Google removed the app iMessage Chat for Android from the Play Store yesterday after discovering it’s not exactly what it claims to be.
The iMessage for Apple products allows users to send text messages via WiFi for free without incurring the charges or limitations we typically see with a phone plan. It’s a popular app and I can see how an Android version could be well received, with some iPhone users switching to Android.
According to researchers, the suspicious iMessage app could potentially steal Apple ID’s, passwords and is capable of downloading additional APKs.
Along with stealing credentials it could capture your SMS messages, which might contain confidential data you probably don’t want being exposed or sold.
Security company VUPEN revealed a vulnerability in Java’s Preloader in early July that’s quite likely the same one being integrated into cyber criminals’ exploit kits.
According to VUPEN’s report, the vulnerability is “caused by a design error in the Java click-2-play security warning when the preloader is used, which can be exploited by remote attackers to load a malicious applet (e.g. taking advantage of a Java memory corruption vulnerability) without any user interaction.”
The flaw which affects Java version 7 update 21 and earlier bypasses the traditional security warning displayed before an applet is allowed to run:
Smartphones no doubt make our lives easier and it’s great having so many resources available at our fingertips.
Mobile banking is one of those resources, with banks have made very feature rich apps that allow us to access our account, deposit checks, and money transfers.
Malware writers know this and have been trying to make an impact on Android’s banking app for some time now. There have been a several families with some of the same gangs targeting PC’s also targeting mobile such like Zeus and SpyEye.
Malware authors creating fake Android markets where they provide a familiar look and feel of the real Google Play to exploit users is not a new concept, and we’ve talked about it in previous blogs.
Recently, we’ve found fake markets that are created with such detail that it’s almost hard to tell the difference between which is real the real Google Play and which is a scam.
Last week we blogged about how 79 percent of mobile malware was directed at Android and that SMS Trojans represent half of all malicious applications.
While most SMS messages are free or very cheap, there’s a special category called “Premium SMS” where each message you send can cost you up to $10.
But there’s a SMS fraud network that is particularly active in Eastern Europe and involves trojanized apps luring users with the usual culprits: fake software updates and porn.
Our journey starts with a standard (non-rooted) Nexus 4 phone: