Do you wish that when your friends ask you "what did you learn today?" you said something other than "nothing"? This article presents ideas for you to use to make sure you learn something new every day.
Friday, 1 April 2011
Fake 'Walk and Test' App steals Android user data!
Android users who download a pirated copy of the Walk and Text app are strolling smack into trouble.
The rogue app, called Android. Walkinwat, is a corrupted version of the legitimate Android Walk and Text app, the security firm Symantec reported. Walk and Text, which can be found in many third-party app stores in North America and China, uses a smartphone’s camera to show users what’s in front of them as they’re walking and texting.
Once Walkinwat is downloaded, a dialogue box appears on the user’s phone that, according to Symantec, “gives the appearance that the app is in the process of being compromised or cracked, when, in fact, the app is gathering and attempting to send back sensitive data (name, phone number, IMEI information, etc.) to an external server.”
This is far from the first instance of a corrupted Android app that harvests user data; in early March, a rogue piece of software called DroidDream was found in 58 apps, which were downloaded more than 200,000 times before being removed from the Android App Market.
But Walkinwat adds a personal twist to the typical smartphone scam. It seems whoever orchestrated the bad app to steal your data has an anti-piracy agenda of his own.
While it’s installing, the Wakinwat app sends out a text message to everyone in the victim’s contact list that reads: “Hey, just downloaded a pirated App off the Internet, Walk and Text for Android. Im stupid and cheap, it costed only 1 buck. Don’t steal like I did!”
A follow-up message reads, “We really hope you learned something from this. Check your phone bill;) Oh and don’t forget to buy the App from the Market.”
Symantec said this is the first case in which a corrupted mobile application was used to scold people for piracy.
IEEE members databade hacked !
A hacker stole the credit card details of over 800 members of the IEEE (Institute of Electrical and Electronics Engineers) last December, according to its law firm.
A team of IEEE-appointed forensic investigators “concluded that a file containing customer credit card information had been deleted on or about November 17, 2010”, the institute's law firm told the Attorney General of New Hampshire in February [pdf].
The forensic team believed that 828 members’ credit card numbers, associated names, expiration dates and security numbers may have been accessed. It discovered “certain vulnerabilities in the system”, but the IEEE had no proof that the exposed credit cards had been used to make fraudulant transactions, according to the letter.
Subscribe to:
Posts (Atom)