In recent years one of the most prevalent malware threats for PCs (and lately Mac users) is fake-antivirus software, which pretends to be a legitimate security program. Its real purpose is to charge victims a fee to remove a nonexistent threat. The same threat has now been ported to mobile devices. In some cases we see the same or similar behavior: getting revenue from users via SMS messages to a premium-rate number or malware that poses as security software to encourage users to install a malicious app (such as Android/Zitmo.F).

Recently 17 suspicious applications, uploaded by the developer thasnimola, were found in the official Google Play market:

Most of them use a shield as an icon to show that they could be related to “protection” software but some of them also use non-AV names and descriptions with popular keywords like “free,” “Video Downloader,” “Call recorder,” and “sms” to attract users’ attention and encourage the installation of the app. One interesting app is Top Free, which claims “Fast and lightweight malicious app protection for your phone.” Looking at this one further, it is clear that Top Free pretends to be AV software because it uses the screenshots of legitimate AV software as its own:

Some of them also use an “Antivirus FREE” banner on the app’s web page:

However, unlike fake-antivirus software threats for PCs and Macs, these applications do not gain revenue from users by detecting nonexistent Android malware. Instead, these apps make money using a more legitimate method: advertisements. All the suspicious apps were created using the same free online service used to create the Android/DIYDoS hack tool. For this reason the behavior is nearly same: When the application is executed, a WebView component shows the contents of a URL that is stored in an XML file inside the res/raw folder:

One difference between these apps and Android/DIYDoS is that these include an advertisement module–provided by the online service–that creates the applications which send sensitive device information (IMEI, GPS coordinates) to a remote server:

Here is the complete list of the unwanted applications that we reported to Google:

Kaspersky Mobile Security has confirmed its position as a leader in its class, repeating its five-star performance in independent testing by PC Security Labs (PCSL)

Read more from the original source:
Kaspersky Mobile Security Once Again Scores Top Marks in Independent Testing by PC Security Labs

How the Virus Attacks Mobile Phones? What is Timofonica? What is SMS-Messages and SMS-Gate? Is it Possible for this Virus to Infect My Mobile Phone. How Big of a Problem are Wireless Viruses for Wireless Operators? Is this Related to the ILoveYou Virus? What Can Users Do if Their Phones Get…

Here is the original post:
TIMOFONICA Virus: Questions and Answers

Recently we discovered a new Android Trojan in the official Google Play market that displays a video downloaded from the Internet–but only if some sensitive information is previously sent to a remote server. The malicious applications are designed for Japanese users and display “trailers” of upcoming video games for Android. Here’s one example:

Or anime/adult Japanese videos:

When the application is about to be installed, two suspicious permissions–read contact data and read phone state and identity–are requested. Neither is needed for the principal purpose of the application, which is to display a video from the Internet. The reason for these requests becomes clear because the first action that the malware takes when it executes is to obtain, in the background, the following sensitive information from the device without the user’s consent:

• Android ID: Unlike most Android malware and PUPs (potentially unwanted programs) that gather the IMEI to uniquely identify a device, this malicious application obtains the android_id which according to the Android API is a “64-bit number that is randomly generated on the device’s first boot and should remain constant for the lifetime of the device.”
• Phone number: Obtains the phone number of the device. READ_PHONE_STATE permission is required to gather this information.
• Contact List: Gets the name, telephone number, and email of every person in the contact list.

While the data is harvested, the victim sees this “loading” message:

Once the information is obtained, the malicious application sends it to a remote server in clear text:

If the data was sent successfully, the application requests a specific video to the same server and displays it using a VideoView component. If the malware fails at its background theft (for example, the device does not have an Internet connection), a message in Japanese says that an error has occurred and the video has not loaded:

So far we have discovered 15 applications from two developers that, according to Google Play statistics, have been downloaded by at least 70,000 users. Due the privacy risk that these applications represent to Android customers, all of them have been removed from the market. McAfee Mobile Security detects these threats as Android/DougaLeaker.A. Users should verify in the Google Play market prior installation that the application does not request permission to perform actions not related to its purpose.

View post:
Android Malware Promises Video While Stealing Contacts

On 19 August, Sun Microsystems and some of its partners announced the shipment of Mobile Information Device (MID) standard, based on the Java programming language (Java^TM 2 Platform Micro Edition – J2ME) for use on mobile phones. At the same time, Motorola, one of the biggest companies for the…

See the original post:
"Javanization" of Mobile Phones: A Green Light for Malicious Programs?

As mobile phones allow us to carry our money in an electronic “wallet,” they will also become a greater target for crooks. Picking a pocket is a risky endeavor for a thieves, but it will be much less so if all they need to do is bump into their victims or brush by them with a mobile phone.  Thieves are now more likely to go after both mobile payment software and phones enabled with near-field communications (NFC). However, things are not so bad; security researchers proof-of-concept (PoC) attacks against Google Wallet and Square’s credit card readers have prompted improvements in security.

Square's credit card readers recently added encryption for credit card data.

Security researchers have already tested Square’s credit card readers, using exploits and keyloggers to intercept credit card numbers as they pass to their mobile phones. Square has now added encryption to new versions of its credit card reader. Does that mean that they’re completely secure? Not necessarily. Security researcher Adam Laurie is taking a closer look. Laurie has a large amount of experience in reverse-engineering embedded systems and RFID hardware. His research includes finding vulnerabilities in hotel room safes, RFID passports, and chip and PIN credit cards. As word of the new, more secure Square readers arrived, he posted an open request on Twitter. This can only be good for the security of the mobile payment system.

Researcher Adam Laurie requests one of the new encrypted Square readers from his Twitter followers.

NFC-enabled contactless (“tap and pay”) credit cards are also at risk from an attacker with a specially crafted app and NFC-enabled mobile phone. Researchers at viaForensics have demonstrated a PoC NFC reader Android app that can grab the information on your credit card just by placing the phone nearby. An attacker can walk through a crowd and collect numbers and expiration dates from numerous victims. The CVV2 and other card verification numbers aren’t included, so it is more difficult for a criminal to resell stolen credit card information. Generally the CVV2 number, printed on the back of credit cards, is used to verify that online transactions are being made by someone who has the actual card. Most online shopping sites won’t allow a purchase if the customer doesn’t have that number. However, this didn’t stop viaForensics’ partner, the UK’s Channel 4 News, from being able to use this minimal card information on a popular online shopping site.

These latest phone enhancements have inspired an increasing interest in mobile payment security from both the bad guys and security researchers.

Follow this link:
Mobile ‘Wallets’ Attract Greater Interest From Thieves, Researchers

This week, the AVG Mobilation™ research team found new malware named ‘Crazy vampire’ in China.

The application is malicious modified version of a calendar application in which the developer added malicious code, changed the name, icon, sign, and UI.

The aim of the malware is to target Chinese users and get them to upgrade to the Premium service of the infected application.

Fake Android Markets

We have seen recently the spread of fake Android official market and website.

The fake android markets usually contain many (if not all of the them) malicious applications which can target the victim in the two places where it hurts the most – namely, money and privacy.

Those are malicious versions of the legitimate applications created by the legitimate developers.

The RSA Conference – the largest gathering of security vendors and the companies who buy their products – was held in San Francisco last month. Avast was in attendance, and I had the pleasure of moderating a panel on mobile security. Mobile security was also one of the top topics permeating the entire event. What I heard on the panel and throughout the conference, and what has been reinforced from my discussions with analysts and consultants to businesses, should have you all pretty worried.

The good news is that businesses want to embrace employees use of mobile phones and tablets. And it’s not just the biggest companies doing so: even small businesses are eager adopters of mobile technologies. After all, employees are more accessible and more productive when they can use their mobile devices for work. However, these are your devices; they are not the company’s and shouldn’t be treated as such. And that’s the challenge.

Businesses have legitimate concerns that these devices are inherently insecure, and that consumers don’t always secure their devices to the same level businesses do their PCs. They are also concerned about all the corporate data that these devices contain or can access, and that their loss or theft can compromise a company. And they are concerned that people will misuse their access to this data now that it’s on their person device.

The problem is that businesses want more security and control over your phone then they should have or even need: even more control than they have over the PCs they provide you.

• Because there are malicious apps, they want to keep a catalog of every app you install and be able to remove those applications without prior notice to you.
• Because mobile devices can hold private corporate data, they want the ability to wipe all data on your phone, also without prior notice to you.
• Because you could potentially misuse the phone by transferring corporate data between a business app (like email) and a personal app (like Facebook), they want to be able to monitor everything you do on that phone: your call logs, your text messages, all your social networking activity, all your browsing activity.

This blatant company disregard for employees’ privacy and property all in the name of security has gotten completely out of hand. One product that was given prominent attention at the conference basically rooted your device to put a monitoring and management layer underneath the operating system. Besides taking any semblance of control of your device away from you, this procedure would likely lead to voiding the warranty for many of your devices, especially Apple devices.

Using your mobile devices for work purposes should not require you giving up all your privacy rights or giving your company effective ownership of your device, without having to pay for it. If your company is letting you use your phone or tablet for work purposes, especially if it’s for more than email, then you should take a close look at your organization’s mobile policies – not just for what you should or should not be doing, but for what your company could be doing.

Read more here:
The Latest Threat To Your Mobile Phone: Your Employer

On March 6, the widely recognized institute AV-TEST published a long awaited review of Malware Protection for Android–with really disappointing results for us And the report was widely quoted in the media.

An analysis on our side quickly showed that an outdated version of McAfee Mobile Security had been tested. Yesterday AV-TEST announced that they had run a retest and they released an update of the results. This time, the current version of McAfee Mobile Security (2.0.1.366) and the new results reflect where we (and you) expect us to be: At the top.

In the test the top 10 products are rated with a >90 percent detection rate. A more detailed report of malware family detection shows we were one of just three products with flawless detection through all malware families. You can read all about the test and download the full report at AV-TEST.org.

We are happy that the confusion could be cleared up. If you ever needed a compelling reason to update to the latest version, then this test is one.

Visit link:
Android Malware Retest Puts McAfee Mobile Security at Top of Class