Browser Exploit for Android Highlights Google’s Update Problem

Discussion in 'malware problems & news' started by lotuseclat79, Feb 18, 2014.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
    Last edited: Feb 19, 2014
    lotuseclat79, Feb 18, 2014
    #1
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    What is with the URL?
     
    J_L, Feb 18, 2014
    #2
  3. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,797
    Is this about Android fragmentation problem?
     
    safeguy, Feb 18, 2014
    #3
  4. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Here's my total guess since the URL is screwed:

    Some exploit was found in the Android web browser (pre-Chrome) that tons of non-v4.x phones are running. So I guess the answer would be yes.

    Have they made Chrome a separate update-able app?
     
    elapsed, Feb 18, 2014
    #4
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,883
    Location:
    Texas
    ronjor, Feb 18, 2014
    #5
  6. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    elapsed, Feb 18, 2014
    #6
  7. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
    The link is now fixed.

    -- Tom
     
    lotuseclat79, Feb 19, 2014
    #7
  8. SnowFlakes

    SnowFlakes Registered Member

    Joined:
    Jun 29, 2011
    Posts:
    194
    so how to protect against this now ?
     
    SnowFlakes, Feb 19, 2014
    #8
  9. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
    The article at ArsTechnica says that Google patched the vulnerability last November in Android 4.2, which would imply that users need to upgrade to at least that version to protect against it.

    -- Tom
     
    lotuseclat79, Feb 19, 2014
    #9
  10. tlu

    tlu Guest

    If you don't get Android updates for your smartphone, I suggest that you move to CyanogenMod if your device is supported. All the more, as CM offers several great features, like a Privacy Manager (control the permissions of your apps) and granting root access to specific apps (like Adaway and AdblockPlus).
     
    tlu, Feb 19, 2014
    #10
  11. SnowFlakes

    SnowFlakes Registered Member

    Joined:
    Jun 29, 2011
    Posts:
    194
    My mobile does not update to 4.2 but i have android version 4.0

    How to protect against this :( ?
     
    SnowFlakes, Feb 19, 2014
    #11
  12. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Custom ROM, like the post right above yours... But there's also mitigations like using a different browser, anti-virus, safe browsing habits, etc.
     
    J_L, Feb 19, 2014
    #12
  13. SnowFlakes

    SnowFlakes Registered Member

    Joined:
    Jun 29, 2011
    Posts:
    194
    and which browser should i not use on my android 4.0 ?
     
    SnowFlakes, Feb 19, 2014
    #13
  14. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Anything that uses the default browser engine, according to the article.
     
    J_L, Feb 19, 2014
    #14
  15. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Firefox is probably ok?
     
    elapsed, Feb 19, 2014
    #15
  16. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,883
    Location:
    Texas
    ronjor, Feb 19, 2014
    #16
  17. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,629
    Yes, it should be.

    The problem with the standard browser is that is does not get updated via Google Play like 3rd party browsers do.
     
    roger_m, Feb 19, 2014
    #17
  18. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Android under assault as spyware and Trojans ‘grow by 400%’, company claims

    http://www.welivesecurity.com/2014/...yware-and-trojans-grow-by-400-company-claims/
     
    SweX, Feb 20, 2014
    #18
  19. SnowFlakes

    SnowFlakes Registered Member

    Joined:
    Jun 29, 2011
    Posts:
    194
    So if i use Google Chrome then i am all protected ?
    Since Google Chrome updates through google play, and if a mobile browser updates then it fixes the security hole right ?
     
    SnowFlakes, Feb 21, 2014
    #19
  20. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,629
    Yes you will be protected.
     
    roger_m, Feb 21, 2014
    #20
  21. SnowFlakes

    SnowFlakes Registered Member

    Joined:
    Jun 29, 2011
    Posts:
    194
    Are you sure about it ?
     
    SnowFlakes, Feb 21, 2014
    #21
  22. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,629
    Not quite 100% sure, but it makes complete sense.
     
    roger_m, Feb 21, 2014
    #22
  23. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,883
    Location:
    Texas
    ronjor, Feb 21, 2014
    #23
  24. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,365
    Location:
    Italy
    -https://blogs.rsa.com/ibanking-mobile-bot-source-code-leaked/-


    -http://protectyournet.blogspot.it/2014/03/androidibanking-malware-how-ftpbbccouk.html-

    Recent sample (ESET- Dr WEB Light):

    1.png
    3.png

    Scan Cloud Clean Master ver 5.x (KingSoft) not detected:

    4.png

     
    Last edited: Mar 2, 2014
    Sampei Nihira, Mar 1, 2014
    #24
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...