lets you install .apk packages from 3rd party sources instead of the Google Store. This can be very useful, but also introduces the risk that said .apk packages may or may not have been tested fro malware very well or at all. It also has an additional problem in that you can either enable it or not. You can't choose to use Google Store, TrustedAppStore1 and TrustedAppStore2, and then block everything else. It's either apps from Google only or from the entire world. IMO this would somewhat heighten security for users, but is by no means a silver bullet. *
The part you're probably missing is that some people enable the above mentioned feature in order to use a different app store than the one Google provides. AFAIK this is very common practice in China, among other places.
Regdaring the user's ignorance, you have a point here. It's my impression that many people don't really know that doing this puts their phone at risk, perhaps they just inherently trust the app store they're using. But if the app store doesn't screen the submitted apps for malware before making them available, then there's really no security at all.
* (I realize the piece of malware in qustion came from the Baidu store, and my propoed approach would do nothing to stop it in this case).