Security Market Segment LS
Friday, 08 July 2016 16:18

Android malware being created faster than it can be patched Featured


Hummer, Hummingbad, Shedun, Androis_Libskin, right_core … all do similar things. In fact, it has been discovered that they all have the same roots. And they are multiplying faster than rabbits in a good mood.

Mobile security expert Lookout says it discovered the original threat in November 2015 — I have had several releases from other vendors claiming that too  but it seems to have the most comprehensive, FUD-free, information about it. It makes no claims  as have others  of a billion infections!

Its blog says the generic name is Shedun and it is adware that roots Android devices. It appears to come from infected side loaded  e.g. not from Google Play  apps masquerading as legitimate apps such as Facebook, Twitter, WhatsApp and Okta’s enterprise single sign-on app.

Lookout says it has also seen it also in various forms including Candy Crush, Facebook, GoogleNow, NYTimes, Snapchat, and many others – in fact, it says the malware has infected up to 20,000 apps and more are being infected.

These apps have been altered by cybercriminals using legitimate certificates and placed in third-party app stores so popular in Asia where Google Play may not be accessible. The apps are fully functional, and it is hard for a user to know if they are infected as the rooting is silent. The bottom line is you cannot trust any third-party app store.

Three similar families are associated with Shedun (GhostPush): Shuanet, ShiftyBug (Kemoge), and BrainTest. They share 71 to 82% of the codebase. They are all managed and further developed by rival Asian-based cybercriminal families.

While it is commonly said that Android with a paid antivirus/malware app is now as safe as iOS  that is another story as Apple will not allow AV companies into its ecosystem — it is becoming clear that you need to get to Android M or N as soon as possible and you need to buy from a maker that delivers prompt updates. In the past six months, Google has patched 270 known vulnerabilities – 108 in the latest batch in July.

It is not all Android’s fault either – 60% of the patches are related to vendor-specific components from Qualcomm, MediaTek, and NVIDIA that affect everything from software that controls Wi-Fi, graphics, sound to camera, power, and displays.

The huge issue is that these patches are being delayed by the makers and telcos and with many brands, you are lucky ever to see them at all. Google has instruction on how to check the security patch status for Nexus devices here. Pure Android must happen soon or proprietary operating systems like Tizen will be adopted.

Most paid anti-virus/malware products now provide protection but if the user is infected the only cure is a reflash of the ROM as trojan lives in the infected image. Re-Flashing requires higher levels of technical expertise.

Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.


WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News