PDA

View Full Version : Another trojan found in pirated Android apps



wicked
03-01-2011, 05:41 PM
http://images.androidcentral.com/sites/androidcentral.com/files/articleimage/9274/2011/03/thumb_550_pirate_flag.png (http://feeds.feedburner.com/sites/androidcentral.com/files/articleimage/9274/2011/03/pirate_flag.png)


Symantec has uncovered yet another trojan horse in a pirated Android app. This time around it's the "Android.Pjapps" trojan, and you can find it in modified versions of the Steamy Window app that have been cracked and placed on Android warez sites. The official version of Steamy Window that's on the Android Market is not infected. And it's a fun little time waster that you should probably have a look at (https://market.android.com/details?id=com.appspot.swisscodemonkeys.steam&feature=search_result).



Continue reading @ AndroidCentral (http://www.androidcentral.com/another-trojan-found-pirated-android-apps?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+androidcentral+%28Android+Cen tral%29&utm_content=FeedBurner)

Dvan
03-01-2011, 05:44 PM
Damn...jpapps is the creator of one of the best overclock programs called quickclock advanced. He wont be too happy about this

Edit: just noticed you said pjapps...not the same guy I thought

1.23ghz/Apex 1.4.1

WugFresh
03-01-2011, 05:52 PM
I kinda wan't to see what these android trojans look like. I'm going in... lol.

{{ WugFresh }}

smalltowngirl13
03-01-2011, 06:36 PM
Moving to "News"...

gunner1982
03-01-2011, 06:39 PM
Makes me feel better about norton mobile I've always been worried about apps in the market

sent from my Liberated,OC'D, and never lookin back DX

WugFresh
03-01-2011, 06:43 PM
Not in the market. Makes me feel better about not running superfluous antivirus on android because I don't download warez android apps.

{{ WugFresh }}

gunner1982
03-01-2011, 06:51 PM
Can u get viruses from the web on android? Cause we all have allow install from jlnon market sources enabled to be rooted

sent from my Liberated,OC'D, and never lookin back DX

mikeinrichmond
03-01-2011, 06:58 PM
Here's the rest of the article:



"What's happening from the trojan in the pirated app is a bit scary. Without your knowledge, it signs you up for premium text message services, sends off texts to them without your knowledge, and blocks incoming texts from the service so that you have no idea what is going on -- until your monthly bill from your service provider arrives. It's sneaky, and someone needs a good old-fashioned (butt) kicking for doing it. As we saw with other instances of malware hidden inside legitimate applications, this one originates in China, and is written by people probably a lot smarter than most of us. You're not going to be able to outwit them. Be smart -- only download apps from trustworthy sources, and read the permissions an app asks for when installing it. Or you can go a step further and install an anti-virus application.

Now that the news portion is done, I want to say that anyone stealing Android applications will eventually get what they deserve. These unofficial, unsanctioned, pirate websites hawking paid apps for free don't care about you. They just want the traffic to view their ads, or your "$10 per year for all apps for FREE ZOMG." If you visit them, and get a little more than you bargained for in the application you have stolen, make sure you only blame yourself. There are legitimate sources to download applications if you're unable to access the Android Market, and they help developers get paid what they are owed. Use them."


I couldn't have said that last paragraph any better...

hlaalu
03-01-2011, 07:07 PM
Does a PC virus scanner pick up android viruses?

accordlayingkit
03-01-2011, 07:12 PM
Can we get a shot to avoid getting the virus? Lol

Sent from my DROIDX using Droid X Forum App

WugFresh
03-01-2011, 07:24 PM
On The Android Platform:

To run a virus from the Google market...

(which there aren't any and if there ever were, they would be reported and pulled immediately; furthermore, even if they weren't pulled immediately, which they would be; they would be exposed through channels of communication long before they spread, because informatiom will always travel exponentially faster than any viruses in an open source community)

...you would have to:

1. Grant Permissions
2. Download it
3. Install it

No virus could be run from the market without you, the user, giving it privalages to do so first.

To run a virus obtained from an out-of-market source, you, the user, would have to:

1. Download it
2. Enable Installing apks from 'Unknown Sources' in your application settings
3. Install it

For any virus to modify/corrupt anything on the system level, you, the user, would first have to

- Grant Superuser Permissions

To protect yourself from viruses

*Stay away from browsing and downloading impulse apk's from any third party site/market.
*Only download apk's from a third party site that you trust, like z4root from links on this forum.
*Only download Adobe Flash Player from the market and obtain all flash player updates from the market.
*NEVER download and install a video pluggin through your web browser or within ANY trusted internet based apk like Facebook.
*Pay attention to the permissions you are granting to apps through the market, but don't live in fear of market apps... there are alot of eyes watching the market
*Pay CLOSE attention to which apps you grant Super User Permissions to and what they are doing.
*Stay informed, which is very easy considering you are carrying a mobile computer in your pocket.

And for ALL platforms the most important rule is
***ONLY download/install files from a TRUSTED SOURCE***

If you follow these guidelines running antivirus software is superfluous on android and will only be at the expense of slower system performance and faster battery consumption.

{{ WugFresh }}

WugFresh
03-02-2011, 12:50 AM
Does a PC virus scanner pick up android viruses?

I don't want to provide methods for safe warez android app downloading or sanction pirating independent devs work in anyway shape or form, but regardless, your question is a valid one. My gut instinct tells me no, your host machine wouldn't detect it; why? Because the viralant .apk is not designed to exploit or attack your host machine (PC) in any way, so it really poses no threat; however I could very well be wrong. Trojan viruses have some distinct similarities across platforms and your anti-virus may in fact be able to pickup on these malicious identifiers. One thing I know for sure though, is that an .apk is essentially a compressed archive type, like a zip or a rar; so just like trojan viruses that are designed to attack a PC, since it is nested inside an archive, your antivirus wouldn't be able to detect it until you attempted to extract the contents.

But I am a man of science, so enough with my theories... I want hard evidence. "Show my data!" I say. :)

So this is what I am going to do. I am going to attempt to seek out all these nasty android bugs, download them all to a heavily firewalled and isolated-sandboxed environment, extract them and see what I find out. I also might even try loading them up in the SDK emulator... it would be very interesting to see what happens... maybe even try installing an antivirus app on the emulator first, then the bug, and see if these antivirus apps can even detect the virus's they claim to protect you against. Will report back with my findings... I have one more midterm tomorrow, and then I am free to do resume android side projects.. so you can expect a report within the next three days.

{{ WugFresh }}

jmartinez748
03-02-2011, 02:16 AM
Can't wait to see what you find out wug keep us posted

Sent from my DROIDX using Droid X Forum App

goldsmitht
03-02-2011, 06:54 AM
its not just pirated apps that are infected, but apps being marketed on Android Market place:

http://blog.mylookout.com/2011/03/security-alert-malware-found-in-official-android-market-droiddream/ (http://blog.mylookout.com/2011/03/security-alert-malware-found-in-official-android-market-droiddream/)

just posting for FYI; haven't checked out totally yet.

FYI: News:

http://www.cnn.com/2011/TECH/mobile/03/02/google.malware.andriod/

http://www.wired.com/gadgetlab/2010/01/android-malware-fears/

http://blogs.computerworld.com/17904/android_market_malware_scare_google_nukes_21_troja n_apps

don't just assume because it is ANDROID, or open source, that crap isn't placed in it. These are just posts by a security firm, so there is something to this.

noXcuse
03-02-2011, 06:59 AM
Of course Lookout is gonna post that, and scare everyone to get their anti-virus. I don't believe that blog one bit.

Sent from DarkSlide 4.2

HarleyDude
03-02-2011, 12:59 PM
AndroidCentral notes that Google actually patched its source code to prevent this type of exploit (root exploit "rageagainstthecage") for users running Android 2.2.2 or higher and that the vulnerability doesn't exist at all in Gingerbread, aka Android 2.3.

Read more: Reports: Google yanks infected Android apps | Android Atlas - CNET Reviews (http://reviews.cnet.com/8301-19736_7-20038240-251.html#ixzz1FTCTezLs)

hlaalu
03-02-2011, 07:44 PM
I don't want to provide methods for safe warez android app downloading or sanction pirating independent devs work in anyway shape or form, but regardless, your question is a valid one. My gut instinct tells me no, your host machine wouldn't detect it; why? Because the viralant .apk is not designed to exploit or attack your host machine (PC) in any way, so it really poses no threat; however I could very well be wrong. Trojan viruses have some distinct similarities across platforms and your anti-virus may in fact be able to pickup on these malicious identifiers. One thing I know for sure though, is that an .apk is essentially a compressed archive type, like a zip or a rar; so just like trojan viruses that are designed to attack a PC, since it is nested inside an archive, your antivirus wouldn't be able to detect it until you attempted to extract the contents.

But I am a man of science, so enough with my theories... I want hard evidence. "Show my data!" I say. :)

So this is what I am going to do. I am going to attempt to seek out all these nasty android bugs, download them all to a heavily firewalled and isolated-sandboxed environment, extract them and see what I find out. I also might even try loading them up in the SDK emulator... it would be very interesting to see what happens... maybe even try installing an antivirus app on the emulator first, then the bug, and see if these antivirus apps can even detect the virus's they claim to protect you against. Will report back with my findings... I have one more midterm tomorrow, and then I am free to do resume android side projects.. so you can expect a report within the next three days.

{{ WugFresh }}


Very interesting. And my question is based on my own curiousity. I easily have $150+ worth of paid apps (I think I'm an app addict).

Sokyoku
03-02-2011, 08:45 PM
It have been removed from the market.

Google Pulls 21 Malware-Infected Android Apps - Yahoo! News (http://news.yahoo.com/s/nf/20110302/bs_nf/77544)

TruePCs
03-02-2011, 09:51 PM
That lookout link now says there was 50+ apps removed from the market. Anyone have any of the flagged apps or have any apps they mysteriously disappeared? I had one that disappeared, it was a Graffiti app (http://androidcommunity.com/graffiti-app-turns-your-android-into-a-work-of-urban-art-20110301/) that i read about on Google News and tried the other day, it disappeared last night.