Forgot your password?
typodupeerror

+ - Delivering Malicious Android Apps Hidden In Image Files

Submitted by Anonymous Coward
An anonymous reader writes "Researchers have found a way to deliver a malicious app to Android users by hiding it into what seems to be an encrypted image file, which is then delivered via a legitimate, seemingly innocuous wrapper app. Fortinet malware researcher Axelle Apvrille and reverse engineer Ange Albertini created a custom tool they dubbed AngeCryption, which allows them to encrypt the payload Android application package (APK) and make it look like an image (PNG, JPG) file . They also had to create another APK that carries the "booby-trapped" image file and which can decrypt it to unveil the malicious APK file and install it. A malicious app thusly encrypted is nearly invisible to reverse engineers, and possibly even to AV solutions and Google's Android Bouncer."

Comment: Re:Very easy to solve (Score 5, Insightful) 179

by Cenan (#48101009) Attached to: Eric Schmidt: Anxiety Over US Spying Will "Break the Internet"

Yeah, because we trust them to abide by the law. This is a problem that words on paper won't be able to solve. You cannot ever prove that the NSA (or whichever agency) does not snoop, even if the law says they can't do it. They have been proven to snoop, the cat is out of the bag, end of story.

Comment: Re:but useful software is not cheap to make (Score 4, Informative) 103

by Cenan (#48100333) Attached to: The Malware of the Future May Come Bearing Real Gifts

AC? Meet download.cnet.com. All the crap you could ever want, nicely bundled with more spyware than you care to imagine. If you're ever in the market for some free software, and dumb enough to use Google to find it, chances are you'll be presented with a forest of hits all directing you there.

Quality has nothing to do with it. These guys have made a business out of bundling mediocre with bad or downright malicious, and have put in a lot of effort to appear high enough on search engines to catch eyes. Malware authors don't need to produce anything useful at all.

Comment: Re:I've been impressed with IE lately (Score 1) 122

by Cenan (#48056605) Attached to: Internet Explorer Implements HTTP/2 Support

Well, I've done the same damage to my own circle of friends. Funny though, it's never really been much of an issue with online shopping here (Denmark) since the banks were quite fast with a unified solution that just works, and to date has had no incidents from a security standpoint (same goes for chip+PIN, this was introduced a decade ago, and I've yet to hear about any leaked CCs around here).

But the damage lingers long after you've abandoned the gripe yourself, I can relate to that. My sister still calls me up to have the "which AV should I chose" discussion, even though I've told her I don't use AV anymore - I use sensible online conduct instead. She is still wary of Steam because I've raved, at length, about the horrors of their draconian DRM. I use Steam extensively now. The thing is though, that as much as we as nerds have griped to friends and relatives, there are probably an order of magnitude more people who have not heard it, don't care about it, or have simply forgotten about it again.

as backwards as Microsoft has gone with their UI, security wise I'd say you are no worse off than swiping your card at any POS terminal now

LOL. That's not really an endorsement though. Every American with a CC has had it leaked at least 3 times over (statistically), just within the preceding year alone. But I get your point.

Comment: Re:I've been impressed with IE lately (Score 4, Insightful) 122

by Cenan (#48055247) Attached to: Internet Explorer Implements HTTP/2 Support

What the mobile (or smartphone) boom should have shown every nerd on the face of the planet: nobody outside of /. gives a shit about "reputation" when picking up a new phone or tablet. If Microsoft manages to launch a smartphone that is affordable (i.e not priced above an iPhone) and manages to make Windows-not-metro-for-fucks-sake-please-dear-god-please-stop-reminding-us usable on a touch device and the desktop at the same time, all that bad nerd press from the last 15-20 years will mean diddly squat for their sales figures.

The non nerdy friends and colleagues I have all pretty much agree on what is important in a new phone: camera (especially camera vs. dim light conditions), app store inventory (games mostly), fb app, twitter app, instagram app. Who made the device is of very little concern.

Now, with a one OS to rule all platforms approach, they might even be able to add some of that Apple just-works magic to their portfolio, which is not to be scuffed at.

And I agree, MS is not old MS anymore. They've been forced to try and keep up rather than the old buy-and-extinguish strategy, at least in the mobile and touch device market, and I think it's been good for them.

No man is an island if he's on at least one mailing list.

Working...