Bootbot creates Android zombies
Originally published at The Preternatural Post. Please leave any comments there.
With Android smartphones and mobile devices accounting for 59 percent of the market share during the second quarter of 2012, it’s no surprise they have become a popular target for cybercriminals. But who would have guessed their goal was to turn Android device into zombies?
That’s exactly what they are doing using the first Android bootkit, according to a new report for AVG Technologies. The bootkit turns your Android phone into a zombie and puts it under the full control of cybercriminals.
The AVG Community Powered Threat Report for Q2 2012, released last week, reports hackers and other cybercriminals are cashing in on the app craze by disguising the malware bootkit also known as DKF bootkit, as a legitimate app for android users. Once users download the app, the malware encourages them to click OK to run it which then roots the device. Since most smartphones are connected to either a mobile operator or other payment processor even when they are pre-paid, the malware author can syphon off small amounts of money on an ongoing basis using premium SMS. Even more insidious, the user may not notice the losses because the amounts are kept small.
Unfortunately, the bootbot isn’t the only threat targeting Android devices. Malware creators have also developed a Trojan-infected and obviously unofficial version of the highly popular Angry Birds game app. This app, while it looks and functions exactly like the Angry Bird Space app created by Rovio and in conjunction with NASA, uses the GingerBreak exploit to root Android devices. The rooting allows the malware to download and install additional software onto the victims smartphone, turn it into a botnet or even modify files and launch URLs turning phones into zombies no longer under the user and owner’s control.
Spoof FBI notice of copyright violation
Another threat that role players may be particularly vulnerable to even though it is not a mobile threat is a spoof FBI legal action ransomware scam. This scam, uncovered by AVG in June 2012, uses the Blackhole Exploit kit to lock up a computer’s Windows operating system. The user is shown a ransom page falsely stating their PC has been used to violate copyright laws, view pornography or even violated a “Neglectful Use of Personal Computer article 210 of the Criminal Code” (which doesn’t exist, by the way). The page demands the user pay $100 through an untraceable money transfer in order to unlock their PC. It goes without saying, the US Federal Bureau of Investigations (FBI) doesn’t do business or pursue potential legal violations in this way.
Role players may also have noticed an increase in the amount of spam finding their email inboxes over the second quarter of 2012. AVG indicates that some of the sites widely used by RPers including Facebook, Twitter, Gmail, Yahoo, and Tumblr are all among the top domains found in spam messages during the quarter.
Protect yourself from becoming a zombie
No one wants their device to become a zombie. To protect yourself, AVG recommends taking the following simple precautions:
- Only download apps from application stores, sites and developers you trust.
- Always check the application rating, user reviews and developer profile before you download and make sure you know what you are downloading.
- Think before you click OK to allow an app or program permission to alter anything on your system whether it’s on your smartphone, tablet or computer. Ask yourself if there is a valid reason the app or program needs that kind of access.
- Install antivirus software on your Phone and computer. Make sure it is kept up to date.
- Keep programs like Adobe Reader and Java up-to-date so you aren’t tempted to upgrade when trying to access content from the web.
- Monitor your bills carefully, very carefully. If you notice anything, no matter small the amount, that you can’t account for, investigate further.
Protection yourself online isn’t always about the personal information you knowingly reveal or the sometime uncomfortable intensity of online relationships. It’s not even about the gossip and bullying that seems so prevalent online. It’s also about the sneak attacks that you never see coming. After all, you’re just a role player, who would want to hurt you. As it turns out, plenty of people. Be smart, protect yourself and your character. Don’t fall victim to the zombie apocalypse. Not when it’s so easy to avoid.
Related Posts