Extension Factory Builder

Tuesday, 17 April 2012

Hacker News:Malicious Android Application Stealing User Data & Personal Information

Malicious Android Application Stealing User Data & Personal Information 




Yet again security vulnerability found in Android application. An information security company has warned about malicious Android smartphone applications that steal and transmit personal datasuch as contact information stored in users' address books. The company said these types of free applications have been downloaded up to 270,000 times, indicating that potentially millions of people have had their personal information stolen. An Internet security expert said, "It's possible that creating applications that transmits users' information without consent can be considered a crime under the Penal Code, which criminalises the creation of computer viruses." The malicious application only has three buttons: Steal SD Card Contents, Steal App Data, and Upload Identifying Data.Every application has at least read-only access to the contents of this external storage. No Permissions scans the /sdcard directory and returns a list of all non-hidden files. All the files discovered can be fetched. The worrying part is that the SD card usually stores some of our most private files, including photos, backups, external configuration files, and, in some cases, even Open VPN certificates.

According to NetAgent, a Tokyo-based information security company, the applications were disguised as video tutorials for popular games on Google Inc.'s Android operating system. The applications were named by affixing the expression "the Movie" to existing game titles. The company found at least 16 of these applications.
The company's analysis revealed that when these applications are activated, they can automatically transmit not only a person's telephone number, their e-mail address and the phone's ID number, but also the personal names, telephone numbers and e-mail addresses of contacts stored on the smartphone's address book. Although the creators of these applications aren't well known, the stolen information was sent to the same domestic server. When users download the malicious applications, a message pops up on the display screen requesting permission for access to contact information. What ever the malicious application was immediately deleted from Android market. For additional information click here.

0 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...
 
Submitdomainname.com Link Exchange with Democratic Hackers | Learn Ethical Hacking