Browser Exploit for Android Highlights Google’s Update Problem

Discussion in 'malware problems & news' started by lotuseclat79, Feb 18, 2014.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,101
    Last edited: Feb 19, 2014
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    What is with the URL?
     
  3. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    Is this about Android fragmentation problem?
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Here's my total guess since the URL is screwed:

    Some exploit was found in the Android web browser (pre-Chrome) that tons of non-v4.x phones are running. So I guess the answer would be yes.

    Have they made Chrome a separate update-able app?
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  6. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
  7. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,101
    The link is now fixed.

    -- Tom
     
  8. SnowFlakes

    SnowFlakes Registered Member

    Joined:
    Jun 29, 2011
    Posts:
    194
    so how to protect against this now ?
     
  9. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,101
    The article at ArsTechnica says that Google patched the vulnerability last November in Android 4.2, which would imply that users need to upgrade to at least that version to protect against it.

    -- Tom
     
  10. tlu

    tlu Guest

    If you don't get Android updates for your smartphone, I suggest that you move to CyanogenMod if your device is supported. All the more, as CM offers several great features, like a Privacy Manager (control the permissions of your apps) and granting root access to specific apps (like Adaway and AdblockPlus).
     
  11. SnowFlakes

    SnowFlakes Registered Member

    Joined:
    Jun 29, 2011
    Posts:
    194
    My mobile does not update to 4.2 but i have android version 4.0

    How to protect against this :( ?
     
  12. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Custom ROM, like the post right above yours... But there's also mitigations like using a different browser, anti-virus, safe browsing habits, etc.
     
  13. SnowFlakes

    SnowFlakes Registered Member

    Joined:
    Jun 29, 2011
    Posts:
    194
    and which browser should i not use on my android 4.0 ?
     
  14. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Anything that uses the default browser engine, according to the article.
     
  15. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Firefox is probably ok?
     
  16. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  17. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,250
    Yes, it should be.

    The problem with the standard browser is that is does not get updated via Google Play like 3rd party browsers do.
     
  18. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Android under assault as spyware and Trojans ‘grow by 400%’, company claims

    http://www.welivesecurity.com/2014/...yware-and-trojans-grow-by-400-company-claims/
     
  19. SnowFlakes

    SnowFlakes Registered Member

    Joined:
    Jun 29, 2011
    Posts:
    194
    So if i use Google Chrome then i am all protected ?
    Since Google Chrome updates through google play, and if a mobile browser updates then it fixes the security hole right ?
     
  20. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,250
    Yes you will be protected.
     
  21. SnowFlakes

    SnowFlakes Registered Member

    Joined:
    Jun 29, 2011
    Posts:
    194
    Are you sure about it ?
     
  22. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,250
    Not quite 100% sure, but it makes complete sense.
     
  23. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  24. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    658
    Location:
    Italy
    -https://blogs.rsa.com/ibanking-mobile-bot-source-code-leaked/-


    -http://protectyournet.blogspot.it/2014/03/androidibanking-malware-how-ftpbbccouk.html-

    Recent sample (ESET- Dr WEB Light):

    1.png
    3.png

    Scan Cloud Clean Master ver 5.x (KingSoft) not detected:

    4.png

     
    Last edited: Mar 2, 2014
Loading...
Thread Status:
Not open for further replies.