Hacker News new | ask | show | jobs
by Cyph0n 3302 days ago
This is the kind of malware that is difficult to block imo. As long as the auto clicking is done at a suitable interval, there really is no easy way to detect it.

The question is: would such an attack work on Apple devices? I'm assuming that the iOS API provides similar functionality to apps running on the device.
2 comments
openasocket 3302 days ago
You don't need to detect it as it's going on, it should be a part of the approval process for getting the app accepting into the Play store. Apps should undergo regular static and dynamic analysis. And probably some improvements to Bouncer
link
Cyph0n 3302 days ago
Static analysis likely will not detect this type of malware as the malicious payload is only retrieved once the app is running. As for dynamic analysis, it's usually pretty easy to evade for a capable malware author. The only surefire way to catch this is to have someone manually analyze the app.
link
openasocket 3302 days ago
Dynamic analysis isn't perfect by any means, but I expect Google to at least try, to get the low hanging fruit. As the OP said: "at least make them work a little." Do we know if this malware had sandbox detection techniques?
link
NikolaeVarius 3302 days ago
Why do you assume Google doesn't try?
link
openasocket 3302 days ago
Technically, I said "I expect Google to at least try," which is just stating my expectations rather than stating anything about whether Google met my expectations ;)

But seriously, that's a fair point, my statement implied an unsourced assumption. I think Google tries to some extent, but I can't find anything saying Judy had anti-analysis capabilities, which makes me suspicious as to the effectiveness of Google's dynamic analysis of Play Apps.

link
JKCalhoun 3302 days ago
I would expect the malware developers already to have targeted iOS if it were possible?
link
flashdance 3302 days ago
There are over twice as many android devices as ios devices, so if you're a malware creator it might make sense only to target the biggest fish.
link
eridius 3302 days ago
It would make sense to target both.
link
Cyph0n 3302 days ago
Who's to say they haven't already?
link
bobsam 3302 days ago
From the article: "The company develops mobile apps for both Android and iOS platform"

The apps are probably removed from both stores by now so we will never know ;)

link
eridius 3302 days ago
They develop apps for both, but that doesn't necessarily mean they had the same adware in the iOS version.
link