Some low-cost Android phones shipped with malware built in

Avast has found that many low-cost , non-Google-certifed Android phones shipped with a stres of malware built in that could send users to download apps they didn’t intend to access. The malware, called called Cosiloon, overlays ads over the operating system in order to promote apps or even trick users into downloading apps. Devices effected shipped from ZTE, Archos and myPhone.

The app consists of a dropper and a warhead.” The dropper is a small application with no obfuscation, located on the/ system partition of affected devices. The app is wholly passive, only visible to the user in the list of system applications under’ puts .’ We have watched the dropper with two different names,’ CrashService’ and’ ImeMess, ‘” wrote Avast. The dropper then connects with a website to grab the payloads that the hackers wish to install on the phone.” The XML manifest contains information about what to download, which services to start and contains a whitelist programmed to potentially exclude specific countries and devices from infection. However, we’ve ever seen the country whitelist use, and simply a few devices were whitelisted in early versions. Currently , no countries or devices are whitelisted. The entire Cosiloon URL is hardcoded in the APK .”

The dropper is part of the system’s firmware and is not easily removed.

To summarize 😛 TAGEND

The dropper can install application packages defined by the manifest downloaded via an unencrypted HTTP connection without the user’s permission or knowledge.
The dropper is preinstalled somewhere in the furnish chain, by the manufacturer, OEM or carrier.
The user cannot withdraw existing dropper, because it is a system application, part of the device’s firmware.

Avast can see and remove the warheads and they recommend following these instructions to disable the dropper. If the dropper spots antivirus software on your telephone it will actually stop notifications but it will still recommend downloads as you browse in your default browser, a gateway to grabbing more( and worse) malware. Engadget notes that this vector is similar to the Lenovo ” Superfish” exploit that shipped thousands of computers with malware built in.

Make sure to visit: CapGeneration.com

Advertisements

Happy 25th birthday, Linux

Linux will turn 25 years old on August 25, the working day Linus Torvalds sent out his fateful message asking for help with a new operating system. Im doing a( free) operating system( merely a hobby, wont be big and professional like gnu) for 386( 486) AT clones. This has been brewing since april, and is starting to get ready. Id like any feedback on things people like/ aversion in minix, as my OS resembles it somewhat( same physical layout of the file-system( due to practical reasons) among other things ), he wrote in the comp.os.minix message committee. And the remainder, as they say, is history.

Whats particularly interesting about Torvalds note is that it was followed not by snark or derision but with general interest. While we can chalk that up to Torvalds actually having a product ready to show potential users, we are also reminded that the internet in 1991 was a far different place than it is today.

TheLinux Foundation has just released a detailed report on the OS with highlightings from the past 25 years. They write that 13,500 developers from 1,300 companies have contributed to the Kernel since the entire project went up on Git in 2005. The most interesting bit of data?

During the period between the 3.19 and 4.7 releases, the kernel community was merging changes at an average rate of 7.8 patches per hour; that is a slight increase from the 7.71 patches per hour seen in the previous version of this report, and a continuation of the longterm trend toward higher patch volumes. That means the Linux kernel is almost constantly being patched and updated all by a volunteer army of programmers dedicated to seeing the glue of the Internet succeed.

You can read theentire report here.

Linux now operates most of the websites you visit and runnings on everything from gas pumps to smartwatches. The OS teaches kids to program thanks to the Raspberry Pi and it helped the French police save millions of euros. Heck, evenMicrosoft is releasing code for Linux. If you cant beat em, join em.

For a bit more insight into the history of the OS, Id recommendRebel Code and
Just For Fun. These books, released around the time Linux was coming into prominence, tell the fascinating narrative of Torvalds and his not big and professional side project.

Make sure to visit: CapGeneration.com