Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    June 2013
    S M T W T F S
    « May   Jul »
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    30  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for June 18th, 2013




    Last week, we talked about the OBAD Android malware, which installed itself as an administrator on the device and used a vulnerability in Android to hide this fact from the user.

    One effect of this particular behavior was to make removal of this threat very difficult. Apps that have set themselves up as administrators require user interaction to remove: but because the vulnerability hides the app, it can’t be removed.

    In response to this threat, we have created the Hidden Device Admin Detector app. This tool’s purpose is simple: it allows users to keep track of and disable apps that have device administrator privileges┬ábut are hidden from Android Device Administrator list.

    Most apps do not need to these device administrator privileges. One can think of them as being analogous to holding root access on a Linux/Unix machine, or having administrator access on Windows. It gives you complete control over the machine. Most apps do not need this level of access; this is why the user has to be prompted to enable these privileges. Apps that do require these privileges include security apps (like Trend Micro Mobile Security) and system administration apps that may be used in BYOD situations.

    When run, the app will display the apps with administrator privileges that exploit this vulnerability to hide themselves:

    Figure 1. Hidden Device Admin Detector app

    From here, users can disable the privileges. Malicious apps with disabled administrator privileges can be removed normally, either by security products or the user.

    Android does contain this feature as well, but because of the above vulnerability the list it provides may not be complete. Google may patch the vulnerability in the future, but the complicated Android update situation means many users will never get the patch. We recommend that all users download this app and periodically check for malicious apps on their Android devices.

    You can download the app by going to the Google Play app store.

     
    Posted in Malware, Mobile | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice