Happy birthday, Android! Already passed eight years since the official launch to the public of the Android project: it was the September 23, 2008, to be exact. In that short time, the platform of Google showed that it was able to rock the mobile universe.
As indicated by the latest statistics of Gartner, today, Android controls more than 85% of the smartphone market and is also the leader in the tablet market. However, this huge market share it brings along with it certain disadvantages, as it makes the operating system extremely attractive to criminals. They do not expect to sit idly by, but that continually designing new techniques for attacking more victims and are looking for incessantly vulnerabilities as yet unknown to take advantage of. An example of these new vulnerabilities was released just a few weeks ago during the convention of hacking DEF con 24.
security researchers revealed that they had found four vulnerabilities in Android and the called QuadRooter. According to the report, all of which can be exploited by cybercriminals, giving them access to smartphones and tablets equipped with chips of the brand Qualcomm, which is equivalent to around 900 million Android devices.
The biggest problem is that the scammers are trying to take advantage of these flaws; to do this, they try to attract users into a trap, by offering fake applications that claim to be able to fix the security flaw. Unfortunately, that is not the true function of such applications: these are programs that display advertisements, or to simply make them pay the victims to change anything. But this kind of deception is nothing new.
the higher the platform and its user base, the more attacked you will be
despite the measures implemented by Google Bouncer and human review, both used to block malicious content, already appeared multiple apps fake that mimic the popular game Pokémon GO in Google Play. Taking advantage of the exaltation induced by the media due to the popularity of the game, most of these apps fake installed scareware, ads, and surveys on users ‘ devices. One of them even freeze the device and forced users to remove the battery to restart the smartphone.
it is also Not uncommon to find Social Engineering attacks and phishing emails targeting users of Android. At the beginning of the year, and an app phony that was distributed in the official market by pretending to be Instagram offered more followers; however, his goal was actually extract the credentials from social networks of their victims to then sell them.
If we look at some statistical data of the beginning of the year, the attackers managed to get more than 340 trojans clicker pornographic websites in the Google Play store in just 7 months (from August 2015 to February 2016), and the average number of downloads reached 3,600 for each app false. However, these figures may be showing only a small portion of the reality, as there are about 1.5 million apps in the official store.
What all these cases have in common is the fact that cybercriminals are trying to copy apps popular in order to attract the greatest number of victims possible. When you discover that an app is malware and removes it from the store, its creators make some changes, re-package the application and test fate once more. With this technique, you only need a minimum amount of effort (or none) to redesign the malicious code and keep infecting repeatedly a large number of users.
The situation is much worse in the over the counter markets, where the types of malware most damaging. The ransomware, which is very popular among cyber criminals who direct their attacks to the PC, already arrived to the mobile platform, and ESET has already analyzed the two main types: the ransomware lock screen and the ransomware crypto.
what, Then, is the conclusion after these eight years of history of Android? The higher the platform and its base of users, you will receive more attacks from cybercriminals. Therefore, leave the matter in the hands of its creators hoping it will be able to keep the platform safe is not enough.
users must make an extra effort and follow some of the following basic principles to avoid unnecessary inconvenience:
- first, keep your devices up to date: the ideal is to let the patches installed and the updates automatically, to stay protected even although you do not have much knowledge of security.
- If possible, restrict downloads to Google Play Store or other official stores of apps that are trusted. It is possible that these markets are not completely free of malicious applications, but at least you’ll have a lot more possibilities of avoiding them in parallel markets.
- Before installing any application, check your qualifications and comments. Read with care the negative comments, as they often come from legitimate users, while the positive comments are often created by the same attackers.
- Review the permissions requested by the app. If they are not necessary for the functions of the application, we recommend you not to install it.
- Protects your device with a security solution for mobile devices that is of good quality and have good reputation.
Author Ondrej Kubovič, ESET
No comments:
Post a Comment