
Russia's Massive Android Malware Industry Revealed - hkimura
http://securitywatch.pcmag.com/mobile-security/314386-russia-s-massive-android-malware-industry-revealed
======
guard-of-terra
This would not actually be possible if the operators weren't profiting from
SMS shortcodes.

Those are used for fradulent services in like 95% cases. But, operators get as
much as 50% share, so why bother getting rid of scammers?

I seriously want to see top managers of Russian cell operators in jail.

~~~
zalew
_> I seriously want to see top managers of Russian cell operators in jail._

=> I seriously want to see top managers of every cell operator out there in
jail.

FTFY

It's not a Russian problem, google for premium sms and you'll find
international tables for countries all around the world. I've heard some
providers give clients the option to disable premium sms, too bad it's not a
sane default. Also, don't know how it is in the US, but around here premium
sms are very popular among live tv shows - vote for your favorite dancer, etc.
So it's a hard case to beat when mass media is tied with them.

~~~
MichaelGG
It's not just SMS. There's premium numbers, too. It's a fairly neat racket.
You get Elbonia Telecom to publish a tariff inside their country that is like
$0.50 a minute. They'll make a deal with you to give you, say, 20 cents a
minute on all traffic you can generate.

So you go and hack people's PBXes or phones or whatever and call these numbers
non-stop and profit handsomely. Careless telecom (VoIP) providers are also
good targets, as the updating of these prices is a haphazard operation.

It even happens inside the US. Some local telco (like in Iowa) gets a 7 cent
rate published, then puts up free conference calls or whatever to generate
traffic.

~~~
zalew
in Poland a few years ago we had a scammer scheme where they left you a
message to call them back. When you called back, they forwarded the call to a
US premium number.

------
guard-of-terra
To all Russians out there, consider voting & promoting
[https://www.roi.ru/poll/petition/problemy-potrebitelej-i-
plo...](https://www.roi.ru/poll/petition/problemy-potrebitelej-i-plohoj-
servis/likvidatciya-svedenie-k-minimumu-vozmozhnosti-moshennichestva-s-
ispolzovaniem-uslug-mobilnoj-svyazi/)

------
babuskov
Author needs to get his facts right:

"SMS shortcodes that bill victims via their wireless carrier. In the U.S., we
often see these attached..."

versus

"Readers in the U.S. can rest easy, since most of these scams use specific
short codes that won't work outside Russia"

So, which one is it?

~~~
guard-of-terra
Every country have a different set of shortcodes. You can't use Russian
shortcodes from the US and it's not easy to harness US shortcodes for Russian
resident, especially fraudster (and vice versa).

That's how Eurovision voting works for example.

~~~
babuskov
I'm sorry, but you're wrong. I have SMS payments for two of my games in 30+
countries worldwide. You can use the same code as long as it is free to
register.

But the whole code story is completely irrelevant! If malware is installed in
your Android phone it can send any arbitrary short code it wants, without you
noticing. What is important is the number to which you send the code, and this
is different for each country (and even different for different carriers in
some countries).

So, a well coded malware with international support would need to know the
premium payment number + code pairs for all the countries the attacker wishes
to gather money from.

~~~
guard-of-terra
They should also be able to move their fradulent money away from those
countries which is going to be problematic.

------
MrKurtz
Instead of just regurgitating whatever is handed out to them, these
publication ought to be more skeptical of the claims of a company like Lookout
whose business is built on FUD, especially when they are spreading that FUD
about the only platform that lets them make a living.

I'm not suggesting that there are no potential threats, what I'm suggesting is
that they often omit the caveats and mitigating factors such as that the
official Play Store doesn't host malware and even if something slipped in it
wouldn't survive for long. The main concern would be about sideloaded apps and
even then devices with Google Play Services installed (most of them) can still
scan them: [http://www.androidpolice.com/2013/07/28/googles-malware-
scan...](http://www.androidpolice.com/2013/07/28/googles-malware-scanner-
introduced-in-android-4-2-moved-to-the-google-play-services-app-now-works-on-
gingerbread-and-higher/)

Also Android 4.2 introduced premium SMS protection:

 _More control of premium SMS - Android will provide a notification if an
application attempts to send SMS to a short code that uses premium services
which might cause additional charges. The user can choose whether to allow the
application to send the message or block it._

[https://source.android.com/devices/tech/security/enhancement...](https://source.android.com/devices/tech/security/enhancements.html)

~~~
zalew
> devices with Google Play Services installed (most of them)

not in Russia (see the other comment sub-thread here
[https://news.ycombinator.com/item?id=6149405](https://news.ycombinator.com/item?id=6149405)).

~~~
MrKurtz
Good point, they should have made that distinction in the article.

------
AsymetricCom
Wow really? You'd think a country with a collapsed government and unstable
social system would be building fighter jets, gourmet cuisine and cloud
services, not making money with shady organized crime. The shame!

------
barista
what makes this scary is this line:

"The report found the bulk of this Russian malware wasn't coming from lone
individuals in basements, but well-oiled malware producing machines."

~~~
zalew
Sounds sensational, but it's not that different from the spam drug affiliates
scheme.

SMS malware is a topic old as coal on the darknet, there is even a tutorial on
the hidden wiki; what I'm curious about is where those apps are distributed,
AFAIK google play deals with it (at least the obvious sms ones) pretty well.
From what I hear people complaining often on HN, in the US carriers are tied
with Google. Meanwhile here in Poland I rarely see a phone that has google
apps out of the box (usually there is some crapware from the carrier, a shitty
nav app instead of gmaps, and maybe a youtube app and that's it) and external
appstores are unlocked by default - I can assume it's a similar situation in
Russia and those malicious apps are distributed through some local app stores.
Can somebody from Russia comment on that?

~~~
mjolk
>I can assume it's a similar situation in Russia and those malicious apps are
distributed through some local app stores. Can somebody from Russia comment on
that?

It's usually harmless, 'cheaper-feeling' versions of popular applications. The
malware that's being downloaded here is closer to getting a user to download a
game that's similar to something popular -- think 'Minecraft Tips and Tricks
App'

~~~
zalew
Yeah, but where are they distributed - some Russian app stores or
international ones? If local, then people are not aware Russia and Ukraine are
cracker/malware superpowers? :)

~~~
guard-of-terra
I think there aren't any big Russian app stores (Yandex Store comes to mind
but it's not big yet).

I've seen numerous reports of Google Play apps being served with malware /
showing malware-triggering ads. So it's cat and mouse even with international
stores.

~~~
zalew
Yeah, sadly. But at least Google has the resources to learn on false
negatives. There have been a few malware scandals, but they are usually cut
off short in bulk just after exposed. I doubt smaller stores are able to
perform that well in this area, not to mention that those Russian ones
probably _are_ the scammers themselves as the phones have non-google app
stores unlocked and it only takes a spammy redirect.

All that said, as you mentioned in the other comment - the root of the problem
are cell companies, if not for them, the premium sms problem wouldn't exist.

