Menacing Android botnet still thrives 16 months after coming to light

"DressCode" poses a major risk, because it opens a direct connection to infected phones.

Read the whole story

 

[foobarian]

Putting Android in the news for bad security and pissing off advertisers. Google must love these guys! Kudos to DressCode's masters for doing something more creative than mining crypto on the infected phones though ;-)

 

[my dog is smarter than yours]

Putting Android in the news for bad security and pissing off advertisers. Google must love these guys! Kudos to DressCode's masters for doing something more creative than mining crypto on the infected phones though ;-)

Hardly more creative. Bots were doing this and sending spam long before crypto mining was a thing.

 

[BushLin]

I'm personally not cool with the quantity and frequency of data Google harvests from Android but they have it and know which devices have the malicious apps installed. Why wouldn't they use this knowledge to actually benefit the end user and remove it remotely?

 

[Neufeldt2002]

Definitely not regretting my move to iOS lately, even with the battery issue.

 

[Dzov]

Definitely not regretting my move to iOS lately, even with the battery issue.

Love the downvotes. People are unhappy with your lack of regret!

Really you pays your money and you takes your chances. Who cares what phone someone else enjoys using and it seems they all have downsides or potential downsides.

 

[foolishgrunt]

Definitely not regretting my move to iOS lately, even with the battery issue.

Love the downvotes. People are unhappy with your lack of regret!

Really you pays your money and you takes your chances. Who cares what phone someone else enjoys using and it seems they all have downsides or potential downsides.

I think it had more to do with his (apparent) smugness than his preference in phones.

 

[Bocarcaro]

Really you pays your money and you takes your chances. Who cares what phone someone else enjoys using and it seems they all have downsides or potential downsides.

I must say, this I agree with.

On topic, I'd appreciate some antivirus recommendations.

 

[sURFNmADNESS]

Forgot to include all the cheap Android tablets on the market which never get any sort of update from their manufactures. My RCA tablet is a great example of these.

 

[Dzov]

On topic, I'd appreciate some antivirus recommendations.

I have the feeling that Google auto-removes the known bad apps from people's phones. Is this correct?
Are the only people at risk of one of these viruses people who root their phones?

edit: the article says this: " It's not clear if Google remotely removed the DressCode and Sockbot apps from infected phones and attackers managed to compromise a new set of devices or if Google allowed phones to remain infected."

I wouldn't want to run antivirus on my phone as it is sure to burn up your battery's run time while slowing your phone down. Your best bet is to be picky about what you install.

Edit: Apparently there are good phone antiviruses as per sUrfNmADNESS' comment.

 

[GerryGilmore]

Eh, I'm not worried. Meltdown/Spectre has exhausted my worry quota for the year. /s

 

[I am not your friend]

I'm personally not cool with the quantity and frequency of data Google harvests from Android but they have it and know which devices have the malicious apps installed. Why wouldn't they use this knowledge to actually benefit the end user and remove it remotely?

Because as powerful as Google is, the fuckin telcos are the ones who really own your device.

 

[Dzov]

Eh, I'm not worried. Meltdown/Spectre has exhausted my worry quota for the year. /s

I stopped overly stressing after Equifax got hacked and leaked every possible bit of info needed to steal identities of every adult in the US. Like what can you do now? It's over. They've won.

 

[Deleted member 330960]

Android - The OS of choice for cheap stuff and ABA nerds :jebaited:

 

[Chemical Tribe]

'While Google has said it has the ability to remotely uninstall malicious apps from Android devices, some critics have argued that this level of control, particularly without end-user consent ahead of time, oversteps a red line. Google may therefore be reluctant to use it. "

While testing the app designed to test if bit flipping RAM could enable root on several devices (worked on none of them btw), it warned each one that I had a malicious app installed, stated that via persistent notification, and egged me to uninstall it.

Now if they know this app already they should do the same thing, although there is no indication it does it by code, probably more by app fingerprint, which is probably useless.

 

[Chemical Tribe]

I'm personally not cool with the quantity and frequency of data Google harvests from Android but they have it and know which devices have the malicious apps installed. Why wouldn't they use this knowledge to actually benefit the end user and remove it remotely?

"At the moment, there is no known list of apps that install the DressCode and Sockbot code. "

 

[sURFNmADNESS]

On topic, I'd appreciate some antivirus recommendations.

I have the feeling that Google auto-removes the known bad apps from people's phones. Is this correct?
Are the only people at risk of one of these viruses people who root their phones?

edit: the article says this: " It's not clear if Google remotely removed the DressCode and Sockbot apps from infected phones and attackers managed to compromise a new set of devices or if Google allowed phones to remain infected."

I wouldn't want to run antivirus on my phone as it is sure to burn up your battery's run time while slowing your phone down. Your best bet is to be picky about what you install.

While this might have been the rule in Android 1 and 2.0, it has long evolved along with the batteries in the phones. Lookout and others run quite well, pulling very little power.

 

[Ogre_]

Android - The OS of choice for cheap stuff and ABA nerds :jebaited:

Better power off your phone.
Apple IOS has had and still has it's own security issues.

There has never been a botnet made up of iOS devices. Nor any kind of malware like this installed on millions of devices (or even tens of thousands of iOS devices). This whitewashing where people try to claim iOS is just as bad as Android gets a little thin. In this case the apps were in the Google Play store for a significant time so it's not even as clear cut as "Blame the carriers" or even "Blame the OEMs".

 

[raxadian]

Gogle should at the very.least sent an alert using Google Play to the infected phones telkibg them what apps they have are infected.

 

[MatisyahuNZ]

I'm personally not cool with the quantity and frequency of data Google harvests from Android but they have it and know which devices have the malicious apps installed. Why wouldn't they use this knowledge to actually benefit the end user and remove it remotely?

The reason why is this:

While Google has said it has the ability to remotely uninstall malicious apps from Android devices, some critics have argued that this level of control, particularly without end-user consent ahead of time, oversteps a red line.

Microsoft is using innocuous telemetric data to improve their operating system and look at the conspiracy theories and privacy scaremonger that has occurred. Imagine Google doing the above with the accusations of 'big brother' and 'monitoring what applications you're using' rhetoric that would fill up Twitter, Facebook and Reddit with some family member who is 'good with computers' going around telling friends and family not to trust Android and/or disable the feature via some hack he found off a random apk website. Long story short, companies avoid bad publicity and this is why we can't have nice things. That being said, keep in mind the following:

Neither Hebeisen nor the hacker said they have any evidence Google Play has hosted DressCode or Sockbot apps in recent months.

So for the vast majority it is once again a non-issue. The problem sits with people who have knowledge - just enough to be dangerous to themselves and others but not enough knowledge to realise they're doing something that is irresponsible.

 

[BushLin]

I'm personally not cool with the quantity and frequency of data Google harvests from Android but they have it and know which devices have the malicious apps installed. Why wouldn't they use this knowledge to actually benefit the end user and remove it remotely?

The reason why is this:

While Google has said it has the ability to remotely uninstall malicious apps from Android devices, some critics have argued that this level of control, particularly without end-user consent ahead of time, oversteps a red line.

Microsoft is using innocuous telemetric data to improve their operating system and look at the conspiracy theories and privacy scaremonger that has occurred. imagine Google doing the above with the accusations of 'big brother' and 'monitoring what applications you're using' rhetoric that would fill up Twitter, Facebook and Reddit with some family member who is 'good with computers' going around telling friends and family not to trust Android and/or disable the feature via some hack he found off a random apk website. Long story short, companies avoid bad publicity and this is why we can't have nice things.

So if I understand your argument:
It's ok for Google to collect as much telemetry as Microsoft (if not more) as long as it's not obvious to the public; by doing something beneficial to them that they notice?
Because that would make them look bad?

(Ignoring the fact that Windows 10 doesn't seem to have less issues than previous versions; which only had minimal, opt in telemetry during actual problems)

 

[sURFNmADNESS]

Android - The OS of choice for cheap stuff and ABA nerds :jebaited:

Better power off your phone.
Apple IOS has had and still has it's own security issues.

There has never been a botnet made up of iOS devices. Nor any kind of malware like this installed on millions of devices (or even tens of thousands of iOS devices). This whitewashing where people try to claim iOS is just as bad as Android gets a little thin. In this case the apps were in the Google Play store for a significant time so it's not even as clear cut as "Blame the carriers" or even "Blame the OEMs".

Just keep your blinders on and keep telling yourself the bad man will not get you on your IOS.
Or just admit that anything is possible to hack and most likely has been over time.
https://www.cultofmac.com/128577/apple- ... nstration/

 

[Chemical Tribe]

I'm personally not cool with the quantity and frequency of data Google harvests from Android but they have it and know which devices have the malicious apps installed. Why wouldn't they use this knowledge to actually benefit the end user and remove it remotely?

The reason why is this:

While Google has said it has the ability to remotely uninstall malicious apps from Android devices, some critics have argued that this level of control, particularly without end-user consent ahead of time, oversteps a red line.

Microsoft is using innocuous telemetric data to improve their operating system and look at the conspiracy theories and privacy scaremonger that has occurred. imagine Google doing the above with the accusations of 'big brother' and 'monitoring what applications you're using' rhetoric that would fill up Twitter, Facebook and Reddit with some family member who is 'good with computers' going around telling friends and family not to trust Android and/or disable the feature via some hack he found off a random apk website. Long story short, companies avoid bad publicity and this is why we can't have nice things. That being said, keep in mind the following:

Now imagine if Google upon a .1 or upgrade "checked" the box saying it was ok to do location data, OS data, and others *without* your permission.

AND/OR they ignored your privacy settings and sent the OS data anyhow.

 

[Ogre_]

Android - The OS of choice for cheap stuff and ABA nerds :jebaited:

Better power off your phone.
Apple IOS has had and still has it's own security issues.

There has never been a botnet made up of iOS devices. Nor any kind of malware like this installed on millions of devices (or even tens of thousands of iOS devices). This whitewashing where people try to claim iOS is just as bad as Android gets a little thin. In this case the apps were in the Google Play store for a significant time so it's not even as clear cut as "Blame the carriers" or even "Blame the OEMs".

Just keep your blinders on and keep telling yourself the bad man will not get you on your IOS.
Or just admit that anything is possible to hack and most likely has been over time.
https://www.cultofmac.com/128577/apple- ... nstration/

Please... show me the light.

Just point out a single security incident like this on top of iOS. Where millions (or even thousands) of devices have been compromised, and are running malware on iOS for 18 months... or 6 months.

Just one.

 

[Chemical Tribe]

Android - The OS of choice for cheap stuff and ABA nerds :jebaited:

Better power off your phone.
Apple IOS has had and still has it's own security issues.

There has never been a botnet made up of iOS devices. Nor any kind of malware like this installed on millions of devices (or even tens of thousands of iOS devices). This whitewashing where people try to claim iOS is just as bad as Android gets a little thin. In this case the apps were in the Google Play store for a significant time so it's not even as clear cut as "Blame the carriers" or even "Blame the OEMs".

Just keep your blinders on and keep telling yourself the bad man will not get you on your IOS.
Or just admit that anything is possible to hack and most likely has been over time.
https://www.cultofmac.com/128577/apple- ... nstration/

Please... show me the light.

Just point out a single security incident like this on top of iOS. Where millions (or even thousands) of devices have been compromised, and are running malware on iOS for 18 months... or 6 months.

Just one.

https://blog.lookout.com/trident-pegasus

Was effective going back to ios7, so at least 2 years it went undetected.

If it makes you feel better, Android is low hanging fruit, and unless you are a political activist, should be fine on ios...

 

[Ogre_]

Android - The OS of choice for cheap stuff and ABA nerds :jebaited:

Better power off your phone.
Apple IOS has had and still has it's own security issues.

There has never been a botnet made up of iOS devices. Nor any kind of malware like this installed on millions of devices (or even tens of thousands of iOS devices). This whitewashing where people try to claim iOS is just as bad as Android gets a little thin. In this case the apps were in the Google Play store for a significant time so it's not even as clear cut as "Blame the carriers" or even "Blame the OEMs".

Just keep your blinders on and keep telling yourself the bad man will not get you on your IOS.
Or just admit that anything is possible to hack and most likely has been over time.
https://www.cultofmac.com/128577/apple- ... nstration/

Please... show me the light.

Just point out a single security incident like this on top of iOS. Where millions (or even thousands) of devices have been compromised, and are running malware on iOS for 18 months... or 6 months.

Just one.

https://blog.lookout.com/trident-pegasus

Was effective going back to ios7, so at least 2 years it went undetected.

If it makes you feel better, Android is low hanging fruit, and unless you are a political activist, should be fine on ios...

I'm not sure you read my post. Spear phishing a few individuals is a whole different class of exploit than the kind of drive-by botnet factories this article is talking about.

 

[Chemical Tribe]

I'm not sure you read my post. Spear phishing a few individuals is a whole different class of exploit than the kind of drive-by botnet factories this article is talking about.

You asked for "a security incident," you got one. One that's was in use for years. Which required 3 vulnerabilities (in the kernel and browser) to take over ios protections. And we don't really know how many were infected. As already stated, malware writers don't waste ios exploits on peons.

Nothing in this article says Android users got this via a "drive by." They installed apps who had this code in them.

 

[cbreak]

Eh, I'm not worried. Meltdown/Spectre has exhausted my worry quota for the year. /s

I stopped overly stressing after Equifax got hacked and leaked every possible bit of info needed to steal identities of every adult in the US. Like what can you do now? It's over. They've won.

Nah... that was just the people in the US, hardly relevant in the big scheme of things...

 

[acmegamer]

Eh, I'm not worried. Meltdown/Spectre has exhausted my worry quota for the year. /s

I stopped overly stressing after Equifax got hacked and leaked every possible bit of info needed to steal identities of every adult in the US. Like what can you do now? It's over. They've won.

About sums up how my wife and I feel. We did though freeze our credit after Equilfax hit. We just decided enough is enough. Freeze it. We'll do temp unfreezes when we need to do a large purchase and then re-freeze. Worth the cost.

 

[KiwiPhred]

I'm not sure you read my post. Spear phishing a few individuals is a whole different class of exploit than the kind of drive-by botnet factories this article is talking about.

You asked for "a security incident," you got one. One that's was in use for years. Which required 3 vulnerabilities (in the kernel and browser) to take over ios protections. And we don't really know how many were infected. As already stated, malware writers don't waste ios exploits on peons.

Nothing in this article says Android users got this via a "drive by." They installed apps who had this code in them.

Actually he said, "Just point out a single security incident LIKE THIS on top of iOS. " (My caps.)

Your example, while proving iOS is not immune to security issues, is nothing like the known scale of this Android issue, even if you attempt to paint it as though it is by use of "we don't really know how many were infected".

 

[Chemical Tribe]

I'm not sure you read my post. Spear phishing a few individuals is a whole different class of exploit than the kind of drive-by botnet factories this article is talking about.

You asked for "a security incident," you got one. One that's was in use for years. Which required 3 vulnerabilities (in the kernel and browser) to take over ios protections. And we don't really know how many were infected. As already stated, malware writers don't waste ios exploits on peons.

Nothing in this article says Android users got this via a "drive by." They installed apps who had this code in them.

Actually he said, "Just point out a single security incident LIKE THIS on top of iOS. " (My caps.)

Your example, while proving iOS is not immune to security issues, is nothing like the known scale of this Android issue, even if you attempt to paint it as though it is by use of "we don't really know how many were infected".

If you allow people to install whatever they want, this is what you get. While it is true that Google can do a better job vetting apps, the only way to prevent this is to take user freedom away. It is true that you can side load on ios but Apple makes it painful and near useless with all the limitations imposed on it to make it useless except as a bullet or talking point.
As stated already, this botnet was created by users installing bad apps, not by a "drive by". I don't need you to argue semantics with me.

 

[Ogre_]

I'm not sure you read my post. Spear phishing a few individuals is a whole different class of exploit than the kind of drive-by botnet factories this article is talking about.

You asked for "a security incident," you got one. One that's was in use for years. Which required 3 vulnerabilities (in the kernel and browser) to take over ios protections. And we don't really know how many were infected. As already stated, malware writers don't waste ios exploits on peons.

Nothing in this article says Android users got this via a "drive by." They installed apps who had this code in them.

Actually he said, "Just point out a single security incident LIKE THIS on top of iOS. " (My caps.)

Your example, while proving iOS is not immune to security issues, is nothing like the known scale of this Android issue, even if you attempt to paint it as though it is by use of "we don't really know how many were infected".

If you allow people to install whatever they want, this is what you get. While it is true that Google can do a better job vetting apps, the only way to prevent this is to take user freedom away. It is true that you can side load on ios but Apple makes it painful and near useless with all the limitations imposed on it to make it useless except as a bullet or talking point.
As stated already, this botnet was created by users installing bad apps, not by a "drive by". I don't need you to argue semantics with me.

These weren't side-loaded apps, they were in Google's store. If it was about side-loaded apps or if it were in some third party app store then you might have a point, but this is a failure on Google's part end-to-end. They failed to catch it in the Play Store, their on device security failed to prevent it from gaining privileges, and their after-incident response to this is a complete failure.

 

[BushLin]

I'm personally not cool with the quantity and frequency of data Google harvests from Android but they have it and know which devices have the malicious apps installed. Why wouldn't they use this knowledge to actually benefit the end user and remove it remotely?

The reason why is this:

While Google has said it has the ability to remotely uninstall malicious apps from Android devices, some critics have argued that this level of control, particularly without end-user consent ahead of time, oversteps a red line.

Microsoft is using innocuous telemetric data to improve their operating system and look at the conspiracy theories and privacy scaremonger that has occurred. imagine Google doing the above with the accusations of 'big brother' and 'monitoring what applications you're using' rhetoric that would fill up Twitter, Facebook and Reddit with some family member who is 'good with computers' going around telling friends and family not to trust Android and/or disable the feature via some hack he found off a random apk website. Long story short, companies avoid bad publicity and this is why we can't have nice things. That being said, keep in mind the following:

Now imagine if Google upon a .1 or upgrade "checked" the box saying it was ok to do location data, OS data, and others *without* your permission.

AND/OR they ignored your privacy settings and sent the OS data anyhow.

The thrust of your argument is good and correct, Android will retain your settings when getting an OS upgrade but...

Android still sends some telemetry regardless of settings, plus any carrier/manufacturer app telemetry added on top of AOSP. It is quite an effort to prevent this altogether.

 

[Chemical Tribe]

I'm not sure you read my post. Spear phishing a few individuals is a whole different class of exploit than the kind of drive-by botnet factories this article is talking about.

You asked for "a security incident," you got one. One that's was in use for years. Which required 3 vulnerabilities (in the kernel and browser) to take over ios protections. And we don't really know how many were infected. As already stated, malware writers don't waste ios exploits on peons.

Nothing in this article says Android users got this via a "drive by." They installed apps who had this code in them.

Actually he said, "Just point out a single security incident LIKE THIS on top of iOS. " (My caps.)

Your example, while proving iOS is not immune to security issues, is nothing like the known scale of this Android issue, even if you attempt to paint it as though it is by use of "we don't really know how many were infected".

If you allow people to install whatever they want, this is what you get. While it is true that Google can do a better job vetting apps, the only way to prevent this is to take user freedom away. It is true that you can side load on ios but Apple makes it painful and near useless with all the limitations imposed on it to make it useless except as a bullet or talking point.
As stated already, this botnet was created by users installing bad apps, not by a "drive by". I don't need you to argue semantics with me.

These weren't side-loaded apps, they were in Google's store. If it was about side-loaded apps or if it were in some third party app store then you might have a point, but this is a failure on Google's part end-to-end. They failed to catch it in the Play Store, their on device security failed to prevent it from gaining privileges, and their after-incident response to this is a complete failure.

Yeah, did you read that part in my last post about Google not doing good enough vetting apps?
Network stuff isn't something that needs gaining privileges - do you know how Android works?

 

[Ogre_]

I'm not sure you read my post. Spear phishing a few individuals is a whole different class of exploit than the kind of drive-by botnet factories this article is talking about.

You asked for "a security incident," you got one. One that's was in use for years. Which required 3 vulnerabilities (in the kernel and browser) to take over ios protections. And we don't really know how many were infected. As already stated, malware writers don't waste ios exploits on peons.

Nothing in this article says Android users got this via a "drive by." They installed apps who had this code in them.

Actually he said, "Just point out a single security incident LIKE THIS on top of iOS. " (My caps.)

Your example, while proving iOS is not immune to security issues, is nothing like the known scale of this Android issue, even if you attempt to paint it as though it is by use of "we don't really know how many were infected".

If you allow people to install whatever they want, this is what you get. While it is true that Google can do a better job vetting apps, the only way to prevent this is to take user freedom away. It is true that you can side load on ios but Apple makes it painful and near useless with all the limitations imposed on it to make it useless except as a bullet or talking point.
As stated already, this botnet was created by users installing bad apps, not by a "drive by". I don't need you to argue semantics with me.

These weren't side-loaded apps, they were in Google's store. If it was about side-loaded apps or if it were in some third party app store then you might have a point, but this is a failure on Google's part end-to-end. They failed to catch it in the Play Store, their on device security failed to prevent it from gaining privileges, and their after-incident response to this is a complete failure.

Yeah, did you read that part in my last post about Google not doing good enough vetting apps?
Network stuff isn't something that needs gaining privileges - do you know how Android works?

Your ability to nit-pick and argue about minor/ side points is amazing.

 

[Chemical Tribe]

Actually he said, "Just point out a single security incident LIKE THIS on top of iOS. " (My caps.)

Your example, while proving iOS is not immune to security issues, is nothing like the known scale of this Android issue, even if you attempt to paint it as though it is by use of "we don't really know how many were infected".

If you allow people to install whatever they want, this is what you get. While it is true that Google can do a better job vetting apps, the only way to prevent this is to take user freedom away. It is true that you can side load on ios but Apple makes it painful and near useless with all the limitations imposed on it to make it useless except as a bullet or talking point.
As stated already, this botnet was created by users installing bad apps, not by a "drive by". I don't need you to argue semantics with me.

These weren't side-loaded apps, they were in Google's store. If it was about side-loaded apps or if it were in some third party app store then you might have a point, but this is a failure on Google's part end-to-end. They failed to catch it in the Play Store, their on device security failed to prevent it from gaining privileges, and their after-incident response to this is a complete failure.

Yeah, did you read that part in my last post about Google not doing good enough vetting apps?
Network stuff isn't something that needs gaining privileges - do you know how Android works?

Your ability to nit-pick and argue about minor/ side points is amazing.

I'm so overwhelmed right now.

 

[Chemical Tribe]

Josephine125[/url]"]
Only stupid bots do this shit. Reported.