Anaru Malware Now Live and Ready to Steal

Recently, I blogged about a famous Anime character named Anaru who was being used to steal contact details from Android devices. At the time of investigation, the app appeared to be in a testing phase, with the possibility that it might have been created for fun. However, the app’s creators now appear to have moved to the next level and are now actively enticing Android device owners to install the app.

The Anaru malware, which Symantec detects as Android.Maistealer, is now hosted on multiple, dedicated websites that resemble Google Play. The app is not available on Google Play, as far as I am aware of, and is only available on these dedicated websites.
 


 

The app has not changed since the last time I wrote about it. When the app is downloaded and installed it works as advertised; it allows a user to use the touch screen to manipulate the character's body. A user would not have any reason to suspect that personal data had been stolen unless the user paid close attention to the installation screen. By installing the app, the user gives permission for it to read contact data, a functionality that should not be required for this type of app.
 

  

Figure 1. Installation screen and app screen
 

The malware authors now have a dedicated website to distribute their Anaru app, but this is not their only method of getting onto a user device. The same group has also created a fake battery saver app called EnergyHelper1, which Symantec detects as Android.Enesoluty. It is advertised using spam written in Japanese, as shown in Figure 2. It attempts to entice Android device owners, who are dissatisfied about the short battery life of their device, to download the app.
 

  

Figure 2. Spam examples
 

Users are tricked into believing that the malicious app is a handy utility that saves battery life or charges the battery by turning the screen into a solar panel. These types of apps have become very popular among Japanese scammers. Malware like Android.Ackposts, Android.Ecobatry, and Android.Sumzand all use this strategy. Once the user clicks on the link included in the body of one of the emails, they are taken to a page similar to the one the Anaru app is hosted on; this is another fake app market.
 

Figure 3. Fake battery saving app

Once the app is downloaded and installed, it appears to run before stating that it is incompatible with the device. This is an attempt to get the user to give up using the app, but the contact details stored on the device have already been collected and uploaded to a remote location.

     

Figure 4.  Device incompatible error message
 

We now know that this criminal group was not just playing around with the Anaru app in July. They have been busy developing another app, as well as setting up dedicated sites to imitate legitimate app markets.

Symantec recommends users always follow security best practices and be cautious of suspicious emails—particularly unsolicited emails from unknown individuals advertising Android apps.  When downloading apps, users are advised to visit established and trusted app markets. To further protect your device, Symantec recommends using a security app, such as Symantec Mobile Security and Norton Mobile Security.

Pirate Bay Founder Arrested for Alleged Hack

Pirate Bay co-founder Gottfrid Svartholm in 2009. Photo: boklm/Flickr

It turns out that last week’s arrest of The Pirate Bay co-founder Gottfrid Svartholm seems to be unrelated to his pending one-year prison sentence for running Sweden’s and the world’s most notorious and illicit file-sharing service.

Swedish media is reporting that Svartholm’s confinement in Cambodia is in connection to a 2010 hack into a Swedish company called Logica. Logica contracts with Swedish tax authorities, and “tax numbers of 9,000 Swedes leaked online” earlier this year, notes TorrentFreak, a prominent source when it comes to The Pirate Bay news.

Two other Swedes have been arrested in relation to the Logica hack.

Sweden’s Supreme Court in February upheld the prison sentences of the four men convicted of running The Pirate Bay. Peter Sunde faces eight months; Fredrik Neij, 10 months; Carl Lundström, four months; and Gottfrid Svartholm, one year. They share combined fines of more than $6.8 million. They have not yet been ordered to serve their time.

They were convicted in 2009 in a joint civil and criminal proceeding in Sweden that pitted the entertainment industry and the government against the four defendants and the torrent-based file-sharing site, which points the way to free games, movies, software and music. The service is used by millions and is notorious for its rebellious nature.

Their failed defense largely hinged on an architectural point. Because of the way the bittorrent protocol works, pirated material was neither stored on, nor passed through, The Pirate Bay’s servers. Instead the site provides a searchable index of torrent files — some on its servers, some elsewhere — that direct a user’s client software to the content elsewhere.

Cambodian authorities, who arrested Svartholm at his apartment in the capital of Pnom Penh, where he was living, are said to be planning to eventually deport him to Sweden. Once there, he is likely to face hacking charges.

According to Swedish site DN.se, Svartholm was in “poor condition, weighing less than 40 kg and with serious drug problems.”

AT&T’s FaceTime Blocking Hurts the Deaf

Photo: Joe Philipson/Flickr

When I learned that Apple would finally be enabling the iPhone’s FaceTime app to work over mobile connections, I was ecstatic. As someone who is deaf, I could now use this one-touch, always-on video chat app to communicate with friends and family in my natural language: American Sign Language (ASL).

Brendan Gramer

Born profoundly deaf, Brendan lives in Seattle with his wife, son, and 2 dogs, In his spare time, he enjoys fatherhood, the outdoors, and homebrewing beers with his homebrew club.

But then I found out that AT&T will block mobile FaceTime unless customers sign up for an expensive unlimited voice plan. I wasn’t thrilled with the thought of having to pay this AT&T “deaf tax” just to use the mobile data I’m already paying for.

It’s disappointing that AT&T is standing in the way of innovation that addresses the needs of its deaf and hard-of-hearing customers. Sometimes it takes a while (and some prodding) for technology and technology companies to catch up to and embrace accessibility. In this case the technology is there, but it’s AT&T that’s throwing up the barrier.

FaceTime is a Revolutionary Product

Since the mid-1970s, deaf and hard-of-hearing people been able to make and receive phone calls with the assistance of a Telecommunications Relay Service that enables phone calls through the use of text-input keyboards. A deaf user types a message, which is then translated by an operator speaking to the person on the other end of the phone call. While it is a useful service, TRS still requires typing and communicating via the written word instead of ASL.

This all changed a decade ago when Video Relay Services became widely available. For the first time, it was possible to have phone conversations using ASL.

But soon after, cellphones replaced landlines as the primary mode for phone calls. VRS requires the signer to be in front of a camera-equipped computer or videophone, creating a challenge if you want to make a call while out of the house. Technology keeps advancing, though, and smartphones with video calling apps have the power to create a seamless communications experience for the deaf and hard of hearing.

Video calling changes everything. Not only does it make it easier to take advantage of VRS services, but it allows two people who know ASL to communicate without relying on a third-party interpreter. Apple’s FaceTime is a particularly revolutionary application. I use FaceTime often with family and friends because it’s the easiest way for us to see and sign to each other.

Freeing up FaceTime over mobile would literally change our world. We would be able to communicate with each other during emergencies and other situations when Wi-Fi isn’t available. People who aren’t deaf take for granted that they can dial their partners’ cellphones to remind them to pick up milk, but for the deaf there have always been technological barriers to these kinds of routine communications.

But AT&T isn’t going to allow this revolution in accessibility to be unleashed — not unless customers are willing to buy the company’s pricy unlimited voice plans. AT&T does currently sell a “Text Accessibility Plan” (which it calls “TAP”), which offers deaf users paying $50 a month unlimited texts and 3 gigabytes of monthly data. But again, texting just isn’t the same as signing. Furthermore, according to AT&T’s website, this plan wasn’t extended to include iPhone 4S owners, and it remains to be seen if it will cover the new iPhone. Perhaps the phasing out of these accessibility plans is just AT&T’s way of pressuring consumers into overpaying with their new plans, irrespective of their unique needs or situation.

AT&T’s FaceTime Blocking Defense Ignores Practical Realities

This isn’t about trying to abuse the system. It’s about the fundamental need to be able to communicate with each other anytime, anywhere — and for the deaf and hard of hearing to be functionally equivalent with hearing people.

FaceTime is a seamless, straight-out-of-the-box video calling solution. Members of my wife’s family switched from the Android platform to iOS to use FaceTime because, well, “it just works.” You look up a contact on your iPhone, and there’s the option to make a FaceTime call listed right next to the voice and texting options.

Third-party apps like Skype require installation, set-up and integration and are not “always on” in the same way FaceTime is. FaceTime’s Wi-Fi limitation has been its only inconvenience, and has led to many missed calls. This is why I personally found AT&T’s assertion that net neutrality rules don’t prevent it from blocking “preloaded” apps like FaceTime so disappointing, and its boasting that it won’t block FaceTime over Wi-Fi so frustrating.

Even if AT&T ultimately decides not to block FaceTime for deaf users on its TAP plan, the company’s plans will still hurt deaf and hard-of-hearing customers. Why? Because the company will still block mobile FaceTime for the people we talk to — our friends and family members who are iPhone users and know ASL, but who are not deaf themselves and thus do not qualify for the TAP plan. The point of having a mobile phone is the ability to be in touch anytime, anywhere — not to have to plan ahead and hope Wi-Fi is available wherever we land.

The bottom line is that data is data. Whatever we pay for, we should be able to use. AT&T needs to rethink this terribly misguided plan and its impact on the deaf and hard of hearing.

ACLU Sues Police for Seizing Man’s Phone After Recording Alleged Misconduct

Image: catbagan/Flickr

The ACLU has sued the District of Columbia and two police officers for allegedly seizing the cellphone of a man who photographed a police officer allegedly mistreating a citizen, and for then stealing his memory card.

The suit, filed in federal court (.pdf) in Washington, D.C., alleges that the police officer violated Earl Staley, Jr.’s First Amendment and Fourth Amendment rights by improperly searching and seizing his property while he was exercising his right to photograph the police performing their duty.

The incident occurred July 20 when Staley, on his way to a bus stop with a friend, pulled out his phone to record police after he saw an officer hit a man on a motorbike. Two police officers then allegedly punched the man on the ground as he bled.

Staley pulled out his phone to take photos when police also allegedly began “chest bumping” bystanders who would not leave the scene.

Officer James O’Bannon seized Staley’s smartphone from his hand when he saw Staley take a photo of another officer and told Staley that he had broken the law in photographing the officer, according to the complaint. O’Bannon told Staley he was seizing the phone as evidence and threatened to arrest Staley if he didn’t leave the scene.

When Staley was later given back his phone by police, his memory card was missing. The police have still not returned the card, which Staley says contained several years’ worth of personal data, including family photos, passwords, financial account data and music files.

“That memory card had a lot of my life on it,” Staley said in a statement. “I can never replace those photos of my daughter’s first years. The police had no right to steal it. They’re supposed to enforce the law, not break it.”

The incident occurred a day after the D.C.’s Metropolitan Police Department issued a General Order informing officers that the public has a First Amendment right to photograph or record police officers performing their duties in public. That’s also the legal opinion of the U.S. Justice Department.

Per the D.C. order, police cannot “[i]n any way threaten, intimidate or otherwise discourage an individual from recording members’ enforcement activities,” and prohibits officers from seizing cameras unless an “official with supervisory authority” is present at the scene.

“Officers must learn that people have a right to photograph them in public places, and that trying to cover up police misconduct is worse than the initial misconduct,” said Arthur B. Spitzer, Legal Director of the ACLU’s D.C. chapter, said in a statement. “The officer’s actions here will have consequences.”