Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Mobile’ Category




    Note: The author of the entry has been changed to Chengkai Tao. We've recently discovered a design flaw in Android devices that allows fake apps to hijack legitimate app updates, thus enabling the fake app to steal the information stored by the targeted legitimate app. The flaw lies in a common practice for mobile users in China: using an external storage device (such as an SD card) to store downloaded Android application package (APK) files. China-based users commonly update their apps directly -- ...

    Posted in Malware, Mobile | Comments Off



    Just six months after mobile malware and high risk apps reached the one million mark, we have learned that that number has now doubled. Figure 1. The number of malicious and high risk apps reaches the 2M mark This milestone comes at the heels of the "tenth anniversary” of mobile malware. 2004 saw the first mobile malware—a proof-of-concept (PoC) malware named SYMBOS_CABIR—which infected Nokia phones. But it wasn’t until during the start of the smartphone era that mobile malware exploded onto the ...

    Posted in Malware, Mobile | Comments Off



    Recently, other researchers reported that a new Android malware family (detected as ANDROIDOS_KAGECOIN.HBT) had cryptocurrency mining capabilities. Based on our analysis, we have found that this malware is involved in the mining for various digital currencies, including Bitcoin, Litecoin, and Dogecoin. This has real consequences for users: shorter battery life, increased wear and tear, all of which could lead to a shorter device lifespan. The researchers originally found ANDROIDOS_KAGECOIN as repacked copies of popular apps such as Football Manager Handheld and TuneIn Radio. The apps ...




    Note: We have clarified the use of the word "bricking" in this blog post, and added a solution for developers and other power users. We recently read about an Android system crash vulnerability affecting Google's Bouncer™ infrastructure, one that, alarmingly, also affects mobile devices with Android OS versions 4.0 and above. We believe that this vulnerability may be used by cybercriminals to do some substantial damage on Android smartphones and tablets. The device is stuck in an endless reboot loop, or a ...




    A key part of Anrdoid's access control policies are permissions. To access certain resources on an Android device, applications need to request and be granted specific permissions. However, beyond those permissions specified by the operations system, an app can define its own customized permissions. Generally, this is done to protect an app's own functions or data. Custom permissions like these are usually defined at either the "signature" or "signatureOrSystem" protection levels. These are defined in the Android Open Source Project (AOSP) ...

    Posted in Mobile, Vulnerabilities | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice