Double-dipping malware steals iOS creds and roots Android A newly-outed trojan is exploiting iOS and Android devices, ripping iCloud credentials abusing the trusted link between phones and PCs, says Palo Alto security researcher Claud Xiao. The attack appears to have failed in most circumstances, thanks to iOS' sandboxing security controls, hardened modern Android operating systems, …
...but how does this malware actually get onto a PC in the first place? I can only take it it's via some kind of internet interaction, probably by visiting a website with the malicious software waiting to download. Surely then blocking ads, javascript, and the like, and not visiting dodgy websites, is likely to mean this isn't going to get onto your Windows PC? And even if it tried, most people are using anti-malware programs so is this really much of a threat?
It is not a silly question. It is one that I've often asked myself when these vunerabilities are exposed.
Apparently, the majority of PC users still use IE because it say Internet in its name.
One not dumb person told me only a couple of years ago, 'IE, it is the Internet isn't it?'.
After a 'doh!' moment I corrected him and spent the next day and a half removing all the malware etc from his PC. He now runs firefox with all the usual plugins.
The wiser user (viz, most of us here) have consigned IE (and edge) to the wastebasket/trashcan of history so that Adbolockers, noScript and Flashblockers etc are the norm.
But those left behind using IE are pretty well wide open to attack and from the latest stats, that is the majority of Users.
Sadly, YMMV applies in a big way.
Wiser users consigned IE to history?
Not me! I'd have to have used it, then stopped, and I've never used it except for brief trials and to install Windows XP updates. I tried it briefly when I installed Win 95 OSR2 a couple of decades ago, but I didn't like it as much as Netscape. Once MS began their "it's a part of the OS!" garbage in the browser war, there was no way I was ever going to use it.
I have the same opinion of Chrome...
adb (android debug bridge) is not just used by custom rom phone folk.
It's a tool typically used if you are developing android code on Windows using Android Studio
and running that code on an attached physical device
So lots of adb users ranging from "day job" android developers through to hobbyists coding apps for fun & (v. unlikely) profit
I would question the credentials of these security researchers.
1. How does the malware get onto the host PC in the first place?
2. What percent of users have ADB and developer mode on their phone? (both requred)
3. How is root obtained, given that Android devices are notoriously hard to root if the manufacturer doesn't want you to.
Please explain the "Android devices are more readily owned", as otherwise, this gets my "yawn, more clickbait" badge.
Can we please have some icons in the headline telling us the nature of the "hack".
So for example, perhaps a "bucket and spade" for modded phone, a "win98 flag" for $BROKEN_WINDOZE_VERISON, and a "clowns face" for everyone else who has bog standard software and doesn't click on dodgy links or play poky mon (sic)
P.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
