Chinese Worm Infects Thousands of Android Phones

Last weekend, it was reported in China that an SMS worm was wildly spreading among Android mobile phones, with more than 500,000 devices infected. The malware spread by sending SMS texts to a phone’s contacts with a message body such as:


SMS message to spread

This malware is much more than just a worm. It is actually a worm plus a Trojan. The Trojan component resides in another install package in the original one.

Once the malware is installed, it checks whether the Trojan is installed. If not, it ask the user to install it.

Install the "Torjan" component

After installing, the malware sends a text message to a control server phone number, which we believe belongs to the author of this malware, to let him know that a new victim is infected.

Reports "installed" to malware author

The installation then asks the user to input his or her ID and name, which will also be posted to the control number.

User's Identity and name leaking

The Trojan monitors incoming SMS messages, forwards all incoming SMS messages to the control number, and executes the following commands:

  • readmessage: Reads all SMS messages, and send them to the malware author’s mail address
  • sendmessage: Sends messages to the number in the message body
  • test: Sends a test message to the malware author
  • makemessage: Makes a fake message, and inserts it into the inbox
  • sendlink: Sends the user’s contact list to the malware author’s email address

With the user’s identity card number, real name, and SMS messages, the malware author is one step closer to stealing the user’s bank account information, hijacking an online trade, or even transferring money. In China, some banks allow customers to access their accounts with an identity card number and password.

User's information sent via mail

We have seen two versions of this sample. The payloads are almost the same, except that the first one has no payload for spreading, no worm function. It appears the author wanted to infect more devices by adding the worm.

McAfee Mobile Security detects both of these threats as Android/XShenqi.A.

According to reports, the author of this malware is a college student who created this malware just to prove he can do something. Seems like a curious way to impress people.


The post Chinese Worm Infects Thousands of Android Phones appeared first on McAfee Blogs.

Win-win or lose-lose? Comcast uses Customer Routers as Wi-Fi Hotspots

Sharing is something that we teach children to do at a young age, as well as an ability that we value across all aspects of our daily lives. However, sometimes sharing isn’t all that it’s cracked up to be–especially when it comes to keeping your private information secured while browsing the Internet.

A new program kicked off by Comcast in early June has essentially turned some of its customers’ routers into public Wi-Fi hotspots. During the initial trial period, approximately 150,000 Comcast Internet customers in Houston had their wireless routers activated as part of the program, with the company planning on activating millions more across the country by the end of the year. Through this effort, Comcast customers in Houston will now get free Wi-Fi wherever there is a Comcast box in range.

Seems like a great idea, right?

While in theory Wi-Fi sharing is a great way to leverage existing infrastructure to give customers an extra perk (mainly the avoidance of wireless roaming charges) and at the same time build out a private network to compete with telecom providers like Verizon. On the flip side, these hotspots are opt-out, meaning that customers who do not want to have their equipment used will have to disable the function themselves. This also begs the question of bandwidth capacity, and how Comcast will ensure that the new hotspot doesn’t slow down Internet access for home network owners.

However, even more concerning than slow connection speeds, are the potential security risks that the program is exposing customers’ private browsing and mobile usage to. From a mobile user standpoint, these new hotspots could be used for good or for evil, as it is still unclear what kind of protections Comcast has established for both the host network and roaming customers. In theory, the two Wi-Fi streams should be completely independent of each other, but in reality there is nothing to stop an opportunistic individual from snooping on data passing through the router—or vice versa.

Similar to public Wi-Fi networks, these Comcast hotspots could potentially expose mobile users to new risks when downloading content or checking sensitive accounts on the go. While the prospect of extended Internet services for mobile users is great, customers will also have to be vigilant about what they do and send while connected to these hotspots—just as they would with any free Wi-Fi. Even if the home network owner is protected from risks, there is no way to know how many other people are using the same hotspot, and what they are doing on it.

One of the biggest complications with this program is the inherent trust that must go along with customers allowing their private routers to be used by Comcast to create public hotspot networks. As we have seen many times before, the promise of security doesn’t always follow through, and users are the ones who get caught in the crossfire. The success—and safety—of this Wi-Fi sharing experiment is still up in the air, but understanding the potential risks that go along with it is key to protecting personal information online and via mobile devices.

Follow these steps to opt out if you have one of the Comcast routers and don’t want to host a public Wi-Fi hotspot.

To keep up with the latest security threats, make sure to follow @McAfeeConsumer on Twitter and like us on Facebook.


The post Win-win or lose-lose? Comcast uses Customer Routers as Wi-Fi Hotspots appeared first on McAfee Blogs.