nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Pop-up Android adware uses social engineering to resist deletion

Silver badge

If you've rooted your phone, chances are you've got a 3rd party app which uninstalls system apps anyway (gets rid of bloatware from phone manufacturers/telcos).

7
0
Silver badge

So that helps, what, 1 or 2% of the user base?

5
5
Anonymous Coward

No other options but to press "OK"

"Back" button?

2
0

Re: No other options but to press "OK"

Depends how it's coded, it could handle that as a "no action". You'd probably have to open up a task list and kill it off manually.

In any case, that is horrifically bad English, so it's pretty obvious the author is not a native speaker. It would be interesting to see what a linguistic analysis of it could reveal about the author.

7
0
Headmaster

Re: No other options but to press "OK"

that is horrifically bad English, so it's pretty obvious the author is not a native speaker

One does not imply the other, but the latter definitely should ring alarm bells. I've seen some horrific English from my British colleagues, from customers as well, makes me cringe every time.

3
0

Re: No other options but to press "OK"

Perhaps the task switching button, then swipe the task left or right to kill it?

0
0
Silver badge

Re: No other options but to press "OK"

There's a special kind of horrific English that spammers and malware authors use that's distinct from the horrific English that some native English speakers use. It is impossible to confuse the two.

If they'd just advertise on Craigslist in the US or UK for someone with an English degree to correct their spelling and syntax, they'd probably have a lot higher success rate in getting past what little skepticism the typical user has (yes, I know that misspellings in spam are deliberate to avoid filters)

I wonder if they have better results for infecting their countrymen (Chinese or Russian, most likely)

4
1
Silver badge
Mushroom

Re: No other options but to press "OK"

> Perhaps the task switching button, then swipe the task left or right to kill it?

Press and hold the power button, restart device.

Swipe down and toggle airplane mode on - connection timeout...

Or take the icon option, from orbit, preferably

1
0
Silver badge

Re: No other options but to press "OK"

@DougS - "correct their spelling and syntax, they'd probably have a lot higher success rate in getting past what little skepticism"

One possibility is that the intention of the bad spelling and syntax is to filter out targets with even a little skepticism. They only want the most gullible victims for stage 2.

4
0
Silver badge

Re: No other options but to press "OK"

Never thought of it that way, but it makes a certain kind of sense. They don't want to waste their time trying to talk a skeptical target into it. They want a credulous target who is dumb enough to believe anything.

1
0
Silver badge
Headmaster

Re: No other options but to press "OK"

Lots of the present continuous being used with a lack of pronouns and a style that I find quite familiar. My guess (living here right now and reading English like this all the time) is that it is Indian in origin.

1
0
Bronze badge

Re: No other options but to press "OK"

One possibility is that the intention of the bad spelling and syntax is to filter out targets with even a little skepticism.

It sounds logical. But writing malware, to me, would be a lot of stress. What if you get caught? What if you extort money from someone who can't really afford it, like someone's grandmother or something?

No. You write malware because you don't have the option of making a decent living doing normal programming, and then going home, and sleeping peacefully through the night.

The best reason I can think of for the lack of options, is that your salable skills are iffy.

0
0
Silver badge

Re: No other options but to press "OK"

The guy who writes the malware and the guy who distributes it usually aren't the same.

0
0

Re: No other options but to press "OK"

Unless, of course, you take the Microsoft approach and interpret Back as OK.

0
0
Unhappy

Re: No other options but to press "OK"

Which will be 99% of the market. If you've never worked directly with the general public on IT issues, you're in for a shocking surprise as they'll trust anything, anywhere.

0
0
Bronze badge
FAIL

bzzzttt wrong...

"A malicious Android app that downloads itself from advertisements posted on forums "

Try again. I does nothing of the sort. even withstanding you need to have turned off only allowing browsing in the Google Store, after ignoring the warnings of doing so, AND you oped out of the app scanning, even then, it doesn't "download itself". It's a message dialog generated by the BROWSER that is trying to fool you into downloading and installing an APK.

If you can't understand these basics, should you really be writing about security?? Just sayin'

8
3
Anonymous Coward

Re: bzzzttt wrong...

This sort of thing succeds because.. there are so many reasons why including user stupidity. I wish that Google would copy apple when it comes to app security. For some reason they have a lot less problems like this.

There are times (like this) that the Apple walled garden seems rather attractive.

2
7

Re: bzzzttt wrong...

"Try again. I does nothing of the sort. even withstanding you need to have turned off only allowing browsing in the Google Store, after ignoring the warnings of doing so, AND you oped out of the app scanning, even then, it doesn't "download itself"."

No offense, but if you don't understand grammar should you really be writing?

10
3
Anonymous Coward

Re: bzzzttt wrong...

Problem is of course, Jailbroken Apple devices have EXACTLY the same attack vector. Windows devices have had that same attack vector (without needing to root, or change anything).

If you are jailbroken (which in the Apple world, is essentially the same as ticking the "allow installation of apps from untrusted sources" checkbox on Android), then guess what? Yep, a webpage can show a system dialog (as Safari also uses system dialogs in the browser), that makes it look like you need to download a file to install. If you install that file, you have become infected.

0
0
Anonymous Coward

Re: bzzzttt wrong...

doesn't make it any less untrue...

0
0
Bronze badge

Re: "If you can't understand these basics"

The bloody basics are that there is a bit of nasty out there that gets itself admin privileges. For that heads up I am grateful to El Reg.

4
0
Anonymous Coward

GodLikeProductions?

A home of the tinfoil hat brigade posturing about exposing all sorts of nasties? Pot: kettle here you are black.

0
0
Mushroom

Taking a page from Microsoft's Windows 10 upgrade "feature"

2
4

Ah, zscaler. They actually think mitm-ing all traffic and downgrading to tls 1.1 is helping me become more secure. Clueless company who probably released this scary story to sell more of their intrusive crap. Nothing to see here folks, this is just marketing.

0
0
Anonymous Coward

don't worry Google can issue a patch and OEMs won't give a shit to update your phone because your no longer a customer the moment you press pay... just an unnecessary cost.

Good luck.

3
0
Anonymous Coward

Horray for Clever Google! Releasing patches they know won't be applied and shipping an OS without an OTA update mechanism! Boo to the evil OEMs, taking that free software because it's free and putting the bare minimum effort into getting it to run.

You are right about one thing, once you press pay you're no longer a customer, but you're not an unnecessary cost either, you're a google ad trackee and revenue stream, with all your keyboard activity (by default on marshmallow) punted to Google for "analysis".....

0
0
Silver badge

Joke's on them

My phone would have to actually receive security updates before I could be fooled into installing malware pretending to be a security update.

3
0
Silver badge
Mushroom

a special place in hell

for those who write [cr]apps like this

0
1

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing