LightBlog

vendredi 2 décembre 2016

Gooligan Malware Compromises More than a Million Google Accounts on Android

Security is an important aspect of Android. Due to the sheer number and variety of devices, making an OS flexible enough to run on all hardware choices and fulfill varied customer needs, while still maintaining bullet-proof security, is a very difficult task.

While Google is hard at work enhancing the overall security of Android, new vulnerabilities and exploits keep popping up and slipping under the radar. Not to mention, the very task of distributing security updates is left to the whims of the OEM, and outside of the major OEMs and major flagships, very few devices ever receive a security-focused update.

The newest bad fish in the pond was discovered by security researchers at Check Point. Nicknamed "Gooligan", this malware attack campaign is part of the Ghost Push family of malware. Malware under this label is often downloaded through external and untrusted sources, and the apps so installed are then used to install other apps on the host device. Gooligan particularly used the Google credentials on older versions of Android to generate fraudulent installs of other apps.

gooligan_1Check Point mentions that Gooligan has so far breached and compromised over one million Google accounts, with the number also steadily rising at an additional 13,000 breached devices every passing day. Gooligan installs over 30,000 apps daily on breached devices, and over 2 Million installs have been accumulated since the campaign began. Gooligan "potentially" affects devices on Android 4.x and Android 5.x, which is bad news as combined, these versions have arond 74% of market share currently.

Interestingly, 57% of the infected devices are located in Asia, which is not surprising keeping in mind the attitude towards piracy among the general consumers in this region. North and South America follow along at a combined 19%, the African continent makes up 15% and Europe contributes at 9%. Australia, very interestingly, was not mentioned at all.

How does Gooligan work?

Check Point mentions in more detail how the malware works, so we recommend checking out their blog post.

Gooligan starts off with a legitimate-looking infected app that gets downloaded via third-party app stores or sideloaded by mistakenly clicking on malicious links in phishing attack messages. Once the infected app is installed, it sends data about the device to the main Command and Control server of the malware campaign. After device information is obtained, Gooligan downloads rootkits that are applicable to the particular Android version, such as Towelroot or VROOT. If root access is successfully obtained, Gooligan then has full control of the device, including the ability to remotely execute privileged commands.

gooligan_2

Gooligan then goes on to download and install a new malicious module from its main server. The modules purpose is to inject code into Google Play or Google Mobile Services to mimic user behavior to avoid detection. Further, the module allows Gooligan to steal the user's Google account and authentication token, install apps from the Play Store and rate them without consent, and install adware to generate revenue. Money is generated for the attacker when the ad network server innocently credits them for successful app referral installs. For good measure, Gooligan also leaves a high rating on the Play Store.

How do you know if you were infected?

Check Point has a good list of apps that they have identified as being infected with this malware. So if you have any of the apps mentioned in the list installed on your device, there is a good chance your account was compromised. The compromise extends over to enterprise accounts as well, so it will not hurt to double check.

If you do doubt that you may be infected and compromised, you can enter in your email on a website created by Check Point for the same purpose. Google's Director of Android Security, Adrian Ludwig, points to Check Point's blog in his Google+ post, as Check Point has been working closely with Google to understand the issue.

If your account is compromised, you would need to undertake a complete wipe and clean installation of the OS on your device to remove all traces of Gooligan and related module code. Then, you need to change your Google account passwords immediately after the process.

If your account is not compromised, you can undertake certain precautions to avoid getting infected. Common sense dictates that one should avoid shady websites and apps, particularly those relating to illegal distribution of content. Piracy portals, whether they be in the form of black market app stores or illegal media (songs, movies etc) re-hosters, are one of the easiest ways to phish users into installing infected apps, so staying away from them is a good idea.

image-014

On a different note and for added precaution, if you are a rooted user, do pay attention to the apps installed on your device through periodic checks and make sure to grant root access only to the applications you trust. If you have a choice in running newer versions of your OS with newer security version, please exercise such option.

What has Google done so far to combat Gooligan?

Adrian Ludwig mentioned key details on Gooligan and Ghost Push on his Google+ post. Gooligan and Ghost Push were made with the primary intention to fraudulently market apps and make money through referrals, so Google has not found any evidence of user data access, even though that gate was open. There was no targeting of specific user groups or enterprises either, as the malware aimed to install itself on older devices opportunistically. Further, as Ghost Push malware family makes use of publicly known vulnerabilities, newer devices with up-to-date security patches are not affected as these vulnerabilities have been subsequently patched.

To protect users from infection, Google has deployed improvements to the "Verify Apps" functionality to warn users from installing any of the apps from the infected list, even if the source is outside the Play Store. The offending apps have been removed from the Play Store, which is an obvious course of action. Along with those, Google has also removed the apps that benefited from Ghost Push installs to further reduce the incentive of such abuse in the future. They have also revoked Google Account tokens of affected users and provided them with instructions on how to sign in securely. Going one step beyond, Google is also working with organizations that provided the infrastructure used to host and control the malware, in an effort to take down the main control servers to disrupt the existing malware ad slow down future efforts.


The emergence of Gooligan among other kinds of malware and exploits show that Android still has a long way to go in terms of security. Fragmentation is often at the core of the issue here, as a lot of these exploits are patched up in newer Android releases, but unfortunately, will never be deployed across many existing devices. A very large part of the blame here lies on the lack of after-sales service and OEM apathy, and such scenarios are very much unlikely to change anytime soon, especially in the entry-level smartphone market. Malware like these makes one appreciate what BlackBerry is doing with its security-focused Android fork.

What are your thoughts on Gooligan and Android's current state of security? Let us know in the comments below!



from xda-developers http://ift.tt/2gP65Qo
via IFTTT

What Do You Think About Smart Homes / Smart Assistants?

Google Home and Amazon Echo have been battling it out for that coveted spot in your house, to become the central hub for operations of other connected smart products. IoT as a new technology is gradually taking off, so we see both companies adding value with services like improved Voice Search on Google Home and Alexa Skills on Amazon Echo.

Both the devices give us a taste of the future, where we can control every aspect of our lives by just talking into thin air. However, not everyone has able to adopt this new technology and many see no reason to embrace either standard. We ask you,

What do you think about Smart Home Assistants as a concept? Are the current implementations of home assistants in line with your vision of what a home assistant should be? Do you think there are flaws or limitations in the home assistant concept? Do you own either Google Home or Amazon Echo? Why/why not?

Let us know in the comments below!



from xda-developers http://ift.tt/2fTR3Ei
via IFTTT

LG Appoints Jo Seong-jin as the Company’s New CEO

It's no secret that LG has been struggling to make a profit with some of its divisions within the company. LG's mobile division lost $389 million last quarter, and which was even worse than Q2 when they lost $132 million. Most of the profits LG has been able to bring in over the last couple of years is thanks to their home appliance and TV divisions. They specifically credit sales of TVs and home appliances when they made an overall profit of $503 million back in the second quarter of this year.

Some believe LG is having a bit of an identity crisis when it comes to their smartphones. Others have blamed their marketing campaigns (or lack thereof) and feel that LG could have done very well with the LG V20 if they would have marketed it better. The LG G5 had a lot of hype around it before it was officially unveiled, and the head of their mobile division said they would "need to overspend a bit in order to get the word out and create fans."

This didn't bode very well when their 2016 flagship smartphone sold less than expected, and resulted in multiple executives within the mobile division losing their jobs. Yesterday, the company announced they would be appointing a new CEO in charge of the entire company. The new CEO is Jo Seong-jin, and he was actually in charge of their home appliance division. The same division that has helped keep LG afloat for the last couple of years.

This change has gone into effect immediately, and will put Jo in charge of all LG Electronics' business divisions including the H&A Company, Mobile Communications, Home Entertainment, and Vehicle Components. He will even have oversight of over 120 operations around the world. Song Dae-hyun used to be the head of the CIS Region and president of LG Russia, but will now be taking the place of Jo as the president and CEO of the Home Appliance & Air Solutions Company.

Source: LG Newsroom



from xda-developers http://ift.tt/2fTlSZR
via IFTTT

New UMi Z Likely to be First Phone with MediaTek X27

umileak

We have received information from a credible tipster that UMi will be among the first, if not the first, OEM to release a phone with the recently-announced MediaTek X27 CPU, as soon as this month. Not only that, but a rendering we received of the new UMi phone, above, suggests that it'll have a dual-camera setup, likely with some help from the new ISP included in the X27.

The new UMi phone is likely to go by the name "Z", as the same name was recently teased on the UMi Facebook page. We don't have any other information about the UMi Z at this time, but we'd venture to guess that it'll be offered in a 6GB RAM configuration, and should have a 4,000mAh battery with up to 64 or 128GB of storage space with microSD expansion. And, given how UMi prices its phones, we expect the Z to be offered for a very competitive price.

 



from xda-developers http://ift.tt/2gh8Bvc
via IFTTT

Motorola Won’t Release a New Smartwatch for the Launch of Android Wear 2.0

Motorola released their first smartwatch in September of 2014 and then followed it up a year later with the second generation Moto 360. Many were hoping that the company would release something this year, but then in September, we learned Motorola, LG and Huawei didn't have any plans to release a new Android Wear smartwatch for 2016. Many speculated that these companies were waiting on Android Wear 2.0 before putting out a new wearable.

The first Android Wear 2.0 Developer Preview was made available to the public in May, and it seemed like Google was on course to release something this year. DP2 for Android Wear 2.0 was subsequently released two months later and it increased the Platform API to 24 so it could coincide with Android 7.0 Nougat. We even had a third developer preview for Android Wear 2.0 released in September of this year, but this is when we learned about the delay.

We still don't know exactly when Android Wear 2.0 will be officially released but we are told that the developer preview program will continue into "early 2017." Once we learned about this, it started to make sense why companies like LG, Huawei and Motorola didn't have any plans to release a new Android Wear smartwatch in 2016. The platform, and market as a whole, is somewhat struggling right now, but many hoped it would be revitalized with the release of Android Wear 2.0.

This week we heard from Shakil Barkat, who is the head of global product development at Motorola, and they confirmed the company didn't have any plans to release a new smartwatch with the launch of Android Wear 2.0. We'll still likely see the rumored Pixel watches released with the new update, but anyone hoping for an updated Moto 360 will have to wait. Motorola says the market simply isn't "broad enough" to release a new smartwatch year after year.

They are open to revisit the wearable market when technology improves though, but didn't give a time frame for fans to look forward to.

Source: The Verge



from xda-developers http://ift.tt/2gIsGuY
via IFTTT

Google Announces App Maker for G Suite Customers

G Suite used to be called Google Apps for Work, as well as Google Apps for Your Domain, and is Google's collection of tools for productivity, collaboration, and cloud computing. The service was initially launched in 2006, and it gave a way for businesses to have access to software and products that were built by Google. Google has been working a lot lately to enhance the service and this week they announced both an App Maker as well as some new apps for the Recommended for G Suite program.

Google announced this Recommended for G Suite program last year as a way to suggest some helpful 3rd-party applications and services for businesses. Google realizes there are some applications out there that aren't made by them, but can be very helpful for your team. So now the company is adding 7 new applications to this program that include Asana, DocuSign, Freshdesk, LumApps, Virtu, Xero and Zoho Invoice.

Google has also announced a new service called App Maker, for those businesses who want to quickly make a custom application to suite their needs. There is some coding that could be involved in making the app with the service, but the goal is to limit that by using a cloud-based IDE that has a number of templates built into it. It uses a drag-and-drop user interface with point-and-click data modeling to help decrease the amount of time it takes to develop your application.

They have been working with some of their larger G Suite customers and allowing them to test out App Maker for the last few months. After taking in feedback and reiterating the product, Google feels it is ready for more G Suite customers to utilize. It's not available to all G Suite customers right now though. It's included in their Early Adopter Program for G Suite Business customers. You'll have to apply to the Early Adopter Program by clicking here if you want to try it out.

Source: The Keyword



from xda-developers http://ift.tt/2gOvlq3
via IFTTT

How to use Kustom Live Wallpaper: Continuum

In this video, Marco continues his series of tutorials on how to use Kustom Live Wallpaper. Today we are going over how to load a simple two page setup.

First off, if you haven't seen the previous KLWP video, check it out here. This video goes over some of the basics of how to use the app.

We are going to be creating this setup called "Continuum" from artist Kohlewrrk.

continuum

Step 1: Download KLWP, KWGT and Nova

For this tutorial you will need the paid version of both KLWP and KWGT. You'll also want to install Nova Launcher if you haven't already.

Download KLWPDownload KWGTDownload Nova Launcher

Step 2: Nova Launcher Setup

Start with a completely blank homescreen in Nova. Long press on the homescreen and go to settings. Set your desktop grid to be a 7×5 layout. Then make sure your icons do not have any text labels. Make sure your page indicator is set to "none" so you don't get those little white dots at the bottom of your homescreen. For the dock, make sure it is enabled and your icon size is set to about 150%. Set the height padding to large, just to make sure we have enough room for everything. The last thing you'll want to do in enable "Swipe to open" in your apps & widget drawers settings.

kustom1

Step 3: Settings up KLWP

Download the continuum theme here and save it somewhere on your phone.

Long press on the homescreen and select wallpapers>live wallpapers>Kustom. Go to the "Load Preset" option and choose the continuum.klwp file. Select the theme and hit save.

kustom2

Step 4: Adding Kustom Widget

Download great.kwgt here.

Add a 4×1 Kustom widget to your homescreen and drag it into your dock. Adjust the width so it takes up the entire width of the screen. Now select it to bring up your options. Open the great.kwgt file and save it.

kustom3

Step 5: Adding Icons

Download the Compacticons icon set here.

Now just drag the icons you want from your app drawer to your homescreen. Press and hold the icons and select icon options>edit. choose your compacticons and pick the appropriate icon from the selection. Do this for each of the icons on your homescreen.

kustom4

So that's it. You have now created the continuum setup. Be sure to subscribe to our YouTube channel for more KLWP video tutorials.



from xda-developers http://ift.tt/2guiyZ6
via IFTTT