AsiaHitGroup Hits Asia Again with Despacito Ringtone Memes

Source from McAfee.

McAfee researchers found AsiaHitGroup trying to sneak malware into Google Play Store Again

Users from Russia, Thailand and Malaysia are susceptible to this threat since the malware will check the IP address location to determine whether it will install.  This time the app is known as "Despacito for Ringtone", not to be mistaken with another app "Despacito ringtones". The malware was quickly removed from Play Store. However, it is expected that criminals motivated with financial gains will continue to try to ride on the latest memes to hookwink users into downloading malware. 

Previous related post on AsiaHitGroup is posted here.

Follow us on all critical Android development and security news here.

New App - Device Information

Get your device information from this Zero Permission App

A tool to demonstrate the capabilities of a simple Zero Permission App

Device Information (Zero Permission App)
Device Information (Zero Permission App)

This app will provide information about your Android Device using all available APIs, shortcuts, and workarounds methods, but without using any Android permission. This is to provide a tool to allow users or developers of the risk of information theft and information privacy.

Zero permission app is an initiative to provide peace of mind to users by aiming to have no (ZERO) required permissions in Android, but still providing innovative and effective features to you.

Usage:
To use, just download and enter the desired information from the drop down menu.

Features:
➤ No ADS and No root required
➤ Simple to use, no manual required
➤ Supports Smartphones, Tablets
➤ Supports Android KitKat, Lollipop, Marshmallow, Nougat
➤ Provides Information such as Kernel, CPU, Cellular, Display, Installed Apps and more
➤ Good resource management
➤ No frills, run with minimum RAM and CPU
➤ No unnecessary function in the app (to enhance security)
➤ No Android Permission required, zero, none, period
➤ Safe and Privacy focused, no servers and DOES NOT connect to the Internet
➤ Your device information will never leave your device
➤ Check the permission required by other similar apps and you will agree that this is the BEST app for getting your device information in comparison
➤ You can request for full source code audit by contacting us


Get it here on Google Play Store.

Follow us on all critical Android development and security news here.

Transparency Report and Warrant Canary

Transparency Report and Warrant Canary

This note applies to all applications that we developed and uploaded into Google Play Store, under the publisher name of "Fledgling Developers".

We will never voluntarily share user data because we do not collect them, see our privacy statement

We will proactively report all requests from government entities, corporations, law & security organisations or basically anyone with power to do so. We will REMOVE this sentence if we are not able to do so.

We have not received any above request. This post will be updated at least quarterly. Last update 21 June 2019 (2019/06/21).


Inspired by:
on the assumption that it's only illegal to say they've been there if it's true...
Inspiration Source: http://www.librarian.net/technicality.html

Follow us on all critical Android development and security news here.

Updated App - Quick Check for FakeSpy, RottenSys, Cosiloon, APT-C-23, AsiaHitGroup and Other Trojan Malware

Updated to include checks for FakeSpy Android Information-Stealing Malware 

Our app, Quick Check for RottenSys, is updated and live in Google Play to check for FakeSpy (just discovered by Trend Micro researchers).

[Update: 23 June 2018] Updated Quick Check App to check for com.advancedbatr.batsaver reported by RiskIQ.


Quick Check for RottenSys, FakeSpy, Fast - Social App, Fast Lite - Social App, OmniSocial, Cosiloon and Other Malwares
Quick Check for RottenSys, FakeSpy, Fast - Social App, Fast Lite - Social App, OmniSocial, Cosiloon and Other Malwares


If your phone contains these 51 application you just have to uninstall the application.


Download Quick Check for a really quick check. You can uninstall the app after use.


How to Secure Your Android Phone, Tablet and Android TV Against Malware

How to secure / harden your Android devices, Phone, Tablet and TV against malware

Before you buy that Android device:

If you plan to buy and use an Android device for more than one year, look for a brand and model that provides regular updates for the Android System. Sadly, not all brands do that except maybe Pixel and Nexus devices (no prizes for guessing why). At the start of every month, Google releases the monthly Android Security Bulletin which provide fixes for possible issues affecting Android devices. A report has demonstrated that these security fixes are not always follow up by the manufacturers. This implies vulnerabilities may be present in an non-updated device. Not all vulnerabilities are critical and exploitable, but as of May 2018, there is a high severity vulnerability (CVE-2017-13309, Ref: A-73251618) that could enable a remote attacker to access data normally accessible only to locally installed applications with permissions. And that's bad.

You can google for Android updates for any brands and models and review its history of updates before flexing your credit card. Do take note that even branded manufacturers will stop updating its older models after some time. Thus, we recommend not to purchase a model that is too old from the current model. One or two models behind the current model should be fine for at least a year plus.

Sometime you may find a very cheap but unbranded phone for sale but it may not be a good choice as explained from this post. If Android manufacturers want to preinstall Google’s apps on their devices, the Google Android team will certify these devices to ensure they are secure and ready to run apps from Google and the Play Store. These certified devices will then carry the Google Play Protect logo as shown:

When shopping for a new device, look for the Google Play Protect logo to help make sure the device comes with the security benefits of certification
Google Play Protect Logo (Source: https://www.android.com/certified/)

A list of Google's certified partners (brands) can be found here for your references before you go shopping for that new device.

[Update] Google will now add a small amount of security metadata on top of APKs to verify that the APK was distributed by Google Play.

After you bought that Android device:

Four layers of security defence you can install in your device.

Layer 1: Activate the function "System Updates", or "Software Update" or "Check for System Updates" in your device (model dependent). This function is usually found in Settings/About Phone. If there is an update for your device, perform the update immediately. You should perform this check regularly, or you can set the system updates to be automatic. This is your first layer of defence.


Layer 2: Ensure you have Google Play Store installed and check that Google Play Protect is turned on. Install Google Play Store if it is not installed. Google Play Protect is Google's built-in malware protection for Android. This function can be found in the top left menu of Google Play Store App. This is your second layer of defence.

Google Play Protect Scan Results with Last Scanned Time
Google Play Protect Scan Results with Last Scanned Time

Google Play Protect Performing Scan
Google Play Protect Performing a Scan 


Layer 3: Go to "Privacy" setting that make sure installation of apps from unknown sources is disabled. You should never ever install applications from third-party market place or stores. This is your third layer of defence.

Installation of Apps from Unknown Sources Should be OFF
Installation of Apps from Unknown Sources Should be OFF

Layer 4: Find and install a good or your favorite Anti-Virus (or anti-malware) app in the Google Play Store. After installation, you should perform a full scan of your device. You do not have to keep the anti-virus app in your device after the full scan if you want to free up your memory or CPU usage. For your fourth layer of defence, you just have to regularly download one of the below apps and perform a full scan. 

Best Practices for ensuring continuous good security health of your Android device:

1. Protect your devices with pin or password lock so that nobody can gain access to your device when the device is lost

2. Never open documents or application installers (APK files) that you are not expecting, even if it looks like it's from someone you know

3. Ensure your phone is regularly backed up, or sync your contacts/data/etc with one of the major companies such as Google, Samsung

4. Before you install any app from Google Play Store, check the permission required for the app. This explanation is kind of lengthy and will be touch on in future posts. In fact, to decide whether an app is safe to download from Google Play Store is both an art and a science. There is a trick that some attackers used to fake the popularity of their apps by changing their developer name to something like "100 Million Downloads", and this will cause Play Store to display their app icon as:
Developer using the name "100 Million Downloads"
Developer using the name "100 Million Downloads"
These apps are no longer in the Play Store, they are archived in AppBrain.

5. Other than applying the above 4 layers, we developed our own tool to check for the latest Android malware announced. This is our own Layer 5.

6. To keep secret notes on your device, you may want to consider our own developed app, Secret Notes AES-256

Eight ways that your data can be used or abused by third parties

The perils of leaving the privacy of your data in third party hands


The eight ways that your data may be used or abused by third parties

  1. Used for converting prospects into leads for future businesses
  2. Target advertisement (most are upfront on this), see Google Adsense
  3. Resold to other parties, see previous post on unimania
  4. Data ex-filtration (hacked) by attackers, see MyHeritage data breach
  5. Seized officially by Government or law enforcement agencies
  6. Used as data source to seed another business, see Hola and Luminati and TrueCaller
  7. Pure scams to get personal information, e.g. fake job offering
  8. Used to build up individual or group databases for future espionage or influence operation

Who should be responsible for your data?

Delegating the tasks of protecting your personal data to third parties is a risk. In this modern world, some of these tasks may have to be "outsourced". Understanding the above risks will help you in deciding whether a company or organisation require your data and how they are going to protect it. A simple privacy statement does not tell you how strong or weak is their data protection mechanism. And most privacy page have a clause to state any future use of data is at their discretion.

While most people are sensitive about credit cards or payment details, they are less concern about the voluntary disclosure of personal details in their social accounts (Facebook, Twitter, Instagram ...). We hope this post will remind readers the perils of trusting third parties on protection of their data.

Secret Notes AES-256

For keeping sensitive data in your Android phone, we recommend our own Secret Notes AES-256. This app requires no permission and does not connect to any external servers.

Follow us on all critical Android development and security news here.

Updated App - Quick Check for RottenSys, Cosiloon, APT-C-23, AsiaHitGroup and Other Trojan Malware

Updated to include checks for Fast - Social App, Fast Lite - Social App, and OmniSocial

Our app, Quick Check for RottenSys, is updated and live in Google Play to check for Fast - Social App, Fast Lite - Social App, and OmniSocial (just discovered by Adguard Co-founder Andrey Meshkov).

Quick Check for RottenSys, Fast - Social App, Fast Lite - Social App, OmniSocial, Cosiloon and Other Malwares

If your phone contains these three application you just have to uninstall the application. 

Contact fledevstaff@gmail.com and we may be able to provide some free advice on demanding your data to be erased (especially with the power of GDPR).


Download Quick Check for a really quick check. You can uninstall the app after use.

These Android Apps are Collecting Your Facebook Data

Warning - Apps in the Google Play Store were found to be secretly collecting sensitive data


According to security expert Andrey Meshkov who made the discovery, Android apps helped a company, Unimania, Inc., to collect users' Facebook data and spying on their social network browsing history. The list of the information includes the user’s Facebook profile data, demographics, list of user interests, and the users' browsing history including all the Facebook regular and sponsored posts, tweets, YouTube videos and ads. According to Unimania's privacy policy, they are free to sell these data to anyone.

As described in a previous post, apps even from Google can be a surprise to users.

The discoverer promptly informed Google in May and the developers, team2soft, of the two apps have unpublished the apps on 31 May.

Screenshot of team2soft timeline from https://www.appbrain.com/dev/team2soft/
Screenshot of team2soft timeline from https://www.appbrain.com/dev/team2soft/

team2soft was active on Google Play since Oct 2011, their address was stated to be somewhere in Italy, with additional contact details such as:

Details on team2soft from Internet

The two apps that were discovered to be sending details to third party are:

1. Fast - Social App (app.fastfacebook.com)

Fast - Social App (app.fastfacebook.com)

2. Fast Lite - Social App (app.fast.push.com)

Fast Lite - Social App (app.fast.push.com)

Both apps are no longer in Google Play and the team2soft account is also no longer available. The company Unimania Inc. also had a Google Play account and had published its own app, OmniSocial (me.unimania.social.app), the account and the app are both no longer in Google Play.

3. OmniSocial (me.unimania.social.app)


OmniSocial (me.unimania.social.app),


Our own app Quick Check will be updated to scan for these three apps. However, this case may not be over soon as more apps in Google Play are likely to be discovered with Unimania Inc connection. Watch out for it.

Follow us on all critical Android development and security news here.


Why is my phone infected by malware?

Let's Count the Ways That a Phone Can Be Infected by Malware (tl;dr there are six ways)


When a phone is infected with malware, it behaves slightly differently. You may suddenly see a pop up advertisement, or you may feel your phone is slowing down, or your mobile data usage is increasing at a incomprehensible rate. Malware may be used by criminals for financial gains or by hackers for identity theft or to do damage, or even powerful groups for intelligence purposes. Whatever the purposes of the malware, we just do not want to be infected. We need to understand the different ways a malware can get into our phone so as to protect ourselves.

1. Android devices that are shipped with pre-installed malware

Some phones that you buy, especially the non branded low cost phones, may be infected by malware as shown in this article. The malware may be inserted by a malicious manufacturer or may be inserted during the supply chain of the different parts and assembly. These types of malware are the hardest to remove as it usually involve deep technical knowledge and skill to dig into the firmware of the phone. If infected at the firmware level, usually the only recourse is for you to buy another phone. After factory resetting your phone, there will be researchers interested to get hold of your infected phone to perform forensics. Thus, you may want to consider donating it to a good cause.

2. Applications that are downloaded contains malware

Applications that you download may be infected with malware. If you frequently download from third party App Store and not from official sources such as Google Play, your risk score immediately jumps up by a few notches. It is also a fact that malware infected applications can also sneak into Google Play Store because the detection of malware by anyone will never be foolproof. Google is improving its detection engine though it may still miss some of the malicious apps. Thus, you should be getting your applications from the official sources and not side-loading or third party App stores. Application that contains malware is either developed by the malicious developer or inserted during the supply chain (yes there is a supply chain of software libraries, codes, services, in the software development world).

3. Malvertising - The use of online advertising to spread malware

Malvertising involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages. Because advertising content can be inserted into high-profile and reputable websites, it provides attackers an opportunity to push their attacks to web users who might not otherwise see the ads, due to firewalls, secure settings, or the like. The ads to you will appear to be perfectly normal and appear on a wide range of apps and web pages. Once you click on the ad, your device is immediately infected with the malware. Major reputable ads networks are combating these malicious ads, but occasionally malware still come through this channel. Some people will choose to use ads blocker software to prevent ads from showing up. This practice is of arguable benefits depending on which side you are on.

4. Scams - The use of fake promise to lure you into downloading an application

Scams are common methods used by attackers to infect your mobile devices with malware. They will use websites, full screen Ads or emails to redirect you to a malicious web page. In some cases,  a link to the infected page is sent directly to you in an email or text message, usually with some fake promise or prizes. Once they got you to their infected site, the code within the page automatically triggers the malicious software download. The website is usually disguised to look professional and legitimate in order to give you a false senses of security. Never open up these downloaded apk files on your phone.

5. Direct installation of malware into your device

You probably do not have to worry about this method of attack as it is costly to the attacker. In this case, the attacker must physically touch your device in order to install the malware. Usually, this involves plugging the device into a another device and directly downloading the malicious software onto it. You do have to worry about this method of attack, if you have the habit of using free charging services such as kiosks at the airports. Usually you do not know what the other end of the charging cable is connected to. An attacker can set up a fake charging station to infect people when they pluck the cable into their device. You should check that the debugging feature over USB is turned off and "Unknown sources - allow installation of apps from unknown sources" is also turned off, if you intend to use these charging stations. You should never just plug in a mobile storage card into your phone without first checking and scanning the card with some antivirus software.

6. (Free) WiFi insertion of malware into your device

This is a more complicated process to get a malware into your device because the attacker has to first get your device to join his WiFi network and then to exploit one of the software vulnerabilities in order to install a malicious application over the WiFi network. The first part is easy to the attacker unless you never ever turn on the WiFi function in your phone. The attacker has to just emulate one of the common WiFi broadcast ID (SSID) and your phone will automatically join the WiFi network. Some popular SSID to emulate would be coffee joints, restaurants or even your home WiFi network (yes, it is possible to capture and fake it subsequently). The best you can do to prevent this method of attack is to make sure your phone is always patched up to date, the Android operating system and all the applications. You should turn off the WiFi function if you are not expecting to join a WiFi network (You will reduce the WiFi electromagnetic signature and gain back some privacy too).


We are neutral to the suggestion of installing an Anti-Malware application as a preventive measure against malware. Whether you think they are really effective or wasting your phone resources (CPU, storage, RAM), it is still a good idea to occasionally install one of the popular one and perform a full scan of your phone. You can always delete or uninstall the application after the full scan. We built a simple malware check application just to perform a quick check of the latest malware announced on the Internet. It will always be free and adopts our Zero Permission App (ZPA) drive.

Be safe. God Bless.

Follow us on all critical Android development and security news here.