Facebook source of Android virus

Facebook source of Android virus
We earlier told you about a bug that is spreading throughout the Android community which allows hackers to take control of an Android phone without the user's knowledge. Now, the Sophos security website is tracing the start of a similar problem all the way back to Facebook. The video below shows you how this is done using what seems like a simple invite and is similar to the MO we discussed in our earlier story. You get an invite to join the social network from a person you might think to be a trusted sender. You click on the link and your phone is infected with your secrets compromised. Your calls can be spied on and the hacker could grab any special password or security number off your Android phone. But unlike the tone of the video, which makes it seem as though Android users have no choice in this matter, the truth is that can you easily prevent yourself from becoming a victim.

The first thing is, use common sense. Who clicks on an invite sent to you from an unknown person from Facebook, or from anywhere for that matter?  Although some do, just don't do it. Even if you are tempted by a letter that states that you have won the Tatooine National Lottery don't do it! Another good rule that can keep you out of trouble is not to sideload apps or other software. Want to install a cool new game that lets you manage real life players from the National Curling League? Don't do it. Keep the box that asks for permission to sideload apps unchecked so as not to give permission for the phone to load apps not from the Android Market. Most legit apps are in the Market and one that is not, Swype, comes pre-installed out of the box on mnay Android phones.

The price you pay for using an open source system is the possible breach of security by those who would love to disrupt your life. But let's go back to the example from the video. The malware was called any_name.apk and it would make premium priced calls from your handset to certain numbers which would allow the hackers to bill you premium rates for the calls. The app used a class name, com.opera.install, that made it seem it had something to do with the Opera Browser. The software installs on your phone without your permission, making phone calls that drain your bank account. A few days later, another variant of the app was ready to do more dirty deeds.

If you stay away from links from people you don't know, and never, never never sideload apps, you probably will be ok. Just realize that there is a threat out there and it is real. Use common sense so that you won't have to spend uncommon cents.

source: Sophos via AndroidCentral



10. pbui.818

Posts: 78; Member since: Feb 06, 2012

Amazon App Store for Android. Free App of the Day. The issue is not trivially simple as everyone seems to think. Many forms of malware propagates by stealing contact information and masquerading itself as someone you know. Email protocols are easy to masquerade identity. Once infiltrated, the devices can function as part of a botnet system.

5. theBankRobber

Posts: 682; Member since: Sep 22, 2011

What I don't understand is how the downloaded any-name.apk installed itself . I know the Facebook invite caused it to download by itself but 3rd party apps have to manually be installed if im correct.

8. Stuntman

Posts: 843; Member since: Aug 01, 2011

From what I can tell from this video and by looking at the source web site, Sophos, the app did not install by itself. I feel the video could be done better. He just cuts it off after it downloaded which will confuse some people. What he should have done was continue saying that it caused the app to download, but not install and then describe what you should not do so as to avoid installing it. The author of the video is talking about how many people can be mislead and yet he makes a video that may mislead the same people into thinking that the app would install all by itself. Bottom line is that this app will not install by itself. It will download and remain on your phone. If you forget about it and then find it on your phone later and accidentally install it, you won't know what hit you. You should find this file and remove it immediately. Also, if you do not allow apps to be installed from unknown sources, this app should not be able to install on your phone. That is something that at least I find to be a useful precaution against malware.

4. VinCrel

Posts: 39; Member since: Dec 26, 2011

I don't think they are stupid.. If you're going to take a look at all those "efforts" to lure them into clicking a link in Facebook, or anywhere else, it is always either, "You win in a lottery" or " scrape the paint of a girl's body" or "Somebody messaged you" .. So unless you are so greedy to click on a lottery that you know you did not subscribe to or just itching to take a look at the body of a very beautiful woman (which I would if given the possibility) you will not be having such viruses.. Man, can't they just control their desires.. :D

3. atheisticemetic

Posts: 377; Member since: Dec 18, 2011

computer classes with common sense 101 need to be mandatory for all Americans this is just ridiculous......how can people be so stupid?

7. Whateverman

Posts: 3295; Member since: May 17, 2009

Big thumbs up on the picture/avatar! I had to look at it three times before I got it, but that is hilarious!!!

2. frydaexiii

Posts: 1476; Member since: Dec 01, 2011

Exactly, what I keep telling iFans who claim that Android is full of viruses. Don't be an idiot and viruses won't be a problem.

6. simplyj

Posts: 406; Member since: Dec 23, 2009

The only problem is that about 96% of the population are all idiots. there's no saving them.

1. clevername

Posts: 1436; Member since: Jul 11, 2008

Clever close. +1

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless