Custom Android ROMs under malware threat

Custom Android ROMs under malware threat
For quite some time now, the Android platform has been a tempting target for hackers, and the companies, which specialize in fighting them, believe that the attacks are not going to cease soon. Speaking of hackers, Lookout Mobile Security has just identified another piece of malware that users should watch out for, and judging by what it can do, it is definitely something that you don't want hiding inside your device.

The malware, which is only known as jSMSHider, can infiltrate rooted devices and handsets running certain custom ROMs. Reportedly, CyanogenMod users should be fine as long as they are running the custom ROM's latest version. It is nice to know that until now, there have been no reports of the malicious code coming along with any apps distributed through the Android Market, so if you have not downloaded anything from any third-party software marketplaces, you should be fine. Once in control of your device, jSMSHider has full access to your text messages and it can also install other apps without you even noticing. Besides that, the malware can communicate with a remote server meaning that data from your smartphone might end up in someone else's possession.

Fortunately, jSMSHider has not been known to have caused any major damage so far, but considering the narrow field of users that it targets, we doubt that it ever will. Nevertheless, its existence goes to show that you should always be careful when downloading software from any unreliable sources.

source: Lookout Mobile Security via Electronista

FEATURED VIDEO

28 Comments

1. android_hitman unregistered

really? again? i am using DarkyRom 10.1 RE 2.3.3; i don't think all the custom rom devs are evil

2. Sniggly

Posts: 7305; Member since: Dec 05, 2009

The last sentence is the key. Don't be a moron and download suspicious looking sh.it.

17. ilia1986 unregistered

Wait.. isn't downloading stuff from other places besides the Market is what Android is all about? Or installing custom (not necessarily well known) Roms is? Or tweaking your phone as much as you want? Because you know - everyone hates Apple of how limited an unjailbroken iPhone is - and wanna buy Android phones instead... Is it blown out of proportion? I dunno. I just know that if this were to happen to you - and yes it COULD happen to you if you had a certain custom Rom installed prior knowing about this malware - you wouldn't say it's blown out of proportion. You would probably buy an iPhone (LOL).

18. Sniggly

Posts: 7305; Member since: Dec 05, 2009

Um, ilia, getting a virus on my computer didn't make me buy a Mac. It just made me more wary. I would love to see every single weakness Android's software has to be plugged up. I know it's not perfect. But the platform works well anyway, and I like the freedom I do have.

21. ilia1986 unregistered

Freedom is fine - and as far as I'm concerned I believe that Android is a significantly better OS than iOS. However - there ARE a lot of people out there that got viruses on their computers - and switched to Macs. The problem is that Android - because of it's popularity and it being open source - has a lot of security risks and vulnerabilities. Now, unlike PCs, which at the worst case scenario have you losing data because of viruses - phones store inside them a lot of personal data as well - phone numbers, messages, and yes - credit card accounts as well via Apple ID or Google equivalent on Android. Most PC users won't give out their credit card number on the net on a site they don't know. Smartphones, however have all these things integrated inside them already. And that's even before NFC and Google wallet or whatever it's called.Buttom line is - I don't see Google taking any drastic steps in ensuring that it's mobile OS is secure. The most they have done is pull infected apps out of the market. That's like locking the barn after the horse got away. Now all of this wouldn't be that bad if these were PCs. But we're talking Personal and Financial data here. On every smartphone.

3. haha unregistered

Because you are the geniuses of geniuses Sniggly, and any negative press android gets you're there to save the day and praise allah

5. Sniggly

Posts: 7305; Member since: Dec 05, 2009

I'm actually a rocket scientist. And yes, when minutia like this is blown out of proportion, I'll call shenanigans.

7. 530gemini

Posts: 2198; Member since: Sep 09, 2010

Blown out of proportions? Oh please. Don't flatter yourself. Only idevices get overwhelming attention from the media. Android issues are not given attention by the media, so don't say that this is blown out of proportions. It didn't make the headlines, sorry.

26. Lucas777

Posts: 2137; Member since: Jan 06, 2011

i thought u were a salesman?

4. SuperAndroidEvo

Posts: 4888; Member since: Apr 15, 2011

It's the same sh*t just a different article. ONLY download REPUTABLE stuff. If you have to think about it then that's a CLEAR NO! In this day and age it's insane that people STILL fall for that & STILL get malware. I just don't know what else to say. PROTECT YOUR SELF FOR YOUR OWN GOOD!!

6. 530gemini

Posts: 2198; Member since: Sep 09, 2010

Wow really? So what if your friend's account got hacked? And the hacker used your friend's email to send you a message to open a link or an attachment? Ooooooppppssss.

8. SuperAndroidEvo

Posts: 4888; Member since: Apr 15, 2011

That is very general. Did this hacker get my email because my friend downloaded a crappy non reputable ROM? I mean what we are talking about is not the same as what you are insinuating? What you say can happen to any OS not just Android. If my friend was stupid enough to download a bogus ROM & then the hacker sends me an email with my friends name, then I am f*cked. If my friend decided to PROTECT himself like I stated before then this would be a non issue! So to avoid malware just use a little common sense. You will be protecting yourself & others all at the same time! “And knowing is half the battle!” G I JOE!!!!!!!! lol

13. 530gemini

Posts: 2198; Member since: Sep 09, 2010

Insinuating? The scenario that I gave you is one of the most common ones used by hackers. It's not merely an insinuation. Good thing my MacBook/ipad/iphone are able to identify malicious emails and won't even let me open those types of attachments, which are probably flash based attachments, lol.

24. DigitalBoy05

Posts: 275; Member since: Jun 04, 2011

Why is this rated negative? its just plain common sense to be safe than sorry when it comes to the apps you put on your phone.

9. dgdfgfg unregistered

HAHA, of course android doesn't get any media attention. Because NO ONE gives a s**t except for the 6 hecklers who constantly have to comment on any apple or android article.

10. luis_lopez_351

Posts: 951; Member since: Nov 18, 2010

pointing finger. android fail

11. Whateverman

Posts: 3295; Member since: May 17, 2009

This sounds like more of a custom ROM fail to me.

12. snigglysucks unregistered

Sniggly... can you just stfu already? Do the world a favor and /wrists.

14. Sniggly

Posts: 7305; Member since: Dec 05, 2009

Lol, okay, mr. Unregistered anonymous troll.

15. taco50

Posts: 5506; Member since: Oct 08, 2009

Funny you calling other people trolls

19. Sniggly

Posts: 7305; Member since: Dec 05, 2009

Taco, you don't even know what the fu.ck a troll is. Be quiet.

16. chethan316

Posts: 28; Member since: Nov 07, 2010

Sniggly, don't pay heed to what the haters(trolls) say. Let it go mate.

20. Sniggly

Posts: 7305; Member since: Dec 05, 2009

Lol, they are silly, aren't they?

22. V unregistered

This article is BS, and some people are insanely stupid. The thing is if you don't store all the s**t surrounding you in the real life on your handset, you can't get burned. Who cares if your data is transmitted to some hacker's server?! What to steal? Telephone numbers?! My music playlist from sd card?! App list?! Be realistic. Real threat is that virus that will kill your handset, otherwise, this is a big BS. I have a lot of apps from another sites, I got them full for free and I'm not worried. If you're stupid, it's true, it may be a risk...

23. ilia1986 unregistered

Oh really.. and what about your precious credit card number with which you get to purchase all those shiny apps and games? Think that it's safe because it's stored on Google's servers? Think again...

25. V unregistered

Read again my post. I said I'm installing on my phone some apps from another sites, others than android market, and they are cracked. So I don't care about the credit card number which I don't have entered. I hope it's clear now for you. The idea is that they can get s**t from me...

27. ilia1986 unregistered

And do read again my post. As I said - if one of these apps is infected with malware - NOTHING is stopping it from grabbing your Google ID or whatever and automatically buy stuff for cash on the market - for the sake of it - and when Google Wallet becomes available and you have your credit card number INSIDE YOUR PHONE - cause you to go completely bankrupt.

28. biglebronski

Posts: 22; Member since: Mar 18, 2011

@Nick T. Good article, but please lay off the commas. It's not easy to read a story that has three times the commas that it needs.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.