“The Trojan virus, named Trojan-SMS.AndroidOS.FakePlayer.a, is distributed through a message sent to users prompting them to install a 13 kilobyte (KB) ‘harmless’ media player application,” Hutchinson reports.
“Once installed, the Trojan virus sends SMS messages to premium rate numbers without notifying the user,” Hutchinson reports.
Full article here.
MacDailyNews Take: This is big reason why Apple offers a curated App Store. You’d have to jailbreak your iOS device in order to open yourself up to even the possibility of this type of Trojan attack. Not so with Google Android where malware is a “feature.” Get a real iPhone.
[Thanks to MacDailyNews Reader “James W.” for the heads up.]
To be fair, a “Trojan” is NOT a virus.
A virus can SELF-REPLICATE. A Trojan requires user assistance to install.
It’s not called a Trojan because it’s a condom! It’s called a Trojan because some peole got lazy and stopped calling it by it’s proper nickname, Trojan Horse.
I will take a class action against Google if it prevents our apps, whether benign or malicious from the Android Marketplace.
Hasn’t Google been preaching the goodness of free choice? Google must not be evil and to start curating the Android Marketplace and put up a walled garden. We developers have been promised by Google that our apps would not be blocked or taken off. We were promised that our apps can do anything we want without the onerous oversight by Google. We have spent money, time and effort to make our apps efficient in order to steal data from users so that we can become millionaires overnight.
So I want to warn Google again: don’t be evil.
Hey I just got rid of the biggest Trojan of them all: Flash
Ok, I know its not a trojan but after installing Click to Flash on my Mac, Safari is a speed demon. All the banners and embedded video that is Flash based is not loaded unless you specifically as it to be by clicking on it. I couldn’t believe it made such a difference. It was a tip from one of the Mac Geniuses from the Apple Store.
Back to Trojans and viruses – both are easy to get if you’re not careful. I’ve been thinking about installing ClamX again just in case. Unfortunately there are no anti-virus filters for iOS4.
Silverhawk…
Have to disagree. By your definition, there would be no viruses or trojans because all of them result by users actions.
It’s not social engineering unless the malware tricks you into bypassing existing security measures.
The PDF exploit is a hole that requires no specific action other than following a link that could and probably would look very benign. You could be checking your kids lunch menu for their school and boom your iPhone’s data could be accessed and downloaded.
That’s a problem and it’s Apple’s to solve. I’m a big fan, but wearing blinders isn’t helpful to anyone.
My, my, poor Google. Who in their right mind would want a Google product now? Between the shit bag Android security and Google acting as the cyber gestapo, they`ve turned into quite the bunch of F`n douchebags. So take your pick roid ragers, either Google bends you over, or you get from one your famous free and open apps.
But its FRRREEEEEEEEEE!!!
So is syphilis.
Maybe someone will come out with some FRREEEE anti-virus to run on your phones too?
LOL
Let’s not forget the mighty iPad that has been hacked 2 times now zinger
@silverhawk
My understanding is that you could be exploited just by visiting a PDF on the web. So if you could be induced to click a link on a web webpage thinking it’s going to navigate you to a new web page but instead pops open the PDF you are done for.
There is a much lower threshold for getting people to do that rather than opening a PDF from a stranger.
Don’t forget, the closed app store system is only as secure as the reviewers reviewing the apps. There have already been cases of apps bypassing the review team that collect and send put personal information.
I do believe the closed system is better and more secure, but don’t believe it’s invincible.
I see you’re using Microsoft Logic(TM).
iOS has a PDF exploit, yet nobody has succeeding in doing anything malicious with it. Right now, it’s only got the theoretical potential to be dangerous. It’s also going to be patched soon, likely nipping the problem in the bud.
Android has a trojan that will fucking steal your money. Not in theory. For real. It doesn’t just have the protential to be dangerous, it IS dangerous. For real. It’s out there doing actual damage to actual people as we speak.
The loser in this equation?
iOS. Why?
Because the hypothetical possibility that malware might appear sometime in the future if certain condition are met is always waaaaaaaaaaaay worse than having actual malware infecting devices right now in the present. That’s why Android somehow wins the security contest even though it’s the one under attack by cyber-thieves and iOS isn’t.
So you see, the platform with real malware infecting it is always safer than the platform that could maybe theoretically be infected by malware if if the planets lined up right, someday. Now stay in your pen, sheep… Stick with Windows! Err… I mean, stick with Android!
Incidentally, amusing headline on the MacWorld UK sidebar.
“South Korean police raid Google’s office over Street View”
I’m alittle confused though, because Google “does no evil”… Hah hah, it must be some kind of funny mistake! Those Koreans are so wacky.
Wtf r u talking about “nobody has succeeding in doing anything malicious with it.”?
jailbreakme.com already has succeeded, they have just opted to jailbreak – and not damage – your phone. The potential for this bug to escalate is big as described by the link given by PDF_Dewd:
Q: How difficult was it to create this exploit?
A: Very difficult.
Q: How difficult would it be for someone else to modify the exploit now that it’s out?
A: Quite easy.
Q: Which versions of iPhones, iPads and iPod touches are affected?
A: All of them.
..now go back and lick Steve’s ass
“Droid does…..expensive SMS messaging.”
Droid…..Duhs!
Android the next windows, only on a phone.
I’ll stick with a safe platform, IOS4 and the iPhone.
“they have just opted to jailbreak – and not damage – your phone”
That is the effing point!!!!!
you said it yourself, nothing malicious has happened yet.
Whereas Android has applications stealing you money RIGHT NOW!
Moron Fandroid.
@Bas
“Love my iPhone but wouldn’t really brag about the security while that PDF exploit is still in the wild.’
Really? Im a little angrier at something that I just had to surf too, not even download.
Sorry, but I’ll stick with the Mac + pdf version that I have to install, instead of the PC “hey, you’re just screwed” version, if that’s ok w/ you. Just seems a little less evil to me.
Coming soon… Norton and Mcafee anti-malware apps for Android that “multi-tasks” in the background to protect users from malware. Practically guaranteed, since Norton and Mcafee (and the rest of the “security” companies) will want their piece of the action in the mobile space. And hackers will want their piece too…
Although it is called a “trojan,” it does self-propagate without user action, once it is installed. I’ve never heard of a Mac OS X trojan that affected more than just the direct user that was fooled into installing it.
So where are the iPhone haters from Engadget now? How come there’s no post on Engadget about this?
“Don’t be evil?” Yeah, right!
And let’s not forget the mantra from the Development Conference:
“…Do you want your OS to be the vision of one man?”
Answer: YES, AS LONG AS IT’S STEVE JOBS AND NOT Benedict Arnold Schmidt and his NUTTY CREW PLANNING ON TAKING OVER THE ENTIRE WORLD.
Where’s your open source bragging now? You’re about to meet some really ugly people who will want to use the 200,000 activations per day that you brag about to spread their crap. It’s only a matter of time before Android phones and appliances become zombies. I’ll take some control of apps in lieu of that any day.
….Oh yeah, one more thing.
Android is making an iPad competitor/clone.
Everybody say “OH SH*T!”
It’s enough having your phone taken over, but it will now permeate everything you do. Cloud storage = cloud infection through everything. Again, I’ll stick with Apple’s solution, even though I get a little mad about them sometimes, it turns out to be safer.
@ ken1w
Very amusing and so true.
@ RW
Love your tiraid.
As for “@@funnystuff”, “Darkbroccoli” & Nicu,
Fandroids & FUDters.
The company involved in manufacturing glass for the iPhone’s signature shell is “still working out the perfect combination of paint thickness and opacity” to achieve Apple’s trademark “absolute whiteness.”
http://www.healthproductreviewers.com/my-superstar-smile-reviews.html
To the guy who thinks the jailbreakme site is malicious, time for you to go back to school.
Jailbreakme, while using the exploit, does nothing HARMFUL. It’s sad that you cannot understand that concept. Whereas on Android, there is stuff stealing your info and sending it to servers in china.
FYI: Jame Hutchinson is computer security IGNORANT:
“”Cyber security company, Kaspersky Lab, has identified the first virus to hit Google’s Android operating system,” James Hutchinson reports for Computerworld.”
NO. It’s NOT a ‘virus’. It is a Trojan horse form of malware.
Training for newbies:
Malware = the general term.
Virus = One TYPE of malware. It is self-replicating and deliberately destructive to the computers in infects. It never requires user installation.
Trojan horse = One TYPE of malware. It cannot self-replicate or infect anything without LUSER error whereby the user installs the malware. It’s behavior after installation can be anything.
I cover the other forms of malware at my Mac Security blog:
http://Mac-Security.blogspot.com
Also for newbies:
Here is the current Mac OS X malware count:
Trojan horses: 23
Illegal spyware: 1 (which is also a Trojan)
That is all.
Oh and for suckers who believe in the Security By Obscurity myth: Explain why Windows has over 1000x more malware on a per user basis (IOW if both platforms has equal numbers of users). I consider that shocking. It also makes ‘SBO’ entirely ridiculous.
The Android has a lot better multitasking than the iphone.
Apps are not censored in the Android app store which means there are more than 1 type of app for different things and are things you wouldn’t find in the iphone app store.
http://www.procleansegoldwarning.com
Btw, for an Android user to install the fake media player trojan, they must first enter settings and change the Allow Unknown Applications option to on. Once they do so, they are given a very blatant warning of what they could be getting themselves into. Also, when installing any app, you’re show exactly what this app can access, so if your new labyrinth game wants full access to the internet and your sms program, you might just wonder if somethings amiss…
Sent from my Droid X using Swype
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
P.S. Having flash is great for the pr0nz ;p
P.S.2 the game ^_^