Custom Android ROMs under malware threat
The malware, which is only known as jSMSHider, can infiltrate rooted devices and handsets running certain custom ROMs. Reportedly, CyanogenMod users should be fine as long as they are running the custom ROM's latest version. It is nice to know that until now, there have been no reports of the malicious code coming along with any apps distributed through the Android Market, so if you have not downloaded anything from any third-party software marketplaces, you should be fine. Once in control of your device, jSMSHider has full access to your text messages and it can also install other apps without you even noticing. Besides that, the malware can communicate with a remote server meaning that data from your smartphone might end up in someone else's possession.
Fortunately, jSMSHider has not been known to have caused any major damage so far, but considering the narrow field of users that it targets, we doubt that it ever will. Nevertheless, its existence goes to show that you should always be careful when downloading software from any unreliable sources.
source: Lookout Mobile Security via Electronista
1. android_hitman posted on 17 Jun 2011, 10:02 2 2
really? again? i am using DarkyRom 10.1 RE 2.3.3; i don't think all the custom rom devs are evil
2. Sniggly posted on 17 Jun 2011, 11:01 9 3
The last sentence is the key. Don't be a moron and download suspicious looking sh.it.
17. ilia1986 posted on 18 Jun 2011, 01:17 1 1
Wait.. isn't downloading stuff from other places besides the Market is what Android is all about? Or installing custom (not necessarily well known) Roms is? Or tweaking your phone as much as you want?
Because you know - everyone hates Apple of how limited an unjailbroken iPhone is - and wanna buy Android phones instead...
Is it blown out of proportion? I dunno. I just know that if this were to happen to you - and yes it COULD happen to you if you had a certain custom Rom installed prior knowing about this malware - you wouldn't say it's blown out of proportion. You would probably buy an iPhone (LOL).
18. Sniggly posted on 18 Jun 2011, 01:59 2 0
Um, ilia, getting a virus on my computer didn't make me buy a Mac. It just made me more wary.
I would love to see every single weakness Android's software has to be plugged up. I know it's not perfect. But the platform works well anyway, and I like the freedom I do have.
21. ilia1986 posted on 18 Jun 2011, 02:25 1 2
Freedom is fine - and as far as I'm concerned I believe that Android is a significantly better OS than iOS.
However - there ARE a lot of people out there that got viruses on their computers - and switched to Macs. The problem is that Android - because of it's popularity and it being open source - has a lot of security risks and vulnerabilities.
Now, unlike PCs, which at the worst case scenario have you losing data because of viruses - phones store inside them a lot of personal data as well - phone numbers, messages, and yes - credit card accounts as well via Apple ID or Google equivalent on Android. Most PC users won't give out their credit card number on the net on a site they don't know. Smartphones, however have all these things integrated inside them already. And that's even before NFC and Google wallet or whatever it's called.
Buttom line is - I don't see Google taking any drastic steps in ensuring that it's mobile OS is secure. The most they have done is pull infected apps out of the market. That's like locking the barn after the horse got away.
Now all of this wouldn't be that bad if these were PCs. But we're talking Personal and Financial data here. On every smartphone.
3. haha (unregistered) posted on 17 Jun 2011, 11:31 3 4
Because you are the geniuses of geniuses Sniggly, and any negative press android gets you're there to save the day and praise allah
5. Sniggly posted on 17 Jun 2011, 12:01 5 3
I'm actually a rocket scientist. And yes, when minutia like this is blown out of proportion, I'll call shenanigans.
7. 530gemini posted on 17 Jun 2011, 14:59 3 7
Blown out of proportions? Oh please. Don't flatter yourself. Only idevices get overwhelming attention from the media. Android issues are not given attention by the media, so don't say that this is blown out of proportions. It didn't make the headlines, sorry.
4. SuperAndroidEvo posted on 17 Jun 2011, 11:42 3 4
It's the same sh*t just a different article. ONLY download REPUTABLE stuff. If you have to think about it then that's a CLEAR NO! In this day and age it's insane that people STILL fall for that & STILL get malware. I just don't know what else to say. PROTECT YOUR SELF FOR YOUR OWN GOOD!!
6. 530gemini posted on 17 Jun 2011, 14:56 2 4
Wow really? So what if your friend's account got hacked? And the hacker used your friend's email to send you a message to open a link or an attachment? Ooooooppppssss.
8. SuperAndroidEvo posted on 17 Jun 2011, 15:22 3 1
That is very general. Did this hacker get my email because my friend downloaded a crappy non reputable ROM? I mean what we are talking about is not the same as what you are insinuating? What you say can happen to any OS not just Android. If my friend was stupid enough to download a bogus ROM & then the hacker sends me an email with my friends name, then I am f*cked. If my friend decided to PROTECT himself like I stated before then this would be a non issue! So to avoid malware just use a little common sense. You will be protecting yourself & others all at the same time! “And knowing is half the battle!” G I JOE!!!!!!!! lol
13. 530gemini posted on 17 Jun 2011, 19:27 0 2
Insinuating? The scenario that I gave you is one of the most common ones used by hackers. It's not merely an insinuation. Good thing my MacBook/ipad/iphone are able to identify malicious emails and won't even let me open those types of attachments, which are probably flash based attachments, lol.
24. DigitalBoy05 posted on 18 Jun 2011, 16:13 0 0
Why is this rated negative? its just plain common sense to be safe than sorry when it comes to the apps you put on your phone.
9. dgdfgfg (unregistered) posted on 17 Jun 2011, 15:36 0 0
HAHA, of course android doesn't get any media attention. Because NO ONE gives a s**t except for the 6 hecklers who constantly have to comment on any apple or android article.
11. Whateverman posted on 17 Jun 2011, 18:20 2 1
This sounds like more of a custom ROM fail to me.
12. snigglysucks (unregistered) posted on 17 Jun 2011, 19:26 3 3
Sniggly... can you just stfu already? Do the world a favor and /wrists.
19. Sniggly posted on 18 Jun 2011, 02:00 0 0
Taco, you don't even know what the fu.ck a troll is. Be quiet.
16. chethan316 posted on 18 Jun 2011, 01:10 0 0
Sniggly, don't pay heed to what the haters(trolls) say. Let it go mate.
20. Sniggly posted on 18 Jun 2011, 02:00 0 0
Lol, they are silly, aren't they?
22. V (unregistered) posted on 18 Jun 2011, 04:53 0 0
This article is BS, and some people are insanely stupid. The thing is if you don't store all the s**t surrounding you in the real life on your handset, you can't get burned.
Who cares if your data is transmitted to some hacker's server?! What to steal? Telephone numbers?! My music playlist from sd card?! App list?! Be realistic.
Real threat is that virus that will kill your handset, otherwise, this is a big BS.
I have a lot of apps from another sites, I got them full for free and I'm not worried.
If you're stupid, it's true, it may be a risk...
23. ilia1986 posted on 18 Jun 2011, 11:24 1 1
Oh really.. and what about your precious credit card number with which you get to purchase all those shiny apps and games? Think that it's safe because it's stored on Google's servers? Think again...
25. V (unregistered) posted on 18 Jun 2011, 17:58 0 2
Read again my post. I said I'm installing on my phone some apps from another sites, others than android market, and they are cracked. So I don't care about the credit card number which I don't have entered. I hope it's clear now for you. The idea is that they can get s**t from me...
27. ilia1986 posted on 19 Jun 2011, 00:17 0 0
And do read again my post. As I said - if one of these apps is infected with malware - NOTHING is stopping it from grabbing your Google ID or whatever and automatically buy stuff for cash on the market - for the sake of it - and when Google Wallet becomes available and you have your credit card number INSIDE YOUR PHONE - cause you to go completely bankrupt.
28. biglebronski posted on 19 Jun 2011, 09:23 0 0
Good article, but please lay off the commas. It's not easy to read a story that has three times the commas that it needs.