There’s a new type of Android malware out there that is masking itself as a “cleaner” app, but what it’s really doing is infecting both your smartphone and your PC. Kaspersky researchers discovered the “cleaner” apps, called Superclean and DroidCleaner, in the Google Play store which makes it all the more scarier. The apps are supposed to free up memory in Android, but instead does an extensive feature set of other harmful things. Here’s a list:[list][*] Sends SMS messagesIt seems older Android versions are especially susceptible
[*]Enables WiFi
[*]Gathers information from the device
[*]Opens random links in the browser
[*]Uploads the entire content of your SD card
[*]Uploads arbitrary files and folders to the master’s server
[*]Uploads all of your SMS messages
[*]Deletes all of your SMS messages
[*]Uploads all of your contacts, photos, and coordinates to the master[/list]Once the “cleaner” app is installed and running, it begins listing processes on your device and restarts them in the foreground to make it appear as if it’s really “cleaning” your device. However, in the background, the app downloads three files (autorun.inf, folder.ico, and svchosts.exe) to the root of your SD card.
When you connect your smartphone to your Windows computer, the SVhosts.exe file (Backdoor.MSIL.Ssucl.a) will automatically execute itself onto your PC. It then takes control of your microphone and records you. It encrypts those recordings and sends them back to the master.
It is those users who use outdated OS versions that are targeted by this attack vector.With Android, you are often 2-3 releases behind the latest release, and then you are dependent on the manufacturer and then the carrier to release any updates.
[size=1]Compared to its chief rival mobile operating system, namely iOS, Android updates are typically slow to reach actual devices. For devices not under the Nexus brand, updates often arrive months from the time the given version is officially released. This is caused partly due to the extensive variation in hardware of Android devices, to which each update must be specifically tailored, as the official Google source code only runs on their flagship Nexus phone. Porting Android to specific hardware is a time- and resource-consuming process for device manufacturers, who prioritize their newest devices and often leave older ones behind. Hence, older smartphones are frequently not updated if the manufacturer decides it is not worth their time, regardless of whether the phone is capable of running the update. This problem is compounded when manufacturers customize Android with their own interface and apps, which must be reapplied to each new release. Additional delays can be introduced by wireless carriers who, after receiving updates from manufacturers, further customize and brand Android to their needs and conduct extensive testing on their networks before sending the update out to users.This 'model' is unacceptable in this growing market, where 'smart-phones/tablets' are the becoming the 'normal' way for people to interact with technology and replace their antiquated PC/Laptops over the coming years and decade.
The lack of after-sale support from manufacturers and carriers has been widely criticised by consumer groups and the technology media. Some commentators have noted that the industry has a financial incentive not to update their devices, as the lack of updates for existing devices fuels the purchase of newer ones, an attitude described as "insulting". The Guardian has complained that the complicated method of distribution for updates is only complicated because manufacturers and carriers have designed it that way. In 2011, Google partnered with a number of industry players to announce an "Android Update Alliance", pledging to deliver timely updates for every device for 18 months after its release. As of 2012, this alliance has never been mentioned since.[/size]
NOTE: The 'l33t' people on this forum will unlikely to be affected, because they know how to 'root' theirs and install the latest firmwares or anti-virus programs. However, I ask these same people to be cognisant of the danger the 'non-l33t' people are going to be exposed to in the coming years, by being unable to update their phones.