This is the full list of Android Malware in a very dangerous year, since August, the 9th 2011 up-to-today. One year ago (9 August 2010) Kaspersky discovered the first SMS Trojan for Android in the Wild dubbed SMS.AndroidOS.FakePlayer.a. This is considered a special date for the Google Mobile OS because before then, Android Malware was a little bit more than an exercise of Style, essentially focused on Spyware. After that, everything changed and mobile malware targeting the Android OS become more and more sophisticated.

This compilation shows the long malware trail which characterized the hard days for information security. Looking at the graph, the climax was Android.Geinimi (end of 2010), featuring the characteristics of a primordial Botnet, but also Android.DroidDream (AKA RootCager) is worthwhile mentioning because of its capability to root the phone and potentially install applications remotely without direct user intervention.


read more

Some hackers use software and hardware to express themselves creatively—either solving entirely novel technical challenges or finding new ways to skin the same old cats. Others are motivated by money, power, politics, or pure mischief. They steal identities, deface Web sites, and break into supposedly secure and certainly sensitive databases.

IEEE Spectrum has written dozens of stories about both—the Steampunkers and Arduino do-it-yourselfers, on the one hand, the Anonymous and Lulzsec ne’er-do-wells on the other. Inspired by New York Magazine’s Approval Matrix, they took 25 of the biggest and best stories and assessed them along two dimensions: innovation and impact.


read more

Followed by a numerous news count of hacker break-ins (link 1, link 2 and link 3), it looks as though hackers are inflaming a cyber war against major corporations and institutions. This time the International Monetary Fund, United States Senate and Central Intelligence Agency servers got hacked. Full coverage of these stories inside.


read more

Google has removed 26 malware infected apps from the Android Market that are believed to have compromised the personal data of thousands of users. Security firm Lookout said that the apps were likely created by the same developers who were responsible for a previous attack of Android malware called ‘Droiddream’ back in March. This affected 21 apps that were also suspended from the Android Market.

Given the moniker Droiddream Light, the malware had code associated with previous Droiddream samples and is believed to have affected between 30,000 and 120,000 users. Magic Photo Studio, Mango Studio, ET Team, BeeGoo, Droidplus and Glumobi were the six developers named as publishing malicious apps with names like Sexy Legs, Volume Manager, Quick SMS Backup and Tetris. None of the apps actually needed you to launch them on your device for the malicious bits to work, instead relying on an incoming voice call.


read more

Poor Sony — not again. Lulz Security has broken into SonyPictures.com, where it claims to have stolen the personal information of over 1,000,000 users — all stored (disgracefully) in plain text format. Lulz claims the heist was performed with a simple SQL injection — just like we saw the last time around. A portion of the group’s exploit is posted online in a RAR file, which contains over 50,000 email / password combos of unfortunate users. In addition to user information, the group has blurted out over 20,000 Sony music coupons, and the admin database (including email addresses and passwords) for BMG Belgium employees. Fresh off the heels of the PlayStation Network restoration, the fine folks in Sony’s IT department are now surviving solely on adrenaline shots.

Update 1: On the topic of clear-text passwords, Neflix, Foursquare, LinkedIn and Square are also spotted to expose your data. Therefore as a developer, please be careful developing apps with sensitive information; and as a user be even more careful sharing your sensitive information over the internet.

Update 2: 3rd of June 2011, Codemasters (UK game developer that brought us Dirt, GRID, Operation Flashpoint, etc) website got also hacked. The say tens of thousands accounts have been compromised exposing the names, addresses (both physical and email), birthdays, phone numbers, Xbox gamer tags, biographies, and passwords of its registered users. Payment information wasn’t compromised, but when you consider that almost everything else was, that feels like hollow consolation.


read more

Following a series of hackers break-ins on Sony (and several others), The black-hat group attacked an automobile manufacturer — Honda Canada. The company said the information accessed was related to a program in 2009 that encouraged customers to register at the myHonda website. In an alert posted on its website, Honda said details such as customer names, addresses, vehicle identification numbers and in some cases Honda Financial Services account numbers were accessed. The company said the information didn’t include data typically used for identity theft or fraud, such as birth dates, credit card numbers and bank account numbers.


read more

The names and e-mails of customers of Citigroup Inc and other large U.S. companies, as well as college students, were exposed in a massive and growing data breach after a computer hacker penetrated online marketer Epsilon.
A diverse swath of companies that did business with Epsilon stepped forward over the weekend to warn customers some of their electronic information could have been exposed.

Drugstore Walgreen, Video recorder TiVo Inc, credit card lender Capital One Financial Corp and teleshopping company HSN Inc all added their names to a list of targets that also includes some of the nation’s largest banks. The names and electronic contacts of some students affiliated with the U.S.-based College Board — which represents some 5,900 colleges, universities and schools — were also potentially compromised in what could be one of the biggest breaches in U.S. history.

No personal financial information such as credit cards or social security numbers appeared to be exposed, according to the company statements and e-mails to customers. Epsilon, an online marketing unit of Alliance Data Systems Corp, said on Friday that a person outside the company hacked into some of its clients’ customer files. The vendor sends more than 40 billion e-mail ads and offers annually, usually to people who register for a company’s website or who give their e-mail addresses while shopping.


read more

Hackers: Outlaws and AnglesIf parking officers, mall cops, and cake makers can get their own reality show, why not people who actually do something interesting for a living? LIGATT Security International has announced it will be the focus of the first ever reality TV series on computer hacking. The weekly documentary/reality series will center around company CEO Gregory Evans and his day-to-day quest to find the latest hacks out there and ensure computers around the world remain safe. Evans said everyone around the office is extremely excited, as viewers will finally be able to see what goes on behind the scenes at one of the cornerstones of the computer industry – the security sector.


read more

WikiLeaksAfter a Tuesday deadline to submit nominees for the Nobel Peace Prize, Norwegian parliamentarian Snorre Valen announced he had entered WikiLeaks as a candidate for the prestigious award. Nominations can be handed in by members of national assemblies and governments of states, members of international courts, university professors and directors of peace and foreign policy institutes. WikiLeaks’ work exposing government secrets has earned it the enmity of countries around the world, especially the US. But Valen told Deutsche Welle that WikiLeaks deserved the Nobel prize for contributing to world peace.


read more