{"id":1662,"date":"2015-04-01T14:30:05","date_gmt":"2015-04-01T12:30:05","guid":{"rendered":"http:\/\/sseblog.ec-spride.de\/?p=1662"},"modified":"2015-04-01T14:30:05","modified_gmt":"2015-04-01T12:30:05","slug":"an-investigation-of-the-androidbadaccents-malware","status":"publish","type":"post","link":"https:\/\/blogs.uni-paderborn.de\/sse\/2015\/04\/01\/an-investigation-of-the-androidbadaccents-malware\/","title":{"rendered":"An Investigation of the Android\/BadAccents Malware"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_1662 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_1662')){$('.twoclick_social_bookmarks_post_1662').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blogs.uni-paderborn.de\\\/sse\\\/2015\\\/04\\\/01\\\/an-investigation-of-the-androidbadaccents-malware\\\/\",\"post_id\":1662,\"post_title_referrer_track\":\"An+Investigation+of+the+Android%2FBadAccents+Malware\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p><img loading=\"lazy\" decoding=\"async\" class=\"alignright\" src=\"http:\/\/scr.wfcdn.de\/11589\/Android-Trojaner-Badaccents-1420218692-0-0.jpg\" alt=\"BadAccents Malware\" width=\"223\" height=\"220\" \/><\/p>\n<p>Earlier this year, we reported on\u00a0the <a href=\"http:\/\/sseblog.ec-spride.de\/2015\/01\/korea-threat-compain-2014\/\">Korean threat<\/a>\u00a0we identified in collaboration with McAfee Mobile Research.\u00a0We have now released a <a href=\"https:\/\/www.informatik.tu-darmstadt.de\/fileadmin\/user_upload\/Group_EC-Spride\/Publikationen\/TR_BadAccentsMalware.pdf\">technical report<\/a> describing in detail the\u00a0Android\/BadAccents malware. Furthermore, we also describe a new tapjacking attack (<a href=\"http:\/\/sseblog.ec-spride.de\/2015\/02\/google-confirms-tapjacking-attack\/\">also reported earlier this year<\/a>) the malware exploited.<\/p>\n<p>The technical report also describes the fix we submitted to the Android Security Team in January this year. Until now (approximately 4 month later), the official AOSP still <em>doesn&#8217;t include the fix<\/em>, meaning likely all Android versions are still vulnerable.\u00a0Unfortunately, there is no real protection-mechanism for\u00a0the user against\u00a0this attack. A general recommendation from our side is the installation of apps from the official app stores and the usage of anti-virus applications (<a href=\"https:\/\/www.virustotal.com\/de\/file\/5161dd77d666fddf770a88e46d1b26f3733988b689a02fd395387e87b3d9f344\/analysis\/\">many AV vendors already detect this malware family<\/a>).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Earlier this year, we reported on\u00a0the Korean threat\u00a0we identified in collaboration with McAfee Mobile Research.\u00a0We have now released a technical report describing in detail the\u00a0Android\/BadAccents malware. Furthermore, we also describe a new tapjacking attack (also reported earlier this year) the &hellip; <a href=\"https:\/\/blogs.uni-paderborn.de\/sse\/2015\/04\/01\/an-investigation-of-the-androidbadaccents-malware\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":6581,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,41,61],"tags":[],"class_list":["post-1662","post","type-post","status-publish","format-standard","hentry","category-android","category-research-paper","category-security-vulnerability"],"_links":{"self":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/1662","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/users\/6581"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/comments?post=1662"}],"version-history":[{"count":0,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/1662\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/media?parent=1662"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/categories?post=1662"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/tags?post=1662"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}